Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Connected to network but can't connect to internet


  • Please log in to reply
44 replies to this topic

#1 ser909

ser909

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 16 January 2012 - 11:16 PM

I was advised to post in this forum by member of Malware Response Team

Topic link: http://www.bleepingcomputer.com/forums/topic434394.html

None of my applications (SAS MBAM AVG Antivirus Firefox IE) can currently connect to the internet

The machine is a Dell XPS 420 directly wired to a DSL modem

Any help would be greatly appreciated.

I am posting the MiniToolBox log:

MiniToolBox by Farbar
Ran by Eddie (administrator) on 16-01-2012 at 22:55:59
MicrosoftĂ Windows Vista˘ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82566DC-2 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Eddie-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1D-09-20-7C-2E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f481:4296:9e5d:5230%9(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.82.48(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 201334025
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-4D-EE-7D-00-1D-09-20-7C-2E
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter Broadband Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadband Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IPv4 Address. . : 169.254.0.25(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C452D03E-027F-4C63-A2C6-5A2AD909639F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3FB84151-2050-4DF6-9310-477A826D54AC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3FB84151-2050-4DF6-9310-477A826D54AC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1d 09 20 7c 2e ...... Intel® 82566DC-2 Gigabit Network Connection
25 ........................... Broadband Connection
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
10 ...00 00 00 00 00 00 00 e0 isatap.{C452D03E-027F-4C63-A2C6-5A2AD909639F}
15 ...00 00 00 00 00 00 00 e0 isatap.{3FB84151-2050-4DF6-9310-477A826D54AC}
19 ...00 00 00 00 00 00 00 e0 isatap.{3FB84151-2050-4DF6-9310-477A826D54AC}
20 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.0.25 266
169.254.0.0 255.255.0.0 On-link 169.254.82.48 30
169.254.0.25 255.255.255.255 On-link 169.254.0.25 266
169.254.82.48 255.255.255.255 On-link 169.254.82.48 286
169.254.255.255 255.255.255.255 On-link 169.254.0.25 266
169.254.255.255 255.255.255.255 On-link 169.254.82.48 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.82.48 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.82.48 286
255.255.255.255 255.255.255.255 On-link 169.254.0.25 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 286 fe80::/64 On-link
9 286 fe80::f481:4296:9e5d:5230/128
On-link
1 306 ff00::/8 On-link
9 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/08/2012 02:14:04 PM) (Source: MsiInstaller) (User: Eddie)Eddie
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (01/08/2012 02:10:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8822d3e3-d25b-4eb1-bbd8-1529e132fd68}

Error: (01/08/2012 01:09:56 PM) (Source: MsiInstaller) (User: Eddie)Eddie
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (01/08/2012 01:01:55 PM) (Source: MsiInstaller) (User: Eddie)Eddie
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (01/07/2012 03:54:35 PM) (Source: Application Error) (User: )
Description: Faulting application avgui.exe, version 10.0.0.1410, time stamp 0x4e6ab8ee, faulting module MSVCR90.dll, version 9.0.30729.6161, time stamp 0x4dace5b9, exception code 0xc0000417, fault offset 0x0006ccd5,
process id 0x1658, application start time 0xavgui.exe0.

Error: (01/05/2012 10:38:23 PM) (Source: RasClient) (User: )
Description: CoId={F7581055-6EB3-44EB-82C0-E2CF82C912FA}: The user Eddie-PC\Eddie dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (01/05/2012 10:37:52 PM) (Source: RasClient) (User: )
Description: CoId={1F3A723D-F46F-4E48-BB76-79D7F6334CC9}: The user Eddie-PC\Eddie dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (01/03/2012 04:10:36 PM) (Source: RasClient) (User: )
Description: CoId={CA26C473-3A50-4634-9DF5-B1A8A0951492}: The user Eddie-PC\Eddie dialed a connection named Broadband Connection which has failed. The error code returned on failure is 815.

Error: (01/01/2012 01:57:11 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x8004231f).

Error: (01/01/2012 01:57:11 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8004231f).


System errors:
=============
Error: (01/15/2012 03:21:12 PM) (Source: Service Control Manager) (User: )
Description: XAudioService1

Error: (01/13/2012 02:05:43 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSEH
NetBT

Error: (01/13/2012 02:05:43 PM) (Source: Service Control Manager) (User: )
Description: AVG WatchDog%%2

Error: (01/13/2012 02:05:43 PM) (Source: Service Control Manager) (User: )
Description: TCP/IP NetBIOS HelperNetBT%%31

Error: (01/11/2012 09:50:11 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSEH
NetBT

Error: (01/11/2012 09:50:11 PM) (Source: Service Control Manager) (User: )
Description: AVG WatchDog%%2

Error: (01/11/2012 09:50:11 PM) (Source: Service Control Manager) (User: )
Description: TCP/IP NetBIOS HelperNetBT%%31

Error: (01/11/2012 01:53:04 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/10/2012 08:56:30 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSEH
NetBT

Error: (01/10/2012 08:56:30 PM) (Source: Service Control Manager) (User: )
Description: AVG WatchDog%%2


Microsoft Office Sessions:
=========================
Error: (01/08/2012 02:14:04 PM) (Source: MsiInstaller)(User: Eddie)Eddie
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed(NULL)(NULL)(NULL)(NULL)

Error: (01/08/2012 02:10:17 PM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8822d3e3-d25b-4eb1-bbd8-1529e132fd68}

Error: (01/08/2012 01:09:56 PM) (Source: MsiInstaller)(User: Eddie)Eddie
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed(NULL)(NULL)(NULL)(NULL)

Error: (01/08/2012 01:01:55 PM) (Source: MsiInstaller)(User: Eddie)Eddie
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed(NULL)(NULL)(NULL)(NULL)

Error: (01/07/2012 03:54:35 PM) (Source: Application Error)(User: )
Description: avgui.exe10.0.0.14104e6ab8eeMSVCR90.dll9.0.30729.61614dace5b9c00004170006ccd5165801cccd7e7de460ae

Error: (01/05/2012 10:38:23 PM) (Source: RasClient)(User: )
Description: {F7581055-6EB3-44EB-82C0-E2CF82C912FA}Eddie-PC\EddieBroadband Connection0

Error: (01/05/2012 10:37:52 PM) (Source: RasClient)(User: )
Description: {1F3A723D-F46F-4E48-BB76-79D7F6334CC9}Eddie-PC\EddieBroadband Connection0

Error: (01/03/2012 04:10:36 PM) (Source: RasClient)(User: )
Description: {CA26C473-3A50-4634-9DF5-B1A8A0951492}Eddie-PC\EddieBroadband Connection815

Error: (01/01/2012 01:57:11 AM) (Source: System Restore)(User: )
Description: 0x8004231f

Error: (01/01/2012 01:57:11 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x8004231f


========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 3069.22 MB
Available physical RAM: 2387.97 MB
Total Pagefile: 6367.47 MB
Available Pagefile: 5241.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.01 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:1.45 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.97 GB) NTFS
3 Drive e: (THE_WACKNESS) (CDROM) (Total:6.19 GB) (Free:0 GB) UDF
4 Drive f: (OneTouch 4) (Fixed) (Total:465.76 GB) (Free:23.59 GB) NTFS
5 Drive g: (OneTouch 4) (Fixed) (Total:465.76 GB) (Free:10.51 GB) NTFS
6 Drive h: (EDDIE02) (Removable) (Total:3.78 GB) (Free:3.78 GB) FAT32

========================= Users: ========================================

User accounts for \\EDDIE-PC

Administrator Eddie Guest
IUSR_NMPR


**** End of log ****

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:55 PM

Posted 17 January 2012 - 12:49 AM

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Posted Image
Make sure "DNS" tab looks like this:
Posted Image
Make sure "WINS" tab looks like this:
Posted Image
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.


If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ser909

ser909
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 17 January 2012 - 05:48 PM

I followed your script through step 7 uneventfully but with no change in symptoms.
In Step 8:
I noticed that at the command prompt, the directory was Windows\systems32.
Is that OK?

command "ipconfig /renew" gave a message:
"An error occurred while renewing interface Local Area Connection : unable to contact your DHCP server. Request has timed out."
At the time I was not connected to the Broadband.
I connected, executed the command again with the same result.
I was unsure whether to continue so I stopped.
Thanks for any help.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:55 PM

Posted 17 January 2012 - 05:59 PM

I noticed that at the command prompt, the directory was Windows\systems32.
Is that OK?

