Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't Remove RCMP Ukash and Windows Security Center [Solved]


  • This topic is locked This topic is locked

#106
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
I disabled and restarted but still can't merge the registry.
  • 0

Advertisements


#107
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok, skip that and run ComboFix with this script instead.

Attached Files


  • 0

#108
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Okay here is the log. I'm going to try to run SP1 update now.

ComboFix 13-07-06.03 - saicoink 2013/07/10 9:42.3.4 - x86
Running from: c:\users\saicoink\Desktop\ComboFix.exe
Command switches used :: c:\users\saicoink\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\System32\DRIVERS\RDPCDD.sys was found and disinfected
Restored copy from - c:\windows\system32\drivers\RDPCDD.sy@
.
.
((((((((((((((((((((((((( Files Created from 2013-06-10 to 2013-07-10 )))))))))))))))))))))))))))))))
.
.
2013-07-10 13:58 . 2013-07-10 14:01 -------- d-----w- c:\users\saicoink\AppData\Local\temp
2013-07-10 13:58 . 2013-07-10 13:58 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2013-07-10 13:58 . 2013-07-10 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-07 02:25 . 2013-06-17 06:10 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B9B724E-5510-4595-B8AF-E32CD8888BF8}\mpengine.dll
2013-07-05 14:29 . 2006-11-02 08:51 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2013-07-04 17:50 . 2013-07-04 17:50 -------- d-----w- c:\program files\Common Files\Skype
2013-07-04 17:50 . 2013-07-04 17:50 -------- d-----r- c:\program files\Skype
2013-07-04 15:26 . 2013-07-04 15:26 -------- d-----w- C:\e58eb3509435b08a3c86038f2627
2013-07-03 16:23 . 2013-07-03 16:23 -------- d-----w- c:\windows\system32\EventProviders
2013-07-02 21:36 . 2013-07-02 21:36 -------- d-----w- c:\windows\CheckSur
2013-07-01 20:09 . 2013-07-01 20:14 -------- d-----w- C:\a96d2516f9ed8aef795f
2013-07-01 20:02 . 2013-07-01 20:02 -------- d-----w- C:\bed74e8316d85149c782e6dbdab458
2013-07-01 18:47 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2013-07-01 18:47 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
2013-07-01 18:47 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2013-07-01 18:39 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll
2013-07-01 18:39 . 2009-10-14 15:02 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2013-07-01 18:39 . 2009-10-14 15:06 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2013-07-01 18:39 . 2009-10-14 15:06 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2013-07-01 18:39 . 2009-10-14 12:54 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2013-07-01 18:39 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-01 18:39 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-26 14:45 . 2013-06-28 01:22 -------- d-----w- C:\FRST
2013-06-26 02:38 . 2013-06-26 02:38 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-25 11:55 . 2013-06-25 11:55 -------- d-----w- C:\Stinger_Quarantine
2013-06-25 11:55 . 2013-06-25 11:59 -------- d-----w- c:\program files\stinger
2013-06-23 19:43 . 2013-06-23 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-23 19:43 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-23 17:14 . 2013-06-23 17:14 -------- d-----w- c:\programdata\Citrix
2013-06-23 17:11 . 2013-06-23 17:11 -------- d-----w- c:\program files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 06:06 . 2009-10-03 04:39 238872 ------w- c:\windows\system32\MpSigStub.exe
2007-11-15 03:53 . 2007-11-15 03:53 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2009-09-14 02:10 . 2013-05-22 03:32 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2007-03-09 08:12 27648 --sh--w- c:\windows\System32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\saicoink\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\saicoink\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\saicoink\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\saicoink\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-12 90191]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-12 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-12 7770112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
.
c:\users\saicoink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-6 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-6 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
w800bus
P17xfi
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\GBM - Saicoink-Full.job
- c:\program files\Genie-Soft\GBALite8LaCie\GBM8.exe [2009-07-10 15:14]
.
2013-07-10 c:\windows\Tasks\User_Feed_Synchronization-{D3B927D7-35BB-44E3-85A4-77E8C7A308A2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=desktop
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 206.248.154.22 206.248.154.170
FF - ProfilePath - c:\users\saicoink\AppData\Roaming\Mozilla\Firefox\Profiles\vlxpr8g8.default-1366383230636\
FF - ExtSQL: 2013-05-21 10:17; brief@mozdev.org; c:\users\saicoink\AppData\Roaming\Mozilla\Firefox\Profiles\vlxpr8g8.default-1366383230636\extensions\brief@mozdev.org.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-10 10:01
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
c:\windows\system32\NLSSRV32.EXE
c:\windows\system32\PSIService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\Wacom_Tablet.exe
c:\windows\system32\TsService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-07-10 10:12:01 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-10 14:11
ComboFix2.txt 2013-07-09 02:49
ComboFix3.txt 2013-07-06 20:45
.
Pre-Run: 37,615,464,448 bytes free
Post-Run: 37,465,980,928 bytes free
.
- - End Of File - - A88C85753361B9461CF571F57A3F42B0
8913823FF508CCF109DB74B636C301DA
  • 0

