Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista is falling apart


  • Please log in to reply
16 replies to this topic

#1 sb07

sb07

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 22 May 2012 - 07:49 PM

I suspect that I might be infected even though AVG, Malwarebytes, and Microsoft Security Essentials are telling me otherwise. Vista is falling apart on me and everything that I do to try to resolve the problem seems to be blocked by something.

I had a bad virus infection about 6 months ago. I think that I managed to successfully remove it with the help of several anti-virus programs. But recently my system has been acting strangely again:

1. The Windows firewall is disabled and I cannot start the service.

2. I lost all ability to print, and I cannot add a printer, not even print to pdf.

3. I can connect to the internet, but there is a dns problem or something. No browser can locate a url, and I cannot ping to a url though I can ping to a numerical ip address. I posted about this problem under the Windows Vista forum.

4. Sometimes when I run a virus scan, the computer will suddenly turn itself off ... just like the power has been cut.

The latest weirdness started today. I found a link on this site to Vista registry keys to help resolve the firewall problem. I ran the Farbar Services Scanner and found out which keys were missing. All went well and I added those keys. I couldn't start the firewall, but I didn't get the ugly error message that I got earlier ("Windows cannot display the Windows firewall settings due to an unknown error"). So I thought that I was making progress. I ran the Farbar Services Scanner again, and found out that some legacy keys were missing. However, now my registry appears to be locked even though I am running all this in administrator mode. Sometime later when I went to restart the system the problem of the computer turning itself off began again. It's like whenever I get close to success, something is countering my every move.

At this point, I am going crazy. I cannot re-install Vista because I cannot do all the updates (I'm on dial-up), and honestly I don't know were I put the original disks because I have moved several times since I bought this computer. So I am left with trying to repair the system.

Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:51 AM

Posted 22 May 2012 - 09:35 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 22 May 2012 - 10:56 PM

Thanks so much for the reply. This is going to come in pieces. First, here are the results Mini Toolbox:


MiniToolBox by Farbar Version: 18-01-2012
Ran by admin (administrator) on 22-05-2012 at 23:09:35
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : jeo-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter Localnet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Localnet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 4.252.98.56(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-0F-E6-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-45-8D-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: node4.173.136.64.1dial.com
Address: 64.136.173.4

Name: google.com
Addresses: 74.125.131.101
74.125.131.100
74.125.131.102
74.125.131.138
74.125.131.113
74.125.131.139

Ping request could not find host google.com. Please check the name and try again.

Server: node4.173.136.64.1dial.com
Address: 64.136.173.4

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140

Ping request could not find host yahoo.com. Please check the name and try again.

Server: node4.173.136.64.1dial.com
Address: 64.136.173.4

Name: bleepingcomputer.com
Address: 208.43.87.2

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
26 ........................... Localnet
11 ...00 21 63 0f e6 60 ...... Atheros AR5007EG Wireless Network Adapter
10 ...00 1e 33 45 8d 6c ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 On-link 4.252.98.56 51
4.252.98.56 255.255.255.255 On-link 4.252.98.56 306
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 4.252.98.56 51
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 4.252.98.56 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/22/2012 11:01:05 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (05/22/2012 11:00:00 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (05/22/2012 10:57:20 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (05/22/2012 10:57:20 PM) (Source: Application Error) (User: )
Description: Faulting application pinger.exe, version 0.0.0.0, time stamp 0x45b94da2, faulting module pinger.exe, version 0.0.0.0, time stamp 0x45b94da2, exception code 0xc0000005, fault offset 0x000170cd,
process id 0x214, application start time 0xpinger.exe0.

Error: (05/22/2012 10:16:10 PM) (Source: Application Error) (User: )
Description: Faulting application pinger.exe, version 0.0.0.0, time stamp 0x45b94da2, faulting module pinger.exe, version 0.0.0.0, time stamp 0x45b94da2, exception code 0xc0000005, fault offset 0x000170cd,
process id 0xb80, application start time 0xpinger.exe0.

Error: (05/22/2012 10:13:25 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (05/22/2012 10:10:46 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (05/22/2012 10:08:22 PM) (Source: Application Error) (User: )
Description: Faulting application pinger.exe, version 0.0.0.0, time stamp 0x45b94da2, faulting module pinger.exe, version 0.0.0.0, time stamp 0x45b94da2, exception code 0xc0000005, fault offset 0x000170cd,
process id 0x894, application start time 0xpinger.exe0.

Error: (05/22/2012 10:08:12 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (05/22/2012 10:03:45 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (05/22/2012 11:07:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1760.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/22/2012 11:07:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1760.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/22/2012 11:07:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1760.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/22/2012 11:07:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1760.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/22/2012 11:07:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1760.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/22/2012 11:07:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1760.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/22/2012 11:07:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1760.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/22/2012 11:07:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1760.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/22/2012 11:07:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1760.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/22/2012 11:01:05 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler3


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
1400 (Version: 82.0.242.000)
1400_Help (Version: 82.0.242.000)
1400Trb (Version: 82.0.242.000)
2007 Microsoft Office system (Version: 12.0.6425.1000)
32 Bit HP CIO Components Installer (Version: 1.0.0)
7-Zip 9.20
A Ruler for Windows (Version: 1.4)
AbiWord 2.6.4 (Version: 2.6.4)
AbiWord Importer/Exporter Plugins
AbiWord Tools Plugins
Ad-Aware (Version: 7.1.0.7)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 10 Plugin (Version: 10.1.53.64)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Reader 8.3.1 (Version: 8.3.1)
Advanced SystemCare 5 (Version: 5.2.0)
AIO_CDB_ProductContext (Version: 82.0.242.000)
AIO_CDB_Software (Version: 82.0.242.000)
AIO_Scan (Version: 82.0.173.000)
Alarm Clock v1.0
AlterGeo Magic Scanner (Version: 2.8.8.615)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.1.116)
Atheros Driver Installation Program (Version: 5.2)
Atheros Wi-Fi Protected Setup Library
AviSynth 2.5
Bandwidth Monitor
BlackBerry Desktop Software 4.5 (Version: 4.5.0.15)
Bonjour (Version: 2.0.2.0)
BufferChm (Version: 82.0.173.000)
BurnAware Free 4.4
BurnOn CD&DVD, Version 3.1.0 ( Build 2007-4-2, Win32, )
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0422.2139.36895)
Catalyst Control Center Graphics Full Existing (Version: 2008.0422.2139.36895)
Catalyst Control Center Graphics Full New (Version: 2008.0422.2139.36895)
Catalyst Control Center Graphics Light (Version: 2008.0422.2139.36895)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Czech (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Danish (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Dutch (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Finnish (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization French (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization German (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Greek (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Hungarian (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Italian (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Japanese (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Korean (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Norwegian (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Polish (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Portuguese (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Russian (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Spanish (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Swedish (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Thai (Version: 2008.0422.2139.36895)
Catalyst Control Center Localization Turkish (Version: 2008.0422.2139.36895)
ccc-core-static (Version: 2008.0422.2139.36895)
ccc-utility (Version: 2008.0422.2139.36895)
CCC Help Chinese Standard (Version: 2008.0422.2138.36895)
