Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet connection..


  • Please log in to reply
6 replies to this topic

#1 Billy.Ford

Billy.Ford

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 11 May 2012 - 01:44 PM

I think i had a virus which stopped my internet working, i have managed to get it to connect to my router but it still won't display any webpages (bad explanation sorry).
I have viewed and tried other similar posts but they didnt seem to work.
I have seen many people have been using "FSS" and i have downloaded this and ran it.
There may be many things wrong but i dont know so here is the log:

Farbar Service Scanner Version: 08-05-2012
Ran by billy (administrator) on 11-05-2012 at 19:27:17
Running from "C:\Documents and Settings\billy\Desktop\new bleep"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2012-05-09 20:36] - [2004-08-17 12:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(12) Avgfwfd(14) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(11) PSched(7) Tcpip(4)
0x1000000005000000010000000200000003000000040000000E0000000F000000100000000600000008000000070000000A000000090000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

Thanks in advance any help is appreciated ...

Edited by hamluis, 11 May 2012 - 04:40 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:34 AM

Posted 12 May 2012 - 12:53 PM

Hi Billy.Ford,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Please download MiniToolBox, save it to your desktop and run it (if you can't access the Internet, download any requested files to a USB flashdrive on a clean computer, and then run them on the infected computer.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

:step2: Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include:
  • MiniToolBox log
  • Malwarebytes log
  • How's your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Billy.Ford

Billy.Ford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 13 May 2012 - 08:27 AM

Malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.07.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
billy :: BILLY-COMPUTER [administrator]

13/05/2012 02:27:46
mbam-log-2012-05-13 (02-27-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243682
Time elapsed: 53 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKCR\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\VooMuu (Adware.HotBar.VM) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Data: http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Data: http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 2
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VooMuuSA (Adware.HotBar.VM) -> Quarantined and deleted successfully.

Files Detected: 4
C:\WINDOWS\KMSEmulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VooMuuSA\VooMuuSA.dat (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VooMuuSA\VooMuuSAau.dat (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VooMuuSA\VooMuuSA_kyf.dat (Adware.HotBar.VM) -> Quarantined and deleted successfully.

(end)



Mini tool box results:

MiniToolBox by Farbar Version: 18-01-2012
Ran by billy (administrator) on 13-05-2012 at 02:11:42
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Ralink Turbo Wireless LAN Card = Wireless Network Connection 10 (Connected)
VIA Compatable Fast Ethernet Adapter = Local Area Connection 6 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 6"

set address name="Local Area Connection 6" source=dhcp
set dns name="Local Area Connection 6" source=dhcp register=PRIMARY
set wins name="Local Area Connection 6" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 10"

set address name="Wireless Network Connection 10" source=dhcp
set dns name="Wireless Network Connection 10" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 10" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Billy-Computer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection 6:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-13-8F-58-AA-6F



Ethernet adapter Wireless Network Connection 10:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Ralink Turbo Wireless LAN Card #2

Physical Address. . . . . . . . . : 00-0E-2E-BE-08-2C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.65

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : 13 May 2012 02:03:36

Lease Expires . . . . . . . . . . : 14 May 2012 02:03:36

Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.41.163, 173.194.41.167, 173.194.41.160, 173.194.41.165
173.194.41.161, 173.194.41.174, 173.194.41.162, 173.194.41.169, 173.194.41.164
173.194.41.168, 173.194.41.166

Ping request could not find host google.com. Please check the name and try again.

Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70

Ping request could not find host yahoo.com. Please check the name and try again.

