Are you still with me? Did you manage to get your Start Menu back?
virus,malware [Closed]
Started by
jokernrose
, Aug 29 2012 09:08 PM
-
This topic is locked
#16
Posted 08 September 2012 - 02:50 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Are you still with me? Did you manage to get your Start Menu back?
#17
Posted 12 September 2012 - 05:42 PM
jokernrose
- Topic Starter
-
- Member
-
- 44 posts
Member
Yes sorry I had problems with my home phone. My internet was down for a bit. I did get most of the start programs back I have been in the process of updating everything on the computer. So far things seem to be doing good. Can you recommend a good antivirus software that I can use on the computer to prevent this problem in the future? Thank you so very much for your help!!! I would have went crazy without you.
#18
Posted 13 September 2012 - 05:42 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Hi jokernrose,
Your logs and system are clean now. I'm glad we fix up your computer.
Here is my antivirus recomendation:
Step 1
Please close all running programs and Run OTL
We need to clean up your PC from programs we used.
Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.
In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).
General recommendations
Here are some recommendations you should follow to minimize infection risk in the future:
1. Something to read
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
2. Make Backups of Important Files
Please read this article Home Computer Data Backup.
3. Regularly update your software
To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.
You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
Your logs and system are clean now. I'm glad we fix up your computer.
Here is my antivirus recomendation:
Step 1
Please close all running programs and Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
:Commands
[purity]
[emptytemp]
[resethosts]
[clearallrestorepoints]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
We need to clean up your PC from programs we used.
Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.
In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).
General recommendations
Here are some recommendations you should follow to minimize infection risk in the future:
1. Something to read
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
2. Make Backups of Important Files
Please read this article Home Computer Data Backup.
3. Regularly update your software
To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.
You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
#19
Posted 13 September 2012 - 07:02 AM
jokernrose
- Topic Starter
-
- Member
-
- 44 posts
Member
Thank you again. Only problems I have seen so far are the system restore is missing I cant find it to create a restore point and the system tools are missing and I cant get the windows update to work. So I guess this computer will just have what it has. But that is just things that I will have to deal with I suppose... Thank you again!
#20
Posted 14 September 2012 - 02:45 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Only problems I have seen so far are the system restore is missing I cant find it to create a restore point and the system tools are missing and I cant get the windows update to work.
We can try to fix this too. You just have to tell me what is wrong when I ask you.
Please download Farbar Service Scanner and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
#21
Posted 14 September 2012 - 10:59 AM
jokernrose
- Topic Starter
-
- Member
-
- 44 posts
Member
ok here is the log from the fss
Farbar Service Scanner Version: 06-08-2012
Ran by rosa (administrator) on 14-09-2012 at 11:58:15
Running from "C:\Documents and Settings\rosa\Local Settings\Temporary Internet Files\Content.IE5\YY2OTXUF"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 07:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 07:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9
C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D
C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF
C:\WINDOWS\system32\netman.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-01-21 16:58] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
C:\WINDOWS\system32\srsvc.dll
[2010-01-21 17:00] - [2004-08-04 07:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838
C:\WINDOWS\system32\Drivers\sr.sys
[2010-01-21 17:00] - [2004-08-04 07:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24
C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-01-21 16:58] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
C:\WINDOWS\system32\wuauserv.dll
[2010-01-21 17:01] - [2004-08-04 07:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8
C:\WINDOWS\system32\qmgr.dll
[2010-01-21 17:01] - [2004-08-04 07:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA
C:\WINDOWS\system32\es.dll
[2004-08-04 07:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C
C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B
C:\WINDOWS\system32\svchost.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 07:00] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28
C:\WINDOWS\system32\services.exe
[2004-08-04 07:00] - [2009-02-06 12:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE
Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.
**** End of log ****
Farbar Service Scanner Version: 06-08-2012
Ran by rosa (administrator) on 14-09-2012 at 11:58:15
Running from "C:\Documents and Settings\rosa\Local Settings\Temporary Internet Files\Content.IE5\YY2OTXUF"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 07:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 07:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9
C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D
C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF
C:\WINDOWS\system32\netman.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-01-21 16:58] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
C:\WINDOWS\system32\srsvc.dll
[2010-01-21 17:00] - [2004-08-04 07:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838
C:\WINDOWS\system32\Drivers\sr.sys
[2010-01-21 17:00] - [2004-08-04 07:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24
C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-01-21 16:58] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
C:\WINDOWS\system32\wuauserv.dll
[2010-01-21 17:01] - [2004-08-04 07:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8
C:\WINDOWS\system32\qmgr.dll
[2010-01-21 17:01] - [2004-08-04 07:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA
C:\WINDOWS\system32\es.dll
[2004-08-04 07:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C
C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B
C:\WINDOWS\system32\svchost.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 07:00] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28
C:\WINDOWS\system32\services.exe
[2004-08-04 07:00] - [2009-02-06 12:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE
Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.
**** End of log ****
#22
Posted 14 September 2012 - 12:02 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Test system restore and windows update after this steps and let me know results.
Step 1
Download Windows Repair (all in one) from this site
Install the programme then run
Go to step 2 and allow it to run Disc check
Once that is done then go to step 3 and allow it to run SFC
On the Start Repairs tab and click Start button
Leave the preselected items ticked and press Start
Step 2
Please run Farbar Service Scanner one more time and post log here for me.
Step 3
Please don't forget to include these items in your reply:
Step 1
Download Windows Repair (all in one) from this site
Install the programme then run
Go to step 2 and allow it to run Disc check
Once that is done then go to step 3 and allow it to run SFC
On the Start Repairs tab and click Start button
Leave the preselected items ticked and press Start
Step 2
Please run Farbar Service Scanner one more time and post log here for me.
Step 3
Please don't forget to include these items in your reply:
- FSS log
#23
Posted 25 September 2012 - 07:11 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
