Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had a trojan win32 and windows firewall download, please help


  • Please log in to reply
40 replies to this topic

#1 dcx12

dcx12

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 18 April 2012 - 11:46 AM

Hello. About 2 weeks ago, I picked up a trojan win32. I work from my personal computer so I tried to do damage control immediately. I ran Microsoft Security Essentials but it wasn't enough because the virus wiped out everything and all I was left with was a black screen. I googled from my phone how to get rid of the virus/adware. I ran my computer on safemode with networking and had gone to the kaspersky website and downloaded their scanner. I downloaded Avast as well. I believe it helped a little but I still was having problems. I googled some more and came upon your website, I ran the rkill, downloaded malwarebytes, and ran MSE again. Things did improve but was still showing trojan. I checked on my windows firewall to see if it was running and it wasn't. Everytime I would click turn on/ off windows firewall the box would appear with a red stripe on the side of the box with a button saying use recommended settings. I would click that box and I would get this message: "windows firewall can't change some of your settings. Error code 0x80070424." Which leads me to believe that that either the virus wiped it out or there are some corrupted programs on my pc. I googled that message and found another website like this with someone that was having a problem similar to mine. I uninstalled Avast because I don't need two antivirus protections. I downloaded and ran the programs the tech told the person with the problem similar to mine ran. Those programs are: hijackthis, unhide, DDS and GMER. I was able to retrieve all of my icons and my scanners weren't picking up any viruses anymore; but I still wasn't able to turn on/off my windows firewall and i'm still getting that error message. I did try to work on Saturday but shortly after I finished, I got a warning on my screen saying that I have to use MSE to clean a virus; I clicked it but its started to do something that MSE doesn't do so I x'd out immediately and ran malwarebytes and "my" MSE; both scans came back clean. I do work from my computer at home and I do handle confidential information and cannot afford to have it comprimised. My computer may or may not have been cleared from the virus but I'm not sure and my firewall is still down. I have missed a lot of work and I do not have the money to get it fixed. Please help. I would greatly appreciated it. My current operating system is windows 7 and I believe my internet explorer is IE 9 (?) I have also been having problems with Java I believe. Sometimes when there is supposed to be a video, all I get is a blank box with a small picture or x in the upper left hand corner. Again your help is VERY MUCH APPRECIATED.

Dani

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:16 PM

Posted 18 April 2012 - 01:39 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 dcx12

dcx12
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 April 2012 - 02:27 PM

Thank you so very much Broni for your quick reply!! I'm sorry it took so long for me to get back to you. I am going to post the malwarbytes log before I restart. I will post the other logs when my computer starts back up.


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Dani :: LORNA-PC [administrator]

Protection: Disabled

4/20/2012 3:06:26 PM
mbam-log-2012-04-20 (15-06-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242273
Time elapsed: 17 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 dcx12

dcx12
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 April 2012 - 03:31 PM

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (3.6.15) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````





Farbar Service Scanner Version: 16-04-2012
Ran by Dani (administrator) on 20-04-2012 at 14:47:46
Running from "C:\Users\Dani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LYHVIPW"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****








MiniToolBox by Farbar Version: 18-01-2012
Ran by Dani (administrator) on 20-04-2012 at 14:56:21
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Wireless USB Card = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Lorna-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-D0-41-BE-42-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Wireless USB Card
Physical Address. . . . . . . . . : 00-D0-41-BE-42-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5d8b:bfe8:e97b:852b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, April 20, 2012 3:24:48 AM
Lease Expires . . . . . . . . . . : Saturday, April 21, 2012 2:26:40 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 318820417
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C8-03-F3-00-1D-72-B9-FA-E4
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1D-72-B9-FA-E4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{08A34B5B-9EDE-410A-84CE-5D3F20E41B33}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.37.14
173.194.37.0
173.194.37.1
173.194.37.2
173.194.37.3
173.194.37.4
173.194.37.5
173.194.37.6
173.194.37.7
173.194.37.8
173.194.37.9


