TechSpot

Cannot install Malwarebytes anti-malware: Access is denied

Solved
By gauminabrendan
Dec 9, 2011
  1. Hi,

    I am hoping to get some help with my pc. I have tried to install malwarebytes, but access is denied

    I have followed the steps that Broni recommended to solve this issue on a similiar thread, and here are the logs:

    - mbam will not install so no log (access denied)
    - GMER log

    GMER 1.0.15.15641 -
    Rootkit quick scan 2011-12-09 11:22:16
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LH01
    Running: x11syexq.exe; Driver: C:\Temp\pxrdrpoc.sys


    ---- System - GMER 1.0.15 ----

    Code 8769B4F4 NlsAnsiCodePage

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----

    _________________________________________________________________

    DDS.txt log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702
    Run by bdagg at 11:27:12 on 2011-12-09
    Microsoft Windows XP Professional 5.1.2600.3.1257.370.1033.18.3071.2519 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: FroggyBoss Class: {539f76fd-084e-4858-86d5-62f02f54ae86} - c:\program files\minibar\Froggy.dll
    BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.5.0\PriceGongIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
    BHO: MrFroggy Class: {856e12b5-22d7-4e22-9aca-ea9a008dd65b} - c:\program files\minibar\Froggy.dll
    BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - c:\program files\minibar\Kango.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_ActiveX.exe -update activex
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [Windows Update] c:\windows\system32\config\systemprofile\application data\q0enev4828\rplh.exe
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_ActiveX.exe -update activex
    mPolicies-system: DisableTaskMgr = 1 (0x1)
    dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
    dPolicies-explorer: NoDesktop = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files\minibar\MinibarButton.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    TCP: DhcpNameServer = 68.87.68.166 68.87.74.166 192.168.1.1
    TCP: Interfaces\{D0DE9198-D766-42F1-B51C-2E36F48A1943} : DhcpNameServer = 68.87.68.166 68.87.74.166 192.168.1.1
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 nwprovau
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\bdagg\application data\mozilla\firefox\profiles\0lvwmvh2.default\
    FF - plugin: c:\documents and settings\bdagg\local settings\application data\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\documents and settings\bdagg\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: email removed - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2009-6-10 308248]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2009-9-2 36608]
    S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    S1 MpKsl14e0e9d1;MpKsl14e0e9d1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345f9623-a5bc-45fa-ad2c-608b2a2da758}\mpksl14e0e9d1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345f9623-a5bc-45fa-ad2c-608b2a2da758}\MpKsl14e0e9d1.sys [?]
    S1 MpKsl1f9aab94;MpKsl1f9aab94;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3d8d423-23fd-4fe3-ae9e-2c65b885de8d}\mpksl1f9aab94.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3d8d423-23fd-4fe3-ae9e-2c65b885de8d}\MpKsl1f9aab94.sys [?]
    S1 MpKsl21281909;MpKsl21281909;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74ccb28a-076f-4394-a47d-eacb54af8732}\mpksl21281909.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74ccb28a-076f-4394-a47d-eacb54af8732}\MpKsl21281909.sys [?]
    S1 MpKsl3e6c8072;MpKsl3e6c8072;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ea85702-9759-4f85-bd9d-69b0b3b0dd09}\mpksl3e6c8072.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ea85702-9759-4f85-bd9d-69b0b3b0dd09}\MpKsl3e6c8072.sys [?]
    S1 MpKsl51c6cb3b;MpKsl51c6cb3b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345f9623-a5bc-45fa-ad2c-608b2a2da758}\mpksl51c6cb3b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345f9623-a5bc-45fa-ad2c-608b2a2da758}\MpKsl51c6cb3b.sys [?]
    S1 MpKsl5c852002;MpKsl5c852002;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0509dfd-0336-4304-8782-0b6d1fed98d9}\mpksl5c852002.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0509dfd-0336-4304-8782-0b6d1fed98d9}\MpKsl5c852002.sys [?]
    S1 MpKsl6303eb55;MpKsl6303eb55;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eda41a4-5bc3-46ef-911a-bac171d422e5}\mpksl6303eb55.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eda41a4-5bc3-46ef-911a-bac171d422e5}\MpKsl6303eb55.sys [?]
    S1 MpKsl82a0a774;MpKsl82a0a774;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345f9623-a5bc-45fa-ad2c-608b2a2da758}\mpksl82a0a774.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345f9623-a5bc-45fa-ad2c-608b2a2da758}\MpKsl82a0a774.sys [?]
    S1 MpKslbbb99087;MpKslbbb99087;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8aee1c16-4c23-499b-9af5-6f8d8b31a749}\mpkslbbb99087.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8aee1c16-4c23-499b-9af5-6f8d8b31a749}\MpKslbbb99087.sys [?]
    S1 MpKslcf385613;MpKslcf385613;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0509dfd-0336-4304-8782-0b6d1fed98d9}\mpkslcf385613.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0509dfd-0336-4304-8782-0b6d1fed98d9}\MpKslcf385613.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 PCSUService;PC Speed Up Service;c:\program files\pc speed up\PCSUService.exe [2011-9-23 233184]
    S2 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
    S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2009-9-2 88192]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 LFXACT;Companion Suite Pro LL F@X activities;c:\windows\system32\drivers\LFXACT.sys [2009-9-15 20488]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\drivers\XMLDIUSB.sys [2009-9-15 31879]
    .
    =============== Created Last 30 ================
    .
    2011-12-09 14:37:17 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fe81b4e-6605-44dd-87ab-45d82acadebe}\offreg.dll
    2011-12-07 15:17:57 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fe81b4e-6605-44dd-87ab-45d82acadebe}\MpKsl827c6661.sys
    2011-12-06 17:01:18 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fe81b4e-6605-44dd-87ab-45d82acadebe}\mpengine.dll
    2011-12-03 19:24:18 609802 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    .
    ==================== Find3M ====================
    .
    2011-10-21 22:30:43 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-10-21 20:49:34 1794 ---ha-w- c:\windows\system32\tmp.reg
    2011-10-17 15:05:40 499712 ---ha-w- c:\windows\system32\msvcp71.dll
    2011-10-17 15:05:40 348160 ---ha-w- c:\windows\system32\msvcr71.dll
    2011-10-10 14:22:41 692736 ---ha-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ---ha-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 11:28:12.09 ===============

