Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How can I get out of this hole?


  • Please log in to reply
8 replies to this topic

#1 Nigel331

Nigel331

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 28 November 2013 - 07:14 AM

I'm sure that I am not the first to do everything wrong first, before seeking advice here... Still, it's embarrassing! My sincerest apologies for being stupid!

I had a virus on my PC. After struggling to clear it I formatted the HD and reinstalled the OS from a genuine CD. The virus was still present.... Months of disbelief and despair later ( as well as several new machines!! ) I am at a complete loss! If I purchase a new pc and bring it home, within half an hour I am back where I started! Same virus, same stalemate! Or so it seems...

As I mentioned, I am aware that I have tackled this issue completely backwards... I would appreciate a helping hand to drag me out of this Bermuda Triangle Nightmare I now find myself in. If you think that you can help, please let me know what I need to post "details-wise," etc.

At the moment I am on an older pc with XP Pro installed. I can access the internet, sporadically, though as soon as I turn the pc off it refuses to reboot and I find myself reinstalling the OS...again.

Thank you for your time, and patience. I am most definitely ready to follow any and all instructions to the letter!

BC AdBot (Login to Remove)

 


#2 Nigel331

Nigel331
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 28 November 2013 - 07:27 AM

I should add... Each time I install the OS the "x" drive that seems impossible to delete attaches a sources folder to the install, and I end up with a new install that's identical to the infected one I already had.

#3 Nigel331

Nigel331
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 28 November 2013 - 07:40 AM

The list goes on and on, but to mention a few of the "errors?" - There is an X drive that regenerates every time the machine is rebooted, it seems to keep the pc in perpetual WinPE mode. I can't find the drive in disk part, but if I install a Linux- based OS it can be seen but not altered in any real way.

Running processes that seem odd include 2 Csrss.exe, svchost.exe, spool.svc, multiple sechost.exe, lasses.exe, run32svr.dll?... I understand that these are legitimate processes also, still these in particular seem to be rogue.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:36 AM

Posted 28 November 2013 - 08:13 AM

Please download MiniToolBox, and save it to your desktop and run it, and checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#5 Nigel331

Nigel331
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 28 November 2013 - 02:26 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Owner (administrator) on 30-11-2013 at 09:33:19
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : anonymous

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : socal.rr.com

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . : socal.rr.com

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-12-3F-A7-70-22

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.130

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 209.18.47.61

                                            209.18.47.62

                                            192.168.1.1

        Lease Obtained. . . . . . . . . . : Saturday, November 30, 2013 9:22:49 AM

        Lease Expires . . . . . . . . . . : Sunday, December 01, 2013 9:22:49 AM

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  74.125.224.133, 74.125.224.134, 74.125.224.135, 74.125.224.136
   74.125.224.137, 74.125.224.142, 74.125.224.128, 74.125.224.129, 74.125.224.130
   74.125.224.131, 74.125.224.132

 

Pinging google.com [74.125.224.192] with 32 bytes of data:

 

Reply from 74.125.224.192: bytes=32 time=16ms TTL=52

Reply from 74.125.224.192: bytes=32 time=15ms TTL=52

 

Ping statistics for 74.125.224.192:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 15ms, Maximum = 16ms, Average = 15ms

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

 

Reply from 98.139.183.24: bytes=32 time=138ms TTL=45

Reply from 98.139.183.24: bytes=32 time=135ms TTL=45

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 135ms, Maximum = 138ms, Average = 136ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f a7 70 22 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.130   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      192.168.1.0    255.255.255.0    192.168.1.130   192.168.1.130   20
    192.168.1.130  255.255.255.255        127.0.0.1       127.0.0.1   20
    192.168.1.255  255.255.255.255    192.168.1.130   192.168.1.130   20
        224.0.0.0        240.0.0.0    192.168.1.130   192.168.1.130   20
  255.255.255.255  255.255.255.255    192.168.1.130   192.168.1.130   1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/30/2013 09:32:53 AM) (Source: Application Hang) (User: )
Description: Hanging application MiniToolBox.exe, version 3.3.8.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/30/2013 09:32:48 AM) (Source: Application Hang) (User: )
Description: Hanging application MiniToolBox.exe, version 3.3.8.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/30/2013 09:30:56 AM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (11/30/2013 09:23:26 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (11/30/2013 09:20:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1083" attempting to start the service wuauserv with arguments ""
in order to run the server:
{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error: (11/30/2013 09:20:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1083" attempting to start the service wuauserv with arguments ""
in order to run the server:
{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error: (11/30/2013 09:19:59 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1083" attempting to start the service wuauserv with arguments ""
in order to run the server:
{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Microsoft Office Sessions:
=========================
Error: (11/30/2013 09:32:53 AM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe3.3.8.1hungapp0.0.0.000000000

Error: (11/30/2013 09:32:48 AM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe3.3.8.1hungapp0.0.0.000000000

Error: (11/30/2013 09:30:56 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.6001.18702hungapp0.0.0.000000000

=========================== Installed Programs ============================

Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.6229 (Version: 8.0.61187)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7497 (Version: 9.0.30729.7497)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219.436 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable - x86 11.0.51106.1 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
WebFldrs XP (Version: 9.50.7523)

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 1022.08 MB
Available physical RAM: 361.74 MB
Total Pagefile: 2458.75 MB
Available Pagefile: 1966.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.75 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:462.01 GB) NTFS
2 Drive d: (WinXPx86_BE) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
3 Drive e: (Win8_x64) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\ANONYMOUS

Administrator            Guest                    HelpAssistant           
Owner                    SUPPORT_388945a0        

**** End of log ****



#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:36 AM

Posted 28 November 2013 - 02:49 PM

I do not think that is the full minitoolbox can you please rereun it and show all installed applications?

#7 Nigel331

Nigel331
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 29 November 2013 - 04:38 AM

Will do, thnx for your help. Is there something in particular missing, that I should check for this time.? tY

#8 Nigel331

Nigel331
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 30 November 2013 - 06:55 AM

Apologies for the delay, after I ran minitool again OS failed and still trying to reinstall ( using wife's Kindle to post).

 

I am v grateful for your help and will post report as instructed as soon as I am able, Nigel



#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:36 AM

Posted 01 December 2013 - 08:38 AM

have you ran any hardware diagnostics on this machine?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users