Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore M.I.A.!


  • Please log in to reply
23 replies to this topic

#1 lapetite66

lapetite66

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 20 December 2012 - 01:15 PM

Hi:

I think that I might be infected with some malware. I think this is the case because the other day when I used Revo-uninstaller to uninstall a piece of software and there was a discrepancy with the uninstall process.

The discrepancy was that normally when I do a full removal, the first button says that it is making a place that I no longer use I noticed that the first section says "Creating System Failed" and the button is red. That button is supposed to be green which lets me know that the system restore place holder has been made and that I can proceed with the uninstall as usual.

I did a scan with Malwarebytes and nothing was found but obviously something is there since my system restore is compromised and Malwarebytes just isn't finding the problem so I need some professional help.

Any assistance would be greatly appreciated.

Thank you,

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:04 AM

Posted 20 December 2012 - 07:24 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 21 December 2012 - 02:01 AM

Hi Broni:

Thanks for responding to my post.

I'm sorry for taking so long to get back to you...since yesterday. Believe it or not I really think the problem is WORSE than I thought. Why you might
ask, well a maybe an hour after writing that message for help my internet connection was totally disabled and I am only now able to get back to you and still there has to be an issue because right this second I am attempting to update my Norton 360 and it hasn’t updated at all and it has been over 5 minutes and counting. It is now 1:36am (I started at 1am) and still Norton hasn’t updated and my manual download of the some updates wasn’t able to finish downloading due to some error. Bottom line…Houston we have a problem!!!

I have downloaded all of the things you suggested except the AswMBR.exe as Norton deleted it and won't let me download it. I have tried 6 times already and even attempted to change the filename and still it keeps getting deleted. Is there a zip file of this software or something else that I can download instead???

I have done the quickscan with Malwarebytes and it didn't show anything wrong but there is something going on since I can't download updates from Norton and I once again I went into Revo-uinstaller and pretended that I was going to uninstall something and there is still no sytem restore points being made so there is still a MAJOR problem somewhere somehow on this computer.

Thanks for your assistance.


Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall

Check:``````````````

Windows Firewall Disabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
L
a
v
a
s
o
f
t
ECHO is off.
A
d
W
a
t
c
h
ECHO is off.
L
i
v
e
!
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
N
o
r
t
o
n
ECHO is off.
3
6
0
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities

Check:`````````

Ad-Aware
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.65.1.1000
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
CCleaner
Duplicate Cleaner 2.0.4b
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out

of Date!

Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by

Laurent````````

Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
My Favorite Software Anti-Virus & Spyware Software

Norton Recovery Tools Norton Bootable Recovery Tool

- NBRT-Retail-Downloader.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health

