Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2003


  • This topic is locked This topic is locked
182 replies to this topic

#1 bhz

bhz

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:05:36 AM

Posted 16 December 2012 - 07:54 PM

DDS will not run, malwarebytes sees no issues. Your team says missing and corrupt files exist.

Help

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 21 December 2012 - 10:11 AM

Greetings bhz and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you previously posted at http://www.bleepingcomputer.com/forums/topic478449.html/page__p__2921330__fromsearch__1#entry2921330. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:05:36 AM

Posted 21 December 2012 - 11:29 AM

Nice to know you Gary, please call me Brent, I am exceted to get started.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 21 December 2012 - 09:37 PM

Hi Brent,

Can you tell me if you have an installation disk?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:05:36 AM

Posted 21 December 2012 - 10:08 PM

I believe I can get one.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 22 December 2012 - 08:59 AM

Hi Brent,

Thanks for your patience. The reason for the delay is because of the operating system you have. Many of the tools we routinely use are not specifically designed/tested to run on Server 2003. Also, your registry entries may or may not be compatible with standard operating systems, therefore we need to be careful what we do and how we do it.

I have been consulting with my colleagues and researching your issue. Unfortunately I do not have that operating system myself so it is difficult to research and test things on my end.

Let's try this first.


===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    nsisvc.dll
    nsiproxy.sys
    tdx.sys
    mpssvc.dll
    bfe.dll
    mpsdrv.sys
    sdrscv.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:05:36 AM

Posted 22 December 2012 - 11:54 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 08:44 on 22/12/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "nsisvc.dll"
No files found.

Searching for "nsiproxy.sys"
No files found.

Searching for "tdx.sys"
No files found.

Searching for "mpssvc.dll"
No files found.

Searching for "bfe.dll"
No files found.

Searching for "mpsdrv.sys"
No files found.

Searching for "sdrscv.dll"
No files found.

-= EOF =-

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 22 December 2012 - 04:11 PM

Hi Brent,

Let's run it again but this time copy and paste this information:


:filefind
nsisvc.*
nsiproxy.*
tdx.*
mpssvc.*
bfe.*
mpsdrv.*
sdrscv.*
wscsvc.*
MpSvc.*



Also, please let me know if you have access to an installation disk.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:05:36 AM

Posted 22 December 2012 - 04:39 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 13:30 on 22/12/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "nsisvc.*"
No files found.

Searching for "nsiproxy.*"
No files found.

Searching for "tdx.*"
No files found.

Searching for "mpssvc.*"
No files found.

Searching for "bfe.*"
No files found.

Searching for "mpsdrv.*"
No files found.

Searching for "sdrscv.*"
No files found.

Searching for "wscsvc.*"
No files found.

Searching for "MpSvc.*"
No files found.

-= EOF =-

Yes I have the install disk...

Edited by bhz, 22 December 2012 - 04:40 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 22 December 2012 - 06:05 PM

Hi Brent,

OK, here is what I would like you to do.


===================================================


Running sfc /scannow

--------------------

  • Click Start then Run
  • Type sfc /scannow and press Enter
  • If the program asks you for an Installation Disk please insert it
  • Allow the scan to complete
  • Press windows key Posted Image + r on your keyboard at the same time
  • Type cmd and press Enter
  • Copy and paste the following after the command prompt then press Enter

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
  • A file named sfcdetails.txt should appear on your desktop. Please copy and paste the contents of that file in your reply. If it is too large you can zip and attach the file
  • The file can also be located at C:\Windows\logs\cbs\cbs.log

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • cbs log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:05:36 AM

Posted 22 December 2012 - 07:22 PM

ok sfc ran with no errors, the command did not return any file?

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 22 December 2012 - 07:28 PM

OK, let me do some further research. This is one of the complications with your OS. It may be the program checking the state of your computer is reporting something is missing that is not required by your OS. It makes no sense whatsoever that if those files were required we would not find any on your system or that sfc would say all is well.

Please give me some time to digest where we are at.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:05:36 AM

Posted 22 December 2012 - 08:33 PM

Ok sorry for being such a problem.

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 22 December 2012 - 09:25 PM

You are not a problem, you computer is! :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 AM

Posted 23 December 2012 - 05:27 PM

Hi Brent,

Let's run these programs please.


===================================================


Run TDSSKiller by Kaspersky

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================


OTL

--------------------

  • Please download OTL and save it to your desktop
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Copy and paste the two reports in your next reply.

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • OTL log
  • Extra log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users