Malware or Rootkit infection?

E

edlovereze

New member
Local time
8:08 AM
Messages
12
I originally had a thread in BSOD but was told to come here now after getting rid of BSOD's (http://www.sevenforums.com/bsod-hel...-pop-ups-galore-ntoskrnl-exe.html#post2367597)

Here are rouge killer and TDSS Logs

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Newter [Admin rights]
Mode : Scan -- Date : 04/17/2013 12:18:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965 (cmd.exe /C start /D "C:\Users\Newter\AppData\Local\Temp" /B A971AC2C-0EEA-49C3-8AFA-CC14DAAFD965.exe -postboot) [x] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3180214080-296850399-2681992799-1001[...]\Policies\Explorer\Run : Crytek (C:\Users\Newter\AppData\Roaming\394C2D\394C2D.exe) [-] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3180214080-296850399-2681992799-1001\$16bf028f4c93807f5920e97af6c1d064\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31500541AS +++++
--- User ---
[MBR] 4c5631f4dcf5b3b5fefeb4ae58126048
[BSP] 7d7b4abc37269dce17ea12654ca91c84 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04172013_02d1218.txt >>
RKreport[1]_S_04172013_02d1218.txt
 

Attachments

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64bit
CPU
i5 3570k
Motherboard
z77 Pro 3
Memory
2x 4gb Kingston Blue ram
Graphics Card(s)
Powercolor Radeon 7850
Screen Resolution
1920x1080
edlovereze,

The report provided above appears to be run prior to the TDSSKiller reports.

Let's have a fresh report...

Please run RogueKiller once again:

Close all windows and browsers.
Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.


In your initial post you mentioned:
...i also get pop ups on the internet randomly...when I click links i get sent to completely different websites...
Click to expand...

What browser do you use? IE, Chrome. Firefox...
There may be some settings changed that we will have to check.

 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Newter [Admin rights]
Mode : Scan -- Date : 04/17/2013 23:18:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31500541AS +++++
--- User ---
[MBR] 4c5631f4dcf5b3b5fefeb4ae58126048
[BSP] 7d7b4abc37269dce17ea12654ca91c84 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_04172013_02d2318.txt >>
RKreport[1]_S_04172013_02d1218.txt ; RKreport[2]_D_04172013_02d1225.txt ; RKreport[3]_S_04172013_02d2318.txt




Also, I use Chrome. When I ran TDSS it found a malware and its default action was to clean it so I let it do that. I have yet to see a pop up anymore...
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64bit
CPU
i5 3570k
Motherboard
z77 Pro 3
Memory
2x 4gb Kingston Blue ram
Graphics Card(s)
Powercolor Radeon 7850
Screen Resolution
1920x1080
The RogueKiller report looks fine.

I'm about to sign off for tonight, but will check with you sometime tomorrow.
Going to check some of the Chrome settings, and see if there is anything we need to do there.

Just want to make sure you do not get another 'bout' of this malware.

In the meantime, go ahead with Downloading MiniToolBox
Save it to the Desktop and run it.


At he program console, please check the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
Click Go

When the tool is done, please post the Result.txt in your reply.
A copy of the report is saved in the same folder from which the tool is run.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
MiniToolBox by Farbar Version:05-03-2013
Ran by Newter (administrator) on 18-04-2013 at 09:15:25
Running from "C:\Users\Newter\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection 2 (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.242.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.150.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Upstairs
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : insight.rr.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : insight.rr.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : BC-5F-F4-57-31-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 17, 2013 12:27:02 PM
Lease Expires . . . . . . . . . . : Friday, April 19, 2013 12:27:02 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.insight.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : insight.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1c08:3b1a:bee7:2b8a(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c08:3b1a:bee7:2b8a%22(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4009:805::1007
74.125.225.132
74.125.225.133
74.125.225.134
74.125.225.135
74.125.225.136
74.125.225.137
74.125.225.142
74.125.225.128
74.125.225.129
74.125.225.130
74.125.225.131


Pinging google.com [173.194.46.78] with 32 bytes of data:
Reply from 173.194.46.78: bytes=32 time=21ms TTL=54
Reply from 173.194.46.78: bytes=32 time=21ms TTL=54