Server: api.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 8f 58 aa 6f ...... VIA Compatable Fast Ethernet Adapter
0x10004 ...00 0e 2e be 08 2c ...... Ralink Turbo Wireless LAN Card #2
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.65 192.168.1.65 25
192.168.1.65 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.65 192.168.1.65 25
224.0.0.0 240.0.0.0 192.168.1.65 192.168.1.65 25
255.255.255.255 255.255.255.255 192.168.1.65 10003 1
255.255.255.255 255.255.255.255 192.168.1.65 192.168.1.65 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 03 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/13/2012 02:05:35 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (05/11/2012 00:09:19 PM) (Source: Application Error) (User: )
Description: Faulting application msseces.exe, version 4.0.1526.0, faulting module stylerhelper.dll, version 1.3.1.1, fault address 0x00001ba1.
Processing media-specific event for [msseces.exe!ws!]

Error: (05/11/2012 09:13:43 AM) (Source: Application Error) (User: )
Description: Faulting application msseces.exe, version 4.0.1526.0, faulting module stylerhelper.dll, version 1.3.1.1, fault address 0x00001ba1.
Processing media-specific event for [msseces.exe!ws!]

Error: (05/11/2012 00:02:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLY\DESKTOP\NEW bleep\AVIRADNSREPAIREN.EXE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/11/2012 00:02:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLY\DESKTOP\NEW bleep\AVIRADNSREPAIREN.EXE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/11/2012 00:02:43 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLY\DESKTOP\NEW bleep\MINITOOLBOX.EXE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/11/2012 00:02:43 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLY\DESKTOP\NEW bleep\MINITOOLBOX.EXE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/11/2012 00:02:43 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLY\DESKTOP\NEW bleep\FSS.EXE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/11/2012 00:02:43 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLY\DESKTOP\NEW bleep\FSS.EXE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/11/2012 00:02:41 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MICROSOFT GAMES STUDIOS\TOY SOLDIERS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (05/13/2012 02:05:58 AM) (Source: Service Control Manager) (User: )
Description: The VideoAcceleratorService service terminated unexpectedly. It has done this 1 time(s).

Error: (05/13/2012 02:05:39 AM) (Source: Service Control Manager) (User: )
Description: The StarWind AE Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/13/2012 02:05:39 AM) (Source: Service Control Manager) (User: )
Description: The X4HSEx service failed to start due to the following error:
%%3

Error: (05/13/2012 02:05:39 AM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2

Error: (05/13/2012 02:03:32 AM) (Source: Print) (User: SYSTEM)
Description: Printer KodakESP7+0747 failed to initialize because a suitable KODAK ESP 7 AiO driver could not be found.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

360 Advantage 1.3 (Version: 1.3)
5600 (Version: 50.0.206.000)
5600_Help (Version: 50.0.206.000)
5600Trb (Version: 50.0.206.000)
Adobe Acrobat 4.0 (Version: 4.0)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player (Version: 11)
Aeria Ignite (Version: 1.6.989)
AiO_Scan (Version: 50.0.206.000)
aiofw (Version: 3.12.0000.0000)
aioocr (Version: 1.00.0000)
aioscnnr (Version: 3.12.0000.0000)
AiOSoftware (Version: 50.0.206.000)
Akamai NetSession Interface
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 3.0.868.0)
Ancient Wars - Sparta (Version: 1.00.0000)
Any to Icon (Version: 3.50)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Battlelog Web Plugins (Version: 1.102.0)
BattlEye (A2Free) Uninstall
BattlEye for OA Uninstall
BattlEye for RFT Uninstall
Bing Bar (Version: 7.0.850.0)
Bitcoin (Version: 0.6.0)
BitTorrent (Version: 7.2.1)
Black and White
Bonjour (Version: 3.0.0.10)
BT Broadband Desktop Help
BT Email Configuration Tool
BT Yahoo! Applications
BTHomeHub
BufferChm (Version: 53.0.13.000)
C-Media 3D Audio
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0308.2333.42157)
Catalyst Control Center Graphics Previews Common (Version: 2012.0308.2333.42157)
Catalyst Control Center InstallProxy (Version: 2012.0308.2333.42157)
Catalyst Control Center Localization All (Version: 2012.0308.2333.42157)
ccc-utility (Version: 2012.0308.2333.42157)
CCC Help Chinese Standard (Version: 2012.0308.2332.42157)
CCC Help Chinese Traditional (Version: 2012.0308.2332.42157)
CCC Help Czech (Version: 2012.0308.2332.42157)
CCC Help Danish (Version: 2012.0308.2332.42157)
CCC Help Dutch (Version: 2012.0308.2332.42157)
CCC Help English (Version: 2012.0308.2332.42157)
CCC Help Finnish (Version: 2012.0308.2332.42157)
CCC Help French (Version: 2012.0308.2332.42157)
CCC Help German (Version: 2012.0308.2332.42157)
CCC Help Greek (Version: 2012.0308.2332.42157)
CCC Help Hungarian (Version: 2012.0308.2332.42157)
CCC Help Italian (Version: 2012.0308.2332.42157)
CCC Help Japanese (Version: 2012.0308.2332.42157)
CCC Help Korean (Version: 2012.0308.2332.42157)
CCC Help Norwegian (Version: 2012.0308.2332.42157)
CCC Help Polish (Version: 2012.0308.2332.42157)
CCC Help Portuguese (Version: 2012.0308.2332.42157)
CCC Help Russian (Version: 2012.0308.2332.42157)
CCC Help Spanish (Version: 2012.0308.2332.42157)
CCC Help Swedish (Version: 2012.0308.2332.42157)
CCC Help Thai (Version: 2012.0308.2332.42157)
CCC Help Turkish (Version: 2012.0308.2332.42157)
center (Version: 3.12.0000.0000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
Critical Update for Windows Media Player 11 (KB959772)
CursorXP
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 53.0.13.000)
DivX Setup (Version: 2.1.2.2)
DocProc (Version: 5.2.0.0)
DriverAgent by eSupport.com
DVC5.1 Driver
Edimax Wireless LAN (Version: 1.0.1.0)
ESN Sonar (Version: 0.70.4)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 50.0.206.000)
ffdshow [rev 3154] [2009-12-09] (Version: 1.0)
Fix RegCleaner v1.0 (Version: 1.0)
Free Realms
Game Booster 3 (Version: 3.5)
GCFScape 1.8.2
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 18.0.1025.168)
Google Update Helper (Version: 1.3.21.111)
Help_CTR (Version: 3.12.0000.000)
helptut (Version: 2.00.0000.0000)
helpug (Version: 3.01.0000.0000)
HP Image Zone Express (Version: 1.5.1.29)
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3)
HPProductAssistant (Version: 53.0.13.000)
iColorFolder
IconTweaker 1.12 (Version: 1.12)
Internet Explorer Q903235
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8117.416)
K-Lite Codec Pack 7.2.0 (Full) (Version: 7.2.0)
KODAK All-in-One Printer Software
ksdip (Version: 2.00.0000.0000)
Lexmark 730 Series
Macromedia Flash MX 2004 (Version: 7)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 53.0.13.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4734.1000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft Works 7.0 (Version: 07.02.0620)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (en-US))
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML4 Parser (Version: 1.0.0)
MySQL Connector/ODBC 3.51 (Version: 3.51.12)
MythwarII (Version: 1.0.4.35)
Neevia PDFmerge/split v3.4
netbrdg (Version: 7.01.0000.0001)
NewCopy (Version: 50.0.206.000)
Norton Security Scan (Version: 2.7.0.52)
NVIDIA Drivers
NVIDIA PhysX (Version: 9.10.0224)
Opera 11.52 (Version: 11.52.1100)
Origin (Version: 8.3.1.9)
Packard Bell Companion (Version: 1.1.5.1)
Packard Bell InfoCentre
PowerDVD
PowerISO (Version: 4.6)
PricePeep for FireFox (Version: 2.1.19.0)
ProductContext (Version: 50.0.206.000)
Quick Memory Editor 5.5
Quick Web Player
QuickTime (Version: 7.71.80.42)
RAW FILE CONVERTER LE
Readme (Version: 50.0.206.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roblox for billy
Samsung DVC Media 5.1
Scan (Version: 5.2.0.0)
ScannerCopy (Version: 5.2.0.0)
ScanToWeb
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.8 (Version: 5.8.158)
SOE Web Installer (Version: 1.0.3.133)
SolutionCenter (Version: 50.0.152.000)
Sonic RecordNow DX (Version: 4.60)
SpeedBit Video Downloader (Version: 1154(build_479))
Spybot - Search & Destroy 1.4 (Version: 1.4)
Status (Version: 53.0.13.000)
Steam (Version: 1.0.0.0)
Stronghold Legends (Version: 1.00.0000)
Styler (Version: 1.4.0.1)
SUPERAntiSpyware (Version: 4.55.1000)
Sysinternals Toolbox 2010.09.21 (Version: 2010.09.21)
System Requirements Lab CYRI (Version: 4.5.1.0)
Taskbar Shuffle version 2.5 (Version: 2.5)
Terrafirma (Version: 1.6.8)
The Sims Makin' Magic
The Treasures of Montezuma
Toy Soldiers
TrayApp (Version: 53.0.13.000)
Ulead Photo Express 4.0 My Custom Edition
Unload (Version: 5.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Viper 3.0.04 (Version: 3.0.04)
Vista Drive Icon 1.4 (Version: 1.4)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 53.0.13.000)
Whitesmoke Translator (Version: 1.00.1032)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Movie Maker 2.0 (Version: 2.0.0000)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WPlanner (Version: 3.0.0)
Wurm Army Knife (Version: 1.3.2)
Wurm Online 3.0.1a
Wurm Online 3.1.67 [unstable]
Wurm Online 3.11-3564 [test]
ZTE Mobile Connection (Version: 1.0.0.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 2047.23 MB
Available physical RAM: 1177.99 MB
Total Pagefile: 4975.68 MB
Available Pagefile: 4127.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.07 MB

