Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Problems After Virus Removal - Help Please


  • Please log in to reply
17 replies to this topic

#1 pickledllama23

pickledllama23

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 08 August 2014 - 10:33 AM

Helped a friend out by removing the ICE Cyber Crime virus. He has Vista 32 bit OS installed. I had to physically remove the HDD and scan as an external device to get rid of the virus with Malwarebytes. Noticed a few things after I reinstalled the HDD and booted up.

 

1. Security Center Can't Be Started error - dependant services

2. Shows that Windows Firewall is working

3. Windows Update works intermittenly

4. WMI service can't be turned on

   - WMI Diagnostic Utility gives error that OS is not the proper version

5.  Avast wouldn't install properly

6. Can't install any Service Packs (thought this might fix it) ... Fixit for Service Pack install doesn't work

7. The MS Fixit for the Security Center problem doesn't work

8. SFC /scannow will not accept the Vista OS disk as a proper OS on this computer even though this is what shipped with it.

 

I have scoured the internet and tried just about every method I've come across.

 

Is this machine still infected? Malwarebytes shows that it is clean. I am at my wits end.

My friend is older and has and has this machine just the way he wants it so I don't want to do a clean install.

 

Running dskchk now

 

Any thoughts?



BC AdBot (Login to Remove)

 


m

#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:12 PM

Posted 08 August 2014 - 11:34 AM

Hi,
 
First let's see if the isn't something hidden...

 

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

 

And let's check some windows critical services...

 

Download Farbar Service Scanner

  • Run FSS
  • Check all the options
  • click Scan

Post the generated log in your reply.




 

 


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 pickledllama23

pickledllama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 08 August 2014 - 11:38 AM

Thanks Sleepy Dude. I want to let you know that I am running a business (phones, couter...etc) while I'm doing this so I might not be back immediately. Downloading now....



#4 pickledllama23

pickledllama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 08 August 2014 - 11:53 AM

one thing I forgot to mention is that I am booting this machine clean with nothing but the MS services running

 

TDSSKiller found nothing

 

Here is the Farbar report:

 

Farbar Service Scanner Version: 21-07-2014
Ran by seaboy (administrator) on 08-08-2014 at 12:48:49
Running from "C:\Users\seaboy\Desktop"
Windows Vista ™ Home Basic  (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
 
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt: "C:\PROGRA~2\bhvr.dat".
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:12 PM

Posted 08 August 2014 - 12:12 PM

Ok, Download the ESET services repair tool, and save it to the Desktop.

  • Double-click ServicesRepair ESETServices.gif
    (On Windows Vista and above right click the icon and choose Run as Administrator, accept the security warning)
  • On the prompt This utility will reinstall Services commonly removed by exploits. Click Yes to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your Desktop, please post the content in your next reply.

Run FSS again and post the new log.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 pickledllama23

pickledllama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 08 August 2014 - 01:12 PM

Here is the ESET log:

 

Log Opened: 2014-08-08 @ 14:00:03
14:00:03 - -----------------
14:00:03 - | Begin Logging |
14:00:03 - -----------------
14:00:03 - Fix started on a WIN_VISTA X86 computer
14:00:03 - Prep in progress.  Please Wait.
14:00:07 - Prep complete
14:00:07 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
 
SetACL finished successfully.
14:00:09 - Services Repair Complete.
14:01:38 - Reboot Initiated
 
 
 
 
 
And this is the 2nd FSS log:
 
Farbar Service Scanner Version: 21-07-2014
Ran by seaboy (administrator) on 08-08-2014 at 14:09:46
Running from "C:\Users\seaboy\Desktop"
Windows Vista ™ Home Basic  (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
 
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt: "C:\PROGRA~2\bhvr.dat".
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#7 pickledllama23

pickledllama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 08 August 2014 - 02:10 PM

Hey SD,

 

I've got to thank you for spending your time helping me help a friend out!



#8 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:12 PM

Posted 08 August 2014 - 03:04 PM

Hi,

 

Before continue I would like to do a little check please.

  • open the Command Prompt as Administrator (Tutorial)
  • type the command:
    attrib C:\PROGRA~2\bhvr.dat

 

Please post the result.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#9 pickledllama23

pickledllama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 08 August 2014 - 03:16 PM

Hey,

 

Getting "File not found"



#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:12 PM

Posted 08 August 2014 - 03:43 PM

Hey,

 

Getting "File not found"

 

Good.

 

Download Windows Repair (All-in-One) Portable

  • extract the tweaking.com_windows_repair_aio.zip to c:\Windows\TEMP the zip will extract to a folder called Tweaking.com - Windows Repair
  • execute the file Repair_Windows.exe from the Tweaking.com - Windows Repair folder
  • click on the tab Start Repairs, next click the Start button to access the following screen:

    WindowsRepair.png
  • click the button Unselect All
  • check the following box's:
    • 05 - Repair WMI
    • 10 - Remove Policies Set By Infections
    • 26 - Restore Important Windows Services
    • 26 - Set Windows Services To Default Startup
  • check the box Restart/Shutdown System When Finished > Restart System
  • click the Start button

 

Run FSS again please.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 pickledllama23

pickledllama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 08 August 2014 - 03:46 PM

Oops. Sorry, Sleepy. The return is "Path not found"


Will the fix you posted still apply?



#12 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:12 PM

Posted 08 August 2014 - 03:47 PM

Oops. Sorry, Sleepy. The return is "Path not found"


Will the fix you posted still apply?

 

Yes, I only want to confirm the file doesn't exist anymore.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#13 pickledllama23

pickledllama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 08 August 2014 - 04:22 PM

SD,

Looks like this one is going to take a while. What an amazing program and nice design too. I'm going to take this machine home in an hour. I'll post the results when I get them. Thanks again.



#14 pickledllama23

pickledllama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 09 August 2014 - 07:45 AM

Okay, sleepy I ran the Windows Repair. I think that might have done the trick. Here is the FSS log:

 

Farbar Service Scanner Version: 21-07-2014
Ran by seaboy (administrator) on 08-08-2014 at 08:37:15
Running from "C:\Users\seaboy\Desktop"
Microsoft® Windows Vista™ Home Basic   (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
 
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#15 pickledllama23

pickledllama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 09 August 2014 - 07:48 AM

Also, windows update just alerted me that SP 1 is ready to install






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users