#109
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Unfortunately still getting the same error.

Going to do a clean boot and try again!

Edited by lillie_nemo, 10 July 2013 - 09:36 AM.

  • 0

#110
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Also, try SFC again and see if it still finds errors.
  • 0

#111
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Still can't run the update.
Ran SFC and it mentioned that there are corrupt files but it was unable to fix them.
  • 0

#112
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's look at the log again. We're really pretty much at the end of what I can do, unless you can find a Vista Home (32-bit) CD without any service packs. Did it come originally on your computer? If you give me the make and model of your computer, I may be able to find something.

  • Click Start, type cmd in the Start Search box, right-click cmd in the Programs list, and then click Run as administrator.
  • If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.
  • Type the following commands, following each by ENTER:
    del sfcdetails.txt
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt
    notepad sfcdetails.txt
  • This will open a notepad containing the SFC log. Please copy and paste it into your next reply. If it is too big, please zip it and attach it.

  • 0

#113
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
About the disc, I won't be able to ask around about it until the weekend but in the meantime I'll try and see if I can find anything. I've moved several times since I bought the computer so things may have gotten lost.

Here is the log:

2013-07-10 12:44:20, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:20, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:26, Info CSI 00000009 [SR] Verify complete
2013-07-10 12:44:27, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:27, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:33, Info CSI 0000000d [SR] Verify complete
2013-07-10 12:44:35, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:35, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:36, Info CSI 00000011 [SR] Verify complete
2013-07-10 12:44:38, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:38, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:40, Info CSI 00000015 [SR] Verify complete
2013-07-10 12:44:41, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:41, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:43, Info CSI 00000019 [SR] Verify complete
2013-07-10 12:44:44, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:44, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:46, Info CSI 0000001d [SR] Verify complete
2013-07-10 12:44:47, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:47, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:49, Info CSI 00000021 [SR] Verify complete
2013-07-10 12:44:50, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:50, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:52, Info CSI 00000025 [SR] Verify complete
2013-07-10 12:44:54, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:54, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:55, Info CSI 00000029 [SR] Verify complete
2013-07-10 12:44:57, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2013-07-10 12:44:57, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2013-07-10 12:44:59, Info CSI 0000002d [SR] Verify complete
2013-07-10 12:45:00, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:00, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:02, Info CSI 00000031 [SR] Verify complete
2013-07-10 12:45:03, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:03, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:06, Info CSI 00000035 [SR] Verify complete
2013-07-10 12:45:07, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:07, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:09, Info CSI 00000039 [SR] Verify complete
2013-07-10 12:45:10, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:10, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:12, Info CSI 0000003d [SR] Verify complete
2013-07-10 12:45:13, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:13, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:15, Info CSI 00000041 [SR] Verify complete
2013-07-10 12:45:16, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:16, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:19, Info CSI 00000045 [SR] Verify complete
2013-07-10 12:45:20, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:20, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:26, Info CSI 00000049 [SR] Verify complete
2013-07-10 12:45:26, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:26, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:32, Info CSI 0000004e [SR] Verify complete
2013-07-10 12:45:32, Info CSI 0000004f [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:32, Info CSI 00000050 [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:36, Info CSI 00000052 [SR] Verify complete
2013-07-10 12:45:36, Info CSI 00000053 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:36, Info CSI 00000054 [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:41, Info CSI 00000057 [SR] Verify complete
2013-07-10 12:45:41, Info CSI 00000058 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:41, Info CSI 00000059 [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:48, Info CSI 0000005b [SR] Verify complete
2013-07-10 12:45:48, Info CSI 0000005c [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:48, Info CSI 0000005d [SR] Beginning Verify and Repair transaction
2013-07-10 12:45:56, Info CSI 00000067 [SR] Verify complete
2013-07-10 12:45:56, Info CSI 00000068 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:45:56, Info CSI 00000069 [SR] Beginning Verify and Repair transaction
2013-07-10 12:46:00, Info CSI 0000006b [SR] Verify complete
2013-07-10 12:46:00, Info CSI 0000006c [SR] Verifying 100 (0x00000064) components
2013-07-10 12:46:00, Info CSI 0000006d [SR] Beginning Verify and Repair transaction
2013-07-10 12:46:04, Info CSI 0000006f [SR] Verify complete
2013-07-10 12:46:05, Info CSI 00000070 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:46:05, Info CSI 00000071 [SR] Beginning Verify and Repair transaction
2013-07-10 12:46:10, Info CSI 00000073 [SR] Verify complete
2013-07-10 12:46:11, Info CSI 00000074 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:46:11, Info CSI 00000075 [SR] Beginning Verify and Repair transaction
2013-07-10 12:46:19, Info CSI 00000077 [SR] Verify complete
2013-07-10 12:46:20, Info CSI 00000078 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:46:20, Info CSI 00000079 [SR] Beginning Verify and Repair transaction
2013-07-10 12:46:30, Info CSI 0000007d [SR] Verify complete
2013-07-10 12:46:31, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2013-07-10 12:46:31, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2013-07-10 12:46:44, Info CSI 00000081 [SR] Verify complete
2013-07-10 12:46:45, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:46:45, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:02, Info CSI 00000085 [SR] Verify complete
2013-07-10 12:47:02, Info CSI 00000086 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:02, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:05, Info CSI 00000089 [SR] Verify complete
2013-07-10 12:47:05, Info CSI 0000008a [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:05, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:07, Info CSI 0000008d [SR] Verify complete
2013-07-10 12:47:07, Info CSI 0000008e [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:07, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:10, Info CSI 00000091 [SR] Verify complete
2013-07-10 12:47:10, Info CSI 00000092 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:10, Info CSI 00000093 [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:20, Info CSI 000000b1 [SR] Verify complete
2013-07-10 12:47:20, Info CSI 000000b2 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:20, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:22, Info CSI 000000b5 [SR] Verify complete
2013-07-10 12:47:22, Info CSI 000000b6 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:22, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:26, Info CSI 000000b9 [SR] Verify complete
2013-07-10 12:47:27, Info CSI 000000ba [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:27, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:31, Info CSI 000000bd [SR] Verify complete