Pinging google.com [173.194.37.9] with 32 bytes of data:
Reply from 173.194.37.9: bytes=32 time=32ms TTL=49
Reply from 173.194.37.9: bytes=32 time=32ms TTL=49

Ping statistics for 173.194.37.9:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 32ms, Average = 32ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=62ms TTL=44
Reply from 209.191.122.70: bytes=32 time=60ms TTL=44

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 62ms, Average = 61ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 d0 41 be 42 6c ......Microsoft Virtual WiFi Miniport Adapter
11...00 d0 41 be 42 6d ......Wireless USB Card
10...00 1d 72 b9 fa e4 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.65 281
192.168.1.65 255.255.255.255 On-link 192.168.1.65 281
192.168.1.255 255.255.255.255 On-link 192.168.1.65 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.65 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.65 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::5d8b:bfe8:e97b:852b/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/20/2012 02:26:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2524189

Error: (04/20/2012 02:26:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2524189

Error: (04/20/2012 02:26:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2012 03:59:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 321503

Error: (04/20/2012 03:59:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 321503

Error: (04/20/2012 03:59:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2012 03:24:29 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -551.

Error: (04/20/2012 03:24:29 AM) (Source: ESENT) (User: )
Description: Catalog Database (1364) Catalog Database: Database recovery/restore failed with unexpected error -551.

Error: (04/20/2012 03:24:29 AM) (Source: ESENT) (User: )
Description: Catalog Database (1364) Catalog Database: Database recovery failed with error -551 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

Error: (04/20/2012 03:22:25 AM) (Source: ESENT) (User: )
Description: Catalog Database (1468) Catalog Database: The database engine stopped the instance (0) with error (-1090).


System errors:
=============
Error: (04/20/2012 02:26:48 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (04/20/2012 02:26:44 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (04/20/2012 02:26:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (04/20/2012 02:26:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (04/20/2012 01:14:22 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (04/20/2012 01:14:05 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (04/20/2012 01:11:38 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (04/20/2012 01:11:38 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (04/20/2012 03:59:33 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (04/20/2012 03:24:51 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
24im (Remove Only)
7-Zip 9.20
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe InDesign CS2 Trial (Version: 004.000.000)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Algodoo v2.0.0
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AT&T Connect Participant Application v8.9.35 (Version: 8.9.35)
Bing Bar (Version: 7.0.756.0)
Bonjour (Version: 3.0.0.10)
Combat Arms
Download Updater (AOL LLC)
Feedback Tool (Version: 1.2.0)
Free Download Manager 3.0
Google Chrome (Version: 18.0.1025.162)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 2.8.7.6830)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
LeapFrog Connect (Version: 2.9.1.11093)
LeapFrog Leapster Explorer Plugin (Version: 2.8.7.11034)
Lexmark Toolbar
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MinecraftCrack (Version: 1.0)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox (3.6.15) (Version: 3.6.15 (en-US))
Nexon Game Manager
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
ooVoo (Version: 3.0.7023)
Pando Media Booster (Version: 2.3.5.2)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.71.80.42)
Safari (Version: 5.34.55.3)
Skype™ 5.5 (Version: 5.5.124)
swMSM (Version: 12.0.0.1)
TMS CallCenter (Version: 2.9.18)
TouchCopy 11 (Version: 11.10)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Yahoo! BrowserPlus 2.9.8

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 894.49 MB
Available physical RAM: 309.89 MB
Total Pagefile: 1918.49 MB
Available Pagefile: 828 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.95 GB) (Free:87.41 GB) NTFS

