Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore doesn't work after removing malware - Any left?


  • This topic is locked This topic is locked
15 replies to this topic

#1 DesertTrip

DesertTrip

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 25 December 2013 - 05:34 PM

Hi everyone. A few days ago I downloaded something that caused pop-ups, redirects and double tabs to open in my Google Chrome (even though the setting was set to only open ONE tab).

 

Malwarebytes found 83 malware files (at once) on my system and I cleared it out which removed the pop-ups and redirects, but I found I System Restore isn't working and I can't access the wizard. When I try, it says: SYSTEM RESTORE IS NOT ABLE TO PROTECT YOUR COMPUTER. PLEASE RESTART YOUR COMPUTER, AND THEN RUN SYSTEM RESTORE AGAIN

 
However, restarting it and trying again gives you the same results.
 
I then used the patch #278 sysrestoreenable.reg from Kelly's Corner and it 'installed' but still, System Restore doesn't work.
 
Another site said that this is evidence I might still have malware that neither Malwarebytes or Ad-aware have been able to detect. Can someone look at the logs and see if there is something I should be concerned about? I couldn't find anything, but I could really use some experienced eyes taking a look.
 
1: I backed everything up.
2: XP Firewall is and has been on.
3: I downloaded and ran DDS and made logs of programs running (attached).
4: I made a Hijackthis log too (also attached)

My apologies if I did this request incorrectly. 

Thank you in advance for your time. 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 30 December 2013 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  • ===

    You should remove HijackThis using the Add/Remove Programs list. Use the DDS tool from now on.

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.
  • Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
    ===


    Please paste the logs in your next reply, DO NOT ATTACH THEM

    Let me know what problem persists.


#3 DesertTrip

DesertTrip
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 31 December 2013 - 07:05 PM

THANK YOU, Nasdaq!! In the order requested.

 

# AdwCleaner v3.016 - Report created 31/12/2013 at 15:28:26
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Leia - LEIA-B1AD46134C
# Running from : C:\Documents and Settings\Leia\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Viewpoint Manager Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Search Protection
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Breowse2savue
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Seairch-NeewTAAb
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Breowse2savue
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\BrowseToSave
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Leia\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Leia\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Leia\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Leia\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Leia\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Leia\Application Data\Mozilla\Firefox\Profiles\xbmvz0ng.default\Extensions\1n.6eii@uqlweydidmio.edu
Folder Deleted : C:\Documents and Settings\Leia\Application Data\Mozilla\Firefox\Profiles\xbmvz0ng.default\Extensions\y7t.tso@xjdadsb-cvg.com
File Deleted : C:\WINDOWS\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Documents and Settings\Leia\Application Data\Mozilla\Firefox\Profiles\xbmvz0ng.default\searchplugins\WebSearch.xml
File Deleted : C:\Documents and Settings\Leia\Application Data\Mozilla\Firefox\Profiles\xbmvz0ng.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [1n.6eii@uqlweydidmio.edu]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [y7t.tso@xjdadsb-cvg.com]
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_48c708f2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714
Key Deleted : HKCU\Software\20565750843475964308210144786038782291182021801849
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : HKCU\Software\adawaretb
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FBSearch
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Documents and Settings\Leia\Application Data\Mozilla\Firefox\Profiles\xbmvz0ng.default\prefs.js ]
 
Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.pu-results.info/?pid=708&r=2013/03/30&hid=1940466573&lg=EN&cc=US");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=708&r=2013/03/30&hid=1940466573&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=708&r=2013/03/30&hid=1940466573&lg=EN&cc=US&l=1&q=");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\Leia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11991 octets] - [31/12/2013 15:15:44]
AdwCleaner[S0].txt - [10777 octets] - [31/12/2013 15:28:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10838 octets] ##########
 
 
JRT.txt LOG
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Leia on Tue 12/31/2013 at 15:41:56.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\Leia\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Documents and Settings\Leia\start menu\programs\free registry cleaner"
Successfully deleted: [Folder] "C:\WINDOWS\freecorder"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/31/2013 at 15:49:54.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

FSS,txt LOG
 
 
Farbar Service Scanner Version: 05-12-2013
Ran by Leia (administrator) on 31-12-2013 at 15:54:40
Running from "C:\Documents and Settings\Leia\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".
 