2013-07-10 12:47:32, Info CSI 000000be [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:32, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:42, Info CSI 000000c1 [SR] Verify complete
2013-07-10 12:47:42, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:42, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:47, Info CSI 000000c5 [SR] Verify complete
2013-07-10 12:47:48, Info CSI 000000c6 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:48, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:53, Info CSI 000000c9 [SR] Verify complete
2013-07-10 12:47:54, Info CSI 000000ca [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:54, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2013-07-10 12:47:58, Info CSI 000000cd [SR] Verify complete
2013-07-10 12:47:58, Info CSI 000000ce [SR] Verifying 100 (0x00000064) components
2013-07-10 12:47:58, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2013-07-10 12:48:03, Info CSI 000000d1 [SR] Verify complete
2013-07-10 12:48:04, Info CSI 000000d2 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:48:04, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2013-07-10 12:48:14, Info CSI 000000eb [SR] Verify complete
2013-07-10 12:48:15, Info CSI 000000ec [SR] Verifying 100 (0x00000064) components
2013-07-10 12:48:15, Info CSI 000000ed [SR] Beginning Verify and Repair transaction
2013-07-10 12:48:24, Info CSI 000000fc [SR] Verify complete
2013-07-10 12:48:25, Info CSI 000000fd [SR] Verifying 100 (0x00000064) components
2013-07-10 12:48:25, Info CSI 000000fe [SR] Beginning Verify and Repair transaction
2013-07-10 12:48:46, Info CSI 00000100 [SR] Verify complete
2013-07-10 12:48:47, Info CSI 00000101 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:48:47, Info CSI 00000102 [SR] Beginning Verify and Repair transaction
2013-07-10 12:49:02, Info CSI 00000104 [SR] Verify complete
2013-07-10 12:49:02, Info CSI 00000105 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:49:02, Info CSI 00000106 [SR] Beginning Verify and Repair transaction
2013-07-10 12:49:11, Info CSI 00000108 [SR] Verify complete
2013-07-10 12:49:12, Info CSI 00000109 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:49:12, Info CSI 0000010a [SR] Beginning Verify and Repair transaction
2013-07-10 12:49:18, Info CSI 0000010c [SR] Verify complete
2013-07-10 12:49:18, Info CSI 0000010d [SR] Verifying 100 (0x00000064) components
2013-07-10 12:49:18, Info CSI 0000010e [SR] Beginning Verify and Repair transaction
2013-07-10 12:49:22, Info CSI 00000110 [SR] Verify complete
2013-07-10 12:49:23, Info CSI 00000111 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:49:23, Info CSI 00000112 [SR] Beginning Verify and Repair transaction
2013-07-10 12:49:28, Info CSI 00000115 [SR] Verify complete
2013-07-10 12:49:28, Info CSI 00000116 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:49:28, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2013-07-10 12:49:40, Info CSI 00000119 [SR] Verify complete
2013-07-10 12:49:41, Info CSI 0000011a [SR] Verifying 100 (0x00000064) components
2013-07-10 12:49:41, Info CSI 0000011b [SR] Beginning Verify and Repair transaction
2013-07-10 12:49:45, Info CSI 0000011d [SR] Verify complete
2013-07-10 12:49:46, Info CSI 0000011e [SR] Verifying 100 (0x00000064) components
2013-07-10 12:49:46, Info CSI 0000011f [SR] Beginning Verify and Repair transaction
2013-07-10 12:49:55, Info CSI 00000121 [SR] Verify complete
2013-07-10 12:49:55, Info CSI 00000122 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:49:55, Info CSI 00000123 [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:04, Info CSI 00000125 [SR] Verify complete
2013-07-10 12:50:05, Info CSI 00000126 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:50:05, Info CSI 00000127 [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:11, Info CSI 00000129 [SR] Verify complete
2013-07-10 12:50:11, Info CSI 0000012a [SR] Verifying 100 (0x00000064) components
2013-07-10 12:50:11, Info CSI 0000012b [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:12, Info CSI 0000012d [SR] Cannot repair member file [l:20{10}]"RDPCDD.sys" of Microsoft-Windows-TerminalServices-RDP-MiniportDisplayDriver, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-07-10 12:50:15, Info CSI 0000012f [SR] Cannot repair member file [l:20{10}]"RDPCDD.sys" of Microsoft-Windows-TerminalServices-RDP-MiniportDisplayDriver, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-07-10 12:50:15, Info CSI 00000130 [SR] This component was referenced by [ml:38{19},l:36{18}]"Windows Foundation"
2013-07-10 12:50:16, Info CSI 00000133 [SR] Verify complete
2013-07-10 12:50:16, Info CSI 00000134 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:50:16, Info CSI 00000135 [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:21, Info CSI 00000137 [SR] Verify complete
2013-07-10 12:50:22, Info CSI 00000138 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:50:22, Info CSI 00000139 [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:28, Info CSI 0000013b [SR] Verify complete
2013-07-10 12:50:28, Info CSI 0000013c [SR] Verifying 100 (0x00000064) components
2013-07-10 12:50:28, Info CSI 0000013d [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:33, Info CSI 0000013f [SR] Verify complete
2013-07-10 12:50:34, Info CSI 00000140 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:50:34, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:41, Info CSI 00000143 [SR] Verify complete
2013-07-10 12:50:42, Info CSI 00000144 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:50:42, Info CSI 00000145 [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:50, Info CSI 00000147 [SR] Verify complete
2013-07-10 12:50:50, Info CSI 00000148 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:50:50, Info CSI 00000149 [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:57, Info CSI 0000014b [SR] Verify complete
2013-07-10 12:50:57, Info CSI 0000014c [SR] Verifying 100 (0x00000064) components
2013-07-10 12:50:57, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2013-07-10 12:50:59, Info CSI 0000014f [SR] Verify complete
2013-07-10 12:51:00, Info CSI 00000150 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:51:00, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2013-07-10 12:51:10, Info CSI 00000153 [SR] Verify complete
2013-07-10 12:51:11, Info CSI 00000154 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:51:11, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2013-07-10 12:51:19, Info CSI 00000157 [SR] Verify complete
2013-07-10 12:51:19, Info CSI 00000158 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:51:19, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2013-07-10 12:51:24, Info CSI 0000015b [SR] Verify complete
2013-07-10 12:51:24, Info CSI 0000015c [SR] Verifying 100 (0x00000064) components
2013-07-10 12:51:24, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2013-07-10 12:51:30, Info CSI 0000015f [SR] Verify complete
2013-07-10 12:51:31, Info CSI 00000160 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:51:31, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2013-07-10 12:51:34, Info CSI 00000163 [SR] Verify complete
2013-07-10 12:51:35, Info CSI 00000164 [SR] Verifying 100 (0x00000064) components
2013-07-10 12:51:35, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2013-07-10 12:51:43, Info CSI 00000167 [SR] Verify complete
2013-07-10 12:51:44, Info CSI 00000168 [SR] Verifying 34 (0x00000022) components
2013-07-10 12:51:44, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2013-07-10 12:51:46, Info CSI 0000016b [SR] Verify complete
2013-07-10 12:51:46, Info CSI 0000016c [SR] Repairing 1 components
2013-07-10 12:51:46, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2013-07-10 12:51:46, Info CSI 0000016f [SR] Cannot repair member file [l:20{10}]"RDPCDD.sys" of Microsoft-Windows-TerminalServices-RDP-MiniportDisplayDriver, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-07-10 12:51:46, Info CSI 00000171 [SR] Cannot repair member file [l:20{10}]"RDPCDD.sys" of Microsoft-Windows-TerminalServices-RDP-MiniportDisplayDriver, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2013-07-10 12:51:46, Info CSI 00000172 [SR] This component was referenced by [ml:38{19},l:36{18}]"Windows Foundation"
2013-07-10 12:51:46, Info CSI 00000174 [SR] Repair complete
2013-07-10 12:51:46, Info CSI 00000175 [SR] Committing transaction
2013-07-10 12:51:46, Info CSI 00000179 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
  • 0

#114
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
If you give me the make and model of your computer, I may be able to find something.
  • 0

#115
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Here is the info, let me know if you need anything else:

HP m8125x
Vista Home Premium
Intel Core 2 Quad Cpu Q6600 @ 2.40 gHz

One thing you need to know is that the CD/DVDR is not working - something wrong with the driver. I was hoping to fix that when this whole issue with the malware was over. The model of the CD/DVD is TSST Corp TS-H653L.
  • 0

Advertisements


#116
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi,

I just wanted to let you know that I am leaving on vacation today. I will try to get someone else to help you out.

However, I am kind of at the end of what I can really do to help. We do have a windows update expert here, but he is on vacation for a little bit. The best I can offer right now is a repair install, but we need a Vista CD. A last resort is to use the recovery partition, but you would have to back up all your data (it would format and wipe your drive) and reinstall all of your programs that didn't come with the computer.

There is another forum that has a specialized windows update section that I could refer you to, if you would like to try that first. Or I could have someone else take a look while I am gone and you could see what he has to offer.
  • 0

#117
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Sorry for the late reply.
It's been very hectic yesterday and today.
Thanks for letting me know you're off on vacation!
I hope you have a great holiday.

As for the next step, if you have any suggestions for anyone on this forum or give me a link to another forum please let me know, or I could just wait until the Windows Update expert gets back from his vacation.

I also wanted to take the time to thank you for everything up to this point!
Without your help I wouldn't be able to use this computer anymore.
I really appreciate everything. Thanks again!!
  • 0

#118
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok. Let's remove our tools and clean up from the malware removal, then you can try posting a topic here, following the instructions here. Hopefully someone there can help you with the windows updates and get SP1 and SP2. Otherwise, you would need to do a repair install, if you can find a matching Vista CD, or a reinstall using the recovery partition (which would erase all your files and programs; you would need to backup your files first and save all of your software license keys.) It wouldn't be a bad idea to backup before a repair install also. I can guide you through either of these processes if you would like. Let me know.

For now, let's cleanup. Make sure you reinstall McAfee so that your computer is protected (or you can keep Microsoft Security Essentials if you would like). I recommend Security Essentials, unless you want to finish your paid subscription for McAfee, which is fine). Make sure you uninstall Security Essentials before installing McAfee.

You may not be able to update all of the programs below until you get the SP1 and SP2 problems fixed.


Please update these programs, as old versions pose a security risk.
  • Java

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you do need java, then you should definitely update to the latest version:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, then click Remove JRE.
    • Run the built-in uninstallers for all copies of java listed
    • Click the Next button
    • Click the Next button again
    • Click the Java Manual Download link
    • A browser window will open with the Java download page
    • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
    • Run the installer
    • Close JavaRa
  • Adobe Flash -> You can get the latest version here.
  • Adobe Reader -> You can get the latest version here.

    I would recommend securing Adobe Reader against the latest exploits as follows:

    • Launch Adobe Reader.
    • Click on Edit and select Preferences.
    • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    • Click the OK button.
  • Firefox -> You can get the latest version here.
  • Chrome -> Update instructions here.
  • Internet Explorer -> You should get the latest version (v9) through Windows Updates once the problem is fixed.


Uninstall Combofix:
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box.
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK.
  • Follow the prompts on the screen.
  • A message should appear confirming that ComboFix was uninstalled.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access.
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Protection tab.
    • Un-check the boxes next to your hard drives.
    • Click Apply, and then click OK.
  • Reboot.
  • Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Protection tab.
  • Check the boxes next to your hard drives.
  • Click Apply, and then click OK.

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


Turn on UAC: You have UAC disabled on your computer. I would recommend turning it on, because it provides additional protection to keep malicious software from running on your computer with higher privileges. To turn it on, do the following:
  • Open User Account Control Settings by clicking the Start button, and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
  • Move the slider to the default position, and then click OK. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Defragment your hard drive. Your hard drive is showing 12% fragmentation. This refers to how your files are spread out on the physical "disk" in your hard drive. You could possibly gain a little better performance from your PC if you defragment your hard drive. Instructions can be found here.

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#119
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Hope you had a good vacation! Thanks for all the tips and cleanup steps! I've run through everything so far except for trying Windows update. I'm still trying to defrag the disc. I'll try posting on that forum once everything is done. Thanks again for all the help! I wouldn't be able to use this computer without your assistance!
  • 0

#120
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP