Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Can't connect to internet in normal boot [Solved]


  • This topic is locked This topic is locked
55 replies to this topic

#31 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 28 December 2013 - 09:48 AM

Please visit the page here >> http://www.microsoft...validation.aspx and follow the instructions.  Let me know the results.  :)

 

 

 

1) I went to the link listed above

2) I downloaded and ran the program suggested in step 1 of the link

3) The program returned a hex code

4) The code was then copied into the box in step 2 of the link

5) Then the "validate" button was clicked and a new page came up saying "We are sorry, the page you requested cannot be found"

 

I repeated this step 3 times and got the same result each time.

 

Edit to add: I do not think this tool is working.  I tried the same procedure on two other healthy machines and each time I got the same error message of "We are sorry, the page you requested cannot be found"


Edited by maldini, 28 December 2013 - 11:22 AM.

    Advertisements

Register to Remove


#32 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 02:47 PM

Ok thanks for letting me know.  Let me see what I can find.  :)


Posted Image
 
 

#33 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 06:43 AM

Sorry for any delay!  :(

 

Are you able to connect to the internet via Safe Mode with Networking?  If so, please run Windows Update and tell me what happens. 


Posted Image
 
 

#34 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 30 December 2013 - 08:48 AM

When I launch Windows Update from Safe Mode nothing happens.

 

It does not appear the program gets started.  There is no error message and the Task Manager does not indicate anything is happening.

 

The computer continues to operate in Safe Mode after the attempted launch (I tried 3 times with no luck).

 

In searching around the computer I found a file called WindowsUpdate.log

 

I am not sure if it is helpful but does appear to have some error messages in it from the last few times Windows Update was attempted from normal mode, including this morning.  Here is the information from the latest attempt

 