    _________________________________________________________________

    Attach.txt log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 02/09/2009 03:48:37
    System Uptime: 09/12/2011 09:36:57 (2 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30AC
    Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | U10 | 1828/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 96 GiB total, 59.213 GiB free.
    D: is FIXED (NTFS) - 53 GiB total, 48.985 GiB free.
    E: is CDROM ()
    F: is FIXED (FAT32) - 56 GiB total, 27.874 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0001
    Manufacturer: LogMeIn, Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0001
    Service: hamachi
    .
    ==== System Restore Points ===================
    .
    RP1: 21/10/2011 18:31:05 - System Checkpoint
    RP2: 21/10/2011 19:16:57 - Software Distribution Service 3.0
    RP3: 23/10/2011 12:05:25 - Software Distribution Service 3.0
    RP4: 24/10/2011 12:26:37 - System Checkpoint
    RP5: 24/10/2011 21:58:42 - Software Distribution Service 3.0
    RP6: 26/10/2011 08:13:18 - Software Distribution Service 3.0
    RP7: 27/10/2011 08:52:24 - System Checkpoint
    RP8: 27/10/2011 21:47:54 - Software Distribution Service 3.0
    RP9: 01/11/2011 11:25:05 - Software Distribution Service 3.0
    RP10: 02/11/2011 14:02:05 - System Checkpoint
    RP11: 02/11/2011 22:21:24 - Software Distribution Service 3.0
    RP12: 04/11/2011 08:47:25 - Software Distribution Service 3.0
    RP13: 07/11/2011 12:07:51 - System Checkpoint
    RP14: 07/11/2011 12:11:39 - Software Distribution Service 3.0
    RP15: 08/11/2011 12:38:32 - System Checkpoint
    RP16: 09/11/2011 12:13:46 - Software Distribution Service 3.0
    RP17: 09/11/2011 16:15:20 - Software Distribution Service 3.0
    RP18: 10/11/2011 13:52:46 - Software Distribution Service 3.0
    RP19: 10/11/2011 17:06:46 - Configured 2007 Microsoft Office system
    RP20: 10/11/2011 17:11:14 - Configured 2007 Microsoft Office system
    RP21: 11/11/2011 09:10:12 - Software Distribution Service 3.0
    RP22: 13/11/2011 22:30:28 - Software Distribution Service 3.0
    RP23: 15/11/2011 10:15:35 - Software Distribution Service 3.0
    RP24: 16/11/2011 14:17:12 - System Checkpoint
    RP25: 17/11/2011 10:24:18 - Software Distribution Service 3.0
    RP26: 18/11/2011 16:04:10 - Software Distribution Service 3.0
    RP27: 20/11/2011 20:14:28 - Software Distribution Service 3.0
    RP28: 21/11/2011 23:16:15 - Software Distribution Service 3.0
    RP29: 27/11/2011 20:53:38 - Software Distribution Service 3.0
    RP30: 28/11/2011 23:23:32 - Software Distribution Service 3.0
    RP31: 30/11/2011 09:13:26 - Software Distribution Service 3.0
    RP32: 01/12/2011 12:52:39 - Software Distribution Service 3.0
    RP33: 02/12/2011 19:02:39 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    1680X1050 Screen Saver
    2007 Microsoft Office system
    7-Zip 4.65
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.5
    Agere Systems HDA Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASPCA Tri Reminder by We-Care.com v4.0.9.5
    ATI Display Driver
    Bank of Ireland Young Saver application
    CDBurnerXP
    Cisco Connect
    Compatibility Pack for the 2007 Office system
    CutePDF Writer 2.7
    EasyBits GO
    FaceSmooch Smileys
    Fast Search by Surf Canyon
    Free DWG Viewer 6.2
    FreeMind
    Google Chrome
    Google Earth
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP BatteryCheck 1.00 A7
    HP Integrated Module with Bluetooth wireless technology
    Image Resizer Powertoy for Windows XP
    IrfanView (remove only)
    iTunes
    Java(TM) 6 Update 15
    K-Lite Mega Codec Pack 5.0.5
    LogMeIn Hamachi
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mindjet MindManager Viewer 7
    Mozilla Firefox (3.5.9)
    MSVCRT
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    OpenVPN 2.2.1
    Paint.NET v3.36
    PaperPort
    PC Speed Up - Complete uninstall
    PriceGong 2.5.0
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Safari
    screen saveris
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype™ 5.5
    Spybot - Search & Destroy
    Stora Desktop Applications
    Swiff Player 1.5
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Total Commander (Remove or Repair)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.1
    VoiceOver Kit
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0 MUI pack
    WinSCP 4.1.9
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    09/12/2011 11:03:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    09/12/2011 11:01:59, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    09/12/2011 10:04:19, error: Dhcp [1002] - The IP address lease 10.58.0.12 for the Network Card with network address 00FF358A79E3 has been denied by the DHCP server 10.58.0.0 (The DHCP Server sent a DHCPNACK message).
    09/12/2011 09:47:20, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.457.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    09/12/2011 09:47:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    09/12/2011 09:38:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
    09/12/2011 09:38:57, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
    09/12/2011 09:37:33, error: SRService [104] - The System Restore initialization process failed.
    08/12/2011 21:52:32, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.457.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    08/12/2011 21:47:32, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.457.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    07/12/2011 21:52:33, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.457.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    07/12/2011 11:25:30, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    Hi Broni,

    Thanks for getting back to me on this, I appreciate your help and expertise.

    I tried the steps but have encountered a problem, that I wanted to ask you about before proceeding any further.

    I ran the ansMBR successfully but found an issue at the next step. I was trying the Autoscan and got a not on the blue window to say:

    T was unexpected at this time.

    What should I do next, as it does not seem to be scanning at all?

    Please see the ansMBR below:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-09 22:46:49
    -----------------------------
    22:46:49.281 OS Version: Windows 5.1.2600 Service Pack 3
    22:46:49.281 Number of processors: 2 586 0xF02
    22:46:49.281 ComputerName: GAUMINA22 UserName: bdagg
    22:46:49.843 Initialize success
    22:50:26.906 AVAST engine defs: 11120901
    22:51:33.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    22:51:34.000 Disk 0 Vendor: TOSHIBA_ LH01 Size: 152627MB BusType: 3
    22:51:34.328 Disk 0 MBR read successfully
    22:51:34.343 Disk 0 MBR scan
    22:51:34.390 Disk 0 Windows XP default MBR code
    22:51:34.421 Disk 0 scanning sectors +312575760
    22:51:34.500 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:51:40.718 Service scanning
    22:51:42.390 Modules scanning
    22:51:45.109 Disk 0 trace - called modules:
    22:51:45.171 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
    22:51:45.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2f4278]
    22:51:45.218 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8b2f4af8]
    22:51:45.234 5 hpdskflt.sys[f77185ae] -> nt!IofCallDriver -> \Device\000000a5[0x8b31a6a8]
    22:51:45.406 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b2cc028]
    22:51:46.156 AVAST engine scan C:\WINDOWS
    22:51:51.937 AVAST engine scan C:\WINDOWS\system32
    22:53:05.531 AVAST engine scan C:\WINDOWS\system32\drivers
    22:53:15.187 AVAST engine scan C:\Documents and Settings\bdagg
    23:00:47.187 AVAST engine scan C:\Documents and Settings\All Users
    23:01:49.984 Scan finished successfully
    23:02:23.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\bdagg\Desktop\MBR.dat"
    23:02:24.093 The log file has been saved successfully to "C:\Documents and Settings\bdagg\Desktop\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Are you talking about Combofix?
     
  5. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    Sorry, I should have been clearer in my description (long week).

    Yes, this is while running the combofix's window.

    It does an initial scan which took about 5 seconds and when the blue screen appeared saying "scanning for infected files... This typically does take more than 10 mins..." within 5 seconds the next line came up "T was unexpected at this time" and it just seems to stall with nothing happening.

    What should I try next?
     
  6. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Did you try?
    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:
    ....and so on...
     
  7. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    Hi,

    Sorry for taking a couple of days to get back. I have tried everything that you have suggested, several times and am running into similiar problems, with the end result being the blue background window saying T was unexpected at this time.

    There are a couple of things that I can think of:

    1. I am running in safemode with networking. is that an issue?
    2. I have tried all of the Rkills, but they all give the same message now: Process terminated by rkill or while it was running.
    Rkill completed on 12/12/2011 at 23.18:46

    Any recommendations about what to do?

    Thanks,
    B
     
  8. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =============================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • Super should automatically the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Click on "Preferences" button.
    • Click the "Scanning Control" tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
    • Click the "Home" button to leave the control center screen.
    • Back on the main screen checkmark "Complete scan" and click "Scan your computer".
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
  9. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    Hi Broni,

    Please find requested logs below:

    1. Bootkit remover

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...


    ----------------

    2. Spyware log:


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/13/2011 at 10:26 AM

    Application Version : 5.0.1136

    Core Rules Database Version : 8043
    Trace Rules Database Version: 5855

    Scan type : Complete Scan
    Total Scan Time : 00:45:30

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 241
    Memory threats detected : 0
    Registry items scanned : 36444
    Registry threats detected : 3
    File items scanned : 103299
    File threats detected : 2

    Disabled.TaskManager
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
    HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
    HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

    Trojan.Agent/Gen-Wapomi
    C:\WINDOWS\DRIVERPACKS\C\AU\GREENMK.EXE

    Trojan.Agent/Gen-FakeLoad
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\6.0\15\73BF930F-64D183C2
     
  10. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Delete your Combofix file, download fresh one.
    Make sure it's located on your desktop.

    Go Start>Run and paste this command:

    "%userprofile%\desktop\ComboFix.exe" /KillAll /nombr

    Click OK.
     
  11. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    I have tried this and can report as follows:

    1. The internet on the damaged machine, would not connect this time, despite several restarts. (it is working on another laptop and on phone)

    2. To work around the issue, I downloaded combofix from another pc, copied the combofix to usb and saved it to the desktop of the damaged pc.

    3. I went into start>run and entered the command, but got the very same message as before on the blue autoscan window - T was unexpected at this time.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    At what point did you lose your internet connection?
    Is it still down?
     
  13. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    I am reading all your instructions on a different pc and then trying to implement on the infected pc.

    When I went to the PC to try to follow your instructions, I could not connect to the Internet at all.

    I tried again just now and it is still not connecting to the internet.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check "Include All Files" option.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  15. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    Farbar Service Scanner
    Ran by bdagg (administrator) on 13-12-2011 at 16:09:03
    Microsoft Windows XP Professional Service Pack 3 (X86)
    ********************************************************

    Service Check:
    ==============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    afd Service is not running. Checking service configuration:
    The start type of afd service is OK.
    The ImagePath of afd service is OK.

    NetBt Service is not running. Checking service configuration:
    The start type of NetBt service is OK.
    The ImagePath of NetBt service is OK.

    Tcpip Service is not running. Checking service configuration:
    The start type of Tcpip service is OK.
    The ImagePath of Tcpip service is OK.

    IpSec Service is not running. Checking service configuration:
    The start type of IpSec service is OK.
    The ImagePath of IpSec service is OK.


    File Check:
    ===========
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

    Connection Status:
    ==================
    Localhost is blocked.
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Yahoo IP returend error: Other errors

    **** End of log ****
     
  16. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    All files and settings are fine but several services are not running.

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices
    • List Users, Partitions and Memory size
    Click Go and post the result.
     
  17. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    MiniToolBox by Farbar
    Ran by bdagg (administrator) on 13-12-2011 at 16:33:03
    Microsoft Windows XP Professional Service Pack 3 (X86)

    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com

    There are 15064 more lines starting with "127.0.0.1"

    ========================= IP Configuration: ================================



    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip



    popd
    # End of interface IP configuration




    Windows IP Configuration



    An internal error occurred: The request is not supported.



    Please contact Microsoft Product Support Services for further help.



    Additional information: Unable to query host name.

    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host google.com. Please check the name and try again.

    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host yahoo.com. Please check the name and try again.

    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host bleepingcomputer.com. Please check the name and try again.

    Unable to contact IP driver, error code 2,

    ========================= Winsock entries =====================================

    Catalog5 01 mswsock.dll [File Not found] ()
    Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
    Catalog5 03 mswsock.dll [File Not found] ()
    Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
    Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 02 mswsock.dll [File Not found] ()
    Catalog9 03 mswsock.dll [File Not found] ()
    Catalog9 04 mswsock.dll [File Not found] ()
    Catalog9 05 mswsock.dll [File Not found] ()
    Catalog9 06 mswsock.dll [File Not found] ()
    Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 12 mswsock.dll [File Not found] ()
    Catalog9 13 mswsock.dll [File Not found] ()
    Catalog9 14 mswsock.dll [File Not found] ()
    Catalog9 15 mswsock.dll [File Not found] ()
    Catalog9 16 mswsock.dll [File Not found] ()
    Catalog9 17 mswsock.dll [File Not found] ()
    Catalog9 18 mswsock.dll [File Not found] ()
    Catalog9 19 mswsock.dll [File Not found] ()
    Catalog9 20 mswsock.dll [File Not found] ()
    Catalog9 21 mswsock.dll [File Not found] ()
    Catalog9 22 mswsock.dll [File Not found] ()
    Catalog9 23 mswsock.dll [File Not found] ()
    Catalog9 24 mswsock.dll [File Not found] ()
    Catalog9 25 mswsock.dll [File Not found] ()
    Catalog9 26 mswsock.dll [File Not found] ()
    Catalog9 27 mswsock.dll [File Not found] ()
    Catalog9 28 mswsock.dll [File Not found] ()
    Catalog9 29 mswsock.dll [File Not found] ()
    Catalog9 30 mswsock.dll [File Not found] ()
    Catalog9 31 mswsock.dll [File Not found] ()
    Catalog9 32 mswsock.dll [File Not found] ()
    Catalog9 33 mswsock.dll [File Not found] ()

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (12/13/2011 03:50:38 PM) (Source: LoadPerf) (User: )
    Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
    Error code is the first DWORD in Data section.

    Error: (12/13/2011 03:50:38 PM) (Source: LoadPerf) (User: )
    Description: Unable to update the performance counter strings of the 009 language ID.
    The Win32 status returned by the call is the first DWORD in Data section.

    Error: (12/13/2011 02:55:46 PM) (Source: LoadPerf) (User: )
    Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
    Error code is the first DWORD in Data section.

    Error: (12/13/2011 02:55:46 PM) (Source: LoadPerf) (User: )
    Description: Unable to update the performance counter strings of the 009 language ID.
    The Win32 status returned by the call is the first DWORD in Data section.

    Error: (12/13/2011 02:44:46 PM) (Source: LoadPerf) (User: )
    Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
    Error code is the first DWORD in Data section.

    Error: (12/13/2011 02:44:46 PM) (Source: LoadPerf) (User: )
    Description: Unable to update the performance counter strings of the 009 language ID.
    The Win32 status returned by the call is the first DWORD in Data section.

    Error: (12/13/2011 01:03:57 PM) (Source: LoadPerf) (User: )
    Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
    Error code is the first DWORD in Data section.