Yes.

Skip not working step and go on with the last one.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 ser909

ser909
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 17 January 2012 - 11:10 PM

Ran all the steps
netsh int ip reset reset.log gave message:
"Resetting Echo Request, failed.
Access is denied.

Resetting Interface, OK!"
but after a reboot still can't connect to internet.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:55 PM

Posted 18 January 2012 - 12:19 PM

Did you you open "cmd" as administrator?

Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 ser909

ser909
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 18 January 2012 - 11:11 PM

I tried it again with the same results.
While holding CTRL, and SHIFT, I press Enter.
I get the User Account Control pop up: Windows needs your permission to continue.
I press Continue.
I assume this means that I'm running as administrator.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:55 PM

Posted 18 January 2012 - 11:32 PM

Enable real administrator account: http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-windows-vista/ and try from there.
Disable that account when done.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 ser909

ser909
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 19 January 2012 - 12:45 AM

Activated Administrator
Logged on as Administrator
netsh int ip reset reset.log
Access is denied message again.
(Stubborn bugger)

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:55 PM

Posted 19 January 2012 - 12:51 AM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

===============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 ser909

ser909
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 19 January 2012 - 10:47 PM

Here are the GMER and aswMBR logs:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-19 22:26:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.12.0
Running: rqnu6h22.exe; Driver: C:\Users\Eddie\AppData\Local\Temp\ugloapod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x91568640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 81AC6DA4 4 Bytes [40, 86, 56, 91] {INC EAX; XCHG [ESI-0x6f], DL}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E60B000, 0x263A88, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{3FB84151-2050-4DF6-9310-477A826D54AC}
Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{3FB84151-2050-4DF6-9310-477A826D54AC}@NameServerList ?
Reg HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{3FB84151-2050-4DF6-9310-477A826D54AC} (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces\Tcpip_{3FB84151-2050-4DF6-9310-477A826D54AC}@NameServerList ?

---- EOF - GMER 1.0.15 ----




aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 22:36:53
-----------------------------
22:36:53.607 OS Version: Windows 6.0.6002 Service Pack 2
22:36:53.607 Number of processors: 4 586 0xF0B
22:36:53.607 ComputerName: EDDIE-PC UserName: Eddie
22:36:55.447 Initialize success
22:36:58.630 AVAST engine download error: 0
22:37:22.779 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:37:22.779 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
22:37:22.841 Disk 0 MBR read successfully
22:37:22.841 Disk 0 MBR scan
22:37:22.841 Disk 0 Windows VISTA default MBR code
22:37:22.919 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
22:37:22.997 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
22:37:23.075 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461524 MB offset 31569920
22:37:23.137 Disk 0 scanning sectors +976771072
22:37:23.543 Disk 0 scanning C:\Windows\system32\drivers
22:38:09.766 Service scanning
22:38:10.702 Modules scanning
22:38:20.935 Disk 0 trace - called modules:
22:38:20.967 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:38:20.967 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85972ac8]
22:38:20.982 3 CLASSPNP.SYS[8a5ab8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85341028]
22:38:20.982 Scan finished successfully
22:38:45.349 Disk 0 MBR has been saved successfully to "C:\Users\Eddie\Desktop\MBR.dat"
22:38:45.349 The log file has been saved successfully to "C:\Users\Eddie\Desktop\aswMBR.txt"

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:55 PM

Posted 19 January 2012 - 11:24 PM

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 ser909

ser909
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 19 January 2012 - 11:55 PM

MBAM databases was outdated by 26 days.
Could not update MBAM becaus of can't connect to internet problem
Here is log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Eddie :: EDDIE-PC [administrator]

1/19/2012 11:38:36 PM
mbam-log-2012-01-19 (23-38-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204730
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:55 PM

Posted 20 January 2012 - 12:26 AM

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 ser909

ser909
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 20 January 2012 - 12:48 AM

FSS log:


Farbar Service Scanner Version: 18-01-2012 01
Ran by Eddie (administrator) on 20-01-2012 at 00:45:04
MicrosoftĂ Windows Vista˘ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
WAN connected
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
Checking ImagePath: Attention! Unable to retrieve ImagePath of wuauserv. The value does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-09-18 07:34] - [2009-04-11 01:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-09-18 07:33] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users