========================= Users: ========================================

User accounts for \\LORNA-PC

Administrator Carlos Dani
Guest


**** End of log ****







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 15:40:55
-----------------------------
15:40:55.408 OS Version: Windows 6.1.7601 Service Pack 1
15:40:55.408 Number of processors: 1 586 0x7F02
15:40:55.408 ComputerName: LORNA-PC UserName: Dani
15:41:14.580 Initialize success
15:44:08.604 AVAST engine defs: 12042001
15:47:03.293 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
15:47:03.309 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 3
15:47:03.324 Disk 0 MBR read successfully
15:47:03.324 Disk 0 MBR scan
15:47:03.402 Disk 0 Windows 7 default MBR code
15:47:03.418 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:47:03.496 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
15:47:03.574 Disk 0 scanning sectors +312578048
15:47:03.792 Disk 0 scanning C:\Windows\system32\drivers
15:47:30.188 Service scanning
15:47:30.687 Service .cdrom \? **LOCKED** 123
15:47:30.718 Service .netbt \? **LOCKED** 123
15:47:56.879 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:48:30.294 Modules scanning
15:48:55.146 Disk 0 trace - called modules:
15:48:55.177 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
15:48:55.193 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8527a030]
15:48:55.209 3 CLASSPNP.SYS[8737959e] -> nt!IofCallDriver -> [0x850ae790]
15:48:55.224 5 ACPI.sys[86dbd3d4] -> nt!IofCallDriver -> \Device\0000005c[0x850aea70]
15:48:56.082 AVAST engine scan C:\Windows
15:48:59.187 AVAST engine scan C:\Windows\system32
15:54:46.898 AVAST engine scan C:\Windows\system32\drivers
15:55:16.023 AVAST engine scan C:\Users\Dani
16:15:30.977 AVAST engine scan C:\ProgramData
16:17:07.884 Scan finished successfully
16:21:36.547 Disk 0 MBR has been saved successfully to "C:\Users\Dani\Desktop\MBR.dat"
16:21:36.766 The log file has been saved successfully to "C:\Users\Dani\Desktop\aswMBR.txt"

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:16 PM

Posted 20 April 2012 - 05:13 PM

We have several issues there.

One item in MBAM log is marked "No action taken".
Re-run MBAM, fix ALL issues, post new log.

================================================================================

Then, we have "hosts" file missing.
Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.

*********************

Re-run MiniToolbox.
Checkmark following boxes:
  • List content of Hosts
Click Go and post the result.

============================================================================

Next, you have some registry keys missing.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on windefend.reg file and confirm the prompt.
Double click on wscsvc.reg file and confirm the prompt.
Double click on bfe.reg file and confirm the prompt.
Double click on mpssvc.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 dcx12

dcx12
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 April 2012 - 06:22 PM

Thanks will do right now. My aunt did a system restore yesterday and my icons on my pc are hidden again. how do I get them back? i'm rerunning the MBAM now and will post the logs you requested.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:16 PM

Posted 20 April 2012 - 06:30 PM

Using system restore on infected computer is usually a bad idea as most likely some restore points are infected.

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Then, follow my previous reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 dcx12

dcx12
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 April 2012 - 06:35 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Dani :: LORNA-PC [administrator]

Protection: Enabled

4/20/2012 7:16:55 PM
mbam-log-2012-04-20 (19-16-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241850
Time elapsed: 16 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:16 PM

Posted 20 April 2012 - 06:45 PM

Did UnHide work?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 dcx12

dcx12
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 April 2012 - 07:09 PM

yes, i got most of the icons back. should i proceed or run it again?

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:16 PM

Posted 20 April 2012 - 07:24 PM

No, no, continue with my reply #5.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 dcx12

dcx12
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 April 2012 - 08:19 PM

ok reran mini toolbox. here's the result:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Dani (administrator) on 20-04-2012 at 21:15:56
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****

#13 dcx12

dcx12
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 April 2012 - 08:40 PM

Farbar Service Scanner Version: 16-04-2012
Ran by Dani (administrator) on 20-04-2012 at 21:38:32
Running from "C:\Users\Dani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFB1B549"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:16 PM

Posted 20 April 2012 - 08:49 PM

Good job :)

We still need to fix your Windows firewall.

Download following firewall fix: http://www.bleepstatic.com/fhost/uploads/0/repairw7fw.bat
Right click on downloaded file, click "Run As Administrator".
Restart computer and post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 dcx12

dcx12
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 April 2012 - 09:10 PM

Thank you :thumbup2:



Farbar Service Scanner Version: 16-04-2012
Ran by Dani (administrator) on 20-04-2012 at 22:09:10
Running from "C:\Users\Dani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LYHVIPW"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users