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
 
DDS.txt log

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Leia at 15:56:40 on 2013-12-31
#Option MBR scan  is disabled.
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2022.1257 [GMT -8:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Ad-Aware Firewall *Disabled* 
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Sony\PlayMemories Home\dfs.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Leia\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Leia\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.startzy.com/web/%s
mWinlogon: Userinit = userinit.exe,
BHO: {2d661e5b-7d7a-417c-b5b5-6479017bb314} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: af0.Adblock.BHO: {90EFF544-3981-4d46-85C9-C0361D0931D6} - 
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\leia\local settings\application data\akamai\netsession_win.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [AdAwareTray] "c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5152.0\AdAwareTray.exe"
mRun: [Cobian Backup 11] "c:\program files\cobian backup 11\Cobian.exe"
StartupFolder: c:\docume~1\leia\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\leia\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: IEB: Browser: Resize Window - c:\program files\ie booster\window-size.html
IE: IEB: Frame: Open in &New Window - c:\program files\ie booster\frame-open-in-new-window.html
IE: IEB: Frame: Open in &This Window - c:\program files\ie booster\frame-open-in-this-window.html
IE: IEB: Image: Copy Path to Clipboard - c:\program files\ie booster\image-copy-path-to-clipboard.html
IE: IEB: Image: Show Image Data - c:\program files\ie booster\image-view-image-data.html
IE: IEB: Link: Copy as <A href="URL">caption</A> - c:\program files\ie booster\link-copy.html
IE: IEB: Link: Open in New Minimized Window - c:\program files\ie booster\link-open-minimized.html
IE: IEB: Page: Copy Title as <A href="URL">Title</a> - c:\program files\ie booster\page-copy-title.html
IE: IEB: Page: Show Forms and Applets - c:\program files\ie booster\page-show-forms.html
IE: IEB: Page: Show Hyperlinks - c:\program files\ie booster\page-view-hyperlinks.html
IE: IEB: Page: Show Images - c:\program files\ie booster\page-show-images.html
IE: IEB: Page: Show Source - c:\program files\ie booster\page-view-source.html
IE: IEB: Page: Show Stylesheets - c:\program files\ie booster\page-view-stylesheets.html
IE: IEB: Selection: Copy as plain text - c:\program files\ie booster\selection-copy-plaintext.html
IE: IEB: Selection: Open in Browser - c:\program files\ie booster\selection-open-in-browser.html
IE: IEB: Selection: Show Partial Source - c:\program files\ie booster\selection-show-source.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1ABC775A-BE94-47EB-85C5-ED92174F01CA} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{43B859C5-52C4-44CA-B2FF-05FED0E1753D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4E7165BE-8CB5-41DB-B9C2-56B58DDB68B8} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-5-6 13560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 195296]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-12 206256]
R1 MpKsl89971294;MpKsl89971294;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36d6b349-e9da-4407-895a-9d2d9d9a5d49}\MpKsl89971294.sys [2013-12-31 40392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2013-12-25 67584]
R2 DeviceFinderService;DeviceFinderService;c:\program files\sony\playmemories home\dfs.exe [2013-12-18 149528]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5152.0\AdAwareService.exe [2013-12-11 494136]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2008-10-29 14416]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2013-12-18 481304]
R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2013-12-23 299024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-7-12 3289472]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-8 1691480]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [2008-10-29 44344]
S3 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2013-5-24 43648]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-4-8 91304]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-12 348752]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-12 1097096]
.
=============== Created Last 30 ================
.
2013-12-31 23:41:53 -------- d-----w- c:\windows\ERUNT
2013-12-31 23:32:35 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36d6b349-e9da-4407-895a-9d2d9d9a5d49}\MpKsl89971294.sys
2013-12-31 23:15:31 -------- d-----w- C:\AdwCleaner
2013-12-31 22:59:41 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36d6b349-e9da-4407-895a-9d2d9d9a5d49}\mpengine.dll
2013-12-29 15:00:21 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-25 18:34:20 -------- d-----w- c:\program files\Cobian Backup 11
2013-12-24 09:04:42 -------- d-----w- c:\program files\Lavasoft
2013-12-24 08:28:18 -------- d-----w- c:\program files\common files\Lavasoft
2013-12-24 07:38:51 -------- d-----w- c:\documents and settings\leia\local settings\application data\Macroplant_LLC
2013-12-24 07:38:06 158224 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
2013-12-24 07:38:05 223760 ----a-w- c:\windows\system32\CbFsNetRdr3.dll
2013-12-24 07:37:55 299024 ----a-w- c:\windows\system32\drivers\cbfs3.sys
2013-12-24 07:37:38 -------- d-----w- c:\program files\iExplorer
2013-12-23 05:25:11 -------- d-----w- c:\program files\Dropbox
2013-12-23 05:20:35 -------- d-----w- c:\documents and settings\leia\application data\Dropbox
2013-12-22 09:44:11 -------- d-----w- c:\documents and settings\leia\.android
2013-12-22 09:44:10 -------- d-----w- c:\documents and settings\leia\local settings\application data\cache
2013-12-22 09:44:05 -------- d-----w- c:\documents and settings\leia\local settings\application data\genienext
2013-12-12 03:31:44 -------- d-----w- C:\Untitled Project
2013-12-02 18:39:50 -------- d-----w- c:\program files\Metability Software
.
==================== Find3M  ====================
.
2013-12-11 19:09:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 19:09:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 15:57:39.95 ===============
 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 01 January 2014 - 10:46 AM

The logs are clean.

Any remaining issues?

#5 DesertTrip

DesertTrip
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 01 January 2014 - 02:55 PM

The Good News: Computer is running faster and no suspicious activities or symptoms. THANKS!!

The Bad News: The original issue with the System Restore remains the same: SYSTEM RESTORE IS NOT ABLE TO PROTECT YOUR COMPUTER. PLEASE RESTART YOUR COMPUTER, AND THEN RUN SYSTEM RESTORE AGAIN.  I reinstalled the sysrestoreenable.reg from Kelly's Corner but it still is not working at all.

 

I am going to assume then this had nothing to do with malware if the logs are clean. Again, thank you for your time and assistance. The faster computer is a huge plus.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 01 January 2014 - 03:37 PM

Try to purge you current System restore points.

Execute this.

Windows XP SYSTEM RESTORE

Reset your computer restore point, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has
administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

1. Turn OFF System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
=*=

How is it now?

#7 DesertTrip

DesertTrip
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 01 January 2014 - 08:57 PM

The computer will not let me turn it OFF. When I click on APPLY (step one), I get the following pop-up.

i-vXxMh2h.jpg



#8 DesertTrip

DesertTrip
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 01 January 2014 - 09:02 PM

ADDED: I am researching what to do on this error now. I will try the fix Microsoft recommends on this page unless you think it might interfere with anything: http://answers.microsoft.com/en-us/windows/forum/windows_xp-performance/error-sr-encountered-an-error-trying-to/092992b5-7020-4708-83e4-beed608c2041

 

TROUBLE SHOOTING TEST 1:  I checked to see if System Restore was running with prompt compmgmt.msc, then expanded Services and then System Restore Services. It showed "Automatic" but no START so I highlighted it, then clicked START but got a pop-up error that said: COULD NOT START THE SYSTEM RESTORE SERVICE ON LOCAL COMPUTER. ERROR 5: ACCESS IS DENIED.

TROUBLE SHOOTING TEST 2: It was the same as when you asked me to turn it OFF through My Computer>System Restore Tab. Same error.

TROUBLE SHOOTING TEST 3: I checked disc space through prompt diskmgmt.msc and it was more than sufficient. 

TROUBLE SHOOTING TEST 4: I viewed the System Restore service errors through prompt eventvwr.msc /s and found on December 25, there is hundreds of warnings (IO_WARNING_PAGING_FAILURE's) followed by two IO_WARNING_LOG_FLUSH_FAILED, then, it shows in the following order -

  • INFO - The System Restore Service service entered the running state.
  • INFO - The System Restore Service service was successfully sent a start control
  • INFO - The System Restore Service service entered the stopped state.
  • ERROR - The System Restore Service service terminated with the following error:  Access is denied.

Then, there are days worth of more errors.

Time to reinstall?


Edited by DesertTrip, 01 January 2014 - 10:42 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 02 January 2014 - 09:08 AM


TROUBLE SHOOTING TEST 4: I viewed the System Restore service errors through prompt eventvwr.msc /s and found on December 25, there is hundreds of warnings (IO_WARNING_PAGING_FAILURE's) followed by two IO_WARNING_LOG_FLUSH_FAILED, then, it shows in the following order -


The IO failures could be caused by a damaged Hard Disk.

Try this.

Click Start, click Run, and then type
cmd
At the command prompt, type chkdsk /f
Chkdsk runs and automatically repairs the volume.

Repeat for each volume on the disk.
(Disk D: E: etc...)

Keep me posted.

#10 DesertTrip

DesertTrip
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 02 January 2014 - 02:09 PM

Just tried that (thank you) and got: 

 

ERRORS FOUND. CHKDSK CANNOT CONTINUE IN READ-ONLY MODE

 

I am not familiar with all these run prompts. Should I re-run it with CHKDSK /CF ?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 02 January 2014 - 02:35 PM

Click Start, click Run, and then type
cmd and hit the OK button.

You should get a DOS screen with a prompt.

at the prompt type chkdsk /f a space is needed after the k.

Hit the enter key.
Let it finish.

To exit the dos prompt type exit and hit the enter key.

How is it now.

#12 DesertTrip

DesertTrip
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 02 January 2014 - 02:56 PM

I closed all windows and ran that, and that netted a new message:

The type of the file system is NTFS.

Cannot lock current drive.

 

Chkdsk cannot run because the volume is in use by another process.

 

Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)

I chose Y and then restarted the computer. No log came up (like it never happened) and re-doing the chkdsk /f just gave the same response again. Is the log somewhere else from the restart?



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 03 January 2014 - 08:55 AM

There are other switches you can you with Chkdsk on an NTFS system.
Refer to this Microsoft Article.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/chkdsk.mspx?mfr=true

I suggest you try again using the /x switch instead or /f

Keep me posted.

#14 DesertTrip

DesertTrip
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 03 January 2014 - 04:02 PM

Hi Nasdaq. I just tried the /x and got the same response:
 

The type of the file system is NTFS.

Cannot lock current drive.

 

Chkdsk cannot run because the volume is in use by another process.

 

I feel like I am going around in circles with this thing. The computer runs well enough to use, no longer exhibits malware issues, but it just doesn't have restore functionality and (can't) want to scan the disk. Not at start-up or otherwise. I am about ready to do a format/install. THANK you for all your assistance and time. It really has been a learning experience and greatly appreciated.



 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 PM

Posted 04 January 2014 - 07:39 AM

Good luck.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users