2013-12-30    09:00:45:413     960    f8c    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2013-12-30    09:00:45:428     960    f8c    Misc      = Process: C:\Windows\system32\svchost.exe
2013-12-30    09:00:45:428     960    f8c    Misc      = Module: c:\windows\system32\wuaueng.dll
2013-12-30    09:00:45:413     960    f8c    Service    *************
2013-12-30    09:00:45:428     960    f8c    Service    ** START **  Service: Service startup
2013-12-30    09:00:45:428     960    f8c    Service    *********
2013-12-30    09:00:45:475     960    f8c    Agent      * WU client version 7.6.7600.256
2013-12-30    09:00:45:475     960    f8c    Agent      * Base directory: C:\Windows\SoftwareDistribution
2013-12-30    09:00:45:475     960    f8c    Agent      * Access type: No proxy
2013-12-30    09:00:45:491     960    f8c    Agent      * Network state: Connected
2013-12-30    09:00:45:803     960    3d8    Report    CWERReporter::Init succeeded
2013-12-30    09:00:45:803     960    3d8    Agent    ***********  Agent: Initializing Windows Update Agent  ***********
2013-12-30    09:00:45:803     960    3d8    Agent    ***********  Agent: Initializing global settings cache  ***********
2013-12-30    09:00:45:803     960    3d8    Agent      * WSUS server: <NULL>
2013-12-30    09:00:45:803     960    3d8    Agent      * WSUS status server: <NULL>
2013-12-30    09:00:45:803     960    3d8    Agent      * Target group: (Unassigned Computers)
2013-12-30    09:00:45:803     960    3d8    Agent      * Windows Update access disabled: No
2013-12-30    09:00:45:818     960    3d8    DnldMgr    Download manager restoring 0 downloads
2013-12-30    09:00:45:943     960    3d8    AU    ###########  AU: Initializing Automatic Updates  ###########
2013-12-30    09:00:45:943     960    3d8    AU    AU setting next detection timeout to 2013-12-30 14:00:45
2013-12-30    09:00:45:943     960    3d8    AU    AU setting next sqm report timeout to 2013-12-30 14:00:45
2013-12-30    09:00:45:943     960    3d8    AU      # Approval type: Scheduled (User preference)
2013-12-30    09:00:45:943     960    3d8    AU      # Scheduled install day/time: Every day at 3:00
2013-12-30    09:00:45:943     960    3d8    AU      # Auto-install minor updates: Yes (User preference)
2013-12-30    09:00:45:943     960    3d8    AU      # Will interact with non-admins (Non-admins are elevated (User preference))
2013-12-30    09:00:45:943     960    3d8    AU      # Will display featured software notifications (User preference)
2013-12-30    09:00:46:239     960    3d8    AU    Initializing featured updates
2013-12-30    09:00:46:239     960    3d8    AU    Found 0 cached featured updates
2013-12-30    09:00:46:770     960    f8c    Report    ***********  Report: Initializing static reporting data  ***********
2013-12-30    09:00:46:770     960    f8c    Report      * OS Version = 6.1.7601.1.0.65792
2013-12-30    09:00:46:770     960    f8c    Report      * OS Product Type = 0x00000030
2013-12-30    09:00:46:801     960    f8c    Report      * Computer Brand = Dell Inc.
2013-12-30    09:00:46:801     960    f8c    Report      * Computer Model = Inspiron 1525                   
2013-12-30    09:00:46:801     960    f8c    Report      * Bios Revision = A11
2013-12-30    09:00:46:801     960    f8c    Report      * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A11
2013-12-30    09:00:46:801     960    f8c    Report      * Bios Release Date = 2008-03-10T00:00:00
2013-12-30    09:00:46:801     960    f8c    Report      * Locale ID = 1033
2013-12-30    09:00:46:863     960    3d8    AU    Successfully wrote event for AU health state:0
2013-12-30    09:00:46:863     960    3d8    AU    Successfully wrote event for AU health state:0
2013-12-30    09:00:46:863     960    3d8    AU    AU finished delayed initialization
2013-12-30    09:00:46:863     960    f8c    AU    AU setting next sqm report timeout to 2013-12-31 14:00:46
2013-12-30    09:00:46:863     960    f8c    AU    #############
2013-12-30    09:00:46:863     960    f8c    AU    ## START ##  AU: Search for updates
2013-12-30    09:00:46:863     960    f8c    AU    #########
2013-12-30    09:00:46:863     960    f8c    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {F33BFABD-DF4C-4EBC-A398-2E384D90CD51}]
2013-12-30    09:00:46:863     960    fe4    Agent    *************
2013-12-30    09:00:46:863     960    fe4    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-12-30    09:00:46:863     960    fe4    Agent    *********
2013-12-30    09:00:46:863     960    fe4    Agent      * Online = Yes; Ignore download priority = No
2013-12-30    09:00:46:863     960    fe4    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-12-30    09:00:46:863     960    fe4    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-12-30    09:00:46:863     960    fe4    Agent      * Search Scope = {Machine}
2013-12-30    09:00:46:957     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-12-30    09:00:47:019     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:49:687     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-12-30    09:00:49:687     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:49:765     960    fe4    Agent    Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://ds.download.w...edir/muauth.cab
2013-12-30    09:00:49:765     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-12-30    09:00:49:781     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:51:091     960    3d8    AU    Triggering AU detection through DetectNow API
2013-12-30    09:00:51:091     960    3d8    AU    Piggybacking on an AU detection already in progress
2013-12-30    09:00:52:417     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-12-30    09:00:52:433     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:52:433     960    fe4    Setup    Checking for agent SelfUpdate
2013-12-30    09:00:52:433     960    fe4    Setup    Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-12-30    09:00:52:433     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-12-30    09:00:52:448     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:52:464     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-12-30    09:00:52:479     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:52:526     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-12-30    09:00:52:557     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:55:319     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-12-30    09:00:55:334     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:55:412     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-12-30    09:00:55:443     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:55:459     960    fe4    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-12-30    09:00:55:459     960    fe4    Misc     Microsoft signed: Yes
2013-12-30    09:00:55:646     960    fe4    Setup    Determining whether a new setup handler needs to be downloaded
2013-12-30    09:00:55:646     960    fe4    Setup    SelfUpdate handler is not found.  It will be downloaded
2013-12-30    09:00:55:646     960    fe4    Setup    Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256"
2013-12-30    09:01:55:488     960    f8c    AU    Forced install timer expired for scheduled install
2013-12-30    09:01:55:488     960    f8c    AU    UpdateDownloadProperties: 0 download(s) are still in progress.
2013-12-30    09:01:55:488     960    f8c    AU    Setting AU scheduled install time to 2013-12-31 08:00:00
2013-12-30    09:01:55:488     960    f8c    AU    Successfully wrote event for AU health state:0
2013-12-30    09:02:56:188     960    fe4    Setup    WARNING: Cbs StartSession, error = 0x80080005
2013-12-30    09:02:56:188     960    fe4    Setup    FATAL: Applicability evaluation for setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256" failed, error = 0x80080005
2013-12-30    09:02:56:188     960    fe4    Setup    FATAL: SelfUpdate check failed, err = 0x80080005
2013-12-30    09:02:56:234     960    fe4    Agent      * WARNING: Skipping scan, self-update check returned 0x80080005
2013-12-30    09:02:56:250     960    fe4    Agent      * WARNING: Exit code = 0x80080005
2013-12-30    09:02:56:250     960    fe4    Agent    *********
2013-12-30    09:02:56:250     960    fe4    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-12-30    09:02:56:250     960    fe4    Agent    *************
2013-12-30    09:02:56:250     960    fe4    Agent    WARNING: WU client failed Searching for update with error 0x80080005
2013-12-30    09:02:56:250     960    e64    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {F33BFABD-DF4C-4EBC-A398-2E384D90CD51}]
2013-12-30    09:02:56:250     960    e64    AU      # WARNING: Search callback failed, result = 0x80080005
2013-12-30    09:02:56:250     960    e64    AU      # WARNING: Failed to find updates with error code 80080005
2013-12-30    09:02:56:250     960    e64    AU    #########
2013-12-30    09:02:56:250     960    e64    AU    ##  END  ##  AU: Search for updates [CallId = {F33BFABD-DF4C-4EBC-A398-2E384D90CD51}]
2013-12-30    09:02:56:250     960    e64    AU    #############
2013-12-30    09:02:56:250     960    e64    AU    Successfully wrote event for AU health state:0
2013-12-30    09:02:56:250     960    e64    AU    AU setting next detection timeout to 2013-12-30 19:02:56
2013-12-30    09:02:56:250     960    e64    AU    AU was unable to detect updates for more than 48 hours
2013-12-30    09:02:56:250     960    e64    AU    Setting AU scheduled install time to 2013-12-31 08:00:00
2013-12-30    09:02:56:250     960    e64    AU    Successfully wrote event for AU health state:0
2013-12-30    09:02:56:250     960    e64    AU    Successfully wrote event for AU health state:0
2013-12-30    09:02:56:359     960    fe4    Report    CWERReporter finishing event handling. (00000000)
2013-12-30    09:02:56:359     960    fe4    Report    CWERReporter finishing event handling. (00000000)
2013-12-30    09:03:01:258     960    fe4    Report    REPORT EVENT: {34A083E4-CAC3-4032-A5D2-374A39F3C455}    2013-12-30 09:02:56:234-0500    1    148    101    {61CA813A-7585-442E-A66B-B0D15CE6BDC0}    1    80080005    SelfUpdate    Failure    Software Synchronization    Windows Update Client failed to detect with error 0x80080005.
2013-12-30    09:03:01:258     960    fe4    Report    REPORT EVENT: {7BFA670B-03E2-4936-836F-155D0AEB65B1}    2013-12-30 09:02:56:250-0500    1    149    102    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Failure    Software Synchronization    Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
2013-12-30    09:03:01:351     960    fe4    Report    CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-12-30    09:03:01:351     960    fe4    Report    WER Report sent: 7.6.7600.256 0x80080005 61CA813A-7585-442E-A66B-B0D15CE6BDC0 Scan 101 Unmanaged
2013-12-30    09:03:01:351     960    fe4    Report    CWERReporter finishing event handling. (00000000)
2013-12-30    09:03:20:131     960    f8c    Shutdwn    user declined update at shutdown
2013-12-30    09:03:20:131     960    f8c    AU    Successfully wrote event for AU health state:0
2013-12-30    09:03:20:131     960    f8c    AU    AU initiates service shutdown
2013-12-30    09:03:20:131     960    f8c    AU    ###########  AU: Uninitializing Automatic Updates  ###########
2013-12-30    09:04:20:159     960    f8c    Handler    FATAL: UH: 0x80080005: StartSession failed in CCbs::IsCbsPending
2013-12-30    09:04:20:159     960    f8c    Report    CWERReporter finishing event handling. (00000000)
2013-12-30    09:04:20:253     960    f8c    Service    *********
2013-12-30    09:04:20:253     960    f8c    Service    **  END  **  Service: Service exit [Exit code = 0x240001]
2013-12-30    09:04:20:253     960    f8c    Service    *************
2013-12-30    09:09:21:681     960    334    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2013-12-30    09:09:21:681     960    334    Misc      = Process: C:\Windows\system32\svchost.exe
2013-12-30    09:09:21:681     960    334    Misc      = Module: c:\windows\system32\wuaueng.dll
2013-12-30    09:09:21:681     960    334    Service    *************
2013-12-30    09:09:21:681     960    334    Service    ** START **  Service: Service startup
2013-12-30    09:09:21:681     960    334    Service    *********
2013-12-30    09:09:21:681     960    334    Agent      * WU client version 7.6.7600.256
2013-12-30    09:09:21:681     960    334    Agent      * Base directory: C:\Windows\SoftwareDistribution
2013-12-30    09:09:21:681     960    334    Agent      * Access type: No proxy
2013-12-30    09:09:21:697     960    334    Agent      * Network state: Connected
2013-12-30    09:09:21:790     960    4e8    Report    CWERReporter::Init succeeded
2013-12-30    09:09:21:790     960    4e8    Agent    ***********  Agent: Initializing Windows Update Agent  ***********
2013-12-30    09:09:21:790     960    4e8    Agent    ***********  Agent: Initializing global settings cache  ***********
2013-12-30    09:09:21:790     960    4e8    Agent      * WSUS server: <NULL>
2013-12-30    09:09:21:790     960    4e8    Agent      * WSUS status server: <NULL>
2013-12-30    09:09:21:790     960    4e8    Agent      * Target group: (Unassigned Computers)
2013-12-30    09:09:21:790     960    4e8    Agent      * Windows Update access disabled: No
2013-12-30    09:09:21:790     960    4e8    DnldMgr    Download manager restoring 0 downloads
2013-12-30    09:09:21:806    4036    8e4    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2013-12-30    09:09:21:806    4036    8e4    Misc      = Process: c:\Program Files\Microsoft Security Client\MpCmdRun.exe
2013-12-30    09:09:21:806    4036    8e4    Misc      = Module: C:\Windows\system32\wuapi.dll
2013-12-30    09:09:21:806    4036    8e4    COMAPI    -------------
2013-12-30    09:09:21:806    4036    8e4    COMAPI    -- START --  COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:21:806    4036    8e4    COMAPI    ---------
2013-12-30    09:09:21:806    4036    8e4    COMAPI    <<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:22:118     960    334    Report    ***********  Report: Initializing static reporting data  ***********
2013-12-30    09:09:22:118     960    334    Report      * OS Version = 6.1.7601.1.0.65792
2013-12-30    09:09:22:118     960    334    Report      * OS Product Type = 0x00000030
2013-12-30    09:09:22:134     960    334    Report      * Computer Brand = Dell Inc.
2013-12-30    09:09:22:134     960    334    Report      * Computer Model = Inspiron 1525                   
2013-12-30    09:09:22:134     960    334    Report      * Bios Revision = A11
2013-12-30    09:09:22:134     960    334    Report      * Bios Name = Phoenix ROM BIOS PLUS Version 1.10 A11
2013-12-30    09:09:22:134     960    334    Report      * Bios Release Date = 2008-03-10T00:00:00
2013-12-30    09:09:22:134     960    334    Report      * Locale ID = 1033
2013-12-30    09:09:22:134     960    e74    Agent    *************
2013-12-30    09:09:22:134     960    e74    Agent    ** START **  Agent: Finding updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:22:134     960    e74    Agent    *********
2013-12-30    09:09:22:134     960    e74    Agent      * Online = Yes; Ignore download priority = No
2013-12-30    09:09:22:134     960    e74    Agent      * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '6b9e8b26-8f50-44b9-94c6-7846084383ec' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
2013-12-30    09:09:22:134     960    e74    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-12-30    09:09:22:134     960    e74    Agent      * Search Scope = {Machine}
2013-12-30    09:09:22:149     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-12-30    09:09:22:165     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:26:970     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-12-30    09:09:26:985     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:27:001     960    e74    Agent    Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://ds.download.w...edir/muauth.cab
2013-12-30    09:09:27:001     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-12-30    09:09:27:001     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:32:164     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-12-30    09:09:32:180     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:32:430     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-12-30    09:09:32:461     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:32:476     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-12-30    09:09:32:492     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:32:492     960    e74    PT    +++++++++++  PT: Starting category scan  +++++++++++
2013-12-30    09:09:32:492     960    e74    PT      + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.micro...ice/client.asmx
2013-12-30    09:09:37:780     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-12-30    09:09:37:796     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:37:812     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-12-30    09:09:37:827     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:37:827     960    e74    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-12-30    09:09:37:827     960    e74    PT      + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.micro...ice/client.asmx