CCC Help Chinese Traditional (Version: 2008.0422.2138.36895)
CCC Help Czech (Version: 2008.0422.2138.36895)
CCC Help Danish (Version: 2008.0422.2138.36895)
CCC Help Dutch (Version: 2008.0422.2138.36895)
CCC Help English (Version: 2008.0422.2138.36895)
CCC Help Finnish (Version: 2008.0422.2138.36895)
CCC Help French (Version: 2008.0422.2138.36895)
CCC Help German (Version: 2008.0422.2138.36895)
CCC Help Greek (Version: 2008.0422.2138.36895)
CCC Help Hungarian (Version: 2008.0422.2138.36895)
CCC Help Italian (Version: 2008.0422.2138.36895)
CCC Help Japanese (Version: 2008.0422.2138.36895)
CCC Help Korean (Version: 2008.0422.2138.36895)
CCC Help Norwegian (Version: 2008.0422.2138.36895)
CCC Help Polish (Version: 2008.0422.2138.36895)
CCC Help Portuguese (Version: 2008.0422.2138.36895)
CCC Help Russian (Version: 2008.0422.2138.36895)
CCC Help Spanish (Version: 2008.0422.2138.36895)
CCC Help Swedish (Version: 2008.0422.2138.36895)
CCC Help Thai (Version: 2008.0422.2138.36895)
CCC Help Turkish (Version: 2008.0422.2138.36895)
CCleaner (Version: 3.10)
CD/DVD Drive Acoustic Silencer (Version: 2.02.03)
Chrysanth Diary [Free] (Version: 3.8)
CleanMem (Version: v2.1.1)
Copy (Version: 82.0.188.000)
CopyTrans Suite Remove Only
CustomerResearchQFolder (Version: 1.00.0000)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
DiskAid 4.1 (Version: 4.1)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
Docudesk GPL Ghostscript 8.15
Dragon Internet
DriveRestore Professional 3.1.2
EASEUS Partition Master 9.1.0 Home Edition
eSupportQFolder (Version: 1.00.0000)
FastStone Photo Resizer 2.8 (Version: 2.8)
Fax (Version: 82.0.188.000)
ffdshow [rev 2583] [2009-01-05] (Version: 1.0)
Free Notes 3.02 (Version: 3.2.1.627)
Free Picture Resize Starter 4.5 (Version: 5.5.18)
GearDrvs (Version: 1.00.0000)
Google Chrome (Version: 15.0.874.120)
Google Earth (Version: 4.3.7284.3916)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.79)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Driver Diagnostics (Version: 1.03.0003)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 4.000.005.006)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
iTunes (Version: 9.2.0.61)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 6 (Version: 1.6.0.60)
Java™ 6 Update 7 (Version: 1.6.0.70)
Kaspersky Anti-Virus 2011 (Version: 11.0.2.556)
KeepNote 0.7.1
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 82.0.174.000)
Memeo AutoBackup (Version: 3.00.3251)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.7)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MiniTool Partition Wizard Home Edition 6.0
MIT MathML Fonts 1.0 (Version: 1.0.0)
Mobile Broadband Generic Drivers (Version: 2.03.09.005.14)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NETEagle (Version: 5.50)
Netwaiting (Version: 2.5.59)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.0 (Version: 3.0.9358)
Opera 11.64 (Version: 11.64.1403)
OptiNet (remove only)
Pamela Basic 4.6 (Version: 4.6)
PDF reDirect (remove only) (Version: v2.2.5)
Philips PC Camera (Version: 1.0.4.1)
Picasa 3 (Version: 3.6)
QuickBooks Financial Center (Version: 1.00.0000)
QuickTime (Version: 7.66.73.0)
Rampant Logic Postscript Viewer 1.1
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5599)
Realtek USB 2.0 Card Reader (Version: )
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Media Manager (Version: 9.4.023)
Safari (Version: 5.33.16.0)
Scan (Version: 8.1.0.0)
Skins (Version: 2008.0422.2139.36895)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
Smart DVD Creator (Version: 2.6.2.3)
SolutionCenter (Version: 82.0.188.000)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 82.0.173.000)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
Toolbox (Version: 82.0.173.000)
TOSHIBA Application Disc Creator (Version: 2.0.0.1b)
TOSHIBA Assist (Version: 2.01.05)
TOSHIBA ConfigFree (Version: 7.2.15)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA DVD PLAYER (Version: 1.30.12)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Games (Version: 1.0.0.50)
TOSHIBA Hardware Setup (Version: 2.00.08)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Software Upgrades (Version: 4.3)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.04)
TOSHIBA Value Added Package (Version: 1.1.19)
TrayApp (Version: 82.0.188.000)
TreePad Lite 4.3
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
USB Modem (Version: 2.0.15.50)
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Verizon Wireless USB760 Firmware Updates (Version: 1.0.3)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VZAccess Manager (Version: 7.3.5.1)
WebReg (Version: 82.0.173.000)
WinDjView 1.0.3 (Version: 1.0.3)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WinImage
WinRAR archiver
Yahoo! Messenger

========================= Devices: ================================

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 2813.1 MB
Available physical RAM: 1848.47 MB
Total Pagefile: 5838.67 MB
Available Pagefile: 4896.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.73 MB

========================= Partitions: =====================================

1 Drive c: (SQ004720V05) (Fixed) (Total:147.58 GB) (Free:72.47 GB) NTFS
2 Drive d: () (Removable) (Total:3.52 GB) (Free:2.32 GB) FAT32

========================= Users: ========================================

User accounts for \\JEO-PC

admin Administrator Guest
jeo


**** End of log ****

Edited by sb07, 22 May 2012 - 11:16 PM.


#4 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 22 May 2012 - 10:59 PM

Here are the results from Security Check:


Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Kaspersky Anti-Virus 2011
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Spybot - Search & Destroy
CCleaner
Java™ 6 Update 24
Java™ 6 Update 4
Java™ 6 Update 6
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.1.53.64) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

#5 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 22 May 2012 - 11:01 PM

Here are the results from MalwareBytes:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
admin :: JEO-PC [administrator]

Protection: Enabled

5/22/2012 11:23:07 PM
mbam-log-2012-05-22 (23-23-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291651
Time elapsed: 16 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 22 May 2012 - 11:02 PM

Here are the results from MalwareBytes:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
admin :: JEO-PC [administrator]

Protection: Enabled

5/22/2012 11:23:07 PM
mbam-log-2012-05-22 (23-23-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291651
Time elapsed: 16 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 22 May 2012 - 11:05 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 23:42:27
-----------------------------
23:42:27.183 OS Version: Windows 6.0.6002 Service Pack 2
23:42:27.183 Number of processors: 2 586 0x301
23:42:27.188 ComputerName: JEO-PC UserName: admin
23:42:31.367 Initialize success
23:42:55.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:42:55.319 Disk 0 Vendor: TOSHIBA_MK1652GSX LV010M Size: 152627MB BusType: 3
23:42:55.333 Disk 0 MBR read successfully
23:42:55.338 Disk 0 MBR scan
23:42:55.343 Disk 0 Windows VISTA default MBR code
23:42:55.358 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:42:55.377 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151125 MB offset 3074048
23:42:55.386 Disk 0 scanning sectors +312579760
23:42:55.460 Disk 0 scanning C:\Windows\system32\drivers
23:43:07.630 Service scanning
23:43:21.621 Service MpKsle679543d c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B5D8087-BA63-4A2F-A7CC-0C8FF7404B6E}\MpKsle679543d.sys **LOCKED** 32
23:43:38.149 Modules scanning
23:43:49.042 Disk 0 trace - called modules:
23:43:49.086 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
23:43:49.097 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x878afac8]
23:43:49.108 3 CLASSPNP.SYS[8c16e8b3] -> nt!IofCallDriver -> [0x87828230]
23:43:49.118 5 acpi.sys[83e136bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x87860b98]
23:43:49.130 Scan finished successfully
23:44:23.891 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
23:44:23.925 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
23:45:57.335 Disk 0 MBR has been saved successfully to "D:\Win32\bleeping\MBR.dat"
23:45:57.366 The log file has been saved successfully to "D:\Win32\bleeping\aswMBR.txt"

I still have to run FSS, and I will post those results in my next post.

