Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Performance issues and unable to access firewall settings.


  • Please log in to reply
31 replies to this topic

#1 TdotT

TdotT

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 01:25 PM

Hi all,

A number of weeks ago, my AV (AVG Free 2013) detected a number of 'threats' which I asked it to remove. After doing so, every time I restarted my PC, AVG reported the same threats as being found. After leaving my machine off for a number of days, unsure of what to do, I followed this guide: http://www.reddit.com/related/eskfn/malware_removal_guide/ (I did not, however, run Combofix) in order to remove any malware. Malware-bytes found a number of threats which I tasked it to remove, though afterwards, when I did a full scan with Microsoft Security Essentials, It still detected 3 threats listed below:

1. Trojan:Win32/Tracur.BB
2. Trojan Downloader:Java/Openstream.AN
3. Exploit Java/CVE-2010-0840

I tasked MSE to remove these threats, then did a second full scan of the machine, which found nothing.

Since then, I have experienced considerable lag when using the internet, particularly when watching videos, I am unable to access the Windows firewall settings via the Control Panel and whenever I log onto Windows, I am greeted with an error message which reads:

RUNDLL
Error loading C:\Cocuments and Settings\jonathan\Local Settings\Application Data\NVIDIA Corporation\vawipsqu.dll.

I worry I am still infected, any help would be greatly appreciated.

Edited by TdotT, 06 January 2013 - 01:26 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 06 January 2013 - 03:08 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 TdotT

TdotT
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 04:36 PM

Cheers for the reply,

Would you like to post the log for each program and wait for your go to move onto the next one, or run them all and post the logs as I go?

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 06 January 2013 - 04:59 PM

You don't have to wait for me.
Post the logs as you go.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 TdotT

TdotT
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 05:05 PM

Well I just tried running Security Check. After following the instructions to press any key the window quickly vanished and no log was produced.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 06 January 2013 - 05:11 PM

Skip it for now.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 TdotT

TdotT
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 05:18 PM

Farbar Service Scanner Version: 05-01-2013
Ran by jonathan (administrator) on 06-01-2013 at 22:16:46
Running from "C:\Documents and Settings\jonathan\Desktop\Bleeping computers"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(8) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000090000000B0000000A000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

#8 TdotT

TdotT
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 05:21 PM

MiniToolBox by Farbar Version: 25-11-2012
Ran by jonathan (administrator) on 06-01-2013 at 22:20:48
Running from "C:\Documents and Settings\jonathan\Desktop\Bleeping computers"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

VIA Rhine II Fast Ethernet Adapter = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) = Local Area Connection 2 (Media disconnected)
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/02/2013 06:37:25 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 17.0.1.4715, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/02/2013 00:13:18 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/02/2013 00:13:18 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/02/2013 00:03:50 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/01/2013 04:51:33 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 9.0.1.4371, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x00048b76.
Processing media-specific event for [firefox.exe!ws!]

Error: (11/18/2012 00:02:37 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (11/18/2012 00:21:22 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (11/17/2012 00:11:49 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (11/17/2012 09:58:09 AM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (11/16/2012 08:23:07 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.


System errors:
=============
Error: (01/06/2013 09:19:03 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.2926.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/06/2013 09:19:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/06/2013 09:19:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/06/2013 09:10:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/06/2013 06:39:48 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.2926.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/06/2013 06:39:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/06/2013 06:39:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/06/2013 06:30:41 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/06/2013 00:32:09 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.2926.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/06/2013 00:32:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Microsoft Office Sessions:
=========================
Error: (01/02/2013 06:37:25 PM) (Source: Application Hang)(User: )
Description: firefox.exe17.0.1.4715hungapp0.0.0.000000000

Error: (01/02/2013 00:13:18 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/02/2013 00:13:18 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/02/2013 00:03:50 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.1.522.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (01/01/2013 04:51:33 PM) (Source: Application Error)(User: )
Description: firefox.exe9.0.1.4371msvcr80.dll8.0.50727.619500048b76

Error: (11/18/2012 00:02:37 PM) (Source: SecurityCenter)(User: )
Description:

Error: (11/18/2012 00:21:22 AM) (Source: SecurityCenter)(User: )
Description:

