61 replies to this topic

[MrCharlie]

ERROR: Parsing the SD of <\\?\C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}}\RP1110> failed with: The system cannot find the path specified.

From what I see you entered the incorrect path:

ERROR: Parsing the SD of <\\?\C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}}\RP1110

You put an extra } in.

Try this:

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1110

MrC

[Ndhlp]

Thank you. Looks like I might Ndhlp with glasses too

I didn't have the log saved from the full folder so I reran it. The restore point too (correctly). Should I go ahead and try a restore? If it works, I will update and run MBAM and Avira and see what comes up. Nothing should on the date I chose but...
GrantPerms by Farbar
Ran by Owner (administrator) at 2012-03-06 13:04:28
===============================================
\\?\C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1110
Owner: BUILTIN\Administrators
DACL(P)(AI):
Everyone ADD FILE ALLOW (NI)
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
GrantPerms by Farbar
Ran by Owner (administrator) at 2012-03-06 13:08:04
===============================================
\\?\C:\System Volume Information
Owner: BUILTIN\Administrators
DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
BUILTIN\Users ADD FILE ALLOW (CI)(I)

[MrCharlie]

Please do this first, I don't think we ever ran TDSSKiller on this computer, it's easy to run and takes only a couple of minutes.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue



----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[Ndhlp]

