Tech Support Forum banner
Status
Not open for further replies.

post-malware removal multiple windows issues

3K views 12 replies 2 participants last post by  boreal 
#1 ·
Hello

I posted a request for help resolving what I believe are corrupt system files caused by a malware infection. The malware was found and "removed" about three months ago but many problems remain.

Kaspersky Internet Security 2013 full scan advises no threats found.

Antimalwarebytes scan reports no threats found.

I was asked to repost here with the appropriate logs to ensure all the malware has in fact been removed.

Here is the dds.txt info:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.60.2
Run by Meghan at 22:35:38 on 2014-08-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.3070.1979 [GMT -5:00]
.
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\OCHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office 15\root\office15\grooveex.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
dRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: windowsupdate.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-ca/wlscctrl2.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7CC7AE1F-6480-4577-8089-F87D772C89B6} : NameServer = 192.168.100.6
TCP: Interfaces\{A2D4EC5C-EF9E-434B-9591-1C573DB4C5E7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A2D4EC5C-EF9E-434B-9591-1C573DB4C5E7}\055726C69636 : DHCPNameServer = 192.168.100.6 192.168.100.15
TCP: Interfaces\{A2D4EC5C-EF9E-434B-9591-1C573DB4C5E7}\14355535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A2D4EC5C-EF9E-434B-9591-1C573DB4C5E7}\2556164696E67602059647 : DHCPNameServer = 192.168.100.15 192.168.100.6
TCP: Interfaces\{A2D4EC5C-EF9E-434B-9591-1C573DB4C5E7}\25F6F6D6021373 : DHCPNameServer = 192.168.100.15 192.168.100.6
TCP: Interfaces\{A2D4EC5C-EF9E-434B-9591-1C573DB4C5E7}\D4243494D27495D4D21405 : DHCPNameServer = 192.168.100.6 192.168.100.15
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\msosb.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\meghan\appdata\roaming\mozilla\firefox\profiles\ar2uqluq.default-1380500092505\
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\my image garden\addon\cig\npmigfpi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft office 15\root\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft office 15\root\vfs\programfilesx86\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1211151.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1212152.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2011-8-17 83392]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 25696]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-1-14 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-1-14 356128]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\microsoft office 15\clientx86\officeclicktorun.exe [2014-3-18 1617072]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-8-17 5120]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-12-20 211984]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-1-14 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-1-14 25696]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-31 6639616]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-29 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-13 187904]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 hpd007;HP-hpd007;c:\windows\system32\drivers\hpd007.sys [2011-5-24 12288]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-4 15872]
S3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkTMini.sys [2014-7-17 468096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-4 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2011-1-12 16640]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
S4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S4 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-7-23 438616]
S4 gupdate1ca0a67937fe0e1;Google Update Service (gupdate1ca0a67937fe0e1);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S4 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2012-1-14 54136]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
S4 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]
.
=============== Created Last 30 ================
.
2014-08-24 23:25:40 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8179f7c6-70b3-4d8f-bf32-12439900f814}\offreg.dll
2014-08-24 17:42:55 -------- d-----w- C:\$WINDOWS.~LS
2014-08-24 17:35:13 -------- d-----w- C:\$UPGRADE.~OS
2014-08-24 17:34:18 -------- d-----w- C:\$WINDOWS.~BT
2014-08-24 17:28:59 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8179f7c6-70b3-4d8f-bf32-12439900f814}\mpengine.dll
2014-08-23 23:55:07 -------- d-----w- c:\windows\system32\catroot2
2014-08-23 23:45:13 -------- d-----w- c:\windows\system32\wbem\repository
2014-08-23 21:56:05 -------- d-----w- c:\windows\system32\wbem\repository.002
2014-08-23 20:57:30 -------- d-----w- c:\windows\pss
2014-08-23 20:51:52 -------- d-----w- C:\RegBackup
2014-08-23 17:24:57 -------- d-----w- c:\program files\Tweaking.com
2014-08-21 22:12:15 -------- d-----w- c:\windows\system32\%Report%
2014-08-21 22:12:15 -------- d-----w- c:\windows\system32\%DataRoot%
2014-08-18 21:17:18 -------- d-----w- c:\users\meghan\appdata\local\Adobe
2014-08-10 19:12:49 -------- d-----w- C:\MATS
2014-08-05 17:20:22 227728 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-08-05 17:20:22 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-08-01 09:53:45 -------- d-sh--w- C:\found.000
2014-07-30 04:03:52 -------- d-----w- c:\windows\SoftwareDistribution.old
2014-07-30 03:30:12 -------- d-----w- c:\program files\CCleaner
2014-07-29 18:31:05 119808 ----a-r- c:\users\meghan\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe
.
==================== Find3M ====================
.
2014-08-23 17:35:19 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 17:18:50 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 17:18:50 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-05 14:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-02 19:26:07 110296 ----a-w- c:\windows\system32\drivers\4CB859F5.sys
2014-06-13 02:20:04 110296 ----a-w- c:\windows\system32\drivers\3EAE77DF.sys
2014-06-09 00:37:05 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2009-06-24 23:41:37 106496 ----a-w- c:\program files\ADRC Hard Disk Checker 1.01.exe
2009-06-24 23:36:24 135168 ----a-w- c:\program files\ARDC Data Recovery Tools 1.1.exe
.
============= FINISH: 22:37:34.94 ===============

My original post outlining some of the residual issues:
post-malware removal multiple windows issues
Hello All

Windows 7 32-bit, SP1
Toshiba Satellite Pro Laptop

I need some help resolving post-malware removal issues with my computer.

Malware slipped by my paid for Anti-virus software. I began to suspect issues I was having were caused by something nasty. After some research, I downloaded Anti-Malwarebytes and removed several infections.