========================= Partitions: =====================================

2 Drive c: (HDD) (Fixed) (Total:70.51 GB) (Free:20.86 GB) NTFS
6 Drive g: () (Removable) (Total:0.06 GB) (Free:0.05 GB) FAT

========================= Users: ========================================

User accounts for \\BILLY-COMPUTER

Administrator ASPNET billy
Guest HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini122811-01.dmp

**** End of log ****


After the start up my anti virus started working when i logged on, that is the only change i have noticed so far..

Billy.

Edited by Billy.Ford, 13 May 2012 - 08:29 AM.


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:34 AM

Posted 13 May 2012 - 12:47 PM

Please download this Microsoft FixIt on a clean computer, transfer it to the desktop of your infected computer, and then run it.

Please restart your computer.

Then download a new version of Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How's your computer running now? Please be as descriptive as possible.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Billy.Ford

Billy.Ford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 13 May 2012 - 01:23 PM

Farbar Service Scanner Version: 11-05-2012
Ran by billy (administrator) on 13-05-2012 at 19:15:33
Running from "C:\Documents and Settings\billy\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2012-05-09 20:36] - [2004-08-17 12:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(12) Avgfwfd(14) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(11) PSched(7) Tcpip(4)
0x1000000005000000010000000200000003000000040000000E0000000F000000100000000600000008000000070000000A000000090000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

No noticeable changes that i have found so far..
Billy.

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:34 AM

Posted 13 May 2012 - 01:44 PM

With the information you have provided I believe you will need help from the malware removal team. It's not that I don't want to continue helping you here, there are tools that may need to be used that aren't allowed in the Am I Infected forum.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Billy.Ford

Billy.Ford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 16 May 2012 - 10:49 AM

I have posted the new and updated post here: http://www.bleepingcomputer.com/forums/topic453850.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users