Cure was not an option, so I skipped as directed.
13:29:02.0921 0340 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
13:29:03.0187 0340 ============================================================
13:29:03.0187 0340 Current date / time: 2012/03/06 13:29:03.0187
13:29:03.0187 0340 SystemInfo:
13:29:03.0187 0340
13:29:03.0187 0340 OS Version: 5.1.2600 ServicePack: 3.0
13:29:03.0187 0340 Product type: Workstation
13:29:03.0187 0340 ComputerName: YOUR-5E03CF73DE
13:29:03.0187 0340 UserName: Owner
13:29:03.0187 0340 Windows directory: C:\WINDOWS
13:29:03.0187 0340 System windows directory: C:\WINDOWS
13:29:03.0187 0340 Processor architecture: Intel x86
13:29:03.0187 0340 Number of processors: 1
13:29:03.0187 0340 Page size: 0x1000
13:29:03.0187 0340 Boot type: Normal boot
13:29:03.0187 0340 ============================================================
13:29:05.0062 0340 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:29:05.0156 0340 \Device\Harddisk0\DR0:
13:29:05.0156 0340 MBR used
13:29:05.0156 0340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xA30359, BlocksNum 0x1289075D
13:29:05.0156 0340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xA3031A
13:29:05.0187 0340 Initialize success
13:29:05.0187 0340 ============================================================
13:29:24.0640 0320 ============================================================
13:29:24.0640 0320 Scan started
13:29:24.0640 0320 Mode: Manual; SigCheck; TDLFS;
13:29:24.0640 0320 ============================================================
13:29:25.0109 0320 Abiosdsk - ok
13:29:25.0125 0320 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:29:27.0484 0320 abp480n5 - ok
13:29:27.0625 0320 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:29:27.0968 0320 ACPI - ok
13:29:28.0109 0320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:29:28.0328 0320 ACPIEC - ok
13:29:28.0359 0320 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:29:28.0578 0320 adpu160m - ok
13:29:28.0750 0320 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:29:28.0937 0320 aec - ok
13:29:29.0000 0320 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:29:29.0046 0320 AFD - ok
13:29:29.0218 0320 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:29:29.0421 0320 agp440 - ok
13:29:29.0437 0320 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:29:29.0625 0320 agpCPQ - ok
13:29:29.0656 0320 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:29:29.0750 0320 Aha154x - ok
13:29:29.0781 0320 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:29:29.0984 0320 aic78u2 - ok
13:29:30.0000 0320 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:29:30.0203 0320 aic78xx - ok
13:29:30.0265 0320 akshasp (d5987b854a62867d399a3d3d744547e5) C:\WINDOWS\system32\DRIVERS\akshasp.sys
13:29:30.0375 0320 akshasp - ok
13:29:30.0515 0320 aksusb (25c07de96a774622001935e36693c9c2) C:\WINDOWS\system32\DRIVERS\aksusb.sys
13:29:30.0578 0320 aksusb - ok
13:29:30.0609 0320 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:29:30.0812 0320 AliIde - ok
13:29:30.0859 0320 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:29:31.0046 0320 alim1541 - ok
13:29:31.0187 0320 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:29:31.0390 0320 amdagp - ok
13:29:31.0406 0320 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:29:31.0531 0320 amsint - ok
13:29:31.0578 0320 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:29:31.0781 0320 Arp1394 - ok
13:29:31.0828 0320 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:29:32.0015 0320 asc - ok
13:29:32.0062 0320 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:29:32.0171 0320 asc3350p - ok
13:29:32.0187 0320 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:29:32.0390 0320 asc3550 - ok
13:29:32.0437 0320 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
13:29:32.0453 0320 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
13:29:32.0453 0320 ASCTRM - detected UnsignedFile.Multi.Generic (1)
13:29:32.0593 0320 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:29:32.0796 0320 AsyncMac - ok
13:29:32.0843 0320 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:29:33.0031 0320 atapi - ok
13:29:33.0046 0320 Atdisk - ok
13:29:33.0156 0320 ati2mtag (9bbefce3d18cf3c6eaf4f13920f75200) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:29:33.0265 0320 ati2mtag - ok
13:29:33.0468 0320 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:29:33.0703 0320 Atmarpc - ok
13:29:33.0765 0320 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:29:33.0953 0320 audstub - ok
13:29:34.0062 0320 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:29:34.0937 0320 avgntflt - ok
13:29:35.0093 0320 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:29:35.0109 0320 avipbb - ok
13:29:35.0140 0320 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:29:35.0171 0320 avkmgr - ok
13:29:35.0218 0320 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:29:35.0421 0320 Beep - ok
13:29:35.0437 0320 catchme - ok
13:29:35.0484 0320 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:29:35.0703 0320 cbidf - ok
13:29:35.0796 0320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:29:36.0000 0320 cbidf2k - ok
13:29:36.0015 0320 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:29:36.0125 0320 cd20xrnt - ok
13:29:36.0171 0320 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:29:36.0375 0320 Cdaudio - ok
13:29:36.0437 0320 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:29:36.0609 0320 Cdfs - ok
13:29:36.0718 0320 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:29:36.0906 0320 Cdrom - ok
13:29:36.0937 0320 Changer - ok
13:29:36.0984 0320 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:29:37.0187 0320 CmdIde - ok
13:29:37.0234 0320 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:29:37.0468 0320 Cpqarray - ok
13:29:37.0531 0320 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:29:37.0796 0320 dac2w2k - ok
13:29:37.0906 0320 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:29:38.0125 0320 dac960nt - ok
13:29:38.0218 0320 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:29:38.0421 0320 Disk - ok
13:29:38.0484 0320 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:29:38.0718 0320 dmboot - ok
13:29:38.0859 0320 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:29:39.0078 0320 dmio - ok
13:29:39.0125 0320 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:29:39.0343 0320 dmload - ok
13:29:39.0406 0320 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:29:39.0593 0320 DMusic - ok
13:29:39.0765 0320 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:29:39.0968 0320 dpti2o - ok
13:29:40.0000 0320 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:29:40.0171 0320 drmkaud - ok
13:29:40.0203 0320 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:29:40.0375 0320 Fastfat - ok
13:29:40.0421 0320 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:29:40.0609 0320 Fdc - ok
13:29:40.0671 0320 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:29:40.0843 0320 Fips - ok
13:29:41.0000 0320 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:29:41.0203 0320 Flpydisk - ok
13:29:41.0265 0320 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:29:41.0484 0320 FltMgr - ok
13:29:41.0640 0320 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:29:41.0843 0320 Fs_Rec - ok
13:29:41.0890 0320 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:29:42.0093 0320 Ftdisk - ok
13:29:42.0156 0320 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:29:42.0343 0320 Gpc - ok
13:29:42.0546 0320 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
13:29:42.0609 0320 Hardlock - ok
13:29:42.0671 0320 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
13:29:42.0718 0320 Haspnt ( UnsignedFile.Multi.Generic ) - warning
13:29:42.0718 0320 Haspnt - detected UnsignedFile.Multi.Generic (1)
13:29:42.0890 0320 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:29:43.0078 0320 HDAudBus - ok
13:29:43.0109 0320 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:29:43.0312 0320 HidUsb - ok
13:29:43.0375 0320 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:29:43.0562 0320 hpn - ok
13:29:43.0703 0320 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:29:43.0765 0320 HSFHWBS2 - ok
13:29:43.0828 0320 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:29:43.0906 0320 HSF_DPV - ok
13:29:43.0984 0320 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:29:44.0046 0320 HTTP - ok
13:29:44.0218 0320 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:29:44.0390 0320 i2omgmt - ok
13:29:44.0437 0320 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:29:44.0609 0320 i2omp - ok
13:29:44.0671 0320 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:29:44.0859 0320 i8042prt - ok
13:29:45.0000 0320 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:29:45.0187 0320 Imapi - ok
13:29:45.0234 0320 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:29:45.0453 0320 ini910u - ok
13:29:45.0625 0320 IntcAzAudAddService (90e1b42e49d9e91e5accaaaaefa10ce8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:29:45.0828 0320 IntcAzAudAddService - ok
13:29:46.0000 0320 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:29:46.0187 0320 IntelIde - ok
13:29:46.0234 0320 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:29:46.0421 0320 intelppm - ok
13:29:46.0453 0320 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:29:46.0671 0320 Ip6Fw - ok
13:29:46.0781 0320 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:29:47.0000 0320 IpFilterDriver - ok
13:29:47.0046 0320 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:29:47.0250 0320 IpInIp - ok
13:29:47.0296 0320 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:29:47.0515 0320 IpNat - ok
13:29:47.0671 0320 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:29:47.0875 0320 IPSec - ok
13:29:47.0921 0320 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:29:48.0140 0320 IRENUM - ok
13:29:48.0281 0320 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:29:48.0500 0320 isapnp - ok
13:29:48.0562 0320 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:29:48.0796 0320 Kbdclass - ok
13:29:48.0843 0320 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:29:49.0015 0320 kmixer - ok
13:29:49.0171 0320 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:29:49.0296 0320 KSecDD - ok
13:29:49.0359 0320 lbrtfdc - ok
13:29:49.0500 0320 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:29:49.0531 0320 mdmxsdk - ok
13:29:49.0578 0320 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:29:49.0796 0320 mnmdd - ok
13:29:49.0859 0320 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:29:50.0046 0320 Modem - ok
13:29:50.0187 0320 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:29:50.0375 0320 Mouclass - ok
13:29:50.0468 0320 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:29:50.0750 0320 mouhid - ok
13:29:50.0890 0320 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:29:51.0171 0320 MountMgr - ok
13:29:51.0328 0320 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:29:51.0593 0320 mraid35x - ok
13:29:51.0718 0320 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:29:51.0796 0320 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
13:29:51.0796 0320 MREMP50 - detected UnsignedFile.Multi.Generic (1)
13:29:51.0812 0320 MREMPR5 - ok