Ping statistics for 173.194.46.78:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 21ms, Average = 21ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24
206.190.36.45
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=463ms TTL=49
Reply from 98.139.183.24: bytes=32 time=708ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 463ms, Maximum = 708ms, Average = 585ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
19...bc 5f f4 57 31 31 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
22 58 ::/0 On-link
1 306 ::1/128 On-link
22 58 2001::/32 On-link
22 306 2001:0:5ef5:79fd:1c08:3b1a:bee7:2b8a/128
On-link
22 306 fe80::/64 On-link
22 306 fe80::1c08:3b1a:bee7:2b8a/128
On-link
1 306 ff00::/8 On-link
22 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.)
Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.)
x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.)

**** End of log ****
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64bit
CPU
i5 3570k
Motherboard
z77 Pro 3
Memory
2x 4gb Kingston Blue ram
Graphics Card(s)
Powercolor Radeon 7850
Screen Resolution
1920x1080
Just a double post because I couldn't type much more. What AntiVirus do you suggest using? I seem to always run into problems when I have them on here... Like when I had Avast my computer started messing up but once I got rid of that and changed to something different it ran fine. Thanks again for all the help!
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64bit
CPU
i5 3570k
Motherboard
z77 Pro 3
Memory
2x 4gb Kingston Blue ram
Graphics Card(s)
Powercolor Radeon 7850
Screen Resolution
1920x1080
Do you have any AV program installed now?

If not, have you tried Microsoft Security Essentials:
Download Microsoft Security Essentials from Official Microsoft Download Center


Lets press on...

First of all, please create a Restore Point:
http://www.sevenforums.com/tutorials/697-system-restore-point-create.html

Now, please download Complete Internet Repair:
Datumza.com Downloads | Datumza.com
Select the one applicable to your system: 64-bit

Right-click the downloaded file, and select: Extract to CIntRep-XXXXXXX\ (X= number)
Double-click the CIntRep folder on your Desktop
Double-click the next folder, and, inside it, double-click the CIntRep application.

At the program console, place a check on the following entries:
◦Reset Internet Protocol (TCP/IP)
◦Repair Winsock (Reset Catalog)
◦Renew Internet Connections

Click: Go!
Ignore any error messages, if any

When done, click: File > Logging > Open [ClntRep.log], and post the info in your reply. <<---
Click OK to reboot the computer.


Chrome uses the Windows system DNS settings and not anything specific to itself, and its network connectivity preferences also make use of the system preferences. MiniToolBox successfully flushed the DNS Resolver Cache.

Do check Chrome extensions, though.
Click the Chrome Menu button (top right, button with three small horizontal lines)
Select: Tools
Click on: Extensions
In the Extensions tab, remove any extension that look suspicious.

Next, if you need to set Google Chrome as the default search engine...
Click the Chrome Menu button once again, select Settings, and click on: Manage search engines
In the Search Engines, select Google and click: Make Default
Also look for any suspicious Search Engines on the list, and click: X (at the end of the row)

If you also need to, change the Google Chrome homepage to its default:
Set your homepage - Google Chrome Help
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Thanks for the help again! I will use Microsoft Security Essentials.... The report is too long so I attached it. Hope thats cool!
 

Attachments

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64bit
CPU
i5 3570k
Motherboard
z77 Pro 3
Memory
2x 4gb Kingston Blue ram
Graphics Card(s)
Powercolor Radeon 7850
Screen Resolution
1920x1080
My apology for the delay. :o

The report attached above is the same MiniToolBox run on 18-04-2013 at 09:15:25

See if you can find the ClntRep.log produced by the Complete Internet Repair program.

If not available, please run MiniTool Box once again.

This time, at the program console, place a check next to the following entries:
◦List Winsock Entries
◦List Installed Programs

Click Go

When the tool is done, either post or attach the new MiniToolBox Result.txt in your reply.

Thanks!
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
My bad. Im dumb haha here you go
 

Attachments

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64bit
CPU
i5 3570k
Motherboard
z77 Pro 3
Memory
2x 4gb Kingston Blue ram
Graphics Card(s)
Powercolor Radeon 7850
Screen Resolution
1920x1080
It's OK...it is called a 'senior moment' in my case!!:D


Just to make sure, restart the computer, and then please run MiniTooBox using the options in Post #9.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
MiniToolBox by Farbar Version:05-03-2013
Ran by Newter (administrator) on 19-04-2013 at 22:37:13
Running from "C:\Users\Newter\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection 2 (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Upstairs
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : insight.rr.com

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : insight.rr.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : BC-5F-F4-57-31-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, April 19, 2013 10:27:25 PM
Lease Expires . . . . . . . . . . : Saturday, April 20, 2013 10:27:25 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.insight.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : insight.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:8e2:10e6:bee7:2b8a(Preferred)
Link-local IPv6 Address . . . . . : fe80::8e2:10e6:bee7:2b8a%22(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2001:4860:400a:800::1008
74.125.225.65
74.125.225.66
74.125.225.67
74.125.225.68
74.125.225.69
74.125.225.70
74.125.225.71
74.125.225.72
74.125.225.73
74.125.225.78
74.125.225.64


Pinging google.com [173.194.46.35] with 32 bytes of data:
Reply from 173.194.46.35: bytes=32 time=32ms TTL=54
Reply from 173.194.46.35: bytes=32 time=31ms TTL=54

Ping statistics for 173.194.46.35:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 32ms, Average = 31ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=88ms TTL=49
Reply from 98.139.183.24: bytes=32 time=69ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 69ms, Maximum = 88ms, Average = 78ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
19...bc 5f f4 57 31 31 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
22 58 ::/0 On-link
1 306 ::1/128 On-link
22 58 2001::/32 On-link
22 306 2001:0:9d38:6ab8:8e2:10e6:bee7:2b8a/128
On-link
22 306 fe80::/64 On-link
22 306 fe80::8e2:10e6:bee7:2b8a/128
On-link
1 306 ff00::/8 On-link
22 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64bit
CPU
i5 3570k
Motherboard
z77 Pro 3
Memory
2x 4gb Kingston Blue ram
Graphics Card(s)
Powercolor Radeon 7850
Screen Resolution
1920x1080
Don't quite understand these reports...

Q 1. For the Complete Internet Repair, where these the entries you checked:
◦Reset Internet Protocol (TCP/IP)
◦Repair Winsock (Reset Catalog)
◦Renew Internet Connections
Q 2. Did you reboot the computer as the program requested?

Q 3. For the last run of MiniToolBox, did you just check the following:
◦List Winsock Entries
◦List Installed Programs
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
This time I just did winsock and installed. I didn't see you write that... Its probably in one of your posts but I didn't see it and this should be the right log for CIntRep
 

Attachments

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 7 Home Premium 64bit
CPU
i5 3570k
Motherboard
z77 Pro 3
Memory
2x 4gb Kingston Blue ram
Graphics Card(s)
Powercolor Radeon 7850
Screen Resolution
1920x1080
After using Complete Internet Repair with the following checked:
◦Reset Internet Protocol (TCP/IP)
◦Repair Winsock (Reset Catalog)
◦Renew Internet Connections

Did the computer reboot? <<---

At this point are you having any problems? <<---



Also, do the following...

Please download Farbar Service Scanner


Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply. <<---
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
You must log in or register to reply here.

Similar threads

D
LOTS OF BSODS Lately out of nowhere While Playing Fifa21
Replies
6
Views
3K
Megahertz07
Megahertz07
Stingwasted
Solved The Windows 7 Pro product key you typed is invalid for activation
Replies
8
Views
12K
Stingwasted
Stingwasted
D
Malwarebytes found a PUP in $Recycle.Bin
Replies
13
Views
6K
Layback Bear
Layback Bear
J
Solved Malware detected, clean now but comp still running poorly.
2
Replies
33
Views
7K
cottonball
cottonball
R
PC unauthorized access via remote login. Keylogger deteced.
Replies
2
Views
4K
Ramacher
R
Back
Top