Error: (11/17/2012 00:11:49 PM) (Source: SecurityCenter)(User: )
Description:

Error: (11/17/2012 09:58:09 AM) (Source: SecurityCenter)(User: )
Description:

Error: (11/16/2012 08:23:07 PM) (Source: SecurityCenter)(User: )
Description:


=========================== Installed Programs ============================


========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 1535.48 MB
Available physical RAM: 1122.05 MB
Total Pagefile: 2156.35 MB
Available Pagefile: 1773.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.96 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:76.32 GB) (Free:15.85 GB) NTFS
4 Drive e: (IDE) (Fixed) (Total:76.69 GB) (Free:45.68 GB) NTFS
5 Drive z: (Public) (Network) (Total:1851.41 GB) (Free:1773.89 GB) NTFS

========================= Users: ========================================

**** End of log ****

#9 TdotT

TdotT
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 06:02 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jonathan :: ECLIPSE1 [administrator]

1/6/2013 22:25:29
mbam-log-2013-01-06 (22-25-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416373
Time elapsed: 34 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 TdotT

TdotT
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 06:45 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-06 23:18:52
-----------------------------
23:18:52.078 OS Version: Windows 5.1.2600 Service Pack 3
23:18:52.078 Number of processors: 1 586 0x801
23:18:52.093 ComputerName: ECLIPSE1 UserName: jonathan
23:18:53.140 Initialize success
23:19:35.656 AVAST engine defs: 13010601
23:19:37.765 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:19:37.765 Disk 0 Vendor: HDS722580VLAT20 V32OA60A Size: 78532MB BusType: 3
23:19:37.765 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
23:19:37.765 Disk 1 Vendor: Maxtor_6 YAR5 Size: 78167MB BusType: 1
23:19:37.765 Disk 1 MBR read successfully
23:19:37.765 Disk 1 MBR scan
23:19:37.796 Disk 1 Windows XP default MBR code
23:19:37.812 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78152 MB offset 63
23:19:37.812 Disk 1 scanning sectors +160055595
23:19:37.906 Disk 1 scanning C:\WINDOWS\system32\drivers
23:20:10.328 Service scanning
23:20:26.718 Service MpKslfc2bf542 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7BAC288-2B47-4970-87EC-795CF184B9B8}\MpKslfc2bf542.sys **LOCKED** 32
23:20:37.328 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:20:45.640 Modules scanning
23:20:55.281 Disk 1 trace - called modules:
23:20:55.296 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a5971f8]<<
23:20:55.296 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a4dcab8]
23:20:55.296 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x8a4eba38]
23:20:55.296 \Driver\viamraid[0x8a4ec910] -> IRP_MJ_CREATE -> 0x8a5971f8
23:20:55.859 AVAST engine scan C:\WINDOWS
23:21:14.312 AVAST engine scan C:\WINDOWS\system32
23:28:23.734 AVAST engine scan C:\WINDOWS\system32\drivers
23:29:02.921 AVAST engine scan C:\Documents and Settings\jonathan
23:38:32.218 AVAST engine scan C:\Documents and Settings\All Users
23:42:11.109 Scan finished successfully
23:44:15.468 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\jonathan\Desktop\MBR.dat"
23:44:15.562 The log file has been saved successfully to "C:\Documents and Settings\jonathan\Desktop\aswMBR.txt"

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 06 January 2013 - 07:07 PM

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 TdotT

TdotT
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 07:48 PM

# AdwCleaner v2.104 - Logfile created 01/07/2013 at 00:44:52
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : jonathan - ECLIPSE1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\jonathan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\jonathan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Documents and Settings\jonathan\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\7a8jj5y6.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\jonathan\Application Data\Mozilla\Firefox\Profiles\ylk4dso5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\jonathan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2857 octets] - [07/01/2013 00:44:52]

########## EOF - C:\AdwCleaner[S1].txt - [2917 octets] ##########

#13 TdotT

TdotT
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 09:50 PM

I've just run the ESET online scanner and no threats were found.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 AM

Posted 06 January 2013 - 10:11 PM

Very well...

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 TdotT

TdotT
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 January 2013 - 10:35 PM

I'm unable to perform step 3 system file check as i do not have the Windows XP disc. Can this be skipped?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users