2013-12-30    09:09:40:698     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-12-30    09:09:40:713     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:40:729     960    e74    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-12-30    09:09:40:744     960    e74    Misc     Microsoft signed: Yes
2013-12-30    09:09:40:744     960    e74    PT    +++++++++++  PT: Synchronizing extended update info  +++++++++++
2013-12-30    09:09:40:744     960    e74    PT      + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.micro...ice/client.asmx
2013-12-30    09:09:40:838     960    e74    DtaStor    WARNING: Attempted to add URL http://download.wind...216262ac9ad.cab for file N2ippjf1ulzo+3MBPaFyFiYqya0= when file has not been previously added to the datastore
2013-12-30    09:09:40:838     960    e74    DtaStor    WARNING: Attempted to add URL http://download.wind...f59b5a5cd90.cab for file owGiyWT/ItHgNTuhUuIPWbWlzZA= when file has not been previously added to the datastore
2013-12-30    09:09:40:838     960    e74    DtaStor    WARNING: Attempted to add URL http://download.wind...f7e403f424f.cab for file 66qIfLfScM60pWbNJem/fkA/Qk8= when file has not been previously added to the datastore
2013-12-30    09:09:40:838     960    e74    DtaStor    WARNING: Attempted to add URL http://download.wind...03541e85b8a.cab for file L5HjuAiaS8K9unm8S3NwNUHoW4o= when file has not been previously added to the datastore
2013-12-30    09:09:40:838     960    e74    DtaStor    WARNING: Attempted to add URL http://download.wind...5ffffe5ec1d.cab for file TA2kpJwNss/fAWuwsC1V///l7B0= when file has not been previously added to the datastore
2013-12-30    09:09:40:932     960    e74    Agent    Update {2E174783-A434-4931-9183-185ABCE31148}.201 is pruned out due to potential supersedence
2013-12-30    09:09:40:932     960    e74    Agent    Update {FFA1DD13-D6F6-4975-969B-8C3D99FC6EC3}.201 is pruned out due to potential supersedence
2013-12-30    09:09:40:932     960    e74    Agent    Update {442C2603-5380-410D-A42C-15992DC8D5B9}.201 is pruned out due to potential supersedence
2013-12-30    09:09:40:932     960    e74    Agent    Update {B0FAD7B7-4C08-45D7-92BE-8D9ACA0AC74B}.201 is pruned out due to potential supersedence
2013-12-30    09:09:40:932     960    e74    Agent      * Added update {C530A652-6BA4-4E21-915C-C1C3A252ABB4}.201 to search result
2013-12-30    09:09:40:932     960    e74    Agent      * Found 1 updates and 4 categories in search; evaluated appl. rules of 243 out of 255 deployed entities
2013-12-30    09:09:40:963     960    e74    Agent    *********
2013-12-30    09:09:40:963     960    e74    Agent    **  END  **  Agent: Finding updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:40:963     960    e74    Agent    *************
2013-12-30    09:09:40:978     960    e74    Report    CWERReporter finishing event handling. (00000000)
2013-12-30    09:09:40:978    4036    5a0    COMAPI    >>--  RESUMED  -- COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:40:978    4036    5a0    COMAPI      - Updates found = 1
2013-12-30    09:09:40:978    4036    5a0    COMAPI    ---------
2013-12-30    09:09:40:978    4036    5a0    COMAPI    --  END  --  COMAPI: Search [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:40:978    4036    5a0    COMAPI    -------------
2013-12-30    09:09:40:978    4036    e80    COMAPI    -------------
2013-12-30    09:09:40:978    4036    e80    COMAPI    -- START --  COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:40:978    4036    e80    COMAPI    ---------
2013-12-30    09:09:40:978    4036    e80    COMAPI      - Forced: No; Download priority: 2
2013-12-30    09:09:40:978    4036    e80    COMAPI      - Updates in request: 1
2013-12-30    09:09:40:978    4036    e80    COMAPI      - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-12-30    09:09:40:994    4036    e80    COMAPI    <<-- SUBMITTED -- COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:40:994     960    e74    DnldMgr    *************
2013-12-30    09:09:40:994     960    e74    DnldMgr    ** START **  DnldMgr: Downloading updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:40:994     960    e74    DnldMgr    *********
2013-12-30    09:09:40:994     960    e74    DnldMgr      * Call ID = {EC928A24-86A1-48CD-A4BC-C860A459522D}
2013-12-30    09:09:40:994     960    e74    DnldMgr      * Priority = 2, Interactive = 1, Owner is system = 1, Explicit proxy = 1, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
2013-12-30    09:09:40:994     960    e74    DnldMgr      * Updates to download = 1
2013-12-30    09:09:40:994     960    e74    Agent      *   Title = Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.822.0)
2013-12-30    09:09:40:994     960    e74    Agent      *   UpdateId = {C530A652-6BA4-4E21-915C-C1C3A252ABB4}.201
2013-12-30    09:09:40:994     960    e74    Agent      *     Bundles 1 updates:
2013-12-30    09:09:40:994     960    e74    Agent      *       {9C430824-AA1A-4CBC-8B1C-CDE971A3CE66}.201
2013-12-30    09:09:40:994     960    e74    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {9C430824-AA1A-4CBC-8B1C-CDE971A3CE66}.201]  ***********
2013-12-30    09:09:41:088     960    e74    DnldMgr      * BITS job initialized, JobId = {57BED58E-4278-4353-86D9-11343A52C432}
2013-12-30    09:09:41:197     960    e74    DnldMgr      * Downloading from http://download.wind...7cfc42b0bf4.exe to C:\Windows\SoftwareDistribution\Download\251e295884300e9f0b2e8939cfd72981\f28012da7517e0e84543c725f4a287cfc42b0bf4 (full file).
2013-12-30    09:09:41:540     960    e74    Agent    *********
2013-12-30    09:09:41:540     960    e74    Agent    **  END  **  Agent: Downloading updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:09:41:540     960    e74    Agent    *************
2013-12-30    09:09:45:970     960    e74    Report    REPORT EVENT: {C094C952-2331-4546-BC5F-C2D819B80D70}    2013-12-30 09:09:40:963-0500    1    147    101    {00000000-0000-0000-0000-000000000000}    0    0    Microsoft Security Essentials (    Success    Software Synchronization    Windows Update Client successfully detected 1 updates.
2013-12-30    09:09:45:970     960    e74    Report    CWERReporter finishing event handling. (00000000)
2013-12-30    09:10:06:219     960    364    DnldMgr    BITS job {57BED58E-4278-4353-86D9-11343A52C432} completed successfully
2013-12-30    09:10:06:297     960    364    Misc    Validating signature for C:\Windows\SoftwareDistribution\Download\251e295884300e9f0b2e8939cfd72981\f28012da7517e0e84543c725f4a287cfc42b0bf4:
2013-12-30    09:10:06:313     960    364    Misc     Microsoft signed: Yes
2013-12-30    09:10:06:313     960    364    DnldMgr      Download job bytes total = 646928, bytes transferred = 646928
2013-12-30    09:10:06:313     960    364    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {9C430824-AA1A-4CBC-8B1C-CDE971A3CE66}.201]  ***********
2013-12-30    09:10:06:328     960    364    DnldMgr      * All files for update were already downloaded and are valid.
2013-12-30    09:10:06:360    4036    5a0    COMAPI    >>--  RESUMED  -- COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:10:06:360    4036    5a0    COMAPI      - Download call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0)
2013-12-30    09:10:06:360    4036    5a0    COMAPI    ---------
2013-12-30    09:10:06:360    4036    5a0    COMAPI    --  END  --  COMAPI: Download [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:10:06:360    4036    5a0    COMAPI    -------------
2013-12-30    09:10:06:360    4036    984    COMAPI    -------------
2013-12-30    09:10:06:360    4036    984    COMAPI    -- START --  COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:10:06:360    4036    984    COMAPI    ---------
2013-12-30    09:10:06:360    4036    984    COMAPI      - Allow source prompts: Yes; Forced: No; Force quiet: Yes
2013-12-30    09:10:06:360    4036    984    COMAPI      - Updates in request: 1
2013-12-30    09:10:06:360    4036    984    COMAPI      - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-12-30    09:10:06:360    4036    984    COMAPI      - Updates to install = 1
2013-12-30    09:10:06:360    4036    984    COMAPI    <<-- SUBMITTED -- COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:10:06:375     960    6d0    Agent    *************
2013-12-30    09:10:06:375     960    6d0    Agent    ** START **  Agent: Installing updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:10:06:375     960    6d0    Agent    *********
2013-12-30    09:10:06:375     960    6d0    Agent      * Updates to install = 1
