Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Luhe.Sirefef.A - trouble completing AVG, Malowarebytes, CCleaner


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That's OK they are not a problem, it looks like this will be a repair job. So lets see where the problem lies

Download and run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

Advertisements


#17
joy2mac

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
So glad these scans are working :thumbsup:

Farbar Service Scanner Version: 03-03-2013
Ran by jmacbeth (administrator) on 05-04-2013 at 10:30:54
Running from "C:\Users\jmacbeth\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK download these two reg files to your desktop

[attachment=64115:BITS.reg]
[attachment=64116:wuauserv.reg]

Double click each in turn and allow to merge with the registry
Reboot and run FSS again please
  • 0

#19
joy2mac

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here is the FSS log created after registry merge and reboot:


Farbar Service Scanner Version: 03-03-2013
Ran by jmacbeth (administrator) on 05-04-2013 at 10:42:30
Running from "C:\Users\jmacbeth\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you booting in normal mode ? As the logs report network mode

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

#21
joy2mac

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I have been operating in Safe Mode - is this ok?

I had trouble finding the place to download the Windows Repair; I clicked on the "Download Now" (green tab) on the website and it directed me to Reimageplus.com. Should I download the Reimage program here?

Thanks for being so quick!
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
http://www.tweaking....r_aio_setup.exe use this direct link

Normal mode would be better
  • 0

#23
joy2mac

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
The direct link brings me to www.tweaking.com (same web page as before). When I click on "Download Now" it brings me to Reimageplus.com.

I will reboot in normal mode from here on out.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
These are the download buttons
[attachment=64117:Capture.JPG]
  • 0

#25
joy2mac

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi, and thanks again.

The Tweaking Windows Repair All-in-One System was installed. I ran it twice (22 minutes and 10 minutes). Both times it stalled at:

Searching: C:\FRST\Quarantine\Content.IE5\J94JMTRT\wbkDF50.tmp

Details are below:

- Normal Mode
- Uninstalled all anti-virus programs (AVG, CCleaner, SpyBot, Malowarebytes)
- Ran Windows Repair SFC - "Verification 100% complete. Windows Resource Protection did not find any integrity violations."
- Restart
- Ran Windows Repair, created backup registry and restore point, checked the items as directed from Post #20
- After 3 minutes, Dialog box read: Unhide Non System Files: Files Unhidden: 5 - Last File Unhidden: C:\SYSTEM.SAV
- Searching: C:\FRST\Quarantine\Content.IE5\J94JMTRT\wbkDF50.tmp
- Status: Working...
- I stopped the repair after 22 and 10 minutes (no progress made)


The Logs are Below:

Log:
Starting Repairs...
Start (4/5/2013 2:10:14 PM)

Repair WMI
Start (4/5/2013 2:10:14 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:10:19 PM)

Repair Windows Firewall
Start (4/5/2013 2:10:19 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:10:25 PM)

Repair Internet Explorer
Start (4/5/2013 2:10:25 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:10:31 PM)

Repair MDAC/MS Jet
Start (4/5/2013 2:10:31 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:10:37 PM)

Remove Policies Set By Infections
Start (4/5/2013 2:10:38 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:10:44 PM)

Repair Missing Start Menu Icons Removed By Infections
Start (4/5/2013 2:10:44 PM)
Running Repair Under System Account
Done (4/5/2013 2:10:47 PM)

Repair Icons
Start (4/5/2013 2:10:47 PM)
Running Repair Under System Account
Done (4/5/2013 2:10:50 PM)

Repair Winsock & DNS Cache
Start (4/5/2013 2:10:50 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:10:56 PM)

Unhide Non System Files
Start (4/5/2013 2:10:56 PM)

Stopping, Waiting for current repair to finish...

C:\ - Total Files Unhidden: 5
Repairs Stopped By User.
Done (4/5/2013 2:32:24 PM)
Total Repair Time: 00:22:11

---------------------------------------------------------------------------------------------------------

Log:
Starting Repairs...
Start (4/5/2013 2:54:50 PM)

Repair WMI
Start (4/5/2013 2:54:50 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:56:49 PM)

Repair Windows Firewall
Start (4/5/2013 2:56:49 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:57:21 PM)

Repair Internet Explorer
Start (4/5/2013 2:57:21 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:57:51 PM)

Repair MDAC/MS Jet
Start (4/5/2013 2:57:51 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:58:02 PM)

Remove Policies Set By Infections
Start (4/5/2013 2:58:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:58:07 PM)

Repair Missing Start Menu Icons Removed By Infections
Start (4/5/2013 2:58:07 PM)
Running Repair Under System Account
Done (4/5/2013 2:58:09 PM)

Repair Icons
Start (4/5/2013 2:58:09 PM)
Running Repair Under System Account
Done (4/5/2013 2:58:12 PM)

Repair Winsock & DNS Cache
Start (4/5/2013 2:58:12 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/5/2013 2:58:27 PM)

Unhide Non System Files
Start (4/5/2013 2:58:27 PM)

Stopping, Waiting for current repair to finish...

C:\ - Total Files Unhidden: 0
Repairs Stopped By User.
Done (4/5/2013 3:07:32 PM)
Total Repair Time: 00:12:43
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now in normal mode ?
  • 0

#27
joy2mac

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi,

The computer seems to be behaving ok in normal mode. The pop-up window I was getting as a sign of the virus is no longer appearing. Can I try running AVG, Malowarebytes, CCleaner and see if these can now run all the way through without stall? I originally thought they were stalling b/c the virus wasn't completely removed.
  • 0

#28
joy2mac

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi,

The computer seems to be behaving ok in normal mode. The pop-up window I was getting as a sign of the virus is no longer appearing. Can I try running AVG, Malowarebytes, CCleaner and see if these can now run all the way through without stall? I originally thought they were stalling b/c the virus wasn't completely removed.
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes try the programmes now and let me know the result :)
  • 0

#30
joy2mac

joy2mac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi,

Malowarebytes and CCleaner: success! clean scans

AVG Anti-Virus: Stalled (continuous running) at C:\FRST\Quarantine\Content.IE…\adsCAE….js. Ran it for 1.5 hours.

Also, I have files on the USB used to boot the computer with FRST. Is it ok to use this USB normally or do files/USB need to be cleaned somehow?

thank you for working on the weekend
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP