Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

To many problems for me to solve


  • This topic is locked This topic is locked
43 replies to this topic

#31 Jbradthomas

Jbradthomas
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 30 November 2011 - 10:45 PM

Errors;

Windows Logon Users Interface Host Stopped Working.
Windows Explorer Stopped Working.
Consent UI for Administrative Applications Stopped Working.

C:\Users|Brad|Desktop|ComboFix.exe
The extended attributes are inconsistent.
Get this message with every program. exe. only work in safe mode.

BC AdBot (Login to Remove)

 


#32 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 PM

Posted 04 December 2011 - 11:18 PM

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

  • Right click and run as admin (xp please double click to run)
  • select lang
  • accept the license aggreement
  • click on settings (gear looking thing on the right)
  • put check mark in
    • system memory
      hidden objects
      disk boot sectors
      computer
      os
  • go back to automatic scan
  • click on start scan
  • For this scan select skip for anything found
  • when the scan is complete click on the report button (looks like a peace of paper on the right of the gear looking thing)
  • on the left you will see
    status
    Detected threats<-- click on this one
    automatic Scan report
    Manual disinfection report
  • click on the save button
    save to a location that you can find it ( default is in the document folder)
  • copy and paste this report in your next post

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#33 Jbradthomas

Jbradthomas
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 05 December 2011 - 10:31 PM

No found infections - no report

#34 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 PM

Posted 06 December 2011 - 03:23 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#35 Jbradthomas

Jbradthomas
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 06 December 2011 - 04:09 PM

Gringo,

I will be out of town till Friday. Will run these test when I get back.

Thank you,
Brad

#36 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 PM

Posted 06 December 2011 - 09:12 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#37 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 PM

Posted 10 December 2011 - 01:06 PM

hello Brad


how are things going?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#38 Jbradthomas

Jbradthomas
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 10 December 2011 - 10:37 PM

Gringo,

Been busy.

FixTDSS-No infections found.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-10 19:37:22
-----------------------------
19:37:22.209 OS Version: Windows x64 6.0.6002 Service Pack 2
19:37:22.209 Number of processors: 2 586 0xF0D
19:37:22.224 ComputerName: ARC61MNBHJ UserName: Owner
19:37:23.160 Initialize success
19:56:18.170 AVAST engine defs: 11121001
19:57:34.438 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:57:34.438 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
19:57:34.454 Disk 0 MBR read successfully
19:57:34.454 Disk 0 MBR scan
19:57:34.469 Disk 0 Windows VISTA default MBR code
19:57:34.469 Service scanning
19:57:36.544 Modules scanning
19:57:36.544 Disk 0 trace - called modules:
19:57:36.575 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:57:36.591 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d35680]
19:57:36.591 3 CLASSPNP.SYS[fffffa6000fd0c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004b51050]
19:57:37.277 AVAST engine scan C:\Windows
19:57:41.130 AVAST engine scan C:\Windows\system32
19:59:33.310 AVAST engine scan C:\Windows\system32\drivers
19:59:45.525 AVAST engine scan C:\Users\Owner
20:02:41.992 AVAST engine scan C:\ProgramData
20:07:01.155 Scan finished successfully
20:08:56.298 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
20:08:56.330 The log file has been saved successfully to "E:\aswMBR.txt"

#39 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 PM

Posted 14 December 2011 - 01:33 AM

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#40 Jbradthomas

Jbradthomas
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 15 December 2011 - 08:30 AM

exeHelper by Raktor
Build 20100414
Run at 16:58:01 on 12/14/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

#41 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 PM

Posted 17 December 2011 - 09:28 PM

Hello

you didn't say if it helped


I want you to run this - http://support.microsoft.com/kb/929833

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#42 Jbradthomas

Jbradthomas
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 18 December 2011 - 11:42 AM

Sorry Gringo,

No exehelper didn't help.
Will post CBS.log. Seems to be some corrupt files.

Brad

#43 Jbradthomas

Jbradthomas
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 18 December 2011 - 11:49 AM

Think this is the important part of log. To large to post or attach.


POQ 127 ends.
2011-12-18 10:14:44, Info CSI 00000303 [SR] Verify complete
2011-12-18 10:14:44, Info CSI 00000304 [SR] Repairing 2 components
2011-12-18 10:14:44, Info CSI 00000305 [SR] Beginning Verify and Repair transaction
2011-12-18 10:14:44, Info CSI 00000306 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_2ce6c04cdc275758\settings.ini do not match actual file [l:24{12}]"settings.ini" :
Found: {l:32 b:ntPb8a3owMmbzl2TXFHogrOTUqnXgzASIdBVmJptaGE=} Expected: {l:32 b:v6OQf2AJO5FVbRBJuIwXxkdkCoOaSk3y0ol6uTH491o=}
2011-12-18 10:14:44, Info CSI 00000307 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-18 10:14:44, Info CSI 00000308 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.0.6002.18005_none_d3cdc4a9a444561b\msctf.dll do not match actual file [l:18{9}]"msctf.dll" :
Found: {l:32 b:eabim+Pifo0m+BLQfJ7DSkrMHHA9M8duWzVllbEUmrA=} Expected: {l:32 b:HPoRfygTICQ1r82Yn0bWyB5so+iPpuIWuznJnznnub4=}
2011-12-18 10:14:44, Info CSI 00000309 [SR] Cannot repair member file [l:18{9}]"msctf.dll" of Microsoft-Windows-TextServicesFramework-msctf, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-18 10:14:44, Info CSI 0000030a Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6002.18005_none_2ce6c04cdc275758\settings.ini do not match actual file [l:24{12}]"settings.ini" :
Found: {l:32 b:ntPb8a3owMmbzl2TXFHogrOTUqnXgzASIdBVmJptaGE=} Expected: {l:32 b:v6OQf2AJO5FVbRBJuIwXxkdkCoOaSk3y0ol6uTH491o=}
2011-12-18 10:14:44, Info CSI 0000030b [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-18 10:14:44, Info CSI 0000030c [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2011-12-18 10:14:44, Info CSI 0000030d Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.0.6002.18005_none_d3cdc4a9a444561b\msctf.dll do not match actual file [l:18{9}]"msctf.dll" :
Found: {l:32 b:eabim+Pifo0m+BLQfJ7DSkrMHHA9M8duWzVllbEUmrA=} Expected: {l:32 b:HPoRfygTICQ1r82Yn0bWyB5so+iPpuIWuznJnznnub4=}
2011-12-18 10:14:44, Info CSI 0000030e [SR] Cannot repair member file [l:18{9}]"msctf.dll" of Microsoft-Windows-TextServicesFramework-msctf, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2011-12-18 10:14:44, Info CSI 0000030f [SR] This component was referenced by [l:164{82}]"Package_27_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-126_neutral_GDR"
2011-12-18 10:14:44, Info CSI 00000310 Hashes for file member \??\C:\Windows\System32\msctf.dll do not match actual file [l:18{9}]"msctf.dll" :
Found: {l:32 b:eabim+Pifo0m+BLQfJ7DSkrMHHA9M8duWzVllbEUmrA=} Expected: {l:32 b:HPoRfygTICQ1r82Yn0bWyB5so+iPpuIWuznJnznnub4=}
2011-12-18 10:14:44, Info CSI 00000311 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.0.6002.18005_none_d3cdc4a9a444561b\msctf.dll do not match actual file [l:18{9}]"msctf.dll" :
Found: {l:32 b:eabim+Pifo0m+BLQfJ7DSkrMHHA9M8duWzVllbEUmrA=} Expected: {l:32 b:HPoRfygTICQ1r82Yn0bWyB5so+iPpuIWuznJnznnub4=}
2011-12-18 10:14:44, Info CSI 00000312 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"msctf.dll"; source file in store is also corrupted
2011-12-18 10:14:44, Info CSI 00000313 Repair results created:

#44 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:03 PM

Posted 21 December 2011 - 01:10 AM

Hello


with all the problems you are having with this computer and nothing showing up in the malware scans I don't know what else I can do.



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users