2013-12-30    09:10:06:375     960    6d0    Agent      *   Title = Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.822.0)
2013-12-30    09:10:06:375     960    6d0    Agent      *   UpdateId = {C530A652-6BA4-4E21-915C-C1C3A252ABB4}.201
2013-12-30    09:10:06:375     960    6d0    Agent      *     Bundles 8 updates:
2013-12-30    09:10:06:375     960    6d0    Agent      *       {C855B48B-112A-48C6-BBD3-9A41F5DECBCE}.200
2013-12-30    09:10:06:375     960    6d0    Agent      *       {F14F9888-E796-4D14-B1AF-9D915A24F650}.200
2013-12-30    09:10:06:375     960    6d0    Agent      *       {04DC1201-692E-417A-9B00-72CB7B64548A}.200
2013-12-30    09:10:06:375     960    6d0    Agent      *       {8ED3DE99-8520-43A3-A255-BEA27275B593}.200
2013-12-30    09:10:06:375     960    6d0    Agent      *       {2EF95D67-31B4-48AA-97BC-531F70A1C87F}.200
2013-12-30    09:10:06:375     960    6d0    Agent      *       {92A99C73-8F9D-4E86-8A4C-A09A6D192110}.200
2013-12-30    09:10:06:375     960    6d0    Agent      *       {0EB168A5-1372-4FAF-930B-BE3C6FEF4450}.200
2013-12-30    09:10:06:375     960    6d0    Agent      *       {9C430824-AA1A-4CBC-8B1C-CDE971A3CE66}.201
2013-12-30    09:10:06:765     960    334    AU    ###########  AU: Initializing Automatic Updates  ###########
2013-12-30    09:10:06:765     960    334    AU      # Approval type: Scheduled (User preference)
2013-12-30    09:10:06:765     960    334    AU      # Scheduled install day/time: Every day at 3:00
2013-12-30    09:10:06:765     960    334    AU      # Auto-install minor updates: Yes (User preference)
2013-12-30    09:10:06:765     960    334    AU      # Will interact with non-admins (Non-admins are elevated (User preference))
2013-12-30    09:10:06:765     960    334    AU      # Will display featured software notifications (User preference)
2013-12-30    09:10:06:765     960    334    AU    Setting AU scheduled install time to 2013-12-31 08:00:00
2013-12-30    09:10:06:765     960    334    AU    Successfully wrote event for AU health state:0
2013-12-30    09:10:06:765     960    334    AU    Initializing featured updates
2013-12-30    09:10:06:765     960    334    AU    Found 0 cached featured updates
2013-12-30    09:10:06:765     960    334    AU    Successfully wrote event for AU health state:0
2013-12-30    09:10:06:765     960    334    AU    Successfully wrote event for AU health state:0
2013-12-30    09:10:06:765     960    334    AU    AU finished delayed initialization
2013-12-30    09:10:11:367     960    e74    Report    REPORT EVENT: {A4523392-ECDB-40D4-94C1-248A56D415D3}    2013-12-30 09:10:06:360-0500    1    162    101    {C530A652-6BA4-4E21-915C-C1C3A252ABB4}    201    0    Microsoft Security Essentials (    Success    Content Download    Download succeeded.
2013-12-30    09:10:11:367     960    e74    Report    CWERReporter finishing event handling. (00000000)
2013-12-30    09:20:06:727     960    6d0    Agent    WARNING: Failed SRSetRestorePoint call with win32 error -2130706175
2013-12-30    09:20:07:242     960    6d0    DnldMgr    Preparing update for install, updateId = {9C430824-AA1A-4CBC-8B1C-CDE971A3CE66}.201.
2013-12-30    09:20:07:257    2392    114    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2013-12-30    09:20:07:257    2392    114    Misc      = Process: C:\Windows\system32\wuauclt.exe
2013-12-30    09:20:07:257    2392    114    Misc      = Module: C:\Windows\system32\wuaueng.dll
2013-12-30    09:20:07:257    2392    114    Handler    :::::::::::::
2013-12-30    09:20:07:257    2392    114    Handler    :: START ::  Handler: Command Line Install
2013-12-30    09:20:07:257    2392    114    Handler    :::::::::
2013-12-30    09:20:07:257    2392    114    Handler      : Updates to install = 1
2013-12-30    09:20:38:691    2392    114    Handler      : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
2013-12-30    09:20:38:691    2392    114    Handler    :::::::::
2013-12-30    09:20:38:691    2392    114    Handler    ::  END  ::  Handler: Command Line Install
2013-12-30    09:20:38:691    2392    114    Handler    :::::::::::::
2013-12-30    09:20:39:175     960    6d0    Agent    *********
2013-12-30    09:20:39:175     960    6d0    Agent    **  END  **  Agent: Installing updates [CallerId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:20:39:175     960    6d0    Agent    *************
2013-12-30    09:20:39:175     960    334    AU    Triggering Offline detection (non-interactive)
2013-12-30    09:20:39:175     960    334    AU    #############
2013-12-30    09:20:39:175     960    334    AU    ## START ##  AU: Search for updates
2013-12-30    09:20:39:175     960    334    AU    #########
2013-12-30    09:20:39:175     960    334    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {41AC5444-0046-4A92-966F-21AA0F6FD8C3}]
2013-12-30    09:20:39:175    4036    198    COMAPI    >>--  RESUMED  -- COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:20:39:175    4036    198    COMAPI      - Install call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0)
2013-12-30    09:20:39:175    4036    198    COMAPI      - Reboot required = No
2013-12-30    09:20:39:175    4036    198    COMAPI    ---------
2013-12-30    09:20:39:175    4036    198    COMAPI    --  END  --  COMAPI: Install [ClientId = Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)]
2013-12-30    09:20:39:175    4036    198    COMAPI    -------------
2013-12-30    09:20:39:175     960    e74    Agent    *************
2013-12-30    09:20:39:175     960    e74    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-12-30    09:20:39:175     960    e74    Agent    *********
2013-12-30    09:20:39:175     960    e74    Agent      * Online = No; Ignore download priority = No
2013-12-30    09:20:39:175     960    e74    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-12-30    09:20:39:175     960    e74    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2013-12-30    09:20:39:175     960    e74    Agent      * Search Scope = {Machine}
2013-12-30    09:20:39:705     960    e74    Agent      * Found 0 updates and 5 categories in search; evaluated appl. rules of 90 out of 255 deployed entities
2013-12-30    09:20:39:705     960    e74    Agent    *********
2013-12-30    09:20:39:705     960    e74    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-12-30    09:20:39:705     960    e74    Agent    *************
2013-12-30    09:20:39:705     960    e90    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {41AC5444-0046-4A92-966F-21AA0F6FD8C3}]
2013-12-30    09:20:39:705     960    e90    AU      # 0 updates detected
2013-12-30    09:20:39:705     960    e90    AU    #########
2013-12-30    09:20:39:705     960    e90    AU    ##  END  ##  AU: Search for updates [CallId = {41AC5444-0046-4A92-966F-21AA0F6FD8C3}]
2013-12-30    09:20:39:705     960    e90    AU    #############
2013-12-30    09:20:39:705     960    e90    AU    No featured updates notifications to show
2013-12-30    09:20:39:705     960    e90    AU    Setting AU scheduled install time to 2013-12-31 08:00:00
2013-12-30    09:20:39:705     960    e90    AU    Successfully wrote event for AU health state:0
2013-12-30    09:20:39:705     960    e90    AU    Successfully wrote event for AU health state:0
2013-12-30    09:20:43:746     960    e74    Report    REPORT EVENT: {98E39495-B770-4CD6-9B78-17F014EF10A7}    2013-12-30 09:20:38:738-0500    1    183    101    {C530A652-6BA4-4E21-915C-C1C3A252ABB4}    201    0    Microsoft Security Essentials (    Success    Content Install    Installation Successful: Windows successfully installed the following update: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.822.0)
2013-12-30    09:20:43:746     960    e74    Report    CWERReporter finishing event handling. (00000000)
2013-12-30    09:27:44:956     228     f0    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2013-12-30    09:27:44:956     228     f0    Misc      = Process: C:\Windows\system32\wuapp.exe
2013-12-30    09:27:44:940     228     f0    CltUI    FATAL: Failed to open Microsoft.WindowsUpdate page "<home>", hr=80004005
2013-12-30    09:28:42:301    1704    6c4    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2013-12-30    09:28:42:301    1704    6c4    Misc      = Process: C:\Windows\system32\wuapp.exe
2013-12-30    09:28:42:301    1704    6c4    CltUI    FATAL: Failed to open Microsoft.WindowsUpdate page "<home>", hr=80004005
2013-12-30    09:30:28:818    1244    214    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2013-12-30    09:30:28:818    1244    214    Misc      = Process: C:\Windows\system32\wuapp.exe
2013-12-30    09:30:28:818    1244    214    CltUI    FATAL: Failed to open Microsoft.WindowsUpdate page "<home>", hr=80004005
 

 

 

 

 


Edited by maldini, 30 December 2013 - 08:50 AM.


#35 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 08:58 AM

1QYkxTZ.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

----------
 
LlJESjW.jpgMalwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


Posted Image
 
 

#36 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 30 December 2013 - 09:33 AM

Hi Jeff,

 

I have a question on your directions for Malwarebytes Anti-Rootkit.

 

You said to follow the directions on the link but I am unsure if you really want to do that much

 

The directions on the page are "scan, cleanup, reboot, scan, and clean up again if needed".

 

Your follow on directions appear to be a more basic "scan and post log" like we have done with the other programs before trying to clean.

 

Should I perform the "cleanup, reboot, etc" steps immediately or do you just want the normal "scan and post" procedure?

 

While awaiting this answer I will let the scan run since that has to be done in either case.


Edited by maldini, 30 December 2013 - 09:45 AM.


#37 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 30 December 2013 - 09:38 AM

Here is the log from asrMBR

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-30 10:23:58
-----------------------------
10:23:58.018    OS Version: Windows 6.1.7601 Service Pack 1
10:23:58.018    Number of processors: 1 586 0x1601
10:23:58.018    ComputerName: DELL-PC  UserName: Busa
10:23:59.297    Initialize success
10:28:48.860    AVAST engine defs: 13123000
10:28:58.860    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
10:28:58.860    Disk 0 Vendor: WDC_WD800BEVS-75RST0 04.01G04 Size: 76319MB BusType: 11
10:28:59.078    Disk 0 MBR read successfully
10:28:59.094    Disk 0 MBR scan
10:28:59.188    Disk 0 Windows 7 default MBR code
10:28:59.203    Disk 0 Partition 1 00     DE Dell Utility NTFS           39 MB offset 63
10:28:59.281    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10000 MB offset 81920
10:28:59.312    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS        63718 MB offset 20561920
10:28:59.328    Disk 0 Partition - 00     0F Extended LBA              2559 MB offset 151058432
10:28:59.437    Disk 0 Partition 4 00     DD              MSDOS5.0     2558 MB offset 151060480
10:28:59.484    Disk 0 scanning sectors +156299264
10:28:59.624    Disk 0 scanning C:\Windows\system32\drivers
10:29:16.550    Service scanning
10:29:48.920    Modules scanning
10:29:58.920    Disk 0 trace - called modules:
10:29:58.951    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
10:29:58.967    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8572f030]
10:29:58.967    3 CLASSPNP.SYS[837db59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x852f8908]
10:30:00.449    AVAST engine scan C:\Windows
10:30:03.896    AVAST engine scan C:\Windows\system32
10:33:47.289    AVAST engine scan C:\Windows\system32\drivers
10:34:05.759    AVAST engine scan C:\Users\Busa
10:35:04.743    Disk 0 MBR has been saved successfully to "C:\Users\Busa\Desktop\MBR.dat"
10:35:04.759    The log file has been saved successfully to "C:\Users\Busa\Desktop\aswMBR.txt"

 



#38 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 09:46 AM

Good question.  Just go ahead and run the scan first....if malware is found then we can clean it up.  :)


Posted Image
 
 

#39 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 30 December 2013 - 10:05 AM

Ok, Scan has finished, No Malware was found.

 

====================================================

 

I should mention that the symptoms appear to keep changing slightly on the laptop.

 

At least for today, the system no longer beeps during the boot process.

Instead it has been replaced with a nondescript popup when I finish boot that says "Can not access the local server", with no other information added.  It pops up 3 times and then goes away

 

Other symptoms that remain include:

*When trying to perform a clean shut down, the computer continues to hang at the "Shutting down" screen and then I need to hold the power button down to get out of this state.

*When trying to boot, the Windows XE Loader still is a choice during the boot process

*Uninstalling continues to not work, usually hangs on the "Gathering Required information" screen



#40 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 11:49 AM

N4qAiMQ.jpgFRST

Download the 32 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

----------


Posted Image
 
 

    Advertisements

Register to Remove


#41 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 30 December 2013 - 12:08 PM

Here is the frst log

 

==============

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2013 01
Ran by SYSTEM on MININT-UT0514A on 30-12-2013 13:05:59
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\McAfee\Common Framework\UdaterUI.exe [161088 2011-01-12] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe [215360 2011-01-12] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

========================== Services (Whitelisted) =================

S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32408 2010-10-18] (Google Inc)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S1 MpKsl433457a4; C:\Windows\system32\MpEngineStore\MpKsl433457a4.sys [40392 2013-10-28] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [113432 2011-03-07] (ZTE Incorporated)
S3 catchme; \??\C:\Users\Busa\AppData\Local\Temp\catchme.sys [x]
S1 MpKsl05c06806; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl05c06806.sys [x]
S1 MpKsl0a723b1b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl0a723b1b.sys [x]
S1 MpKsl173b0bfe; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl173b0bfe.sys [x]
S1 MpKsl3ec561c4; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl3ec561c4.sys [x]
S1 MpKsl42d20d8c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl42d20d8c.sys [x]
S1 MpKsl531712b5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl531712b5.sys [x]
S1 MpKsl56479291; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl56479291.sys [x]
S1 MpKsl567cd4ca; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl567cd4ca.sys [x]
S1 MpKsl5c09c013; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl5c09c013.sys [x]
S1 MpKsl62582d91; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl62582d91.sys [x]
S1 MpKsl6b852b6f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl6b852b6f.sys [x]
S1 MpKsl6d1a139a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl6d1a139a.sys [x]
S1 MpKsl72991219; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl72991219.sys [x]
S1 MpKsl783f7958; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl783f7958.sys [x]
S1 MpKsl8c99a18f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl8c99a18f.sys [x]
S1 MpKsl9d9e2965; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl9d9e2965.sys [x]
S1 MpKsl9e5d3c7a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsl9e5d3c7a.sys [x]
S1 MpKsla090ee3b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsla090ee3b.sys [x]
S1 MpKslb1514709; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslb1514709.sys [x]
S1 MpKslb1b46087; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslb1b46087.sys [x]
S1 MpKslbaeaec6f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslbaeaec6f.sys [x]
S1 MpKslbc126b3d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslbc126b3d.sys [x]
S1 MpKslc2ea08a6; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslc2ea08a6.sys [x]
S1 MpKslc5965bac; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslc5965bac.sys [x]
S1 MpKslc7c28cb0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslc7c28cb0.sys [x]
S1 MpKsld6bd47db; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsld6bd47db.sys [x]
S1 MpKsld81027f9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsld81027f9.sys [x]
S1 MpKsld849d12f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsld849d12f.sys [x]
S1 MpKslda6f8fb7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslda6f8fb7.sys [x]
S1 MpKslddc61595; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslddc61595.sys [x]
S1 MpKsleff99713; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKsleff99713.sys [x]
S1 MpKslf28e4fd4; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslf28e4fd4.sys [x]
S1 MpKslface65c7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslface65c7.sys [x]
S1 MpKslfba52fc5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4A00F3-BEA8-4CB8-8925-37FBF3249625}\MpKslfba52fc5.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-30 13:05 - 2013-12-30 13:05 - 00000000 ____D C:\FRST
2013-12-30 07:40 - 2013-12-30 07:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-30 07:40 - 2013-12-30 07:40 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-12-30 07:39 - 2013-12-30 07:55 - 00000000 ____D C:\Users\Busa\Desktop\mbar
2013-12-30 07:39 - 2013-12-30 07:39 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-12-30 07:35 - 2013-12-30 07:35 - 00002061 _____ C:\Users\Busa\Desktop\aswMBR.txt
2013-12-30 07:35 - 2013-12-30 07:35 - 00000512 _____ C:\Users\Busa\Desktop\MBR.dat
2013-12-30 07:16 - 2013-12-30 07:16 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Busa\Desktop\mbar-1.07.0.1008.exe
2013-12-30 07:16 - 2013-12-30 07:16 - 04745728 _____ (AVAST Software) C:\Users\Busa\Desktop\aswMBR.exe
2013-12-28 07:44 - 2013-12-28 07:44 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2013-12-27 06:27 - 2013-12-27 06:27 - 00000259 _____ C:\Users\Busa\Desktop\ckfiles.txt
2013-12-27 06:21 - 2013-12-27 06:21 - 00468480 _____ () C:\Users\Busa\Desktop\CKScanner.exe
2013-12-26 19:16 - 2013-12-26 19:16 - 00002779 _____ C:\Users\Busa\Desktop\FSS1.txt
2013-12-26 10:14 - 2013-12-26 10:59 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-26 10:00 - 2013-12-26 10:00 - 00002123 _____ C:\Users\Busa\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-12-26 10:00 - 2013-12-26 10:00 - 00000000 ____D C:\Program Files\Tweaking.com
2013-12-26 09:57 - 2013-12-26 09:58 - 05045639 _____ C:\Users\Busa\Desktop\tweaking.com_windows_repair_aio_setup.exe
2013-12-26 09:21 - 2013-12-26 19:15 - 00002779 _____ C:\Users\Busa\Desktop\FSS.txt
2013-12-26 09:19 - 2013-12-26 09:19 - 00708597 _____ (Farbar) C:\Users\Busa\Desktop\FSS.exe
2013-12-26 08:41 - 2013-12-26 08:41 - 00899584 _____ C:\Users\Busa\Downloads\MicrosoftFixit50535.msi
2013-12-25 11:05 - 2013-12-25 11:05 - 00023031 _____ C:\ComboFix.txt
2013-12-22 15:37 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-22 15:37 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-22 15:37 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-22 15:37 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-22 15:37 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-22 15:37 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-22 15:37 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-22 15:37 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-22 15:35 - 2013-12-25 11:05 - 00000000 ____D C:\Qoobox
2013-12-22 15:34 - 2013-12-22 15:46 - 00000000 ____D C:\Windows\erdnt
2013-12-22 15:33 - 2013-12-25 10:53 - 05158070 ____R (Swearware) C:\Users\Busa\Desktop\ComboFix.exe
2013-12-22 13:55 - 2013-12-22 13:55 - 00005985 _____ C:\Users\Busa\Desktop\AdwCleaner[R0].txt
2013-12-22 13:49 - 2013-12-22 13:50 - 00000000 ____D C:\AdwCleaner
2013-12-22 13:41 - 2013-12-22 13:41 - 04101441 _____ C:\Users\Busa\Desktop\tdsskiller.zip
2013-12-22 13:39 - 2013-12-22 13:39 - 00053353 _____ C:\Users\Busa\Desktop\attach.txt
2013-12-22 13:39 - 2013-12-22 13:39 - 00021885 _____ C:\Users\Busa\Desktop\dds.txt
2013-12-22 13:31 - 2013-12-22 13:31 - 01226750 _____ C:\Users\Busa\Desktop\AdwCleaner.exe
2013-12-22 13:27 - 2013-12-22 13:27 - 00688992 ____R (Swearware) C:\Users\Busa\Desktop\dds.com
2013-12-17 22:48 - 2013-12-17 22:48 - 00152024 _____ C:\Windows\Minidump\121813-23634-01.dmp
2013-12-17 04:41 - 2013-12-17 20:41 - 00000000 ____D C:\2877ecef3e25d9c8e3
2013-12-15 14:38 - 2013-12-15 14:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-15 14:36 - 2013-12-26 22:21 - 00000000 ____D C:\Users\Busa\AppData\Roaming\SUPERAntiSpyware.com
2013-12-15 14:36 - 2013-12-26 20:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-15 14:33 - 2009-07-10 09:04 - 06568480 _____ C:\Users\Busa\Desktop\SUPERAntiSpyware.exe
2013-12-13 19:22 - 2013-12-13 19:22 - 00152016 _____ C:\Windows\Minidump\121313-26083-01.dmp
2013-12-13 18:25 - 2013-12-13 18:25 - 00152016 _____ C:\Windows\Minidump\121313-19156-01.dmp
2013-12-13 17:25 - 2013-12-13 17:26 - 00152024 _____ C:\Windows\Minidump\121313-17596-01.dmp
2013-12-13 16:24 - 2013-12-13 16:25 - 00152016 _____ C:\Windows\Minidump\121313-20701-01.dmp
2013-12-13 15:22 - 2013-12-13 15:23 - 00152016 _____ C:\Windows\Minidump\121313-19047-01.dmp
2013-12-13 14:38 - 2013-12-13 14:39 - 00152016 _____ C:\Windows\Minidump\121313-18298-02.dmp
2013-12-13 13:38 - 2013-12-13 13:38 - 00152016 _____ C:\Windows\Minidump\121313-18252-01.dmp
2013-12-13 12:41 - 2013-12-13 12:41 - 00152024 _____ C:\Windows\Minidump\121313-18064-01.dmp
2013-12-13 11:42 - 2013-12-13 11:42 - 00152016 _____ C:\Windows\Minidump\121313-18174-01.dmp
2013-12-13 10:51 - 2013-12-13 10:51 - 00152016 _____ C:\Windows\Minidump\121313-18454-01.dmp
2013-12-13 09:53 - 2013-12-13 09:53 - 00152024 _____ C:\Windows\Minidump\121313-17456-01.dmp
2013-12-13 08:51 - 2013-12-13 08:51 - 00152016 _____ C:\Windows\Minidump\121313-19281-01.dmp
2013-12-13 07:48 - 2013-12-13 07:48 - 00152016 _____ C:\Windows\Minidump\121313-17238-01.dmp
2013-12-13 06:50 - 2013-12-13 06:51 - 00152024 _____ C:\Windows\Minidump\121313-16754-01.dmp
2013-12-13 06:06 - 2013-12-13 06:07 - 00152016 _____ C:\Windows\Minidump\121313-17768-01.dmp
2013-12-13 05:04 - 2013-12-13 05:04 - 00152016 _____ C:\Windows\Minidump\121313-18330-01.dmp
2013-12-13 04:02 - 2013-12-13 04:02 - 00152024 _____ C:\Windows\Minidump\121313-19702-02.dmp
2013-12-13 03:09 - 2013-12-13 03:09 - 00152016 _____ C:\Windows\Minidump\121313-18298-01.dmp
2013-12-13 02:23 - 2013-12-13 02:23 - 00152024 _____ C:\Windows\Minidump\121313-19234-01.dmp
2013-12-13 01:20 - 2013-12-13 01:21 - 00152016 _____ C:\Windows\Minidump\121313-19796-01.dmp
2013-12-13 00:32 - 2013-12-13 00:33 - 00152016 _____ C:\Windows\Minidump\121313-21325-01.dmp
2013-12-12 23:36 - 2013-12-12 23:36 - 00152024 _____ C:\Windows\Minidump\121313-20014-01.dmp
2013-12-12 22:39 - 2013-12-12 22:39 - 00152016 _____ C:\Windows\Minidump\121313-23493-01.dmp
2013-12-12 21:43 - 2013-12-12 21:43 - 00152016 _____ C:\Windows\Minidump\121313-20404-01.dmp
2013-12-12 20:42 - 2013-12-12 20:42 - 00152016 _____ C:\Windows\Minidump\121213-20092-01.dmp
2013-12-12 19:21 - 2013-12-12 19:21 - 00152016 _____ C:\Windows\Minidump\121213-24960-01.dmp
2013-12-12 18:28 - 2013-12-17 22:48 - 161782712 _____ C:\Windows\MEMORY.DMP
2013-12-12 18:28 - 2013-12-12 18:28 - 00152024 _____ C:\Windows\Minidump\121213-28064-01.dmp
2013-12-12 15:33 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-12 15:33 - 2013-11-26 00:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-12 15:32 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-12 15:32 - 2013-11-26 01:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-12 15:32 - 2013-11-26 00:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-12 15:32 - 2013-11-26 00:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-12 15:32 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-12 15:32 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-12 15:32 - 2013-11-26 00:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-12 15:32 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-12 15:32 - 2013-11-26 00:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-12 15:32 - 2013-11-26 00:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-12 15:32 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-12 15:32 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-12 15:32 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-12 15:32 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-12 15:32 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-12 15:32 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-12 15:32 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-12 15:26 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-12 15:25 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-11 15:03 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-12-11 15:03 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\System32\msieftp.dll
2013-12-11 15:03 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-11 15:02 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-12-11 15:02 - 2013-10-29 17:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-12-11 15:02 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2013-12-11 15:02 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2013-12-11 15:02 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2013-12-11 15:02 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2013-12-11 15:01 - 2013-10-03 17:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2013-12-11 15:01 - 2013-10-03 17:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2013-12-04 19:27 - 2013-12-04 19:27 - 00152024 _____ C:\Windows\Minidump\120413-16972-01.dmp
2013-12-02 18:50 - 2013-12-02 18:50 - 00152024 _____ C:\Windows\Minidump\120213-17596-01.dmp

==================== One Month Modified Files and Folders =======

2013-12-30 13:05 - 2013-12-30 13:05 - 00000000 ____D C:\FRST
2013-12-30 10:02 - 2009-07-13 20:39 - 00088405 _____ C:\Windows\setupact.log
2013-12-30 10:02 - 2009-07-13 20:34 - 00014592 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 10:02 - 2009-07-13 20:34 - 00014592 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-30 08:31 - 2011-08-24 17:29 - 01838935 _____ C:\Windows\WindowsUpdate.log
2013-12-30 08:06 - 2011-08-24 14:56 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-30 07:55 - 2013-12-30 07:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-30 07:55 - 2013-12-30 07:39 - 00000000 ____D C:\Users\Busa\Desktop\mbar
2013-12-30 07:40 - 2013-12-30 07:40 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-12-30 07:39 - 2013-12-30 07:39 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-12-30 07:35 - 2013-12-30 07:35 - 00002061 _____ C:\Users\Busa\Desktop\aswMBR.txt
2013-12-30 07:35 - 2013-12-30 07:35 - 00000512 _____ C:\Users\Busa\Desktop\MBR.dat
2013-12-30 07:16 - 2013-12-30 07:16 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Busa\Desktop\mbar-1.07.0.1008.exe
2013-12-30 07:16 - 2013-12-30 07:16 - 04745728 _____ (AVAST Software) C:\Users\Busa\Desktop\aswMBR.exe
2013-12-28 07:44 - 2013-12-28 07:44 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2013-12-27 06:27 - 2013-12-27 06:27 - 00000259 _____ C:\Users\Busa\Desktop\ckfiles.txt
2013-12-27 06:21 - 2013-12-27 06:21 - 00468480 _____ () C:\Users\Busa\Desktop\CKScanner.exe
2013-12-26 22:21 - 2013-12-15 14:36 - 00000000 ____D C:\Users\Busa\AppData\Roaming\SUPERAntiSpyware.com
2013-12-26 20:15 - 2013-12-15 14:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-26 19:16 - 2013-12-26 19:16 - 00002779 _____ C:\Users\Busa\Desktop\FSS1.txt
2013-12-26 19:15 - 2013-12-26 09:21 - 00002779 _____ C:\Users\Busa\Desktop\FSS.txt
2013-12-26 19:10 - 2011-08-29 15:35 - 00064400 _____ C:\Users\Busa\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 19:07 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-26 19:07 - 2009-07-13 20:33 - 00302088 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-26 19:06 - 2011-08-24 20:22 - 00034964 _____ C:\Windows\PFRO.log
2013-12-26 10:59 - 2013-12-26 10:14 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-26 10:00 - 2013-12-26 10:00 - 00002123 _____ C:\Users\Busa\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-12-26 10:00 - 2013-12-26 10:00 - 00000000 ____D C:\Program Files\Tweaking.com
2013-12-26 09:58 - 2013-12-26 09:57 - 05045639 _____ C:\Users\Busa\Desktop\tweaking.com_windows_repair_aio_setup.exe
2013-12-26 09:19 - 2013-12-26 09:19 - 00708597 _____ (Farbar) C:\Users\Busa\Desktop\FSS.exe
2013-12-26 08:41 - 2013-12-26 08:41 - 00899584 _____ C:\Users\Busa\Downloads\MicrosoftFixit50535.msi
2013-12-25 11:05 - 2013-12-25 11:05 - 00023031 _____ C:\ComboFix.txt
2013-12-25 11:05 - 2013-12-22 15:35 - 00000000 ____D C:\Qoobox
2013-12-25 11:02 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
2013-12-25 10:53 - 2013-12-22 15:33 - 05158070 ____R (Swearware) C:\Users\Busa\Desktop\ComboFix.exe
2013-12-24 06:32 - 2011-10-02 08:34 - 00002086 _____ C:\Windows\epplauncher.mif
2013-12-22 15:48 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2013-12-22 15:46 - 2013-12-22 15:34 - 00000000 ____D C:\Windows\erdnt
2013-12-22 15:45 - 2009-07-13 18:04 - 00000027 _____ C:\Windows\System32\Drivers\etc\hosts_bak_661
2013-12-22 13:55 - 2013-12-22 13:55 - 00005985 _____ C:\Users\Busa\Desktop\AdwCleaner[R0].txt
2013-12-22 13:50 - 2013-12-22 13:49 - 00000000 ____D C:\AdwCleaner
2013-12-22 13:42 - 2013-11-18 06:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Busa\Desktop\TDSSKiller.exe
2013-12-22 13:41 - 2013-12-22 13:41 - 04101441 _____ C:\Users\Busa\Desktop\tdsskiller.zip
2013-12-22 13:39 - 2013-12-22 13:39 - 00053353 _____ C:\Users\Busa\Desktop\attach.txt
2013-12-22 13:39 - 2013-12-22 13:39 - 00021885 _____ C:\Users\Busa\Desktop\dds.txt
2013-12-22 13:31 - 2013-12-22 13:31 - 01226750 _____ C:\Users\Busa\Desktop\AdwCleaner.exe
2013-12-22 13:27 - 2013-12-22 13:27 - 00688992 ____R (Swearware) C:\Users\Busa\Desktop\dds.com
2013-12-20 22:36 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-12-20 14:11 - 2009-07-13 20:34 - 00009216 _____ C:\Windows\System32\umstartup.etl
2013-12-17 22:48 - 2013-12-17 22:48 - 00152024 _____ C:\Windows\Minidump\121813-23634-01.dmp
2013-12-17 22:48 - 2013-12-12 18:28 - 161782712 _____ C:\Windows\MEMORY.DMP
2013-12-17 22:48 - 2012-01-09 14:50 - 00000000 ____D C:\Windows\Minidump
2013-12-17 20:41 - 2013-12-17 04:41 - 00000000 ____D C:\2877ecef3e25d9c8e3
2013-12-17 14:12 - 2013-09-19 13:32 - 00001534 _____ C:\Users\Busa\AppData\Roaming\Sketchpad 5 Preferences.dat
2013-12-17 04:41 - 2013-08-14 23:12 - 00000000 ____D C:\Windows\System32\MRT
2013-12-17 03:49 - 2011-08-24 18:26 - 00000000 ____D C:\Program Files\Google
2013-12-16 16:29 - 2012-02-26 12:11 - 00000000 ____D C:\Windows\System32\appmgmt
2013-12-15 14:47 - 2011-08-24 18:26 - 00000000 ____D C:\Users\Busa\AppData\Local\Google
2013-12-15 14:46 - 2013-05-17 13:45 - 00000000 ____D C:\Users\Busa\AppData\Local\Unity
2013-12-15 14:38 - 2013-12-15 14:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-14 13:25 - 2011-10-16 08:01 - 00000000 ____D C:\Users\Busa\Desktop\Other
2013-12-13 19:22 - 2013-12-13 19:22 - 00152016 _____ C:\Windows\Minidump\121313-26083-01.dmp
2013-12-13 18:25 - 2013-12-13 18:25 - 00152016 _____ C:\Windows\Minidump\121313-19156-01.dmp
2013-12-13 17:26 - 2013-12-13 17:25 - 00152024 _____ C:\Windows\Minidump\121313-17596-01.dmp
2013-12-13 16:25 - 2013-12-13 16:24 - 00152016 _____ C:\Windows\Minidump\121313-20701-01.dmp
2013-12-13 15:23 - 2013-12-13 15:22 - 00152016 _____ C:\Windows\Minidump\121313-19047-01.dmp
2013-12-13 14:39 - 2013-12-13 14:38 - 00152016 _____ C:\Windows\Minidump\121313-18298-02.dmp
2013-12-13 13:38 - 2013-12-13 13:38 - 00152016 _____ C:\Windows\Minidump\121313-18252-01.dmp
2013-12-13 12:41 - 2013-12-13 12:41 - 00152024 _____ C:\Windows\Minidump\121313-18064-01.dmp
2013-12-13 11:42 - 2013-12-13 11:42 - 00152016 _____ C:\Windows\Minidump\121313-18174-01.dmp
2013-12-13 10:51 - 2013-12-13 10:51 - 00152016 _____ C:\Windows\Minidump\121313-18454-01.dmp
2013-12-13 09:53 - 2013-12-13 09:53 - 00152024 _____ C:\Windows\Minidump\121313-17456-01.dmp
2013-12-13 08:51 - 2013-12-13 08:51 - 00152016 _____ C:\Windows\Minidump\121313-19281-01.dmp
2013-12-13 07:48 - 2013-12-13 07:48 - 00152016 _____ C:\Windows\Minidump\121313-17238-01.dmp
2013-12-13 06:51 - 2013-12-13 06:50 - 00152024 _____ C:\Windows\Minidump\121313-16754-01.dmp
2013-12-13 06:07 - 2013-12-13 06:06 - 00152016 _____ C:\Windows\Minidump\121313-17768-01.dmp
2013-12-13 05:04 - 2013-12-13 05:04 - 00152016 _____ C:\Windows\Minidump\121313-18330-01.dmp
2013-12-13 04:02 - 2013-12-13 04:02 - 00152024 _____ C:\Windows\Minidump\121313-19702-02.dmp
2013-12-13 03:09 - 2013-12-13 03:09 - 00152016 _____ C:\Windows\Minidump\121313-18298-01.dmp
2013-12-13 02:23 - 2013-12-13 02:23 - 00152024 _____ C:\Windows\Minidump\121313-19234-01.dmp
2013-12-13 01:21 - 2013-12-13 01:20 - 00152016 _____ C:\Windows\Minidump\121313-19796-01.dmp
2013-12-13 00:33 - 2013-12-13 00:32 - 00152016 _____ C:\Windows\Minidump\121313-21325-01.dmp
2013-12-12 23:36 - 2013-12-12 23:36 - 00152024 _____ C:\Windows\Minidump\121313-20014-01.dmp
2013-12-12 22:39 - 2013-12-12 22:39 - 00152016 _____ C:\Windows\Minidump\121313-23493-01.dmp
2013-12-12 21:43 - 2013-12-12 21:43 - 00152016 _____ C:\Windows\Minidump\121313-20404-01.dmp
2013-12-12 20:42 - 2013-12-12 20:42 - 00152016 _____ C:\Windows\Minidump\121213-20092-01.dmp
2013-12-12 19:21 - 2013-12-12 19:21 - 00152016 _____ C:\Windows\Minidump\121213-24960-01.dmp
2013-12-12 19:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 18:28 - 2013-12-12 18:28 - 00152024 _____ C:\Windows\Minidump\121213-28064-01.dmp
2013-12-12 15:37 - 2012-11-14 15:07 - 00001058 _____ C:\Users\Busa\.drjava
2013-12-12 15:37 - 2011-08-24 14:53 - 00000000 ____D C:\users\Busa
2013-12-12 15:32 - 2011-08-24 17:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 15:35 - 2012-04-26 17:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-12-10 15:35 - 2011-08-24 20:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-12-04 19:27 - 2013-12-04 19:27 - 00152024 _____ C:\Windows\Minidump\120413-16972-01.dmp
2013-12-02 18:50 - 2013-12-02 18:50 - 00152024 _____ C:\Windows\Minidump\120213-17596-01.dmp
2013-12-01 11:42 - 2011-08-24 15:36 - 88123800 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-30 08:20:22

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 1014.04 MB
Available physical RAM: 652.18 MB
Total Pagefile: 1014.04 MB
Available Pagefile: 650.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.15 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:62.22 GB) (Free:18.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:9.77 GB) (Free:9.69 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:6.52 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=62 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-12-30 08:21

==================== End Of Log ============================



#42 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 30 December 2013 - 02:03 PM

Now that the computer has some basic life in normal mode, is it worthwhile re-running any of the earlier programs I only ran in safe mode?



#43 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 02:53 PM

Please go to the page found here and run the FixIt button. 
 
Once complete....please do the following...
 
First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste

chkdsk /r

Press Enter and then follow all instructions.
 
When that is complete, please try to run Windows Update and tell me what happens.


Posted Image
 
 

#44 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 203 posts

Posted 30 December 2013 - 03:32 PM

After running Fix It, it is asking me to reset the machine.

 

Should I do that before moving on to chkdsk?


Edited by maldini, 30 December 2013 - 03:39 PM.


#45 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 03:40 PM

Yes please do so.  :)


Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users