Do I have the w32 Blaster?

Page 12 of 53 FirstFirst ... 2101112131422 ... LastLast

  1. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #111

    ce Scanner Version: 14-04-2013
    Ran by Binnie (administrator) on 08-05-2013 at 17:52:49
    Running from "C:\Users\Binnie\Downloads"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Attempt to access Yahoo IP returned error. Yahoo IP is offline
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll
    [2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E
    ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log


    Whacha think Cottonball?
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #112

    C:\Users\Binnie\AppData\Local\Temp\11367789291653.exe (Rogue.SecurityShield) -> No action taken.
    C:\Users\Binnie\AppData\Local\Temp\EF0E.tmp (Rogue.SecurityShield) -> No action taken.
    I realize that we're all coming at you from different directions and I apologize for that!
    What I saw earlier, is/was that your "Hosts File" was 'hijacked'.

    After flushing the DNS cache and restoring MS's Hosts File, you *should* be able to run your computer in 'normal' mode (not safe mode with networking).

    When you have finished with cottonBall's instructions, I'd like you to download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
    Save any unsaved work. TFC will close ALL open programs including your browser!
    Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
    Last edited by Jacee; 08 May 2013 at 20:13. Reason: edited instructions
      My Computer


  3. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #113

    Jacee,

    I haven't done your post #95 yet. I did not want to interrupt Cottonball and VistaKings thought processes. Thanks for the help!
      My Computer


  4. Posts : 2,470
    Windows 7 Home Premium
       #114

    Good timing, Jacee, Prescottbob!

    Was just getting ready to post some info on the Hosts file...

    On: restoring MS's Hosts file Post #95 by Jacee

    The malware changes the permissions of the HOSTS file!!
    Might not be able to restore...

    To fix these permissions please download the following batch file:
    http://download.bleepingcomputer.com...hosts-perm.bat
    Save to your Desktop <<---

    Double-click on the hosts-perm.bat file on the Desktop.
    Allow for it to run.
    A small black window opens and quickly closes. This is OK.
    You should now be able to access your HOSTS file.

    Next, go to C:\Windows\System32\Drivers\etc\HOSTS as follows:
    Start > Search programs and files, copy/paste:
    c:\windows\system32\drivers\etc\hosts

    Above, you will see: HOSTS
    Right-click an select: Open file location
    In the next window, right-click on hosts, and select: Delete

    Now, download the following HOSTS file for Windows 7:
    http://download.bleepingcomputer.com...indows-7/hosts
    If the contents of the HOSTS file opens in your browser, right-click the link and select Save Target As...(for Internet Explorer)
    It should download OK in Chrome.

    Save it in the C:\Windows\System32\Drivers\etc folder

    Note: If you added custom entries to the HOSTS file, you need to add them again.
    Last edited by cottonball; 08 May 2013 at 23:50. Reason: typo
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #115

    ...thought processes? hmmmm...
      My Computer


  6. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #116

    Thanks troops. I'll be working on that after my house guests leave tonight. This old cowboy needs solitude to think!!
      My Computer


  7. Posts : 2,470
    Windows 7 Home Premium
       #117

    Prescottbob,

    Whacha think Cottonball?
    Doing good, y'all!! Maybe there is no y'all in Arizona...asi es que estas haciendo muy bien!



    To add to your nightwork...however, do this last.

    Please download the ESET ServicesRepair Utility:
    http://kb.eset-la.com/library/ESET/K...icesRepair.exe
    Save to your Desktop.

    Double-click ServicesRepair.exe to run the utility.
    Follow the prompts to repair services.
    Once the ServicesRepair utility finishes running, click Yes to restart your computer.




    Next, run the Farbar Service Scanner the same as before, and post the new FSS.txt in your reply.
      My Computer


  8. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #118

    The HOSTS file ended up in "my downloads". How do I get it in the Drivers\etc folder?
      My Computer


  9. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #119

    I did notice this in post #111

    ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

    I'm back to watching.
      My Computer


  10. Posts : 270
    Windows 7 home premium 64 bit
    Thread Starter
       #120

    I need answer to Post#118. Also, I went looking for the ESET download site and could not find it or any active alternate site.

    This cowboy has had too many enchiladas and is calling it a night. See y'allmanana.
      My Computer


 
Page 12 of 53 FirstFirst ... 2101112131422 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:15.
Find Us