| Reply to Thread New Thread |
06-15-2010, 09:47 PM
|
#1 |
|
|
 Anyone want to take a whack at this computer issue?
Gotta friend whose Vista system isn't working right. It freezes when in regular mode. Booted into Safe, ran Superantispyware (Deleted the stuff it found) and Malwarebytes (removed those as well).
Here is the log at the very end: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4200 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18928 6/15/2010 2:42:06 PM mbam-log-2010-06-15 (14-42-06).txt Scan type: Full scan (C:\|) Objects scanned: 272315 Time elapsed: 42 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 17 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Any comments before i move forward with trying to put on Comodo tomorrow? |
|
|
06-16-2010, 12:51 AM
|
#2 |
|
|
I'd run Microsoft Sysinternals Autoruns on the unit. It's not any kind of cleaner but it shows what is running on the system. It is very complicated but once you learn how to use it and what to look for it is very good at finding hidden stuff.
|
|
|
|
06-16-2010, 01:14 AM
|
#3 |
|
|
I'd run Microsoft Sysinternals Autoruns on the unit. It's not any kind of cleaner but it shows what is running on the system. It is very complicated but once you learn how to use it and what to look for it is very good at finding hidden stuff. *sigh* his kaspersky expired, and the next day it started doing this. I told them to uninstall kaspersky in safe mode, and then see if it will run (unconnected) in regular mode. if it does, to install Comodo. I like the new Comodo. I am thinking of buying a sandbox program (or getting a decent free one, i haven't looked yet) for my laptop. if it works well, iwill put it on my sons laptop. I think it is kind of like a "must have" utility. edit to add: he is one of those that like to run "lean and mean" by using limewire. i wouldn't doubt that he infected himself by that, but who knows. if you think you have to have low quality, pirated music, Firefox will do it with much less risk, and it downloads faster. and i never really described the issue. when he launches windows, it freezes. i was not able to find anything in the startup menu on msconfig that would do that (it was all pretty standard, it seemed). I cannot get the Task Menu to start, either. i am wondering if a background app might have updated and misfired? That happened to Comodo on moms desktop system this past weekend. i had to uninstall/reinstall to fix it. |
|
|
|
06-16-2010, 05:20 AM
|
#4 |
|
|
No the guys most certainly pwnd.
He has a rootkit. Download Combofix and see if that helps. If not you have my number. http://www.bleepingcomputer.com/comb...o-use-combofix |
|
|
|
06-16-2010, 05:36 AM
|
#5 |
|
|
Limewire is the destroyer of computers.
I have had this laptop for right around a year. Still runs like it it brand new. i don't do much maintenance, i just leave it on to do its scheduled stuff while i am sleeping. I have picked up a few bugs, but Kaspersky makes short work of them. This guy had kaspersky (i got mine from him). he just didn't let me know to renew the license for him, in return, before it expired. |
|
|
|
06-16-2010, 06:14 PM
|
#6 |
|
|
Well, for some reason he decided to play mad scientist at home last night. I have no idea what he did. It is now an issue of i am just curious to see what has happened.
When the PC boots up, the "Republic of Gamers" graphic pops on, and then before Windows can boot the message pops up that: Windows failed to start. A recent hardware or software change might be the cause. To fix the problem: 1. Insert your windows installation disc and restart your compu. 2. choose your language settings, and then click "next" 3. click "repair you computer" If you do not have this disc, contact your sys admin or cpu manufacturer for assistance. files: \windows\system32\winload.exe status: 0xc0000225 Info: the selected entry could not be located because it is either missing or corrupt Now, if i try to do anything, it just brings this screen back up, unless we run a memory test, in which case the only part that changes is the "Files: \boot\memtest.exe". What gets me is i cannot get it to read the Restore disc. Did he make a hardware paperweight? Sure was a nice laptop before he decided to look into it on his own. I have ruined 1 or 2 computers in my life learning what not to do. |
|
|
|
06-16-2010, 07:54 PM
|
#7 |
|
|
Sounds like it needs a nuke and pave. System restore disks suck. You need a regular OEM version of Windows. This is assuming that he doesn't have a faulty DVD/CD drive causing the bad reads.
|
|
|
|
06-16-2010, 08:50 PM
|
#8 |
|
|
Sounds like it needs a nuke and pave. System restore disks suck. You need a regular OEM version of Windows. This is assuming that he doesn't have a faulty DVD/CD drive causing the bad reads. had he not screwed with it.... |
|
|
|
06-16-2010, 09:09 PM
|
#9 |
|
|
I do NOT run Malwarebytes......I hate it. It made my virus worse. Had to nuke and pave. I am no fan...........sorry
I am with NLine, nuke and pave time.........sorry |
|
|
|
06-16-2010, 09:13 PM
|
#10 |
|
|
Just recovered a H/D crash here in El Paso. Went and bought a 2T Western Digital, installed it and put the software back in. I was even able to recover the things off the old hard drive that didn't make it on the last back up.
As for your problem BFFT, just 2 words. Got Dynamite?? |
|
|
|
06-16-2010, 09:27 PM
|
#11 |
|
|
I do NOT run Malwarebytes......I hate it. It made my virus worse. Had to nuke and pave. I am no fan...........sorry |
|
|
|
06-17-2010, 12:57 AM
|
#12 |
|
|
I do NOT run Malwarebytes......I hate it. It made my virus worse. Had to nuke and pave. I am no fan...........sorry |
|
|
|
06-17-2010, 01:07 AM
|
#13 |
|
|
I use it all the time but some viruses can't be removed. Flopping on a tool after one failure is an overreaction. Also many tools are dangerous to use and you can hurt your self if you don't know what your doing. Malwarebytes is fairly bullet proof but NO tool is perfect. All antivirus actions have risks. That is why having a good backup is the best defense. If you get infected you can always start over. this is a coworkers husbands computer. i know him, but not as well. she asked for some help on it, so i offered. when we finished that day, i told her, "Honestly, it has a restore point from back about a week ago, when it was working well. you should just restore it." she told him this before he started playing MacGuyver and he shrugged it off. She said, "I asked him if he tried to restore it first, and he said 'No, i had never tried it to i didn't want to mess it up.'" I asked her if he had ever tried whatever it is he did that fried it, and she said "No". I asked her if she might want to explain common sense and wise actions to him, and she said, "As long as it was him that broke it and not me, thats his bad. Mine still works". |
|
|
| Reply to Thread New Thread |
«
Previous Thread
|
Next Thread
»
Linear Mode
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
