AV and MBAM disabled by unknown while on-line
Posted 08 August 2011 - 10:20 PM
Posted 08 August 2011 - 10:46 PM
I'll post findings if any.
You have amazing skills, thank you very much for all your help. KON
Posted 09 August 2011 - 09:01 PM
MBAM scan results attached.
Avast scan detected many things and moved them to "chest". Can't figure out how to post Avast scan.
Anyway, PC seems OK. Anything else to do?
THANK YOU for your time and expertise! KON
Edited by radon, 09 August 2011 - 09:02 PM.
Posted 10 August 2011 - 12:47 AM
I think that's where they hide the log file.
Let's do a final checkup:
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
Start, Run, sfc /scannow, OK
SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.
Start, Run, sigverif, OK
Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
4. Under 'Select type to list', select:
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application.
Posted 11 August 2011 - 01:56 PM
File verification, index verification, security descriptor verification, usn journal verification, file data verivication and free space verification all completed.
Ran eventvwr.msc as directed: disk check ran for 1 hr. 33 minutes.
Ran sfc /scannow
Ran sigverif: found one file not digitally signed: ati23vxx.exe
Ran VEW tool: logs attached for "system" and "application" scans.
I noticed one line in the system log that mentioned "ftsata2". Is this related to my CD/DVD drives? They no longer appear under "My Computer" and do not respond when a CD/DVD is inserted.
Posted 11 August 2011 - 06:52 PM
The ftsata2 file is a driver for a SCSI RAID hard drive setup. Don't know why it thinks it needs to run. We can turn it off:
Go to Start>Control Panel>System>Hardware>Device Manager>View>Show Hidden Devices>>Non Plug and Play Drivers>ftsata2>Driver> then change Start up Type = Demand
While in Device Manager look for DVD/CD-ROM drives and click the + in front of it. You should see your CD there. Right click on it and select Uninstall then reboot.
See if it will work now.
Also run VEW again just for the system logs and post the new log. (Please tell me what time you rebooted so I will know which are the new logs).
Posted 11 August 2011 - 10:35 PM
Did the ftsata2 procedure and the DVD/CD procedure while in Device Manager. CD/DVD now appear and function.
New System VEW log attached Reboot @ 2105 hrs.
Posted 11 August 2011 - 11:55 PM
depend on NetBT and Juno doesn't want NetBT running you should Start, Run, services.msc, OK then find each, right click and select Properties then change Startup Type to Disabled. OK. That will turn them off and make things boot a bit faster.
Your last attached log was the Application one and not the system but go ahead and turn off the two services and run another one after a reboot then run VEW again for the System.
Posted 12 August 2011 - 03:47 PM
I won't be able to access my PC until Monday 15 Aug. Will do other items mentioned above then.
Thank you KON
Posted 19 August 2011 - 11:23 PM
Thank you for your help. KON.
Posted 20 August 2011 - 06:15 PM
We need to clean up System Restore if we haven't already. Follow Jim's procedure here:
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:
Start, Run, cmd, OK then right click, Paste, then hit Enter.
OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.
To hide hidden files again:
# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.
You probably do not have the latest Java (Java™ 6 Update 26 or perhaps 7 Update 0 by now). Get the latest at:
Save it to your PC then close all browsers and install it.
Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.
To help keep your programs up-to-date you can download and run the UpdateChecker:
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
Posted 21 August 2011 - 03:47 PM
Wound closure starts today!
"Be warned: If you use Limewire, utorrent or any of the other P2P programs..." Never have, never will.
"If you have a router..." Don't have--my PC is stand-alone, using only dial-up modem.
Great work! I am amazed by how you excised the tumor.
Thank you very much for your tech advice and for having the patience to assist me.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users