There are three (3) items that did not accept the fix. I would like to query these.
Download the enclosed folder. [attachment=70489:Query.zip]
Save and extract its contents to the desktop. It is a folder containing a batch file. Once extracted, open the folder and click on the query.bat file.
It should produce a Report.txt. Please post its contents in your next reply.
Ice Cyber Crime Virus
#31
Posted 11 May 2014 - 10:40 AM
#32
Posted 15 May 2014 - 05:05 AM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt
DisplayName REG_SZ @%Systemroot%\system32\wbem\wmisvc.dll,-205
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
Description REG_SZ @%Systemroot%\system32\wbem\wmisvc.dll,-204
ObjectName REG_SZ localSystem
ErrorControl REG_DWORD 0x0
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ RPCSS
ServiceSidType REG_DWORD 0x1
FailureActions REG_BINARY 840300000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters
ServiceDllUnloadOnStop REG_DWORD 0x1
ServiceMain REG_SZ ServiceMain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{3BF043EF-A974-49B3-8322-B853CF1E5EC5}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{68ddbb56-9d1d-4fd9-89c5-c0da2a625392}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{7007ACCF-3202-11D1-AAD2-00805FC1270E}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{7849596a-48ea-486e-8937-a2a3009f31a9}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{A1607060-5D4C-467a-B711-2B59A6F25957}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{DA67B8AD-E81B-4c70-9B91-B417B5E33527}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{EF4D1E1A-1C87-4AA8-8934-E68E4367468D}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{F20487CC-FC04-4B1E-863F-D9801796130B}
AutoStart REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{fbeb8a05-beee-4442-804e-409d6c4515e9}
AutoStart REG_SZ
Volume in drive C is OS
Volume Serial Number is 8649-C61B
Directory of C:\Windows\system32\wbem
11/02/2006 03:15 AM 2,048 WmiApRes.dll
04/11/2009 02:28 AM 90,112 WmiApRpl.dll
04/11/2009 02:28 AM 74,752 WMICOOKR.dll
04/11/2009 02:28 AM 129,024 WmiDcPrv.dll
01/20/2008 10:34 PM 173,568 wmipcima.dll
11/02/2006 05:46 AM 39,936 wmipdfs.dll
01/20/2008 10:34 PM 135,680 wmipdskq.dll
01/20/2008 10:34 PM 91,136 WmiPerfClass.dll
04/11/2009 02:28 AM 47,104 WmiPerfInst.dll
01/20/2008 10:34 PM 80,896 WMIPICMP.dll
01/20/2008 10:33 PM 66,048 WMIPIPRT.dll
01/20/2008 10:33 PM 70,656 WMIPJOBJ.dll
04/11/2009 02:28 AM 152,576 wmiprov.dll
04/11/2009 02:28 AM 499,712 WmiPrvSD.dll
11/02/2006 05:46 AM 43,520 WMIPSESS.dll
04/11/2009 02:28 AM 162,304 WMIsvc.dll
11/02/2006 05:46 AM 43,520 wmitimep.dll
04/11/2009 02:28 AM 83,968 wmiutils.dll
18 File(s) 1,986,560 bytes
0 Dir(s) 182,183,247,872 bytes free
#33
Posted 15 May 2014 - 02:01 PM
Download the enclosed folder. [attachment=70589:regrepair.zip]
Save and extract its contents to the desktop. It is a folder containing a batch file, RunMe.bat . Once extracted, open the folder and click on the RunMe.bat file. Restart the computer.
After the restart, re-run the Farbar Service Scanner and post its report.
#34
Posted 16 May 2014 - 12:49 AM
Farbar Service Scanner Version: 03-05-2014
Ran by Steve (administrator) on 16-05-2014 at 02:48:01
Running from "C:\Users\Steve\Downloads"
Windows Vista Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
Unable to retrieve ServiceDll of winmgmt. The value does not exist.
Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
#35
Posted 16 May 2014 - 10:31 AM
#36
Posted 18 May 2014 - 08:13 PM
Farbar Service Scanner Version: 03-05-2014
Ran by Steve (administrator) on 18-05-2014 at 22:13:16
Running from "C:\Users\Steve\Downloads"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
#37
Posted 19 May 2014 - 09:13 AM
How is the computer doing? Is the Firewall running?
#38
Posted 19 May 2014 - 09:10 PM
Yes, Windows Firewall is now working! Computer seems like it is functioning pretty well....does it look good now to you?
#39
Posted 20 May 2014 - 02:19 PM
Lets cleanup the computer of the tools we used.
Run AdwCleaner and click on uninstall.
- Download Delfix from here
- Ensure Remove disinfection tools is ticked
Also tick:- Create registry backup
- Purge system restore
- Click Run
Here are some suggestions.
- Always keep your JAVA updated. Older versions will make your computer vulnerable.
- Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
Best wishes!
#40
Posted 22 May 2014 - 09:47 PM
Thank you!
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users