WiredWX Hobby Weather ToolsLog in

 


ServicePackFiles i386 services.exe

2 posters

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


ServicePackFiles i386 services.exe - Page 2 Tdss_1

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

ServicePackFiles i386 services.exe - Page 2 Tdss_2

------------------------

Click the Start Scan button.

ServicePackFiles i386 services.exe - Page 2 Tdss_3

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


ServicePackFiles i386 services.exe - Page 2 Tdss_4

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


ServicePackFiles i386 services.exe - Page 2 Tdss_5


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
Mayday! So, I read your reply, but I can't do anything. My mouse is frozen. I disconnected it and tried it on my laptop and the mouse worked fine. Reconnected to my PC and it's frozen. Tried rebooting my PC...frozen. Did any of the above do anything that could cause this? Ack!

BTW, thank you for all the help. I'd be utterly lost.

descriptionServicePackFiles i386 services.exe - Page 2 Emptykiller log

more_horiz
The mouse is working periodically, so I can post for now.

descriptionServicePackFiles i386 services.exe - Page 2 EmptyKiller log double check

more_horiz
I couldn't see the log, so I'm going to repost. If I do this twice, I'm sorry. I "used" to be fairly computer literate. Ugh.

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


ServicePackFiles i386 services.exe - Page 2 AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop
    ServicePackFiles i386 services.exe - Page 2 AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review

descriptionServicePackFiles i386 services.exe - Page 2 EmptyaswMBR

more_horiz
It asked me whether to run a QuickScan, c:, etc. I chose c:.



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-06 07:50:18
-----------------------------
07:50:18.453 OS Version: Windows 5.1.2600 Service Pack 3
07:50:18.453 Number of processors: 1 586 0x2701
07:50:18.453 ComputerName: YOUR-2EFBFD6E73 UserName: Owner
07:50:22.718 Initialize success
07:52:53.562 AVAST engine defs: 12090600
08:43:28.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:43:28.812 Disk 0 Vendor: ST3200827A 3.AAE Size: 190782MB BusType: 3
08:43:28.843 Disk 0 MBR read successfully
08:43:28.843 Disk 0 MBR scan
08:43:29.437 Disk 0 unknown MBR code
08:43:29.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 186567 MB offset 8626905
08:43:29.468 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4212 MB offset 63
08:43:29.484 Disk 0 scanning sectors +390716865
08:43:29.625 Disk 0 scanning C:\WINDOWS\system32\drivers
08:43:56.093 Service scanning
08:44:26.156 Modules scanning
08:44:34.250 Disk 0 trace - called modules:
08:44:34.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:44:34.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85567030]
08:44:34.281 3 CLASSPNP.SYS[f7590fd7] -> nt!IofCallDriver -> \Device\00000099[0x85557f18]
08:44:34.281 5 ACPI.sys[f73a7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8556a940]
08:44:36.171 AVAST engine scan C:\WINDOWS
08:44:46.093 AVAST engine scan C:\WINDOWS\system32
08:49:03.843 AVAST engine scan C:\WINDOWS\system32\drivers
08:49:27.000 AVAST engine scan C:\Documents and Settings\Owner.YOUR-2EFBFD6E73
09:07:23.890 AVAST engine scan C:\Documents and Settings\All Users
09:16:12.828 Scan finished successfully
09:18:42.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.YOUR-2EFBFD6E73\Desktop\MBR.dat"
09:18:42.421 The log file has been saved successfully to "C:\Documents and Settings\Owner.YOUR-2EFBFD6E73\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-07 23:00:13
-----------------------------
23:00:13.281 OS Version: Windows 5.1.2600 Service Pack 3
23:00:13.281 Number of processors: 1 586 0x2701
23:00:13.281 ComputerName: YOUR-2EFBFD6E73 UserName: Owner
23:01:28.781 Initialize success
23:03:04.359 AVAST engine defs: 12090600
23:03:35.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:03:35.296 Disk 0 Vendor: ST3200827A 3.AAE Size: 190782MB BusType: 3
23:03:35.375 Disk 0 MBR read successfully
23:03:35.375 Disk 0 MBR scan
23:03:35.843 Disk 0 unknown MBR code
23:03:35.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 186567 MB offset 8626905
23:03:35.937 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4212 MB offset 63
23:03:36.140 Disk 0 scanning sectors +390716865
23:03:36.609 Disk 0 scanning C:\WINDOWS\system32\drivers
23:05:06.546 Service scanning
23:08:11.796 Modules scanning
23:09:24.875 Disk 0 trace - called modules:
23:09:24.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
23:09:24.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8550c030]
23:09:24.906 3 CLASSPNP.SYS[f7590fd7] -> nt!IofCallDriver -> \Device\00000099[0x854e3f18]
23:09:24.906 5 ACPI.sys[f73a7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8550c940]
23:09:45.625 AVAST engine scan C:\
03:24:11.890 Scan finished successfully
08:33:32.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.YOUR-2EFBFD6E73\Desktop\MBR.dat"
08:33:32.781 The log file has been saved successfully to "C:\Documents and Settings\Owner.YOUR-2EFBFD6E73\Desktop\aswMBR.txt"

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
Please upload MBR.dat located on the Desktop.

If it is too difficult for you to post here, then the log can be uploaded to www.mediafire.com, which is a free cloud service that provides storage for documents, photos, etc. Please use that service to upload it, and then click on the Share button after it finishes upload and it will provide a download link. Post that in your next reply, please.

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
http://www.mediafire.com/?1l9o6d16xet2gdd

Did this work?

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
Good job!

It's clean: https://www.virustotal.com/file/0a3d320811b5eb3b7f8b0b2c5aca7625bb95dcea5b8ad0ecb8cd2c9f1fb0206a/analysis/1347289631/

Please re-run ComboFix and post a log.

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
http://www.mediafire.com/view/?ymzohqu27ogo24z


I don't know if it's relevant, but even with a new corded mouse, the cpu pointer keeps freezing. We can navigate somewhat by using tab, but it's beginning to take 2-4 reboots to get the mouse back.

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
Go to Start > Run, type the following and hit OK:

ComboFix /fixCset


It will run again. Post the log when finished please.

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
http://www.mediafire.com/?zim74nli06ax2qw

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
ComboFix Script


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    DDS::
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 54061

  • Save this as CFScript.txt, in the same location as ComboFix.exe

    ServicePackFiles i386 services.exe - Page 2 CFScriptB-4
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
http://www.mediafire.com/?zvezzhb2xum4w3d


Re: other issues...in order of my concern (not necessarily what you'll think is most concerning)

- We've seen the blue screen of death several times in the last several days. I have not seen it yesterday or today.
- The mouse pointer still keeps freezing. I can move around the screen with tab, etc., but it takes (usually several) reboots to get it back. I've tried 3 different mouses on all the available USB ports (front and back of the CPU) to no avail. I tried my mouse on another computer and it works fine. Sometimes it happens when we're online, sometimes during word processing and sometimes when the computer is sitting idle.
- When loading Internet pages, the whole system sometimes just keeps waiting and waiting and waiting. I've given it over an hour on Google and the address bar says the right address, but the screen is white waiting for the site to load. If I go into the address bar, to the end of the address and click and then enter (I guess reloading the site?) it always loads immediately.

The speed seems much improved.
svchost.exe is no longer running at 100%. I have no idea what we did, but you ROCK!

Thank you!!!
Alicia

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
Upload Dump Files:

Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your post.

Here's how to do it:

  • Left click on the first minidump file.
  • Hold down the "Shift" key and left click on the last minidump file.
  • Right click on the blue highlighted area and select "Send to"
  • Select "Compressed (zipped) folder" and note where the folder is saved.
  • Upload that .zip file with your post.

Note: If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post in the thread about the error so we can give further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service . I recommend www.mediafire.com or another free, file-hosting service. Then post the link to it in your topic so that we can download it.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file).


Go Start and then to Run,
Type in: sfc /scannow
Click OK.
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.

If you don't have Windows CD....

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

On the right hand side, find: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePath setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

descriptionServicePackFiles i386 services.exe - Page 2 EmptyRe: ServicePackFiles i386 services.exe

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum