Numerous problems

cat3crazy · Jul 21, 2013

I have several issues with my computer. I am running Microsoft Windows XP with service pack 3.

I'm not that familiar with fixing PC problems. What is a simple to use program to determine if my problems are software or hardware related?

I'm having problems with Microsoft Office, and downloads from Microsoft as well as other issues. I was on the Microsoft Forum and tried a few of the fixes they suggested but had no luck. I had viruses that were deleted when I ran the Microsoft Online Scan.

TimW · Jul 21, 2013

Just to be sure it is not a malware issue, follow these instructions and then post in the malware forum and attach the requested logs:

READ & RUN ME FIRST. Malware Removal Guide

cat3crazy · Jul 22, 2013

Thanks so much for the help. I've had issues installing Microsoft fixes for quite some time but the real issue started around the time I download the Mozolla FireFox browser. I noticed that my hard drive was filling up. I backed up and took off quite a bit of my personal data but the hard drive continued to fill up. One day I'd have 16% free space then the next it was only 4% and I wasn't downloading anything!

I did notice when I did a full scan that there were a ton of files in C:/ Documents and Settings/NETWORKSERVICES/Local Settings/TemporaryInternetFiles. The scan seemed to spend a very long time scanning the folder.

I delete my internet files every day in both IE8 and Foxfire so I couldn't understand why there was so much in any Temporary Internet Files folder. Of course I couldn't get to them to delete them. I know it wouldn't have fixed the problem but I needed space to run a full scan with out it freezing after 16 hours.

I have a much larger hard drive in my computer now thanks to my brother, who recommended you, BTW.

I did accidentally download the SilverSmoke toolbar while trying to install Microsoft Securities Essentials. I think that I have all of that cleared up but I can not install MSE.

I'm also have an issue with Microsoft Office 2007. It wants to setup and configure ever time I open a document or a spread sheet. I suspect that has something to do with my brother taking off the previous version of MO that I had on my hard drive (I was using Microsoft Outlook from the earlier version). That is something that can be dealt with at another time but I did want you know to know about it since you my see some problems in the logs dealing with Office.

One last thing Malwalbytes did produce 2 logs. I attached the one that was produced last.

Thanks again for your help.

cat3crazy · Jul 26, 2013

FYI - I was using Explore function to check the size of some folders and found that the Folder
Documents and Settings/NetworkService/Local Settings/Temporary Internet Files
was adding files and folders pretty fast! I did not have the internet open or any other program, just the Explore function.

TimW · Jul 27, 2013

I can't help you until you follow the instructions.

cat3crazy · Jul 27, 2013

I don't understand. I did as requested and attached the logs. Here are the logs again. I'm going to run AFL Cleaner to remove the numerous fines in the Temporary Internet Files to make room on the hard drive. The last I looked there were over 7000 files.

TimW · Jul 28, 2013

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-21-3464455737-2461919614-1527086603-1007\$2b33795ca3da8cef930c1346a309976c\n. [x]) -> FOUND
[BROK VAL] HKCR\[...]\command : () -> MISSING

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.

Now click the Files/folders tab and locate these detections:

[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-21-3464455737-2461919614-1527086603-1007\$2b33795ca3da8cef930c1346a309976c\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-21-3464455737-2461919614-1527086603-1007\$2b33795ca3da8cef930c1346a309976c\L [-] --> FOUND
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] DbgHelp.dll : C:\Program Files\Microsoft Security Client\DbgHelp.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Drivers : C:\Program Files\Microsoft Security Client\Drivers >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] en-us : C:\Program Files\Microsoft Security Client\en-us >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] EppManifest.dll : C:\Program Files\Microsoft Security Client\EppManifest.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] LegitLib.dll : C:\Program Files\Microsoft Security Client\LegitLib.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Microsoft Security Client\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Microsoft Security Client\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Microsoft Security Client\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Microsoft Security Client\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] mpevmsg.dll : C:\Program Files\Microsoft Security Client\mpevmsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAv.dll : C:\Program Files\Microsoft Security Client\MpOAv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Microsoft Security Client\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Microsoft Security Client\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Microsoft Security Client\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpEng.exe : C:\Program Files\Microsoft Security Client\MsMpEng.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Microsoft Security Client\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Microsoft Security Client\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] msseces.exe : C:\Program Files\Microsoft Security Client\msseces.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsseWat.dll : C:\Program Files\Microsoft Security Client\MsseWat.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] Setup.exe : C:\Program Files\Microsoft Security Client\Setup.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SetupRes.dll : C:\Program Files\Microsoft Security Client\SetupRes.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] shellext.dll : C:\Program Files\Microsoft Security Client\shellext.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] sqmapi.dll : C:\Program Files\Microsoft Security Client\sqmapi.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.dll : C:\Program Files\Microsoft Security Client\SymSrv.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Microsoft Security Client\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)

Reboot and rescan with both RogueKiller and Hitman and attach those logs as well.

Be sure to tell me how things are running now.

cat3crazy · Jul 28, 2013

The computer was running better after I ran "AFT Cleaner" (the number of files in the "Temporary Internet Files" folder was in the thousands) and removed "Mozilla Foxfire" (was getting numerous pop up and error messages)last night.

I'm going to remove and reinstall Microsoft Securities Essentials and well as Microsoft Office. There are issues with both that should be resolved with a clean copy.

I noticed when I checked the update history that several security updates failed. Should I try to reinstall them or just run Microsoft's update and see what it tells me I need?

I'll let you know how the system performs after I get a chance to get on line and run some programs.

Attached are the logs that you requested.

Thanks again for your assistance.

TimW · Jul 28, 2013

Looks good. Let me know how things are running. ( And you did have issues with MSE ).

cat3crazy · Jul 29, 2013

I am not able to access the windows firewall to check the settings. I get the following message:
"Due to an unidentified problem, Windows cannot display Windows Firewall Settings"
I ran MalWareBytes and found additional issues which were removed. Still can not access the firewall.

Also can MSE and Windows Defender both run in real time on the same computer?

TimW · Jul 30, 2013

Yes, you can run both. I suggest you post in the software forum for additional assistance with your firewall issues.

Log in or Sign up

Numerous problems

cat3crazy Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cat3crazy Private E-2

cat3crazy Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cat3crazy Private E-2

Attached Files:

TDSSKiller.2.8.16.0_22.07.2013_21.20.18_log.txt

RKreport[0]_S_07222013_182759.txt

MGlogs.zip

mbam-log-2013-07-22 (18-32-17).txt

HitmanPro_20130722_2112.log

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cat3crazy Private E-2

Attached Files:

RKreport[0]_D_07282013_120318.txt

RKreport[0]_S_07282013_120715.txt

RKreport[0]_S_07282013_122212.txt

HitmanPro_20130728_1229.log

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cat3crazy Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member