Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to access internet due to corrupt drivers


  • Please log in to reply
16 replies to this topic

#1 maximus50

maximus50

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 08 January 2012 - 11:27 PM

Good Evening,

Desk top Dell Dimension 2400
Wireless
Router: Belkin N300
Internet cable
Windows xp home SP3

I have tried:
Netsh winsock reset
Netsh int IP reset...
sfc/scannow
winsock fix utility

with no success, I recently ordered and received a XP reinstal disk, but haven't used it yet considering I have a later version of windows.

I'm using a laptop running windows 7 connected to network through this router with no issues.
Thank you for any assistance.

MiniToolBox by Farbar
Ran by Pye (administrator) on 09-01-2012 at 21:57:12
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

D-Link DWA-525 Wireless N 150 Desktop Adapter = Wireless Network Connection 4 (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration


Windows IP ConfigurationAn internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help.Additional information: Unable to query host name.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.Unable to contact IP driver, error code 2,
========================= Event log errors: ===============================

Application errors:
==================
Error: (01/09/2012 09:09:17 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/09/2012 08:49:09 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/09/2012 07:10:04 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/09/2012 07:01:59 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/09/2012 06:54:15 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/09/2012 06:43:34 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/09/2012 03:39:14 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/09/2012 03:11:18 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/09/2012 02:29:02 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/09/2012 02:13:27 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)


System errors:
=============
Error: (01/09/2012 09:57:20 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/09/2012 09:57:20 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/09/2012 09:57:20 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/09/2012 09:57:20 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/09/2012 09:57:19 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/09/2012 09:57:19 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/09/2012 09:57:18 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/09/2012 09:57:18 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/09/2012 09:57:17 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:

Edited by Orange Blossom, 09 January 2012 - 12:08 AM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:25 AM

Posted 08 January 2012 - 11:50 PM

Welcome aboard Posted Image

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 maximus50

maximus50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 09 January 2012 - 12:04 AM

Thanks for the quick response:

Farbar Service Scanner
Ran by Pye (administrator) on 09-01-2012 at 23:00:53
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
Attention! IpSec Tag value is missing and it should be 4

**** End of log ****

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:25 AM

Posted 09 January 2012 - 12:16 AM

You have some registry keys missing, so I suspect your computer was/is infected.

Let's see if we can re-establish internet connection for starters.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_wuauserv.reg and confirm the prompt.
Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click wuauserv.reg and confirm the prompt.
Double-click wscsvc.reg and confirm the prompt.
Double-click ipsec.reg and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart computer.

Check internet connection.
See if you can access Security Center and Windows updates.
Post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 maximus50

maximus50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 09 January 2012 - 12:52 AM

Broni,

Unable to access internet;was able to access Security Center.

Latest Scan after regedit.


Farbar Service Scanner
Ran by Pye (administrator) on 09-01-2012 at 23:46:51
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(5) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
Attention! IpSec Tag value should be 4

**** End of log ****

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:25 AM

Posted 09 January 2012 - 01:05 AM

That looks much better.

We still have one issue there:

Localhost is blocked.


Let's try to uninstall/reinstall TCP/IP stack.

1. Download winsock.zip
Unzip it.
Right click on Winsock.reg, click "Merge".
Allow registry merge.

2. Restart computer.

3. Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart and check the connection.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 maximus50

maximus50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 09 January 2012 - 07:18 PM

A Beautiful Site. Internet now connected. Thank you so much.
I had been messing with this for about 12 hrs.
My upgraded Avast let me down.
Thanks again, Broni. I'm off-to make a donation!



Farbar Service Scanner
Ran by Pye (administrator) on 10-01-2012 at 18:07:39
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(5) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x080000000500000004000000010000000200000003000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:25 AM

Posted 09 January 2012 - 07:35 PM

Good news :)

That situation happens for a reason, so I want you to run couple more tools.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 maximus50

maximus50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 10 January 2012 - 08:05 PM

Broni,
Windows had a little trouble loading after the restart after Malwarebytes scan and clearing of a few things.
The Logs requested:

Security Check Log:


Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
Adobe After Effects CS3 Presets
Norton AntiVirus Help
Norton AntiVirus
Sygate Personal Firewall
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Java 2 Runtime Environment, SE v1.4.2
Out of date Java installed!
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

MiniToolBox Log:


MiniToolBox by Farbar
Ran by Pye (administrator) on 10-01-2012 at 21:26:03
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

D-Link DWA-525 Wireless N 150 Desktop Adapter = Wireless Network Connection 4 (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 4" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : D9VVQN31 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : BelkinEthernet adapter Wireless Network Connection 4: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : D-Link DWA-525 Wireless N 150 Desktop Adapter Physical Address. . . . . . . . . : 14-D6-4D-50-21-62 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.7 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 Lease Obtained. . . . . . . . . . : Tuesday, January 10, 2012 6:47:31 PM Lease Expires . . . . . . . . . . : Monday, January 18, 2038 9:14:07 PMServer: UnKnown
Address: 192.168.2.1

Malwarebytes Log:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Pye :: D9VVQN31 [administrator]

1/10/2012 9:50:12 PM
mbam-log-2012-01-10 (21-50-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205320
Time elapsed: 34 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKCR\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\seneka (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\seneka (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
c:\documents and settings\pye\local settings\application data\nxi.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Rapid Antivirus.lnk (Rogue.RapidAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Start Menu\Programs\Startup\Rapid Antivirus.lnk (Rogue.RapidAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Aswmbr log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-11 18:16:27
-----------------------------
18:16:27.171 OS Version: Windows 5.1.2600 Service Pack 3
18:16:27.171 Number of processors: 1 586 0x209
18:16:27.171 ComputerName: D9VVQN31 UserName: Pye
18:16:29.671 Initialize success
18:16:29.781 AVAST engine defs: 12011001
18:17:11.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:17:11.093 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
18:17:11.171 Disk 0 MBR read successfully
18:17:11.171 Disk 0 MBR scan
18:17:11.171 Disk 0 Windows XP default MBR code
18:17:11.234 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
18:17:11.296 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38130 MB offset 64260
18:17:11.437 Disk 0 scanning sectors +78156225
18:17:11.640 Disk 0 scanning C:\WINDOWS\system32\drivers
18:18:26.734 Service scanning
18:18:27.687 Service .ipsec \? **LOCKED** 123
18:18:28.875 Modules scanning
18:19:17.171 Disk 0 trace - called modules:
18:19:17.234 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
18:19:17.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acfbab8]
18:19:17.234 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8acefb00]
18:19:22.531 AVAST engine scan C:\WINDOWS
18:19:46.343 AVAST engine scan C:\WINDOWS\system32
18:24:31.109 AVAST engine scan C:\WINDOWS\system32\drivers
18:24:52.234 AVAST engine scan C:\Documents and Settings\Pye
18:42:39.359 File: C:\Documents and Settings\Pye\My Documents\gAQ83336.exe **INFECTED** Win32:MalOb-IG [Cryp]
18:44:13.671 AVAST engine scan C:\Documents and Settings\All Users
18:54:26.640 Scan finished successfully
18:56:12.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pye\Desktop\Computer issues\MBR.dat"
18:56:12.218 The log file has been saved successfully to "C:\Documents and Settings\Pye\Desktop\Computer issues\aswMBR.txt"

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:25 AM

Posted 10 January 2012 - 11:07 PM

You're running two AV programs, Avast and Norton.
One of them has to go.
If Norton use this tool to uninstall it: https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080710133834EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb

Any current issues?

Last scans....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 maximus50

maximus50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 12 January 2012 - 06:51 PM

I'm not having any issues, I'm able to log onto the internet just fine.
I removed Norton from my system and kept Avast, ran the temp file cleaner.

Here is the ESET Scan.
I didn't have the ESET scan remove any threats:



C:\Documents and Settings\Pye\My Documents\gAQ83336.exe a variant of Win32/Kryptik.YFB trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP706\A0058536.exe Win32/Adware.XPAntiSpyware.AC application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0067477.exe Win32/Adware.XPAntiSpyware.AC application
C:\WINDOWS\SYSTEM32\accdd.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\accdd.bak2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\accdd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\adeeg.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\adeeg.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\alfohebo.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\awjwwxkg.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\cgebldnr.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\cghobouy.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\csumwrmc.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\cxlqutws.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\dvgrajoa.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\epfqsexp.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\epprytbw.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\evtlcoee.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\flwdyapj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\foxrpvet.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\fuppaimj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\gixyevwk.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\gjvogtmj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\hhhkj.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\hhhkj.bak2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\hhhkj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\hhhkj.ini2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\idiskjum.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jbmaupfd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jcyallpm.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jedmeakg.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jhqhemns.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jsvpgjmu.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\kbmubeuy.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\kqbnskhe.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ksyfeuig.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\lbxftmyx.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ldhsenaf.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\llnmp.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\llnmp.bak2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\llnmp.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\meifecvd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\mkfjapgf.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\nqqhvvpu.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ofdqvcca.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ohqthiqb.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\pgcamgkd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\pyeyhabl.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\qcyjiyax.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\qetflpna.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\qluhwukl.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\smeyqtbh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\smrvjlos.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\sxdthivo.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\tlajkwfh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\tluuvcxx.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\tttss.bak2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\tttss.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ttvwa.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ttvwa.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ubsuemby.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\upsxtkcs.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\uqsrylqi.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\usiumktg.ini Win32/Adware.Virtumonde.NEO application

#12 maximus50

maximus50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 12 January 2012 - 06:53 PM

This is the entire ESET Scan:

C:\Documents and Settings\Pye\My Documents\gAQ83336.exe a variant of Win32/Kryptik.YFB trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP706\A0058536.exe Win32/Adware.XPAntiSpyware.AC application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0067477.exe Win32/Adware.XPAntiSpyware.AC application
C:\WINDOWS\SYSTEM32\accdd.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\accdd.bak2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\accdd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\adeeg.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\adeeg.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\alfohebo.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\awjwwxkg.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\cgebldnr.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\cghobouy.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\csumwrmc.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\cxlqutws.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\dvgrajoa.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\epfqsexp.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\epprytbw.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\evtlcoee.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\flwdyapj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\foxrpvet.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\fuppaimj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\gixyevwk.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\gjvogtmj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\hhhkj.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\hhhkj.bak2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\hhhkj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\hhhkj.ini2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\idiskjum.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jbmaupfd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jcyallpm.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jedmeakg.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jhqhemns.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\jsvpgjmu.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\kbmubeuy.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\kqbnskhe.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ksyfeuig.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\lbxftmyx.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ldhsenaf.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\llnmp.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\llnmp.bak2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\llnmp.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\meifecvd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\mkfjapgf.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\nqqhvvpu.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ofdqvcca.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ohqthiqb.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\pgcamgkd.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\pyeyhabl.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\qcyjiyax.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\qetflpna.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\qluhwukl.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\smeyqtbh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\smrvjlos.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\sxdthivo.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\tlajkwfh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\tluuvcxx.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\tttss.bak2 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\tttss.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ttvwa.bak1 Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ttvwa.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ubsuemby.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\upsxtkcs.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\uqsrylqi.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\usiumktg.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\uvppxrqh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\vgmbqgrm.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\vjtadixi.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\wbfwpgks.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\wenabqhe.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\wjgrmwwh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\wuefnfjj.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\wxpkravv.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\xhnwfook.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\xjpovcdb.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\xulmhcjp.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\ybdmlojh.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\yoccijdv.ini Win32/Adware.Virtumonde.NEO application
C:\WINDOWS\SYSTEM32\yrgbvmxf.ini Win32/Adware.Virtumonde.NEO application
F:\Seagate Backup\D9VVQN31\C\Documents and Settings\Pye\My Documents\gAQ83336.exe a variant of Win32/Kryptik.YFB trojan

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:25 AM

Posted 12 January 2012 - 06:58 PM

I didn't have the ESET scan remove any threats:

Why?
I didn't say to change any settings.
You have to re-run it then....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 maximus50

maximus50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 13 January 2012 - 01:19 AM

OK. re-ran ESET Scan with correct settings. Found a few things, wouldn't you say?

C:\Documents and Settings\Pye\Desktop\Autocad Gen\AutoCAD-2008-keygen.exe a variant of Win32/Keygen.BT application cleaned by deleting - quarantined
C:\Documents and Settings\Pye\My Documents\gAQ83336.exe a variant of Win32/Kryptik.YFB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP706\A0058536.exe Win32/Adware.XPAntiSpyware.AC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP710\A0067477.exe Win32/Adware.XPAntiSpyware.AC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP713\A0068880.exe a variant of Win32/Keygen.BT application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\accdd.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\accdd.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\accdd.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\adeeg.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\adeeg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\alfohebo.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\awjwwxkg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\cgebldnr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\cghobouy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\csumwrmc.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\cxlqutws.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\dvgrajoa.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\epfqsexp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\epprytbw.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\evtlcoee.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\flwdyapj.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\foxrpvet.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\fuppaimj.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\gixyevwk.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\gjvogtmj.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\hhhkj.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\hhhkj.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\hhhkj.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\hhhkj.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\idiskjum.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\jbmaupfd.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\jcyallpm.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\jedmeakg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\jhqhemns.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\jsvpgjmu.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\kbmubeuy.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\kqbnskhe.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\ksyfeuig.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\lbxftmyx.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\ldhsenaf.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\llnmp.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\llnmp.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\llnmp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\meifecvd.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\mkfjapgf.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\nqqhvvpu.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\ofdqvcca.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\ohqthiqb.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\pgcamgkd.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\pyeyhabl.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\qcyjiyax.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\qetflpna.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\qluhwukl.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\smeyqtbh.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\smrvjlos.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\sxdthivo.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\tlajkwfh.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\tluuvcxx.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\tttss.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\tttss.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\ttvwa.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\ttvwa.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\ubsuemby.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\upsxtkcs.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\uqsrylqi.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\usiumktg.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\uvppxrqh.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\vgmbqgrm.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\vjtadixi.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\wbfwpgks.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\wenabqhe.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\wjgrmwwh.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\wuefnfjj.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\wxpkravv.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\xhnwfook.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\xjpovcdb.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\xulmhcjp.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\ybdmlojh.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\yoccijdv.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\yrgbvmxf.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
F:\Seagate Backup\D9VVQN31\C\Documents and Settings\Pye\Desktop\Autocad Gen\AutoCAD-2008-keygen.exe a variant of Win32/Keygen.BT application cleaned by deleting - quarantined
F:\Seagate Backup\D9VVQN31\C\Documents and Settings\Pye\My Documents\gAQ83336.exe a variant of Win32/Kryptik.YFB trojan cleaned by deleting - quarantined
F:\Seagate Backup\D9VVQN31\History\Level2\C\Documents and Settings\Pye\Desktop\7877\AutoCAD-2008-keygen.exe a variant of Win32/Keygen.BT application cleaned by deleting - quarantined
F:\Seagate Backup\D9VVQN31\History\Level3\C\Documents and Settings\Pye\Desktop\7877\AutoCAD-2008-keygen.exe a variant of Win32/Keygen.BT application cleaned by deleting - quarantined

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:25 AM

Posted 13 January 2012 - 11:23 AM

Update Internet Explorer to version 8.

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/04/27/download-the-latest-adobe-flash-for-firefox-and-ie-without-any-extras/

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users