Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can only access in Safe Mode


  • This topic is locked This topic is locked
25 replies to this topic

#1 Fhallest

Fhallest

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 13 October 2013 - 10:03 PM

I was recently on this forum working through a issue it was closed.

 

http://www.bleepingcomputer.com/forums/t/506957/computer-very-slow-on-startup/

 

I was recently following the advice left me at the end of the forum as my computer was acting funny and it kept comming up with virus hits.  I was running a avast virus scan.  Following the scan It was recommended a boot sector scan so I let it do its thing. I had done this before without any issues.  I think this made it worse as now my desktop has been reset and I cannot get anything to run correctly except in safe mode.  I do and did not want run restore as my restore points were corrupted making the situation worse.  I think I may have made it worse by following the advise of advast and am not sure if I am still infected or something else is wrong with my machine.  I am not sure where to go from here and any help or suggestions would be greatly appreciated.  Again thanks for every thing.

 

Randy



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:07 AM

Posted 15 October 2013 - 12:13 AM

Hello Randy -

If you think that your problem in Malware removal was not completed, please send a PM to your Helper, or any Moderator to ask if they will reopen your topic.

If you are not sure how to PM them, please ask me.

 

Only if you think this is a new problem can we continue here -

 

Thank You -



#3 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 15 October 2013 - 01:02 PM

Hello Noknojon,

 

This is a new issues from what I can tell and every time avast removed the bug it returned.  As mentioned a boot scan was recommend and all hell broke loose after running the scan on my computer. I only provided that link to show what had been done previously to help in the description of the problem.  It may have confused the issue even more.  I would like to continue from here and I will be using two computers to fix this issue.  One to access my emails and download the programs and transfer via flash drive and the other is the one that is sick.  I can access my main computer in safe mode/w networking via safe mode and was wondering should I be working from that computer instead.  The first way is much faster.  I have noticed on the sick computer a program continually running (lass.exe).  I hope all this helps

 

Thanks

 

Randy



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:07 AM

Posted 15 October 2013 - 03:40 PM

Ok we can have a look first -

I will go back quickly over your first topic just to review it.

First a note Re : ( lass.exe )

Please note that this uses the lower case ( L l ) and not the capital ( I i ), often mistaken
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC or server. Lsass generates the process responsible for authenticating users for the Winlogon service.
Forcible termination of lsass.exe (Local_Security_Authority_Subsystem_Service) will result in the Welcome screen losing its accounts, prompting a restart of the machine, so please do not use Task Manager to stop this service.

 

To update this, just these quick scans -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.
 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

Thanks -



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:07 AM

Posted 15 October 2013 - 05:22 PM

Next - A few questions about your computer < Always means sick unless otherwise called

 

Are you able to run your computer in Normal Mode at any time (even off-line) ?

Is your avast! and Malwarebytes updated, and can you run a scan with them in Normal Mode ?

Note that a Safe Mode scan is "semi useless" on some tools (unless noted)

 

You will have an active Restore point from the ComboFix scan, and do you have others also?

If you can update avast! and MBAM, remove the computer from internet, then perform a Full scan and post those reports or any findings back here it would be a good start.

Also SUPERAntiSpyware Free (a.k.a. SAS) is similar to MBAM, so can you install this, update and then scan in Normal Mode. It may only find tracking cookies, so please check for other items first.

 

Please keep me updated, as I need to see if we can find something soon. (Personal reasons).

 

Thanks -



#6 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 16 October 2013 - 01:16 AM

Ok I will work on this as fast as possible and I am working on Western Standard Time but have a few questions. (Are you able to run your computer in Normal Mode at any time (even off-line))  Why Does it matter if I am online or not in normal mode?  Why would working offline in normal mode make a difference?  All virus and malware programs have most recent updates.  Why would running from safe mode not work for MBAM.  My computer will Boot up into normal mode but I cannot get any programs to respond or run correctly.  lsass.exe (Local_Security_Authority_Subsystem_Service) is what is running from what I can see by pressing ctrl alt del after resetting or turning on my computer for the first time.  Can I do the mentioned quick scans in Safe Mode.  Will we be working in safe mode or should I try to again to work in Normal Mode?

 

Thanks

 

Randy



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:07 AM

Posted 16 October 2013 - 02:30 AM

Are you able to run your computer in Normal Mode at any time

This (above) was the main question, the balance was added in brackets as an extra part of the question.

 

The basic scans that I posted can usually be done in either mode, but MBAM is designed to run in normal mode. It can be done off line, but a safe mode scan will not always remove what it finds or find all infections (I did not design it). When you run in safe mode, all processes are not loaded and some infections can still remain hidden.

 

The first 2 requested scans take (on average) only a few minutes

 

You can usually update all of your programs in safe mode, and most programs can be downloaded in safe mode with networking.

 

I am working on Australian Eastern Daylight Savings Time (if that relates)

 

Any problem, please tell me -



#8 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 16 October 2013 - 05:38 PM

Ok here are the scans.  My sick computer will no longer access the net even from safe mode networking and I have no clue why.  Alas I cannot update any scanner software at this time.  I states it cannot find net but network hardware is working fine.  I think my machine is really messed up this time.  Let me know what I need to do next outside resorting to the large slug hurler method a.k.a. (12 Gauge shotgun with deer slugs.  You can cut small trees in half with these things.  I grew up in Wisconsin where there are a abundance a weapons and trees)

 

Thanks

 

Randy

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Randy Nettell (administrator) on 16-10-2013 at 13:09:42
Running from "C:\Documents and Settings\Randy Nettell\My Documents\Downloads\Fising"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
 
There are 15471 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
 
WARNING: Could not obtain host information from machine: [HOME-B39ED94609]. Some commands may not be available.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
Error obtaining configuration for interface Local Area Connection 2.
 
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : home-b39ed94609
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Broadcast
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection 2:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
 
        Physical Address. . . . . . . . . : 00-15-F2-0F-10-48
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 0.0.0.0
 
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
 
        Default Gateway . . . . . . . . . : 
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 f2 0f 10 48 ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
  255.255.255.255  255.255.255.255  255.255.255.255               2  1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/29/2013 07:17:18 PM) (Source: Application Error) (User: )
Description: Faulting application sword of the stars.exe, version 0.0.0.0, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x00008aa0.
Processing media-specific event for [sword of the stars.exe!ws!]
 
Error: (09/16/2013 00:17:34 AM) (Source: Application Error) (User: )
Description: Faulting application forgedalliance.exe, version 1.5.0.1, faulting module forgedalliance.exe, version 1.5.0.1, fault address 0x005382e8.
Processing media-specific event for [forgedalliance.exe!ws!]
 
Error: (08/25/2013 02:16:13 AM) (Source: Application Error) (User: )
Description: Faulting application forgedalliance.exe, version 1.5.0.1, faulting module forgedalliance.exe, version 1.5.0.1, fault address 0x005382e8.
Processing media-specific event for [forgedalliance.exe!ws!]
 
Error: (08/23/2013 11:40:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37004812
 
Error: (08/23/2013 11:40:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37004812
 
Error: (08/23/2013 11:40:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/23/2013 01:25:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 109390
 
Error: (08/23/2013 01:25:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 109390
 
Error: (08/23/2013 01:25:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/23/2013 01:25:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 93765
 
 
System errors:
=============
Error: (10/13/2013 09:15:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/13/2013 09:12:33 PM) (Source: DCOM) (User: HOME-B39ED94609)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{8843B4A2-A3CB-4CB9-9CCE-F443F641009F}
 
Error: (10/13/2013 09:12:28 PM) (Source: DCOM) (User: HOME-B39ED94609)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{109DB0ED-7C89-416B-AC66-6D0323941464}
 
Error: (10/13/2013 08:39:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AmdPPM
aswSnx
aswSP
aswTdi
Fips
 
Error: (10/13/2013 08:38:06 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/13/2013 08:36:31 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (10/13/2013 08:36:31 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error: 
%%1330
 
To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).
 
Error: (10/13/2013 08:36:31 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%1053
 
Error: (10/13/2013 08:36:31 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
 
Error: (10/13/2013 08:29:03 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
 
Microsoft Office Sessions:
=========================
Error: (09/29/2013 07:17:18 PM) (Source: Application Error)(User: )
Description: sword of the stars.exe0.0.0.0msvcr80.dll8.0.50727.619500008aa0
 
Error: (09/16/2013 00:17:34 AM) (Source: Application Error)(User: )
Description: forgedalliance.exe1.5.0.1forgedalliance.exe1.5.0.1005382e8
 
Error: (08/25/2013 02:16:13 AM) (Source: Application Error)(User: )
Description: forgedalliance.exe1.5.0.1forgedalliance.exe1.5.0.1005382e8
 
Error: (08/23/2013 11:40:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37004812
 
Error: (08/23/2013 11:40:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37004812
 
Error: (08/23/2013 11:40:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/23/2013 01:25:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 109390
 
Error: (08/23/2013 01:25:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 109390
 
Error: (08/23/2013 01:25:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/23/2013 01:25:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 93765
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Astroburn Lite (Version: 1.7.0.0175)
avast! Free Antivirus (Version: 8.0.1483.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.00)
Cheat Engine 6.1
DAEMON Tools Lite (Version: 4.47.1.0333)
ESET Online Scanner v3
foobar2000 v1.2.9 (Version: 1.2.9)
Google Chrome (Version: 30.0.1599.69)
Google Update Helper (Version: 1.3.21.165)
GPGNet (Version: 1.0.0)
Hearts of Iron III Gold (Version: 2.03.00.0)
Homeworld2
Kukuxumusu ANTfermin Screensaver
Kukuxumusu Digital Clock Screensaver
Kukuxumusu Kosmos Screensaver
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Control Panel 310.90 (Version: 310.90)
NVIDIA Drivers
NVIDIA Graphics Driver 310.90 (Version: 310.90)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA nView 136.53 (Version: 136.53)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
QT Lite 4.1.0 (Version: 4.1.0)
Republic at War 1.1.5 (Version: 1.1.5)
Shad'O version 1.0 (Version: 1.0)
Shadowrun Returns
Spybot - Search & Destroy (Version: 1.6.2)
Star Wars Empire at War (Version: 1.0)
Star Wars Empire at War Forces of Corruption (Version: 1.0)
StarDrive
Supreme Commander - Forged Alliance (Version: 1.00.0000)
Sword of the Stars ANY (Version: 1.8.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 2.0.7 (Version: 2.0.7)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 16%
Total physical RAM: 2047.48 MB
Available physical RAM: 1713.82 MB
Total Pagefile: 3943.97 MB
Available Pagefile: 3877.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.13 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:232.88 GB) (Free:69.43 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\
 
Administrator            ASPNET                   Guest                    
HelpAssistant            Randy Nettell            SUPPORT_388945a0         
UpdatusUser              
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
 
 

 Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0) 
 Google Chrome 30.0.1599.66  
 Google Chrome 30.0.1599.69  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:07 AM

Posted 16 October 2013 - 07:43 PM

Total Fragmentation on Drive C:: 19% Have you installed a SolidStateDrive, or just a standard HDD ?

Go Start > Programs > Accessories > System Tools and run Disk Defrag (it may take a while)

Also in that area run Disk Cleanup

 

 

You may not like this but - Now we need to remove a few programs, only due to errors ......
Uninstall Bonjour Service (iTunes)
Sword of the Stars

Supreme Commander - Forged Alliance

Programs like Kukuxumusu Kosmos Screensaver also slow your system.

 

 

Run a Disk Check on your C: drive in Windows XP:
• Click Start and open My Computer
• Right-click on C: (or your main hard drive letter) and select Properties
• Click on the Tools tab
• Under Error-checking click the Check Now... button
• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
• Click on the Start button
• When the message box pops up, click the Schedule disk check button and Restart your computer
• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so

This will take (on average) 1 to 2 hours, so please allow this time for it to complete

If this is a Laptop, please make sure it is plugged into a reliable power source.

Do not force a reboot during the scan as this will cause damage to the system and data

When complete it will reboot the system.



#10 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 16 October 2013 - 10:21 PM

Ok and I was wondering what is your name on this forum (not sure which one to choose), as this tends to makes things easier.  What would you like me to do once all this disk spinning is completed?  I hope this is going quick enough?

 

Thanks,

 

 

Randy



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:07 AM

Posted 16 October 2013 - 11:29 PM

noknojon - as listed above (like yours) - Fhallest

It started as a cross between mine / Wifes / and daughters on other forums -

But I answer to almost anything  :wink:

Often called Aussie Addict or just Aussie

 

You work at your pace, and ask if you have questions or are not sure of how I put things.



#12 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 17 October 2013 - 01:45 AM

Ok Noknojon,

 

It has finished,  what do you want me to do now as the problems is still persisting?  

 

Randy



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:07 AM

Posted 17 October 2013 - 03:13 AM

Ok -

If you have removed the programs I put forward, and done the defrag then we can try this.

By the way, is the system any quicker even without internet ?

 

You are not able to do an Update on your MBAM, but I would like a Full Scan, not the usual Quick Scan. Please post the log here if you can.

Also run a normal Full Scan with your Antivirus, but without any boot sector scan, etc.

Anything identified would help, and check in the avast! chest for infections.

 

If all else fails, we may need to check in your Restore Points for the one dated at about your ComboFix Scan.

 

Thanks -



#14 Fhallest

Fhallest
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 17 October 2013 - 05:14 PM

Hey,

 

Ok I will try to explain better what happened and what is happening as that might help along with dong the requested scans.  This is in addition to the initial post above.  The sick computer was running the boot scan. It kept asking me if it wanted to ignore something or put in the quarantine  section.  I selected put all in quarantine section.  It kept repeating like it was stuck on something and I did not know what else to do so I ended the scan.  It kept trying to access the F: drive which is a virtual drive.  Should I get rid of these and can you help?  After running the scan and thinking everything is just fine. To my surprise my background image was missing and xp had been reset back to not start mode and no programs would run properly.  lsass.exe  is constantly running and seems to be blocking or slowing down the computer.  Every program I try to run seems to hang or not even appear. In normal mode when you look at cpu usage is seems to be alway running around 50% percent and I have not a clue why it has gone insane.   When in safe mode any program queued will run but I have to wait a extended period of time for them to start.  

 

After the scan things seem a little faster but not by much and am still having the same issues as before.  I just updated Malware before I lost the internet yesterday so I should be ok at this time. I am running the scan and will post when it is finished.

 

Randy

 

p.s. I cannot thank you enough for all of you help and just wanted you to know  :grinner:



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:07 AM

Posted 17 October 2013 - 06:07 PM

I just updated Malware before I lost the internet yesterday so I should be ok at this time.

Thanks for the on going updates (always welcome) and can you open the Antivirus Chest to see what was there on the last few detections ? Also Malwarebytes has "Logs" at the top so you can review and post any recent infections from there.

 

Can you remember the last time you actually cleaned "inside the case" of the computer ? A reasonably simple job and I do my desktop (on average) about every 3 or 4 months, so it is just a quick blow and brush job.

 

Please recall your first line in this topic was "I was recently on this forum working through a issue it was closed." but the topic was not closed, it was just that you did not reply back to it (you always had that option).

Just reminding you (and no more than that), and you picked this out in my first reply.

 

Only if we run out of findings soon, you may need to repost to Malware Logs area, since there are errors like this that may require a reinstall or more detailed help. OTL and Hijack This and other tools may be required, but we are not able to run or post these in this section.

I can, but opt not to, give specific directions since there are several missing drivers.

 

If you check the dates this was on your last post to compaq I think.

 

Error: (10/13/2013 08:39:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AmdPPM
aswSnx
aswSP
aswTdi
Fips

 

But for now, lets just see what turns up after these Virus / Malware scans.

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users