check`````````````````

Total Fragmentation on Drive C:: 2%
````````````````````End of

Log``````````````````````




Farbar Service Scanner Version: 10-12-2012

Ran by DG (administrator) on 21-12-2012 at 01:32:42
Running from "C:\Documents and Settings\DG\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2012-07-06 21:59] - [2012-07-06 21:59] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2012-07-06 22:00] - [2012-07-06 22:00] - 0361600 ____A (Microsoft Corporation) 51E41F16ACD80B8B39C0AE703A213F09

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2012-07-06 21:59] - [2012-07-06 21:59] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2012-08-10 14:40] - [2012-07-06 22:01] - 0022520 ____A (Microsoft Corporation) DCB24800BF4616DC2DF5D38ED3EF4C27

C:\WINDOWS\system32\qmgr.dll
[2012-08-10 14:40] - [2012-07-06 22:00] - 0408576 ____A (Microsoft Corporation) F13D1AA04F1F02399EB87F011584B7C0

C:\WINDOWS\system32\es.dll
[2012-07-06 21:59] - [2012-07-06 21:59] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2012-07-06 22:00] - [2012-07-06 22:00] - 0014848 ____A (Microsoft Corporation) 67E38B4A549833E02D4D1617B5DBC318

C:\WINDOWS\system32\rpcss.dll
[2012-07-06 22:00] - [2012-07-06 22:00] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2012-07-06 22:00] - [2012-07-06 22:00] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A


Extra List:
=======
fssfltr(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(9) Tcpip(4) VMnetBridge(8)
0x0A0000000500000001000000020000000300000004000000090000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****




Minitoolbox

MiniToolBox by Farbar Version: 25-11-2012
Ran by DG (administrator) on 21-12-2012 at 01:39:00
Running from "C:\Documents and Settings\DG\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "VMware Network Adapter VMnet8"

set address name="VMware Network Adapter VMnet8" source=static addr=192.168.200.1 mask=255.255.255.0
set dns name="VMware Network Adapter VMnet8" source=static addr=none register=PRIMARY
set wins name="VMware Network Adapter VMnet8" source=static addr=none

# Interface IP Configuration for "VMware Network Adapter VMnet1"

set address name="VMware Network Adapter VMnet1" source=static addr=192.168.17.1 mask=255.255.255.0
set dns name="VMware Network Adapter VMnet1" source=static addr=none register=PRIMARY
set wins name="VMware Network Adapter VMnet1" source=static addr=none

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dg-cdfa9bcca02c

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : myhome.westell.com



Ethernet adapter VMware Network Adapter VMnet8:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8

Physical Address. . . . . . . . . : 00-50-56-C0-00-08

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.200.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :



Ethernet adapter VMware Network Adapter VMnet1:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1

Physical Address. . . . . . . . . : 00-50-56-C0-00-01

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.17.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : myhome.westell.com

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 8C-89-A5-14-44-63

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.47

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

192.168.1.1

Lease Obtained. . . . . . . . . . : Friday, December 21, 2012 12:54:36 AM

Lease Expires . . . . . . . . . . : Saturday, December 22, 2012 12:54:36 AM

Server: dslrouter
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.228.70, 74.125.228.73, 74.125.228.65, 74.125.228.69
74.125.228.72, 74.125.228.67, 74.125.228.71, 74.125.228.64, 74.125.228.68
74.125.228.78, 74.125.228.66



Pinging google.com [74.125.228.70] with 32 bytes of data:



Reply from 74.125.228.70: bytes=32 time=37ms TTL=56

Reply from 74.125.228.70: bytes=32 time=37ms TTL=56



Ping statistics for 74.125.228.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 37ms, Maximum = 37ms, Average = 37ms

Server: dslrouter
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=118ms TTL=50

Reply from 98.138.253.109: bytes=32 time=141ms TTL=51



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 118ms, Maximum = 141ms, Average = 129ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
0x10005 ...8c 89 a5 14 44 63 ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.47 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.47 192.168.1.47 20