I am having numerous problems with Windows.

1. I am now having problems with Windows Update. Despite running many fixit tools, windows update is still not running properly. Currently, shortly after startup, a message appears in the bottom right corner which tells me updates are available for my computer. Click here to .... I open Windows update and search for updates. I get error message 80080005. Searching this error produces few results. My computer also says most recent check for updates: Never. Updates were installed: Never.

Periodically when I go to shutdown the computer there will be updates to install. Several of these were for Microsoft Office 2010 though it has been uninstalled and I have used the Windows tool to remove it as well as Revo. Fewer Office updates now appear but some persist. The last five times, the same five updates have been intalled "successfully" over and over. (including 1 Office 2010 update)

2. I cannot run sfc /scannow. (Not from windows repair, not from safe mode, not from an elevated command prompt...)

3. I have tried to repair Windows 7 from DVD. This fails.

4. I have tried tweaking.com's Windows Repair Tool - All In One and the problems persist.

Three months later I can't remember all the things I have tried.

There is no pre-malware restore point that I can find, even when I ask to see more restore points. I guess at some time older points are deleted.

Can anyone help? I am at this :banghead:

All software is legal.
Yes I have a full install DVD for Windows 7

Thanks to all who volunteer here.
 

Attachments

See less See more
#2 ·
132 hour bump - malware removal confirmation requested

Hi folks

I know you all are busy. Can someone please check my scans to confirm that Anti-malwarebytes and Kaspersky Internet Security have in fact removed all the nastiness from this computer

Thank you so much:banghead:
 
#3 ·
Hello boreal,

If the 'fixing' was done 3 months ago, we could be hard-pressed to see if anything active remains. As you can see, the log output is limited to Files and Folders Created in the last 30 days.

To help you, I'm going to need much more detail:

1. What infection was originally found and 'cleaned'
2. What tools were used?
3. If you had help from another forum, can you provide a link?
 
#4 ·
Yes the infection was dealt with more than three months ago.

The malware got past Kaspersky Internet Security with no alarm and regular scans. When I concluded that the weird behaviour on my computer must be malware, I downloaded and used Anti-malwarebytes to detect and remove it. I used another program that I cannot remember. It has been removed from the computer.

I did not post to any forums for malware removal help. I thought I had solved the problem by using Anti-malwarebytes.

I posted in the windows forum asking for help with the windows issues and was asked to post my logs here.

Tell me what to do and I will do my best to provide what ever information helps.

I am convinced I have corrupt dll files.
 
#5 ·
Ok, I'd like to try to get a bit more info if I can.

You used Malwarebytes Anti-Malware, correct? I'd like to see the scan log that shows what was detected and removed.

To send me the log, launch Malwarebytes Anti Malware by double clicking the icon on the desktop.

When it opens, look across the top and click 'History'

In the next window that opens, look on the left hand side and click 'Application Logs'

Double click on the SCAN log which shows the Date and time of the scan just performed.

  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the file name: box, type a name for your scan log.
  • A message box indicating 'File Saved' should appear.
  • Click ok.
  • Attach that log to your next reply.


Next, please download Farbar Recovery Scan Tool from here Farbar Recovery Scan Tool Download and save it to your desktop.

Note: You need to run the version compatible with your system, for you this would be the 32-bit version. **After you click the Download Now 32-bit, another page will open -- DO NOT CLICK ANY ADDITIONAL 'download now' buttons, just wait and look toward the bottom of your browser for the option to Run or Save. Click Save.

•Double-click to run it. When the tool opens click Yes to the disclaimer.

•Click the Scan button.

•When the scan has finished, it will make a log (FRST.txt) in the same directory the tool is run. Please attach the FRST.txt in your reply.

•The first time the tool is run, it also creates another log named Addition.txt. Please attach that to your next reply as well.
 
#7 ·
Ah, thank you very much. :smile:

Launch Malwarebytes Anti-Malware and click Settings>Protection and detection, then place a check in the box next to 'Scan for Rootkits'

Now please run a scan and allow it to clean anything it finds.

If the scan was clean, please navigate to C:\Program Files\Malwarebytes Anti-Malware\Plugins\fixdamage.exe

Double click fixdamage.exe and follow the prompts. Reboot the machine when done if the program does not prompt you to do so.

See if the Windows Updates complete and if you can run sfc /scannow. Let me know if those problems are still there.
 
#8 ·
Antimalwarebytes scan ran with no issues found. Log is attached if that helps.

Windows update still results in the 80080005 error.

sfc /scannow is still unable to run.

Should I try running the window update fixit tool again?

Should I try the windows 7 repair from the disk again?

Thanks
 

Attachments

#9 ·
You ran the fixdamage.exe correct?

What happens when you try to run sfc /scannow?

please download Farbar Service Scanner and run it on the computer with the issue
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
#10 · (Edited)
The sfc /scannow gives this message:
Windows Resource Protection could not start the repair service

This was from Administrator: Command Prompt.

Yes, I ran fixdamage.exe but it did not show anything in particular that I could see. The malwarebytes log was attached to my last post if it shows you anything.

I ran the Farbar tool and the report is attached to my last post. The options I had checked were:
Registry
Services
Drivers
Processes
Internet
The optional items I did not have checked are:
List BCD
Drivers MD5
Shortcut.txt
Addition.txt
Would you like me to run it again with any of these checked?

Thanks
 

Attachments

#12 ·
Hi boreal,

After researching that error a bit, there's not much I can do for you. Most people end up reinstalling Windows or performing a Repair Install.

The malware is gone, but unfortunately, the damage the infection did to the computer cannot be undone. I recommend you go back to the Windows 7 forum and seek their advice for further troubleshooting or the options available to you.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top