    Error: (12/13/2011 01:03:57 PM) (Source: LoadPerf) (User: )
    Description: Unable to update the performance counter strings of the 009 language ID.
    The Win32 status returned by the call is the first DWORD in Data section.

    Error: (12/13/2011 09:40:00 AM) (Source: LoadPerf) (User: )
    Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
    Error code is the first DWORD in Data section.

    Error: (12/13/2011 09:40:00 AM) (Source: LoadPerf) (User: )
    Description: Unable to update the performance counter strings of the 009 language ID.
    The Win32 status returned by the call is the first DWORD in Data section.


    System errors:
    =============
    Error: (12/13/2011 04:36:15 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (12/13/2011 04:36:15 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (12/13/2011 04:36:14 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (12/13/2011 04:36:14 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (12/13/2011 04:36:13 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (12/13/2011 04:36:13 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (12/13/2011 04:36:12 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (12/13/2011 04:36:12 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (12/13/2011 04:36:12 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}

    Error: (12/13/2011 04:36:11 PM) (Source: DCOM) (User: bdagg)
    Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
    in order to run the server:
    {BA126AD1-2166-11D1-B1D0-00805FC1270E}


    Microsoft Office Sessions:
    =========================
    Error: (11/10/2011 04:58:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (11/10/2011 04:58:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (11/10/2011 04:58:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (11/10/2011 04:58:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (11/10/2011 04:58:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (11/10/2011 04:58:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (08/08/2011 06:09:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 12635 seconds with 1860 seconds of active time. This session ended with a crash.

    Error: (05/10/2011 03:15:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 80728 seconds with 6120 seconds of active time. This session ended with a crash.

    Error: (02/10/2011 00:42:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7867 seconds with 2460 seconds of active time. This session ended with a crash.


    ========================= Devices: ================================

    Name: Fingerprint Sensor
    Description: Fingerprint Sensor
    Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Manufacturer:
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ========================= Memory info: ===================================

    Percentage of memory in use: 11%
    Total physical RAM: 3071.36 MB
    Available physical RAM: 2713.91 MB
    Total Pagefile: 4450.21 MB
    Available Pagefile: 4251.95 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1970.95 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:95.85 GB) (Free:58.92 GB) NTFS
    2 Drive d: () (Fixed) (Total:53.19 GB) (Free:48.98 GB) NTFS
    4 Drive f: (LACIE) (Fixed) (Total:55.9 GB) (Free:31.29 GB) FAT32

    ========================= Users: ========================================

    User accounts for \\

    admin Administrator ASPNET
    bdagg Guest


    **** End of log ****
     
  18. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  19. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    Hi Broni,

    I downloaded bootkit remover earlier today, so I will remove that one and do it again now.

    A quick question. The link you sent sends me here: http://www.smartestcomputing.us.com/app=downloads/page__showfile__11

    Then, I clicked on Windows XP and got to this page: http://www.smartestcomputing.us.com/forum/8-windows-xp/

    I did not see anything for Bootkit remover, so i just did a search and ended up on this page here. Is this the one I need: http://www.smartestcomputing.us.com/files/file/11-bootkit-remover/

    Thanks.
     
  20. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  21. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Make sure, your settings are correct.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
    6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
    7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
    [​IMG]
    Make sure "DNS" tab looks like this:
    [​IMG]
    Make sure "WINS" tab looks like this:
    [​IMG]
    8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
    If you made any changes OK your way out.
    Restart computer.


    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.


    If that doesn't work...
    Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
    Restart computer, and check again.

    If that doesn't work...
    Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
    http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

    Have XP CD available in case DAF needs a file. Likely not!

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here, one at a time, do the below:

    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Reset networking

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Restart computer.
     
  22. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    I have now got the internet working again. This step here worked:

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.


    --------------

    one other note:

    I could not do steps 1-8 as when I click on start I don't see much - just the buttons for log off, shut down, and then the superanti spyware I installed. When I do click on all programs, nothing is visible (apart from Spyware). there is no options for settings> control panel, etc...


    What's next?
     
  23. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Excellent!

    Create new restore point!

    Attempt to run Combofix again.
     
  24. gauminabrendan

    gauminabrendan TS Rookie Topic Starter Posts: 16

    I tried Combofix again, from the file I downloaded earlier, but the issue was the very same - Same message at the end on the blue screen.

    I also see that I have lost internet connection again.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,644   +267

    Use restore point you just created.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.