Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Do I have the w32 Blaster?

08 May 2013   #111
Prescottbob

Windows 7 home premium 64 bit
 
 

ce Scanner Version: 14-04-2013
Ran by Binnie (administrator) on 08-05-2013 at 17:52:49
Running from "C:\Users\Binnie\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log


Whacha think Cottonball?


My System SpecsSystem Spec
.
08 May 2013   #112
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote:
C:\Users\Binnie\AppData\Local\Temp\11367789291653.exe (Rogue.SecurityShield) -> No action taken.
C:\Users\Binnie\AppData\Local\Temp\EF0E.tmp (Rogue.SecurityShield) -> No action taken.
I realize that we're all coming at you from different directions and I apologize for that!
What I saw earlier, is/was that your "Hosts File" was 'hijacked'.

After flushing the DNS cache and restoring MS's Hosts File, you *should* be able to run your computer in 'normal' mode (not safe mode with networking).

When you have finished with cottonBall's instructions, I'd like you to download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
My System SpecsSystem Spec
08 May 2013   #113
Prescottbob

Windows 7 home premium 64 bit
 
 

Jacee,

I haven't done your post #95 yet. I did not want to interrupt Cottonball and VistaKings thought processes. Thanks for the help!
My System SpecsSystem Spec
.

08 May 2013   #114
cottonball

Windows 7 Home Premium
 
 

Good timing, Jacee, Prescottbob!

Was just getting ready to post some info on the Hosts file...

On: restoring MS's Hosts file Post #95 by Jacee

The malware changes the permissions of the HOSTS file!!
Might not be able to restore...

To fix these permissions please download the following batch file:
http://download.bleepingcomputer.com...hosts-perm.bat
Save to your Desktop <<---

Double-click on the hosts-perm.bat file on the Desktop.
Allow for it to run.
A small black window opens and quickly closes. This is OK.
You should now be able to access your HOSTS file.

Next, go to C:\Windows\System32\Drivers\etc\HOSTS as follows:
Start > Search programs and files, copy/paste:
c:\windows\system32\drivers\etc\hosts

Above, you will see: HOSTS
Right-click an select: Open file location
In the next window, right-click on hosts, and select: Delete

Now, download the following HOSTS file for Windows 7:
http://download.bleepingcomputer.com...indows-7/hosts
If the contents of the HOSTS file opens in your browser, right-click the link and select Save Target As...(for Internet Explorer)
It should download OK in Chrome.

Save it in the C:\Windows\System32\Drivers\etc folder

Note: If you added custom entries to the HOSTS file, you need to add them again.
My System SpecsSystem Spec
08 May 2013   #115
cottonball

Windows 7 Home Premium
 
 

...thought processes? hmmmm...
My System SpecsSystem Spec
08 May 2013   #116
Prescottbob

Windows 7 home premium 64 bit
 
 

Thanks troops. I'll be working on that after my house guests leave tonight. This old cowboy needs solitude to think!!
My System SpecsSystem Spec
08 May 2013   #117
cottonball

Windows 7 Home Premium
 
 

Prescottbob,

Quote:
Whacha think Cottonball?
Doing good, y'all!! Maybe there is no y'all in Arizona...asi es que estas haciendo muy bien!



To add to your nightwork...however, do this last.

Please download the ESET ServicesRepair Utility:
http://kb.eset-la.com/library/ESET/K...icesRepair.exe
Save to your Desktop.

Double-click ServicesRepair.exe to run the utility.
Follow the prompts to repair services.
Once the ServicesRepair utility finishes running, click Yes to restart your computer.




Next, run the Farbar Service Scanner the same as before, and post the new FSS.txt in your reply.
My System SpecsSystem Spec
08 May 2013   #118
Prescottbob

Windows 7 home premium 64 bit
 
 

The HOSTS file ended up in "my downloads". How do I get it in the Drivers\etc folder?
My System SpecsSystem Spec
08 May 2013   #119
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I did notice this in post #111

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

I'm back to watching.
My System SpecsSystem Spec
08 May 2013   #120
Prescottbob

Windows 7 home premium 64 bit
 
 

I need answer to Post#118. Also, I went looking for the ESET download site and could not find it or any active alternate site.

This cowboy has had too many enchiladas and is calling it a night. See y'allmanana.
My System SpecsSystem Spec
Reply

 Do I have the w32 Blaster?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
W32 Blaster Worm
Hello, My computer has caught this worm and is driving me crazy, it starts with the spyware protection software which tells me I have many viruses. Im aware its a scam but i cant seem to resolve the problem in safe mode using spybot & uniblue registry cleaner. Please could someone help me,...
System Security
blaster.worm help
my laptop wont do anything. I keep getting a message saying blocked by w32/blaster.worm. Can you please pretty please help me
System Security
Facebook blaster pro
Hi,recently i have remove facebook blaster pro.but when i start my pc a pop up of it show up.it run firefox from himself.Plz help me?
Software
worm blaster
my husbands computer got the worm blaster. the computer was working fine in the am.and i had only searched walmart .com. at noon when he turned it on it said it was infected and wouldnt let us go to anything. i am running avg(updated) and mcfee on it. now all of his desktop icons are gone and i...
System Security
Sound Blaster
My sound chip on my motherboard seem to have gone kaput, got a Creative Sound Blaster Audigy SE. Apparently it don't work with Win7, yet its all right on my Vista partition. Trying to find a driver that will make it compatible with 7. Anyone had that problem.
Sound & Audio


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:46.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App