[PoorestFish]

Something odd happened.

Ran ComboFix and it went through with the entire operation and then it restarted my computer. Upon restart, a command screen popped up and said "please wait" and sat there for about an hour before I exited out of it in which case a slew of command prompts began to open and close in a seemingly infinite loop. In which case I was unable to click on anything so I restarted my computer once again. Same problem occurs and I frantically try to reopen ComboFix in between flashing screens. ComboFix opens and loads and the screens progress their infinite loop in which case I desperately restart my computer one more time. Logged in and the looping issue is gone so I checked Chrome and apparently now I can connect to the internet. There is no ComboFix folder to post a log. The ComboFix folder is non-existent though I know it ran through its initial scan before restarting.

Where should I progress from here?

[Advertisements]

I stand corrected. Browsers work, but curiosity got to me and I opened Windows Update as well as AVG and FileHippo and none of these applications seem to be able to connect. Windows update returns with an error and cannot even check for updates. Something about error 8024402C for Windows Update and Filehippo returns with "Error: The remote name could not be resolved: 'update.filehippo.com'" and AVG just continuously looks for an update never actually finding anything though it says it is updating.

Thought these discoveries might be helpful.

[PoorestFish]

I stand corrected. Browsers work, but curiosity got to me and I opened Windows Update as well as AVG and FileHippo and none of these applications seem to be able to connect. Windows update returns with an error and cannot even check for updates. Something about error 8024402C for Windows Update and Filehippo returns with "Error: The remote name could not be resolved: 'update.filehippo.com'" and AVG just continuously looks for an update never actually finding anything though it says it is updating.

Thought these discoveries might be helpful.

[PoorestFish]

Though not asked, and I apologize in advance if this messes up our progress, I ran ComboFix just a few minutes ago and produced the following log after restarting my computer completely disabling AVG and Spybot from starting up.

Attached Files

•  ComboFix.txt   23.14KB   154 downloads

[Buddierdl]

Hi PoorestFish,

Did anything improve after the second run of ComboFix?

Let's get another look at the services:


Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the all of the options are checked:
  
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[PoorestFish]

Browsers are able to connect to the internet, but that has been the only noticeable fix really.

Attached is the FSS log.

Attached Files

•  FSS.txt   2.82KB   146 downloads

[Buddierdl]

Hi PoorestFish,

Let's see if we can fix your updates.

Download Windows Repair (all in one) from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following items and tick restart system when finished


Then,

Please run FSS again.

• Make sure the all of the options are checked:
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Do you updates work now?

[PoorestFish]

Windows Update still cannot check for updates and neither can FileHippo. I assume that whatever is going on, it is related to why AVG and Spybot were also unable to update prior to disabling them from startup.

Attached Files

•  FSS.txt   2.45KB   115 downloads

[Buddierdl]

Hi PoorestFish,

Let's give this a try (thanks to Seven Forums).

1. Download the following batch file.
Reset_Windows_Update_Full.bat

2. Click on Save, and save the .bat file to your Desktop.

3. Right click on the downloaded .bat file, and click on Run as administrator.

4. If prompted by UAC click on Run, then Yes (if administrator) or type in administrator's password (if standard user).

5. You will now see a elevated command prompt open and run. When it's finished, your computer will automatically reboot itself.

Does Windows Update work now?

[PoorestFish]

No.

Ran the .bat file and afterwards the computer restarted itself and then restarted itself again before I could even log in then proceeded to say that it is "reverting changes" before allowing me to log in. Symptoms as of thus far, Windows Update and FileHippo as well as Spybot and AVG are unable to update.

Thanks for your help Buddierdl, I have never combatted a virus to this degree before and I appreciate your continued help.

[Buddierdl]

Hi PoorestFish,

Let's try this.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Start OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :Commands 
  [CREATERESTOREPOINT] 
  
  :Reg 
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local] 
  
  :Files 
  regsvr32 polstore.dll /c 
  
  :Commands 
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered.
• Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

[PoorestFish]

Upon running OTL I encountered the attached pop-up window during the scan in which I clicked "OK" before the program finished the fix and proceeded to restart.



Not sure if this is normal, but posted the attachment in case it may be helpful. Updates still not working.

Attached Files

•  01092013_094847.log   1.01KB   117 downloads

[Buddierdl]

Hi PoorestFish,

I think we found a corrupt file. Let's look for a replacement.