192.168.1.47 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.47 192.168.1.47 20
192.168.17.0 255.255.255.0 192.168.17.1 192.168.17.1 20
192.168.17.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.17.255 255.255.255.255 192.168.17.1 192.168.17.1 20
192.168.200.0 255.255.255.0 192.168.200.1 192.168.200.1 20
192.168.200.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.200.255 255.255.255.255 192.168.200.1 192.168.200.1 20
224.0.0.0 240.0.0.0 192.168.1.47 192.168.1.47 20
224.0.0.0 240.0.0.0 192.168.17.1 192.168.17.1 20
224.0.0.0 240.0.0.0 192.168.200.1 192.168.200.1 20
255.255.255.255 255.255.255.255 192.168.1.47 192.168.1.47 1
255.255.255.255 255.255.255.255 192.168.17.1 192.168.17.1 1
255.255.255.255 255.255.255.255 192.168.200.1 192.168.200.1 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/21/2012 01:35:06 AM) (Source: Application Error) (User: )
Description: Faulting application norton bootable recovery tool - nbrt-retail-downloader.exe, version 1.6.0.18, faulting module nbrtfsdplugin.dll, version 3.0.0.23, fault address 0x00065e36.
Processing media-specific event for [norton bootable recovery tool - nbrt-retail-downloader.exe!ws!]

Error: (12/19/2012 11:44:44 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058

Error: (12/18/2012 08:28:00 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\DG\MY DOCUMENTS\WORD FILES\TELEVISION SHOWS.RTF> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/18/2012 05:59:19 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application type32.exe, version 2.20.447.0, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.

Error: (12/18/2012 05:57:35 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application type32.exe, version 2.20.447.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Error: (12/18/2012 05:57:17 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\DG\MY DOCUMENTS\DOWNLOADS\YOUTUBE REWIND 2012.FLV> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/18/2012 05:57:17 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\DG\MY DOCUMENTS\DOWNLOADS\YOUTUBE REWIND 2012.FLV> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/18/2012 05:50:14 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application type32.exe, version 2.20.447.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Error: (12/18/2012 05:31:03 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application type32.exe, version 2.20.447.0, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.

Error: (12/18/2012 05:30:39 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application type32.exe, version 2.20.447.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.


System errors:
=============
Error: (12/21/2012 00:56:32 AM) (Source: Service Control Manager) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%2

Error: (12/21/2012 00:56:30 AM) (Source: Service Control Manager) (User: )
Description: The SASDIFSV service failed to start due to the following error:
%%2

Error: (12/21/2012 00:56:29 AM) (Source: Service Control Manager) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%2

Error: (12/21/2012 00:54:30 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (12/21/2012 00:54:30 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (12/21/2012 00:48:04 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (12/21/2012 00:48:04 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (12/21/2012 00:33:12 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iastor7
SASDIFSV
SASKUTIL

Error: (12/21/2012 00:33:03 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (12/21/2012 00:33:03 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)


Microsoft Office Sessions:
=========================
Error: (12/21/2012 01:35:06 AM) (Source: Application Error)(User: )
Description: norton bootable recovery tool - nbrt-retail-downloader.exe1.6.0.18nbrtfsdplugin.dll3.0.0.2300065e36

Error: (12/19/2012 11:44:44 AM) (Source: Lavasoft Ad-Aware Service)(User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058

Error: (12/18/2012 08:28:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\DG\MY DOCUMENTS\WORD FILES\TELEVISION SHOWS.RTF

Error: (12/18/2012 05:59:19 PM) (Source: Microsoft Office 10)(User: )
Description: type32.exe2.20.447.0kernel32.dll5.1.2600.629300012fd3