13:29:51.0828 0320 MRENDIS5 - ok
13:29:51.0859 0320 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:29:51.0890 0320 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
13:29:51.0890 0320 MRESP50 - detected UnsignedFile.Multi.Generic (1)
13:29:52.0062 0320 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:29:52.0250 0320 MRxDAV - ok
13:29:52.0312 0320 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:29:52.0421 0320 MRxSmb - ok
13:29:52.0640 0320 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:29:52.0828 0320 Msfs - ok
13:29:52.0875 0320 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:29:53.0062 0320 MSKSSRV - ok
13:29:53.0109 0320 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:29:53.0312 0320 MSPCLOCK - ok
13:29:53.0437 0320 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:29:53.0687 0320 MSPQM - ok
13:29:53.0734 0320 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:29:53.0968 0320 mssmbios - ok
13:29:54.0031 0320 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:29:54.0078 0320 Mup - ok
13:29:54.0203 0320 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
13:29:54.0437 0320 mxnic - ok
13:29:54.0531 0320 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:29:54.0734 0320 NDIS - ok
13:29:54.0890 0320 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:29:54.0921 0320 NdisTapi - ok
13:29:54.0984 0320 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:29:55.0171 0320 Ndisuio - ok
13:29:55.0312 0320 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:29:55.0531 0320 NdisWan - ok
13:29:55.0625 0320 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:29:55.0687 0320 NDProxy - ok
13:29:55.0812 0320 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:29:55.0984 0320 NetBIOS - ok
13:29:56.0046 0320 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:29:56.0234 0320 NetBT - ok
13:29:56.0390 0320 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:29:56.0593 0320 NIC1394 - ok
13:29:56.0640 0320 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:29:56.0812 0320 Npfs - ok
13:29:56.0890 0320 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:29:57.0109 0320 Ntfs - ok
13:29:57.0187 0320 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:29:57.0390 0320 Null - ok
13:29:57.0546 0320 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:29:57.0921 0320 nv - ok
13:29:58.0046 0320 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:29:58.0296 0320 NwlnkFlt - ok
13:29:58.0328 0320 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:29:58.0578 0320 NwlnkFwd - ok
13:29:58.0625 0320 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:29:58.0812 0320 ohci1394 - ok
13:29:59.0343 0320 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
13:29:59.0515 0320 P3 - ok
13:29:59.0578 0320 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:29:59.0765 0320 Parport - ok
13:29:59.0875 0320 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:30:00.0046 0320 PartMgr - ok
13:30:00.0093 0320 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:30:00.0312 0320 ParVdm - ok
13:30:00.0437 0320 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:30:00.0625 0320 PCI - ok
13:30:00.0656 0320 PCIDump - ok
13:30:00.0687 0320 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:30:00.0906 0320 PCIIde - ok
13:30:00.0953 0320 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:30:01.0156 0320 Pcmcia - ok
13:30:01.0343 0320 PDCOMP - ok
13:30:01.0421 0320 PDFRAME - ok
13:30:01.0453 0320 PDRELI - ok
13:30:01.0484 0320 PDRFRAME - ok
13:30:01.0562 0320 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:30:01.0765 0320 perc2 - ok
13:30:01.0796 0320 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:30:02.0000 0320 perc2hib - ok
13:30:02.0093 0320 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:30:02.0281 0320 PptpMiniport - ok
13:30:02.0468 0320 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:30:02.0671 0320 PSched - ok
13:30:02.0765 0320 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:30:02.0968 0320 Ptilink - ok
13:30:03.0046 0320 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:30:03.0234 0320 ql1080 - ok
13:30:03.0265 0320 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:30:03.0468 0320 Ql10wnt - ok
13:30:03.0531 0320 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:30:03.0718 0320 ql12160 - ok
13:30:03.0750 0320 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:30:03.0953 0320 ql1240 - ok
13:30:03.0968 0320 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:30:04.0156 0320 ql1280 - ok
13:30:04.0250 0320 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:30:04.0453 0320 RasAcd - ok
13:30:04.0546 0320 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:30:04.0734 0320 Rasl2tp - ok
13:30:04.0812 0320 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:30:05.0000 0320 RasPppoe - ok
13:30:05.0046 0320 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:30:05.0281 0320 Raspti - ok
13:30:05.0343 0320 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:30:05.0609 0320 Rdbss - ok
13:30:05.0687 0320 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:30:05.0968 0320 RDPCDD - ok
13:30:06.0187 0320 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:30:06.0515 0320 rdpdr - ok
13:30:06.0625 0320 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:30:06.0687 0320 RDPWD - ok
13:30:06.0781 0320 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:30:06.0953 0320 redbook - ok
13:30:07.0046 0320 RTL8023xp (e9877aa069dc11b03dbd1d33b8b2a3ca) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
13:30:07.0078 0320 RTL8023xp - ok
13:30:07.0218 0320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:30:07.0421 0320 Secdrv - ok
13:30:07.0500 0320 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:30:07.0687 0320 serenum - ok
13:30:07.0781 0320 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:30:07.0953 0320 Serial - ok
13:30:08.0078 0320 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:30:08.0250 0320 Sfloppy - ok
13:30:08.0312 0320 Simbad - ok
13:30:08.0375 0320 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:30:08.0578 0320 sisagp - ok
13:30:08.0687 0320 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:30:08.0812 0320 Sparrow - ok
13:30:08.0890 0320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:30:09.0062 0320 splitter - ok
13:30:09.0203 0320 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:30:09.0390 0320 sr - ok
13:30:09.0453 0320 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:30:09.0546 0320 Srv - ok
13:30:09.0687 0320 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:30:09.0703 0320 ssmdrv - ok
13:30:09.0781 0320 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:30:09.0953 0320 swenum - ok
13:30:10.0031 0320 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:30:10.0203 0320 swmidi - ok
13:30:10.0375 0320 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:30:10.0562 0320 symc810 - ok
13:30:10.0609 0320 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:30:10.0796 0320 symc8xx - ok
13:30:10.0843 0320 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:30:11.0187 0320 sym_hi - ok
13:30:11.0218 0320 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:30:11.0421 0320 sym_u3 - ok
13:30:11.0468 0320 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:30:11.0656 0320 sysaudio - ok
13:30:11.0796 0320 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:30:11.0890 0320 Tcpip - ok
13:30:11.0937 0320 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:30:12.0156 0320 TDPIPE - ok
13:30:12.0250 0320 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:30:12.0468 0320 TDTCP - ok
13:30:12.0531 0320 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:30:12.0718 0320 TermDD - ok
13:30:12.0843 0320 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:30:13.0046 0320 TosIde - ok
13:30:13.0093 0320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:30:13.0312 0320 Udfs - ok
13:30:13.0484 0320 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:30:13.0578 0320 ultra - ok
13:30:13.0656 0320 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:30:13.0875 0320 Update - ok
13:30:14.0000 0320 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:30:14.0187 0320 usbccgp - ok
13:30:14.0250 0320 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:30:14.0437 0320 usbehci - ok
13:30:14.0546 0320 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:30:14.0734 0320 usbhub - ok
13:30:14.0796 0320 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:30:14.0984 0320 usbohci - ok
13:30:15.0062 0320 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:30:15.0250 0320 usbprint - ok
13:30:15.0281 0320 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:30:15.0468 0320 usbscan - ok
13:30:15.0515 0320 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:30:15.0718 0320 USBSTOR - ok
13:30:15.0750 0320 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:30:15.0953 0320 usbuhci - ok
13:30:16.0046 0320 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:30:16.0218 0320 VgaSave - ok
13:30:16.0281 0320 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:30:16.0453 0320 viaagp - ok
13:30:16.0484 0320 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:30:16.0687 0320 ViaIde - ok
13:30:16.0828 0320 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:30:17.0015 0320 VolSnap - ok
13:30:17.0093 0320 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:30:17.0281 0320 Wanarp - ok
13:30:17.0359 0320 wanatw - ok
13:30:17.0406 0320 WDICA - ok
13:30:17.0453 0320 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:30:17.0640 0320 wdmaud - ok
13:30:17.0750 0320 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:30:17.0828 0320 winachsf - ok
13:30:18.0000 0320 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:30:18.0203 0320 WS2IFSL - ok
13:30:18.0281 0320 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:30:18.0375 0320 WudfPf - ok
13:30:18.0453 0320 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:30:18.0515 0320 WudfRd - ok
13:30:18.0593 0320 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
13:30:18.0656 0320 \Device\Harddisk0\DR0 - ok
13:30:18.0687 0320 Boot (0x1200) (024c066480f4dd930855c37df1592739) \Device\Harddisk0\DR0\Partition0
13:30:18.0687 0320 \Device\Harddisk0\DR0\Partition0 - ok
13:30:18.0703 0320 Boot (0x1200) (8a476eb8b51ddac82ebfdd9cf09ebcc0) \Device\Harddisk0\DR0\Partition1
13:30:18.0703 0320 \Device\Harddisk0\DR0\Partition1 - ok
13:30:18.0703 0320 ============================================================
13:30:18.0703 0320 Scan finished
13:30:18.0703 0320 ============================================================
13:30:18.0828 3992 Detected object count: 4
13:30:18.0828 3992 Actual detected object count: 4
13:32:02.0328 3992 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:02.0328 3992 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:32:02.0328 3992 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:02.0328 3992 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:32:02.0343 3992 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:02.0343 3992 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:32:02.0343 3992 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:32:02.0343 3992 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:51.0526 2068 Deinitialize success

[MrCharlie]

Those files are OK, just unsigned.

Continue on with system restore. MrC

[Ndhlp]

O.K. Thanks!

[Ndhlp]

No luck with System Restore. I got this message again.

Your computer cannot be restored to (whatever date we try)

No changes have been made to your computer.
To chose another restore point restart System Restore.

I may not get back to this computer til tomorrow. Thank you again for your help. This is drving me nuts!

[MrCharlie]

Do........

Method 4: View the event logs to investigate System Restore service errors

Link below:
http://support.microsoft.com/kb/302796

Let me know, and you can also look through the rest of them.


MrC

[Ndhlp]

Hello again and thank you for again your help. The only System Restore errors that showed were for the probable date of the infection, the day after, and when I tried System Restore yesterday. There was no record of anything in the Even Viewer for System Restore when I ran it on 3 March and posted a failure.

There were two errors for one of the restore point dates I tried but I think that may be related to when I disconnected from the internet as I had disabled Avira prior to running System Restore. (see logs for this and the above).

Event Type: Error
Event Source: SRService
Event Category: None
Event ID: 104
Date: 2/24/2012
Time: 5:14:35 PM
User: N/A
Computer: YOUR-5E03CF73DE
Description:
The System Restore initialization process failed.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 05 00 00 00 ....

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 2/20/2012
Time: 12:40:42 AM
User: N/A
Computer: YOUR-5E03CF73DE
Description:
The lxecCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 2/20/2012
Time: 12:40:42 AM
User: N/A
Computer: YOUR-5E03CF73DE
Description:
Timeout (30000 milliseconds) waiting for the lxecCATSCustConnectService service to connect.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 111
Date: 3/6/2012
Time: 1:56:33 PM
User: N/A
Computer: YOUR-5E03CF73DE
Description:
A restoration to "Software Distribution Service 3.0" restore point failed. No changes have been made to the system.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

According to diskmgmt.msc the C: drive has 128.86 GB free and the D: drive has 5.08. The D drive is listed as a local disk on their computer. But if System Restore failed due to lack of space on the D, wouldn't it show an error relating to that?

Sorry to sound like a doofus, but at this point I would rather have someone say, "Well duh. I can't believe you missed..." and point a glaring error out to me because at least this darn thing would be fixed. Thanks again for your help!

[Ndhlp]

I don't know if this will help but in poking around the Event Viewer I noticed that this trojan was found on several occasions by Avira and put into quarantine starting on 06 Feb which was way before they started having problems.

Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\~17424164
[DETECTION] Is the TR/Fakealert.grb.174 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ccb1d86.qua'.

Begin scan in 'C:\Documents and Settings\Owner\Local Settings\temp\hdd32.exe'
C:\Documents and Settings\Owner\Local Settings\temp\hdd32.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c3f7cb4.qua'.

The Crypt.XPACK.Gen Trojan came up on the 24th of Feb as well.

What do you think about trying a restore point prior to 07 Feb?

[MrCharlie]

Go ahead and try that, let me know, MrC

[Ndhlp]

No luck. I disabled the internet connection, Avira, and the firewall and still had the same message as before in Normal mode.

I tried again in Safe Mode (no networking) and the same problem. It did take longer to run in Safe Mode which gave me hope, but no luck in the end. I did double check to make sure files were still unhidden prior to starting.

For some reason I had difficulty in disabling the internet connection today. My computer > Network Connections > LAN and 1394
I would click on disable and nothing would happen. Or, one would and the other wouldn't. I would close the window and reopen and it would be disabled. I ran an MBAM quick scan after everything was done but it was clean.

[MrCharlie]

OK, well I'm running out of ideas.

I can suggest you visit the MS Fixit site and run some of the diagnostic software and see if it finds and fixes some of the issues.
There's a lot of fixes there to try:

http://support.microsoft.com/fixit/

We may be looking at a repair install.

