Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Harddisk failure reformat issues or a virus???


  • This topic is locked This topic is locked
16 replies to this topic

#1 lapetite66

lapetite66

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 05 April 2014 - 03:54 PM

Hi:

 

I'm writing on behalf of my sister as I'm the one that installs her software etc.

 

To get to the point I was attempting to reformat her harddrive as I think that it may be infected.  What pray tell makes me say that?  Well a big clue is that Norton 360 has a big red X where there is normally a cute litte green checkmark.

 

I tried to reformat but the computer wouldn't let me boot from the dvd-rw drive although I tried to reset it to do just that a number of times.  Then when attempted reformat I kept getting the error "harddisk failure".  But if there is harddisk failure why was it still booting up??!!

 

I did manage a semi-reformat...you know when you're logged in and put the OS disc into the dvd-rw drive and go from there.  I guess you could say it really more like a repair.  The problem is that Norton was working for about a week and then it stopped working and had that same big red X like before.  I just told her to not get on the computer until I can find out what the problem is.  The following is my sister's comptuer specs.

 

Computer Specs

 

Compaq Presario

Windows XP Pro

AMD Processor(quite old don't know exact model#)

1GB Ram

160 HD

 

Is her computer harddisk failing, does she have a virus OR is this a combination of both and I should just install a new Harddisk?

 

Any help would be greatly appreciated.

 

Thanks,

 

 



BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 06 April 2014 - 04:29 PM

Hello -

Please run these few scans for now, and we may get a better idea of the problem.

Download tools to Desktop, Temporarily Disable Your Anti-virus if needed, and Copy and Paste any logs.

Always ask if you are not sure of anything, or do not fully understand me.

 

 

First -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only post the link)

 

 

Next -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop to run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

Next -

* Please download and run RKill by Grinler.
* A black DOS box will briefly flash and then disappear.
* This is normal and indicates the tool ran successfully.

* Copy and paste the logs back here.

 

Important: Do not reboot your computer until you complete the next step.

 

Do you have a current Updated version of Malwarebytes Anti-Malware installed ??

If not, please ask for details on installing the latest version.

If you do, please scan with this and post the log it generates

 

 

Now:

* Please download AdwCleaner by Xplode and save to your Desktop.
* NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista / Windows 7 / 8 users, right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for your review. 
* If you see any which you do not want removed, remove the check mark next to it. 

* Next: Click on the Clean button (only once) to remove the selected items. 
* You will receive a message telling you that all programs will be close so that the infections can be removed. 
* Click on OK, and then OK again to confirm the reboot.
* When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
* Please copy and the paste this log in your next post.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.



#3 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 07 April 2014 - 12:36 PM

Hello -

Please run these few scans for now, and we may get a better idea of the problem.

Download tools to Desktop, Temporarily Disable Your Anti-virus if needed, and Copy and Paste any logs.

Always ask if you are not sure of anything, or do not fully understand me.

 

 

First -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only post the link)

 

 

Next -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop to run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

Next -

* Please download and run RKill by Grinler.
* A black DOS box will briefly flash and then disappear.
* This is normal and indicates the tool ran successfully.

* Copy and paste the logs back here.

 

Important: Do not reboot your computer until you complete the next step.

 

Do you have a current Updated version of Malwarebytes Anti-Malware installed ??

If not, please ask for details on installing the latest version.

If you do, please scan with this and post the log it generates

 

 

Now:

* Please download AdwCleaner by Xplode and save to your Desktop.
* NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista / Windows 7 / 8 users, right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for your review. 
* If you see any which you do not want removed, remove the check mark next to it. 

* Next: Click on the Clean button (only once) to remove the selected items. 
* You will receive a message telling you that all programs will be close so that the infections can be removed. 
* Click on OK, and then OK again to confirm the reboot.
* When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
* Please copy and the paste this log in your next post.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

Hi noknojon:

 

Thank you for replying to my post.

 

I know I told you that it was my sisters computer that is having the problems right?  Well, I forgot to mention that we don't live in the same household. She lives quite a distance from me so I will have to go to her house later on this week.

 

She already has Malwarebytes installed and I did do a scan with that but it was a bust and I think that's due to whatever is on her computer, that's it's hiding or blocking I just don't know.   Her computer being an older one was already slow but now that I suspect that it's infected with whatever its SUPER slow now.  It's like molasses going up mount Everast on a cold winter's day.

 

I have downloaded all the software that you said she needed onto both a disc and a flashdrive I hope that I am able to install them and run the necessary tests.

 

Speaking of flashdrives, if as I highly suspect her computer is infected is it possible for that virus to jump to the flashdrive??? If so how can I protect my computer if I need to use that same flashdrive on my computer???  I just recently read that using a computer under a limited account offter some protection when it comes to computer viruses, surfing the net etc.  Should I also use that account if I have to plug that flashdrive in to my computer.  Would reformating that flashdrive also help to wipe any threats off that flashdrive as well?

 

Thanks again for responding.



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 07 April 2014 - 06:27 PM

Hi -

Please use More Reply Options, or just click in the open Reply box.

Do not quote a long post (like mine) unless there is a reason.

 

In no particular order ------

is it possible for that virus to jump to the flashdrive??? = Yes your computer can be infected if you downoad something infected to a Flash drive and then install that onto your computer. Note I said "Can Be", as your own Antivirus may well protect you.

 

She already has Malwarebytes installed = Try using Malwarebytes Chameleon. Save to Desktop and unzip it there, for a badly infected computer.

 

Would reformating that flashdrive also help to wipe any threats off that flashdrive as well? = You just need to clean the Flash drive after you use it and it should be OK.

 

 

Copy this and use it on the infected computer also -

 

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus
 

This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post

1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
b - Double click on the  icon on your desktop.
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take some time (first time scans are always longer). Allow several hours for a badly infected computer. A scan of 3 hours or more would not be unexpected.
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.



#5 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 09 April 2014 - 11:46 AM

Hi Aussie Addict:

 

Sorry for including the quote.  I won't do that again unless there's something specific that I need to respond to.  Also, I was going to go back and edit that message but there doesn't seem to be and edit button.

 

I have downloaded both Chameleon and ESET and added them to the flash drive.  I have also copied and pasted all your directions to a WORD file and also put on that same flash drive as I will be using her computer.

 

As I stated previously her computer is an older model Compaq and thus she only has a HD with 160GB.  Normally a virus scan of her computer doesn't take a lot of time but since there's a good possiblity that her computer is infected and running SUPER slow now it probably will take quite some time.  I guess I will have to getto her house even earlier than I originally planned.

 

Thanks again.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 09 April 2014 - 04:53 PM

Thank you for updating us on the progress.

 

Regards.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 17 April 2014 - 04:55 PM

Hello -

 

As your last reply was over a week ago, please send me a message (mouse over my name for "Send Message)

Or start a new topic for more help

 

Good luck with the problem -



#8 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 19 April 2014 - 03:11 PM

Noknojon:

 

Here are the logs you requested.  You will notice that the malwarebytes has the wrong date that is due to whatever the heck was going on with this computer.  I had to go in and manually change the date and time to the correct format.

 

As I stated in the PM I haven't run the ESET Online Scanner yet but will be starting just as soon as I click the post button on this message.

 

P.S.  Did I mention that her computer clock; meaning the time and date her computer is out of whack???  If I didn't...her time and date is out of whack too. :(  She didn't have any problems with her clock before...that is before the *@#& hit the fan.  I noticed the clock issue when her Norton stopped working and by not working I mean her norton had a BIG red X where there used to be a nice green check mark

 

I know how to change the CMOS but since this issue with the time clock didn't occur until the issue with norton etc. I wondered if a virus could also have an effect on the time clock and that is a valid possibility.  I will wait until you tell me what other things I need to attend to before addressing whether or not it's just the CMOS or it's the virus screwing up her computer time.

 

 

 

 

 

 

Speccy snapshot

 

http://speccy.piriform.com/results/3B14R3XRw2oDQ0byzp5xOGR

 

 

 

 

 

 

Security Check by Screen317

 

 Results of screen317's Security Check version 0.99.81  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Norton 360    
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities 2011   
 TuneUp Utilities Language Pack (en-US)
 TuneUp Utilities 2011   
 CCleaner     
 Duplicate Cleaner 2.0.4b   
 Java 7 Update 55  
 Java version out of Date!
 Adobe Flash Player     13.0.0.182  
 Adobe Reader XI  
 Mozilla Firefox 27.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

 

 

MiniToolBox,

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Tiki (administrator) on 01-01-2005 at 11:26:04
Running from "C:\Documents and Settings\Tiki.TIKI-725F08E862\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (03/22/2014 10:41:52 AM) (Source: Application Error) (User: )
Description: Faulting application TuneUpUtilitiesService32.exe, version 10.0.4320.15, faulting module TuneUpUtilitiesService32.exe, version 10.0.4320.15, fault address 0x00106dad.
Error in creating result PEAP-TLV in response to received PEAP-TLV (TuneUpUtilitiesService32.exe!ld!)

Error: (03/22/2014 10:22:20 AM) (Source: ESENT) (User: )
Description: wuauclt (1076) Database recovery/restore failed with unexpected error -566.

Error: (03/06/2014 11:06:08 PM) (Source: Windows Product Activation) (User: )
Description: You have not activated Windows within the grace period. To activate Windows, contact a customer service representative by telephone.

Error: (03/23/2036 03:04:41 AM) (Source: Application Error) (User: )
Description: Fault bucket -1046364886.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/23/2036 03:04:41 AM) (Source: Application Error) (User: )
Description: Faulting application apsdaemon.exe, version 2.2.3.5, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x00051f1c.
Processing media-specific event for [apsdaemon.exe!ws!]

Error: (08/24/2033 05:10:08 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 05:10:08 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 05:10:08 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 05:10:08 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 05:10:08 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (01/01/2005 11:12:22 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2005 11:11:13 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2005 11:11:07 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2005 11:10:33 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2005 11:10:24 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2005 11:10:24 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2005 11:10:24 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2005 11:10:24 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2005 11:08:46 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2005 11:03:46 AM) (Source: DCOM) (User: TIKI-725F08E862)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (03/22/2014 10:41:52 AM) (Source: Application Error)(User: )
Description: TuneUpUtilitiesService32.exe10.0.4320.15TuneUpUtilitiesService32.exe10.0.4320.1500106dad

Error: (03/22/2014 10:22:20 AM) (Source: ESENT)(User: )
Description: wuauclt1076-566

Error: (03/06/2014 11:06:08 PM) (Source: Windows Product Activation)(User: )
Description:

Error: (03/23/2036 03:04:41 AM) (Source: Application Error)(User: )
Description: -1046364886

Error: (03/23/2036 03:04:41 AM) (Source: Application Error)(User: )
Description: apsdaemon.exe2.2.3.5msvcr80.dll8.0.50727.619500051f1c

Error: (08/24/2033 05:10:08 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 05:10:08 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 05:10:08 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 05:10:08 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 05:10:08 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

7-Zip 9.22beta
Active@ DVD Eraser v 1.1
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ATI Display Driver (Version: 8.591-090225a-076825C-ATI)
Auslogics Disk Defrag (Version: version 3.2)
CCleaner (Version: 4.08)
CPUID CPU-Z 1.68
CutePDF Writer 2.8
Daphne 1.47 (Version: 1.47)
Duplicate Cleaner 2.0.4b (Version: 2.0.4b)
DVD Shrink 3.2
FastStone Image Viewer 4.9 (Version: 4.9)
Format Factory version 2.80.0.0 (Version: 2.80.0.0)
ImgBurn (Version: 2.5.7.0)
Java 7 Update 51 (Version: 7.0.510)
K-Lite Mega Codec Pack 9.8.5 (Version: 9.8.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Professional (Version: 10.0.2627.01)
Microsoft Silverlight (Version: 5.1.30214.0)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MWSnap 3 (Version: 3.0.0.74)
Nero 7 Ultra Edition (Version: 7.03.1357)
neroxml (Version: 1.0.0)
Norton 360 (Version: 21.1.0.18)
Panda USB Vaccine 1.0.1.16
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
QuickTime (Version: 7.73.80.64)
Realtek AC'97 Audio
Registry Mechanic 5.1 (Version: 5.1)
Revo Uninstaller 1.94 (Version: 1.94)
Sandboxie 4.08 (32-bit) (Version: 4.08)
Speccy (Version: 1.25)
SpywareBlaster 5.0 (Version: 5.0.0)
swMSM (Version: 12.0.0.1)
TeamViewer 9 (Version: 9.0.24482)
TuneUp Utilities 2011 (Version: 10.0.4320.15)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.4320.15)
Wallpaper Changer for Windows XP
WebFldrs XP (Version: 9.50.7523)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR 4.20 (32-bit) (Version: 4.20.0)