Open OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

  /md5start
  polstore.*
  /md5stop

• Select the "None" button at the top of the window.
• Click the Run Scan button. Post the log it produces in your next reply.

[PoorestFish]

Attached is the requested log.

OTL logfile created on: 1/10/2013 9:24:23 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert Chau\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 50.29% Memory free
16.00 Gb Paging File | 11.19 Gb Available in Paging File | 69.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 30.23 Gb Free Space | 12.98% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 75.75 Gb Free Space | 32.53% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 80.02 Gb Free Space | 34.36% Space Free | Partition Type: NTFS
Drive G: | 423.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 232.88 Gb Total Space | 86.99 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
Drive J: | 5.58 Gb Total Space | 3.52 Gb Free Space | 63.15% Space Free | Partition Type: FAT32

Computer Name: CHAU-DESKTOP | User Name: Robert Chau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: POLSTORE.DLL >
[2009/07/13 17:16:12 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=0E6DCD164732580CC1E57276252F49CF -- C:\Windows\SysWOW64\polstore.dll
[2009/07/13 17:16:12 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=0E6DCD164732580CC1E57276252F49CF -- C:\Windows\winsxs\wow64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_aa5813cb3a17070e\polstore.dll
[2009/07/13 17:41:53 | 000,372,224 | ---- | M] (Microsoft Corporation) MD5=8DEC9C6DD13C4B3B62CD8D5A0FEF1650 -- C:\Windows\SysNative\polstore.dll
[2009/07/13 17:41:53 | 000,372,224 | ---- | M] (Microsoft Corporation) MD5=8DEC9C6DD13C4B3B62CD8D5A0FEF1650 -- C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_a003697905b64513\polstore.dll
[2009/07/13 17:41:53 | 000,372,224 | ---- | M] (Microsoft Corporation) MD5=8DEC9C6DD13C4B3B62CD8D5A0FEF1650 -- C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.17514_none_a2347d4102a4c8ad\polstore.dll

< MD5 for: POLSTORE.DLL.MUI >
[2009/07/13 18:26:32 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=20F407B2D635507DFF09881128E19ABF -- C:\Windows\SysNative\en-US\polstore.dll.mui
[2009/07/13 18:26:32 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=20F407B2D635507DFF09881128E19ABF -- C:\Windows\winsxs\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1960e99fd05fd73c\polstore.dll.mui
[2009/07/13 18:26:32 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=20F407B2D635507DFF09881128E19ABF -- C:\Windows\winsxs\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1b91fd67cd4e5ad6\polstore.dll.mui
[2009/07/13 18:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=FA446FB076895F6D94899ED394954ECB -- C:\Windows\SysWOW64\en-US\polstore.dll.mui
[2009/07/13 18:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=FA446FB076895F6D94899ED394954ECB -- C:\Windows\winsxs\x86_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bd424e1c18026606\polstore.dll.mui
[2009/07/13 18:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=FA446FB076895F6D94899ED394954ECB -- C:\Windows\winsxs\x86_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_bf7361e414f0e9a0\polstore.dll.mui

< MD5 for: POLSTORE.MOF >
[2009/06/10 12:47:07 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\SysNative\wbem\polstore.mof
[2009/06/10 13:28:32 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\SysWOW64\wbem\polstore.mof
[2009/06/10 12:47:07 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_a003697905b64513\polstore.mof
[2009/06/10 12:47:07 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.17514_none_a2347d4102a4c8ad\polstore.mof
[2009/06/10 13:28:32 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\winsxs\wow64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_aa5813cb3a17070e\polstore.mof

< End of report >

Attached Files

•  OTL.Txt   9.81KB   142 downloads

[Buddierdl]

Hi PoorestFish,

Let's try this tool.

• Please download Complete Internet Repair and save it to your desktop.
• Double-click on the icon and allow the contents to extract to your desktop. This should create a folder called "Complete Internet Repair."
• Open the folder and double-click on CIntRep.exe
• You should see the screen below. Please check all of the boxes and press run.
  
• A log will be produced inside the "Logging" folder in the "Complete Internet Repair" folder. Please copy/paste it into your next reply.

Did it fix anything?

[PoorestFish]

None of the previous issues were fixed. This error occurred though the scan did complete and restart my computer.



Also attached is the log.

Attached Files

•  CIntRep.log   18.92KB   132 downloads