Let me know, MrC

[Ndhlp]

THANK YOU. I will run through the Microsoft link you provided and keep my fingers crossed. I may not have too much time this weekend.

I'll at post back by Monday night. Thanks again and have a good weekend.

[MrCharlie]

Thanks and you too! MrC

[Ndhlp]

I hope you had a nice weekend.

Unfortunately, the Microsoft Fix It Center seems to have problems functioning for the last couple of days so I will try again tomorrow. I did try and run the diagnostic and first it said it wasn't compatible (not so according to its specs), and then I downloaded it to the desktop and tried to run it from there but all it says is "Fix it Center Set Up has encountered an error. An unexpected error has occurred. Please close and try to run Set Up again later."

I saw a few posts with the same error but no "fixes". It also does not show up in Add/Remove programs. I guess that's why its still in Beta

I would like another day or two to work at the linked site you suggested. If they do have to do a repair install, how does that affect all the Microsoft XP updates they've gotten over the years. It's still being supported so they should still be able to get them? (I've never done a repair install and am really not familiar with it...)

Thanks again for all your help. BTW, Malwarebytes forums really spoils their users with their professionalism and lack of garbage. Some software giants should take note!

[MrCharlie]

I actually had a Great weekend!

When I go to the MS FixIt center, I'm presented with Options: (I use Google Chrome as my browser)

1. > Select a problem area (Optional)
Top Solutions - Windows - Internet Explorer - Windows Media Player - Entertainment - Office - Other

I would click on one of them and then proceed to option 2

--------------

2. > What are you trying to do? Windows

Highlight something

--------------

3. > View or run solutions

Example of the page with the solution that comes up:
http://support.micro...zes_or_crashes/

I've noticed some of the fixes won't work with XP though

------------------------------------

I would like another day or two to work at the linked site you suggested. If they do have to do a repair install, how does that affect all the Microsoft XP updates they've gotten over the years. It's still being supported so they should still be able to get them? (I've never done a repair install and am really not familiar with it...)

Well first..what kind of computer is this and do you have any restore disks that came with it?
Some computers have a restore partition on the hard drive.

A repair install will wipe all those update out, you'll have to reinstall them and they're still available.
There is a way to slip stream SP3 into it the disk, if you have one.

Thanks again for all your help. BTW, Malwarebytes forums really spoils their users with their professionalism and lack of garbage. Some software giants should take note!

That's because we're all volunteers, we do this cause that what we do!

Let me know....MrC

[Ndhlp]

Glad you had a great weekend and thanks again for the help. Unfortunately none of the solutions at http://support.microsoft.com/fixit/ applied to XP System Restore issues.

I did find out after a bit of digging that someone who had had the same "Fix it Center Set Up has encountered an error. An unexpected error has occurred. Please close and try to run Set Up again later."
discovered that although he had XP with SP3 there were some non-critical Windows Updates that were needed in order to get Mr. Fixit to run on his computer.

They were: Net Framework 2.0 or 3.5, PowerShell 2.0, and Microsoft Core XML 6.0
I know they have the PowerShell but I am unsure about the other two, I will check tomorrow and try Mr. Fixit again. If that doesn't work I guess I'll have to try a repair reinstall. (?)

The computer they have is a Gateway DX110S
XP Home Edition Version 5.1.2600 SP3
Hot Fix: KB982802

RAM 1GB
130.08 GB free on Hard Disk (C and D)

They said only one CD came with their computer. It looks like their rescue disk from Gateway...Microsoft XP Home Edition Operating System Disc, V1.3R1 dated 12/05

I have the 5 original Microsoft Works Suite 2002 from my old XP laptop if that will help (with the product key).

Thanks again

[MrCharlie]

They said only one CD came with their computer. It looks like their rescue disk from Gateway...Microsoft XP Home Edition Operating System Disc, V1.3R1 dated 12/05

That sounds like the only solution, make sure you back-up everything and have the product key.

MrC

[Ndhlp]

Thanks for all your help. It looks like I will definitely have to do the repair install. Not looking forward to that.

I will definitely install the paid version of MBAM when it's back up and running though!