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 1470.48 MB
Available physical RAM: 978.34 MB
Total Pagefile: 3365.81 MB
Available Pagefile: 2972.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.43 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:105.45 GB) NTFS
3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:0.95 GB) (Free:0.16 GB) FAT

========================= Users: ========================================

User accounts for \\TIKI-725F08E862

Administrator            ASPNET                   Guest                    
HelpAssistant            SUPPORT_388945a0         Tiki                     

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

 

 

 

RKill

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2005 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/01/2005 11:28:47 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\SOUNDMAN.EXE (PID: 1560) [WD-HEUR]
 * C:\WINDOWS\system32\IoctlSvc.exe (PID: 972) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\assembly\GAC_32\infocard\3.0.0.0__b77a5c561934e089 => C:\WINDOWS\WinSxS\x86_infocard_b77a5c561934e089_3.0.0.0_x-ww_cf0bd33f [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\ComSvcConfig\3.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\MSIL_ComSvcConfig_b03f5f7f11d50a3a_3.0.0.0_x-ww_4c629641 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\LOG\2.0.3693.42530__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3693.42530_x-ww_47e32df4 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\ServiceModelReg\3.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\MSIL_ServiceModelReg_b03f5f7f11d50a3a_3.0.0.0_x-ww_5bccaba2 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\MSIL_SMSvcHost_b03f5f7f11d50a3a_3.0.0.0_x-ww_9468aa34 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\MSIL_WsatConfig_b03f5f7f11d50a3a_3.0.0.0_x-ww_2c20bcb1 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 01/01/2005 11:29:39 AM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)

 

 

 

Malwarebytes Anti-Malware

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.19.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: TIKI-725F08E862 [administrator]

Protection: Enabled

1/1/2005 12:37:14 PM
mbam-log-2005-01-01 (12-37-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 334452
Time elapsed: 18 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

AdwCleaner

 

# AdwCleaner v3.024 - Report created 19/04/2014 at 15:09:27
# Updated 18/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Tiki - TIKI-725F08E862
# Running from : C:\Documents and Settings\Tiki.TIKI-725F08E862\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Program Files\registry mechanic
[x] Not Deleted : C:\Program Files\verizontb

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v25.0.1 (en-US)

*************************

AdwCleaner[R0].txt - [1006 octets] - [19/04/2014 15:05:11]
AdwCleaner[S0].txt - [944 octets] - [19/04/2014 15:09:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1003 octets] ##########

 


Edited by lapetite66, 19 April 2014 - 05:30 PM.


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 19 April 2014 - 08:12 PM

Hi -

Sorry but my system was causing minor problems over the last few days, so I needed to revise some work on it. :smash:

 

These programs need removing, as they are causing problems. See one typical error below

AdwCleaner is trying to remove Registry Mechanic program, but it will not fully remove the program.
Registry Mechanic 5.1
TuneUp Utilities 2011

 

Application errors:
 ==================
 Error: (03/22/2014 10:41:52 AM) (Source: Application Error) (User: )
 Description: Faulting application TuneUpUtilitiesService32.exe, version 10.0.4320.15, faulting module TuneUpUtilitiesService32.exe,

 

The computer is recognising Norton Antivirus and Firewall as activated and updated at the moment.

But it you are concerned, I would Uninstall and Reinstall the program.

 

Remember that XP is no longer supported by M/soft, so this has caused some systems to "play up" a bit.

 

How many of these problems have occurred since XP was reinstalled by you or someone else ??

Operating System
Windows XP Professional 32-bit SP3
Computer type: Desktop
Installation Date: 2/27/2014 5:32:09 PM
 

 

Are these the type of time / date problems that you have had recently ??

They are very odd, and I am not sure if the CMOS battery or the system is causing this problem.

 

Error: (08/24/2033 05:10:08 AM) (Source: crypt32)(User: )
Error: (08/24/2033 05:10:08 AM) (Source: crypt32)(User: )
Error: (08/24/2033 05:10:08 AM) (Source: crypt32)(User: )
Error: (03/23/2036 03:04:41 AM) (Source: Application Error)(User: )
Error: (03/23/2036 03:04:41 AM) (Source: Application Error)(User: )

 

Please read these Errors also. They may be related since the last reinstall.
Error: (03/06/2014 11:06:08 PM) (Source: Windows Product Activation) (User: )
 Description: You have not activated Windows within the grace period. To activate Windows, contact a customer service representative by telephone.



#10 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 19 April 2014 - 10:10 PM

Hi noknojon:

 

No problem waiting, after all you hadn't heard from me for a week. :) Hope you got your computer up to snuff though.

 

I removed Registry Mechanic although I don't understand what the problem is as the program has been on the computer for years now.  The same with Tuneup Utilities.  I have the new version of Tuneup but just haven't gotten around to installing it as for Registry Mechanic I also have new versions of that but hated the new design and a lot of the features that I loved were no longer available so I uninstalled it and downgraded back to the version I liked which was version 5.1.

 

The problems you seem to be referring to were occuring before I reinstalled and that's why I attempted a reinstall in the first place.  If you remember it wasn't really a reinstall because I kept getting the error disk error or words to that effect and I couldn't get the computer to let me set it to boot from the DVD-RW drive so I had to re-install while already logged on if you want to call it that.  I don't consider it a reformat unless I boot from the DVD-RW drive delete the current partition ie wipe the drive and start from scratch which wasn't the case.

 

As for windows not being activated...when I click on the button to activate it(which I had already done so), a box pops up telling me windows is activated so I don't know what the heck is going on! :scratchhead:

 

As for Norton 360 it seems to be working fine right now but maybe I will uninstall it next time around.  Right now I am tired as heck after fooling around with ESET Onnline scanner taking nearly four dang hours to scan a 160GB drive.  WTH!!!!  I am still at my sister's house at 10:52pm on a dang Saturday night trying to help her out with her computer.   So uninstalling NortonTuneup will just have to wait until the next time as I am just too dang tired to do anything but get something to eat and just chill out the rest of the night...when I get home.

 

 

I will check back in...maybe tomorrow(Sunday) but I make no promises.  Hopefully, the computer will be okay and if not then in the famous words of the Termintator "I'll be back". :P

 

Thanks for your help.

 

 

 

 

ESET Online Scanner Log

 

C:\GRTMPOEM_EN.ISO    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\LS00X4RR\ApnIC[1].0    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\V72PDLDW\ApnIC[1].0    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Default User.WINDOWS\is-PNBMO.tmp\askinstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Default User.WINDOWS\NERO1005887\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Tiki\Application Data\verizontb\verizontb.dll    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    deleted - quarantined
C:\Documents and Settings\Tiki\My Documents\DOWNLOADS\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Tiki\My Documents\DOWNLOADS\Shockwave_Installer_Slim.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Tiki\My Documents\Software\CutePDF-Writer_v2.8.0.6_Non-Silent.cab    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Tiki.TIKI-725F08E862\is-PNBMO.tmp\askinstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Tiki.TIKI-725F08E862\My Documents\Cold Medicine\spsetup125.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Tiki.TIKI-725F08E862\NERO1005887\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
C:\Program Files\SIW\siw.exe    a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application    deleted - quarantined
C:\Program Files\verizontb\verizonDx.dll    a variant of Win32/Toolbar.Visicom.B potentially unwanted application    deleted - quarantined
C:\Program Files\verizontb\verizontb.dll    a variant of Win32/Toolbar.Visicom.A potentially unwanted application    deleted - quarantined
C:\RECYCLER\S-1-5-21-839522115-2000478354-1801674531-1004\Dc22.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\WINDOWS\system32\config\systemprofile\is-PNBMO.tmp\askinstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\WINDOWS\system32\config\systemprofile\NERO1005887\Toolbar.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    deleted - quarantined
 

 

#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 20 April 2014 - 02:06 AM

Toolbar.Visicom and Toolbar.Ask.A , (the 2 main detections above) are items that you have downloaded with other programs.

 

Always read the fine print, or Add-On offers that come with the programs you install.

 

Tuneup Utilities.and Registry Mechanic will both "screw up" your Antivirus programs, and will do Nothing to help your system.

 

Post back with all the current problems or if you are running better now ......



#12 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 21 April 2014 - 03:59 PM

Hi noknojon:

 

Well, I talked to my sister yesterday(Sunday) and she said that the computer seems to load but then stops and the monitor keeps giving the message "No Signal" and won't come on.  I have to admit that I did have a time trying to get the computer to act right the other day but I thought that everything would be resolved after I followed ALL the directions.   Obviously...I was wrong.

 

I'm really pissed about this outcome since I literally spent hours on her computer the other day. :ranting:   

 

I will make one last attempt the next time I'm up at my sister's house to reformat the drive and if that doesn't work then I will just install the new harddrive and start from scratch.  Either way I will let you know.

 

Thanks for all your help. :)

 

 

 

#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 21 April 2014 - 08:17 PM

Registry mechanic 5.1 released December 2005

You want to reinstall a 9 to 10 year old version of a program that "Claims" to """Clean Your Registry""" that is not Dirty to start with -

It also is Generic in nature, meaning it can not tell if you have Windows 98, XP (SP 1,2 or 3), Vista (SP 1 or 2), or Windows7 (with SP1) installed.

 

Now, remember that there are no further XP Updates to install, as M/soft no longer supports the program, so you will need to rely on all your installed updates  (some later ones can still be found).

 

 

The only ways to check your registry are to run a Disk Check or run sfc /scannow (System File Checker).

I have left my versions below, but if you Google these there are other methods around that get the same results.

 

Run a Disk Check on your C: or main drive in Windows XP:
• Click the Start button and select My Computer
• Right-click on C:(or your main hard drive letter) and select Properties
• Click on the Tools tab
• Under Error-checking click the Check Now... button

• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
• Click on the Start button
• When the message box pops up, click the Schedule disk check button and Reboot your computer
• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This will take (on average) 1 to 2 hours depending on your system, so please let it finish.
DO NOT force a reboot once started as you will lose data and may damage the computer
NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.
The computer will reboot to normal mode once it has completed all 5 stages -

 

 

To run sfc /scannow in Windows XP :

Go - Start > Run Box and type sfc /scannow (note the space between c and / as it must be there).

Now press Enter or Click OK to start the process.

You will need a matching operating system CD handy, (if using XP system)
Once the program starts, it may call for you to insert the CD to confirm Installed Files.

The program will just check and report on the main drive, don't press any keys so that it is allowed to do so.

This will take (on average) about 20 minutes depending on your system, so please let it finish.
DO NOT force a reboot once started as you will lose data and may damage the computer
NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.

 

My personal ideas only -

If you do need to get another Hard Drive (generally looks reasonable from the logs) I would install Windows 7 on the computer, as this is still supported for about 8 years.

Vista is only supported for about 4 years, plus it is hopeless compared to Windows 7 -



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 26 April 2014 - 11:56 PM

Hi again -

 

If you think there may be any infection left on the computer, please follow these directions -

 

Please follow the instructions in THIS PREP GUIDE starting at Step #6.

 

NOTE - If you cannot complete any step, skip it and continue.

 

 Once the proper DDS logs are created, then make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs area - Not back here -

 

They can use other tools to find the program that we can not use in this area.

 

If HelpBot replies, please follow its Step #1 and the team will be notified.

 

Tell me if you post the new topic so we can close this one and only let the Experts fix your problem.



#15 lapetite66

lapetite66
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 30 April 2014 - 12:56 PM

Hi noknojon:

 

Sorry for not getting back to you earlier.

 

Yes, it would be nice if I could install Windows 7 as it is still supported but neither I nor my sister have the funds for that right now. Unfortunately, I don’t see Microsoft coming around and offering free upgrades to Windows 7 or 8. 

 

Although both windows 7 and 8 OS have support, I am not too enamored with either of them as they both lack certain features that LOVE about Windows XP.  I wish that Microsoft continued support of XP and don’t understand the need to create new OS every year when they had one that millions of people really liked.  Why not improve on the OS you already have instead of creating new OS’s that lack features that made the last OS a big seller not to mention extremely popular???

 

My motto is “If it’s broke fix it and improve it”, “If it ain’t broke leave it the *#@& alone!” :ranting:

 

Okay…my ranting is over today. :)

 

Yes, I most certainly do think my sister’s computer is still infected BIG time.  When she does manage to make it to the desktop screen Norton 360 is sporting a big red X as opposed to the cute green checkmark it’s supposed to have.  So therefore she has no protection of any kind.

 

I told you that my sister lives quite a distance away from me which makes it a lot more difficult to help out with this computer situation.  The only solution that I can see is that I will have to bring her system down here to my house.  The problem with that is that I DON’T want to network her computer to mine as I DON’T want what she has on her computer to jump to mine.  I only want to share the internet connection and that’s it!

 

I have download the DDS program but haven’t yet posted a new topic.  You can go ahead and close out this post. 

 

Thanks for your help.

 

 

 

 

 

 

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users