#8 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 23 May 2012 - 12:29 AM

Here is the result of the FSS scan:

Farbar Service Scanner Version: 17-05-2012
Ran by admin (administrator) on 23-05-2012 at 01:20:27
Running from "D:\Win32\Monday521\B"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
WAN connected
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 02:45] - [2012-03-30 08:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#9 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 23 May 2012 - 10:51 AM

I made a little progress last night. I was able to add those registy keys for Vista. It finally allowed me to change the permissions on the registry. OK, so here is what happened: I got back the windows security center (not sure what it is called) which showed me that the firewall was turned off and Windows Defender was disabled. I managed to enable Windows Defender, but I could not update it because I'm still disconnected from the internet.

The firewall would not start. I tried to start it from services and it returned Error 5. FSS no longer shows any missing registry keys. I am also having a problem with the print spooling service. I can start it from services, but it doesn't stay running.

I am a little perplexed that Mini Toolbox shows that I still have Kaspersky Anti-virus installed. I thought I had uninstalled that back in January. I can't understand why it is showing up. I also found it in the control panel under Programs and tried to uninstall it, but I couldn't.

Edited by sb07, 23 May 2012 - 11:11 AM.


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:51 AM

Posted 23 May 2012 - 06:14 PM

Don't worry about Kaspersky for now. Most likely just some registry leftovers.

I can see issue with your internet connection, but before I advice anything I'd like to see new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 23 May 2012 - 07:42 PM

Here is the latest FSS scan:

Farbar Service Scanner Version: 17-05-2012
Ran by jeo (administrator) on 23-05-2012 at 20:33:49
Running from "D:\Win32\Monday521\B"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
WAN connected
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 02:45] - [2012-03-30 08:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#12 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 23 May 2012 - 07:47 PM

I downloaded a removal tool from Kaspersky so I should be completely free of Kaspersky. Removing it made no difference to either the firewall problem or the internet connection problem.

I got a new error when I just tried to start the firewall - something about it cannot start because an associated service is not running. It wasn't more specific than that.

Thanks for your help. I really appreciate it.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:51 AM

Posted 23 May 2012 - 08:00 PM

OK, your internet connection is not working because of this:

Localhost is blocked.


Let's see if we can fix it.

Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
Post new FSS log.

Then Windows firewall....
Please post exact error message you're getting when you try to start it manually.

Also....

Check windows firewall authorization driver...

Go Start>Control Panel>Device Manager.
Click on "View" tab and click on "Show hidden devices".
"Non-Plug and Play Drivers" section will expand.
Right click on "Windows Firewall Authorization Driver", click "Properties".
Set "Startup type" to "Demand" and press "Start" button.
Click OK button.

Exit Device Manager and see if you can start Windows firewall now.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 sb07

sb07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 23 May 2012 - 09:31 PM

I went into the device manager and located the Windows Firewall Authorization Driver and right clicked on it. It was all ready set to "demand" and already running. I stopped it and restarted it, but it didn't make any difference. The error I get when I try to manually start the Windows Firewall is:

"Windows could not start the Windows Firewall on local computer. For more information review the system event log. Error Code 5."

Also, I tried to start the Windows Firewall/Internet Connection Sharing Service. The message I got was:

"The Windows Firewall/Internet Connection Sharing Service started and then stopped. Some services stop automatically if they are not in use by other services or programs."

The netsh int ip reset reset.log and netsh winsock reset catalog didn't seem to make a difference. Here is the latest FSS log:

Farbar Service Scanner Version: 17-05-2012
Ran by jeo (administrator) on 23-05-2012 at 22:12:23
Running from "D:\Win32\Monday521\B"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
WAN connected
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 02:45] - [2012-03-30 08:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:51 AM

Posted 23 May 2012 - 09:36 PM

It looks like more advanced checks will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users