Error: (12/18/2012 05:57:35 PM) (Source: Microsoft Office 10)(User: )
Description: type32.exe2.20.447.0unknown0.0.0.000000000

Error: (12/18/2012 05:57:17 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\DG\MY DOCUMENTS\DOWNLOADS\YOUTUBE REWIND 2012.FLV

Error: (12/18/2012 05:57:17 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\DG\MY DOCUMENTS\DOWNLOADS\YOUTUBE REWIND 2012.FLV

Error: (12/18/2012 05:50:14 PM) (Source: Microsoft Office 10)(User: )
Description: type32.exe2.20.447.0unknown0.0.0.000000000

Error: (12/18/2012 05:31:03 PM) (Source: Microsoft Office 10)(User: )
Description: type32.exe2.20.447.0kernel32.dll5.1.2600.629300012fd3

Error: (12/18/2012 05:30:39 PM) (Source: Microsoft Office 10)(User: )
Description: type32.exe2.20.447.0unknown0.0.0.000000000


=========================== Installed Programs ============================

%WS4_ARP_DISPLAY% (Version: 04.00.6001.503)
µTorrent (Version: 3.0.0)
7-Zip 9.20
Active@ DVD Eraser v 1.1
Ad-Aware (Version: 9.6.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
AsfJoin 0.3.2a Beta
Auslogics Disk Defrag (Version: version 3.3)
AviSynth 2.5
AxCrypt 1.7.2931.0 (Version: 1.7.2931.0)
BB FlashBack Pro
BB FlashBack Pro (Version: 2.7.2.1494)
Brother MFL-Pro Suite (Version: 1.00.000)
CCleaner (Version: 3.22)
ConvertXtoDVD 2.1.5.173 (Version: 2.1.5)
CPUID CPU-Z 1.57
CutePDF Writer 2.8
Daphne 1.47 (Version: 1.47)
DivxToDVD 0.5.2 (Version: 0.5.2)
Duplicate Cleaner 2.0.4b (Version: 2.0.4b)
DVD-lab PRO 2.5
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.2.1.8 (09/11/2012) Qt
DVDFab 9.0.1.6 (14/12/2012) Qt
ESET Online Scanner v3
FastStone Image Viewer 4.6 (Version: 4.6)
FormatFactory 2.80 (Version: 2.80)
ImgBurn (Version: 2.5.7.0)
InterVideo WinDVD Platinum
Jasc Animation Shop 3 (Version: 3.11)
Jasc Paint Shop Pro 9 (Version: 9.00.0000)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 14.0.8117.416)
K-Lite Mega Codec Pack 9.2.0 (Version: 9.2.0)
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Service Pack 1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliType Pro 2.2 (Version: 2.20.447.0)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Minilyrics
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
Mp3tag v2.52 (Version: v2.52)
MPEG-VCR (Version: MPEG-2 Version 3.14 (06/2006))
MPEG Video Wizard DVD 5.0.0.110 (12/2010) (Version: 5.0.0.110)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MWSnap 3 (Version: 3.0.0.74)
Nero 7 Ultra Edition (Version: 7.03.1357)
neroxml (Version: 1.0.0)
Norton 360 (Version: 20.2.0.19)
Panda USB Vaccine 1.0.1.16
PaperPort (Version: 9.02.0814)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Pocket Voice Recorder 3.5 (Version: 3.5)
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.6482)
RealUpgrade 1.1 (Version: 1.1.0)
Registry Mechanic 5.1 (Version: 5.1)
Revo Uninstaller 1.94 (Version: 1.94)
Sandboxie 3.74 (32-bit) (Version: 3.74)
SeaTools for Windows (Version: 1.2.0.4)
Segoe UI (Version: 14.0.4327.805)
SIW version 2011.10.29 (Version: 2011.10.29)
SpywareBlaster 4.6 (Version: 4.6.0)
swMSM (Version: 12.0.0.1)
TeamViewer 7 (Version: 7.0.14484)
tools-windows (Version: 8.8.1.528992)
TuneUp Utilities 2012 (Version: 12.0.2160.13)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4320.15)
TuneUp Utilities Language Pack (en-US) (Version: 12.0.2160.13)
TypingMaster TypingTest (Version: 6.30)
Universal Extractor 1.6.1 (Version: 1.6.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
VmciSockets (Version: 9.1.54.1)
VMware Player (Version: 4.0.1.27038)
Wallpaper Changer for Windows XP
WebFldrs XP (Version: 9.50.7523)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Xvid Video Codec (Version: 1.3.2)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 3051.28 MB
Available physical RAM: 1611.03 MB
Total Pagefile: 4930.16 MB
Available Pagefile: 3160.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:336 GB) NTFS
4 Drive f: (New Volume) (Fixed) (Total:465.76 GB) (Free:185.04 GB) NTFS
5 Drive g: () (Fixed) (Total:931.51 GB) (Free:123.04 GB) NTFS

========================= Users: ========================================

User accounts for \\DG-CDFA9BCCA02C

Administrator ASPNET DG
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****


Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DG :: DG-CDFA9BCCA02C [administrator]

Protection: Enabled

12/21/2012 2:02:29 AM
mbam-log-2012-12-21 (02-02-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 218432
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by lapetite66, 21 December 2012 - 02:12 AM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:04 AM

Posted 21 December 2012 - 10:47 AM

Disable Norton temporarily and you should be able to download aswMBR.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 21 December 2012 - 03:42 PM

Hi Broni:

I did as you suggested and disabled Norton and was able to download aswMBR.exe. I ran the scan, was it supposed to be a quick scan? If so the results are below. Also you said not to delete the MBR.dat file and I didn't.



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-21 12:39:33
-----------------------------
12:39:33.546 OS Version: Windows 5.1.2600 Service Pack 3
12:39:33.546 Number of processors: 4 586 0x2A07
12:39:33.546 ComputerName: DG-CDFA9BCCA02C UserName: DG
12:39:36.468 Initialize success
13:01:10.906 AVAST engine defs: 12122100
13:23:35.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:23:35.250 Disk 0 Vendor: ST350041 CC46 Size: 476940MB BusType: 3
13:23:35.250 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
13:23:35.250 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
13:23:35.250 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\viamraid1Port1Path0Target5Lun0
13:23:35.250 Disk 2 Vendor: ST350063 3.AA Size: 476940MB BusType: 8
13:23:35.265 Disk 0 MBR read successfully
13:23:35.265 Disk 0 MBR scan
13:23:35.296 Disk 0 Windows XP default MBR code
13:23:35.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
13:23:35.296 Disk 0 scanning sectors +976752000
13:23:35.421 Disk 0 scanning C:\WINDOWS\system32\drivers
13:23:45.750 File: C:\WINDOWS\system32\drivers\ndis.sys **INFECTED** Win32:Malware-gen
13:23:51.140 Disk 0 trace - called modules:
13:23:51.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:23:51.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae61030]
13:23:51.156 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8ae65028]
13:23:53.796 AVAST engine scan C:\WINDOWS
13:23:58.781 AVAST engine scan C:\WINDOWS\system32
13:26:18.796 AVAST engine scan C:\WINDOWS\system32\drivers
13:26:23.625 File: C:\WINDOWS\system32\drivers\ndis.sys **INFECTED** Win32:Malware-gen
13:26:38.625 AVAST engine scan C:\Documents and Settings\DG
13:31:08.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DG\My Documents\Downloads\MBR.dat"
13:31:08.812 The log file has been saved successfully to "C:\Documents and Settings\DG\My Documents\Downloads\aswMBR.txt"

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:04 AM

Posted 21 December 2012 - 03:46 PM

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\drivers\ndis.sys
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 21 December 2012 - 04:42 PM

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\drivers\ndis.sys
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.


Broni:

Did the scan but not sure how to post results when that doesn't seem to be a text file or anything.


I copied this I guess this is what you need???

SHA256:

c12c8ff5ae344381faa413fc05e273b856d5d9151c2c69898c54d32b393ee1a4
SHA1: fdfb0ae4985b16e4517efa39645b728247258cd1
MD5: b5b1080d35974c0e718d64280761bcd5
File size: 178.6 KB ( 182912 bytes )
File name: ndis.sys
File type: Win32 EXE
Detection ratio: 1 / 46
Analysis date: 2012-12-21 21:36:34 UTC ( 0 minutes ago )

Edited by lapetite66, 21 December 2012 - 04:47 PM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:04 AM

Posted 21 December 2012 - 04:54 PM

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 21 December 2012 - 06:25 PM

Brioni:

Here is the new FSS.


Farbar Service Scanner Version: 10-12-2012

Ran by DG (administrator) on 21-12-2012 at 18:24:26
Running from "C:\Documents and Settings\DG\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2012-07-06 21:59] - [2012-07-06 21:59] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2012-07-06 22:00] - [2012-07-06 22:00] - 0361600 ____A (Microsoft Corporation) 51E41F16ACD80B8B39C0AE703A213F09

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2012-07-06 21:59] - [2012-07-06 21:59] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2012-08-10 14:40] - [2012-07-06 22:01] - 0022520 ____A (Microsoft Corporation) DCB24800BF4616DC2DF5D38ED3EF4C27

C:\WINDOWS\system32\qmgr.dll
[2012-08-10 14:40] - [2012-07-06 22:00] - 0408576 ____A (Microsoft Corporation) F13D1AA04F1F02399EB87F011584B7C0

C:\WINDOWS\system32\es.dll
[2012-07-06 21:59] - [2012-07-06 21:59] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2012-07-06 22:00] - [2012-07-06 22:00] - 0014848 ____A (Microsoft Corporation) 67E38B4A549833E02D4D1617B5DBC318

C:\WINDOWS\system32\rpcss.dll
[2012-07-06 22:00] - [2012-07-06 22:00] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2012-07-06 22:00] - [2012-07-06 22:00] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A


Extra List:
=======
fssfltr(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(9) Tcpip(4) VMnetBridge(8)
0x0A0000000500000001000000020000000300000004000000090000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****

#10 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 21 December 2012 - 07:04 PM

Broni:

I think that something is still on my computer as my Malwarebytes enable malicious blocking feature is disabled and I can't enable it!:(

Edited by lapetite66, 21 December 2012 - 07:04 PM.


#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:04 AM

Posted 21 December 2012 - 07:11 PM

Is system restore working now?

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.
Let me know if it works fine now.

Then couple more scans...

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 21 December 2012 - 07:19 PM

Is system restore working now?


Yes, System restore seems to be working but I noticed when looking in Revo-uinstaller that all the software installed seem to have the same install date (12/21/2012)which is impossible as none of the software was installed today. Any reason why this is so?

I will follow all your suggestions and check back when I logs to post.

I just reinstalled Malwarebytes after following all your directions and the same issue is still happening with the malicious websites feature being disabled. :(

Edited by lapetite66, 21 December 2012 - 08:00 PM.


#13 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 22 December 2012 - 12:49 AM

Broni:

As I mentioned before I re-installed Malwarebytes and it wasn't working.

I then attempted to use the TFC cleaner and that was a total bust. I clicked on it and it just sat there like it was frozen. Then I restarted the computer and Malwarebytes was working fine...for around an hour and then back to disabled protection against malicious websites.

I then attempted to use TFC once again and still the software was frozen with the same message "gathering folders", meanwhile the progress bar is shows no action at all. I figured maybe it just needed a little time but 2 hours later there was still nothing going on and I couldn't stop the program simply by clicking I had to restart the computer again!

I did manage to run AdwareCleaner but donít know how effective it was since I thought that it was supposed to be run in conjuction with TFC. The results are below

I will try the ESET online scanner later today as I'm tired as well as disgusted and I'm going to bed.



# AdwCleaner v2.101 - Logfile created 12/21/2012 at 23:14:44

# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : DG - DG-CDFA9BCCA02C
# Boot Mode : Normal
# Running from : C:\Documents and Settings\DG\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\DG\Application Data\Mozilla\Firefox\Profiles\w4jyeadw.default\searchplugins\safesearch.xml
Folder Deleted : C:\Documents and Settings\DG\My Documents\Software

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\DG\Application Data\Mozilla\Firefox\Profiles\w4jyeadw.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1036 octets] - [21/12/2012 23:14:44]

########## EOF - C:\AdwCleaner[S1].txt - [1096 octets] ###

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:04 AM

Posted 22 December 2012 - 12:59 PM

Did you uninstall MBAM using my instructions, especially step 3?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 22 December 2012 - 10:44 PM

Did you uninstall MBAM using my instructions, especially step 3?


Yes, I did.

I was out most of the day just got back. I am about to use the ESET software and will post the results. I have to tell you that if this doesn't do the trick I will just have to reformat the drive. :(

Edited by lapetite66, 22 December 2012 - 10:52 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users