Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: VistaAntispyware 2012 ???  (Read 29657 times)

0 Members and 1 Guest are viewing this topic.

MtlHab39

    Topic Starter


    Beginner

    • Experience: Beginner
    • OS: Unknown
    Re: VistaAntispyware 2012 ???
    « Reply #60 on: February 18, 2012, 08:54:57 PM »
    Here is the cntrlV post; I hope I did this correctly; the black screen opened up as you said but even if I had the 7z file within the USB not sure if it ever acted upon the unzip file; sorry if I screwed up. 

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
    2), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

         Size  Device Name          MBR Status
     --------------------------------------------
       149 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: VistaAntispyware 2012 ???
    « Reply #61 on: February 19, 2012, 11:49:50 AM »
    One last thing to try.

    Following steps involve registry editing. Please create new restore point before proceeding!!!

    How to:
    XP - Create new Restore Point
    Vista and Seven - Create a new Restore Point

    Download XP.zip file from here: XP.zip
    Unzip the file.
    You'll find six files inside.
    Right click on MpsSvc.reg file, click "Merge".
    Allow registry merge.
    Restart computer and see if internet works.

    If not ask please post fresh Farbar Service Scanner log.
    Windows 8 and Windows 10 dual boot with two SSD's

    MtlHab39

      Topic Starter


      Beginner

      • Experience: Beginner
      • OS: Unknown
      Re: VistaAntispyware 2012 ???
      « Reply #62 on: February 19, 2012, 12:45:02 PM »
      Hi Dave
      Sorry for the confusion but should it be vista.zip since the laptop is a vista? or the XPzip?
      Thanks

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: VistaAntispyware 2012 ???
      « Reply #63 on: February 19, 2012, 04:06:24 PM »
      Sorry. Choose the Vista zip.
      Windows 8 and Windows 10 dual boot with two SSD's

      MtlHab39

        Topic Starter


        Beginner

        • Experience: Beginner
        • OS: Unknown
        Re: VistaAntispyware 2012 ???
        « Reply #64 on: February 19, 2012, 04:33:21 PM »
        Device manager is telling me that it cannot support a system restore point because of
        0x80070032 could not support it.

        Should I still go ahead with the Vista MpsSvc.reg file "Merge?

        Also noticed when I went into device manager that there is a yellow caution sign besides Microsoft ASATAP adapter.

        Should I have been trying the above under safe mode?

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: VistaAntispyware 2012 ???
        « Reply #65 on: February 19, 2012, 07:04:49 PM »
        Quote
        Also noticed when I went into device manager that there is a yellow caution sign besides Microsoft ASATAP adapter.
        Here's some information about that.
        Quote
        Should I still go ahead with the Vista MpsSvc.reg file "Merge?
        Yes, please.
        Windows 8 and Windows 10 dual boot with two SSD's

        MtlHab39

          Topic Starter


          Beginner

          • Experience: Beginner
          • OS: Unknown
          Re: VistaAntispyware 2012 ???
          « Reply #66 on: February 20, 2012, 03:58:44 PM »
          Did the merge and no change.
          Here is latest Farbar. 
          Dave, perhaps let me know how to restart at initial settings (anything important has been on USB and is safe at work) unless you feel that some of my attempts were not perfectly done (could be).

          Farbar Service Scanner Version: 10-02-2012
          Ran by Costa (administrator) on 20-02-2012 at 17:54:41
          Running from "E:\FarBar"
          Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
          Boot Mode: Nerwork
          ****************************************************************

          Internet Services:
          ============
          Dnscache Service is not running. Checking service configuration:
          The start type of Dnscache service is OK.
          The ImagePath of Dnscache service is OK.
          The ServiceDll of Dnscache service is OK.

          Dhcp Service is not running. Checking service configuration:
          The start type of Dhcp service is OK.
          The ImagePath of Dhcp service is OK.
          The ServiceDll of Dhcp service is OK.

          tdx Service is not running. Checking service configuration:
          The start type of tdx service is OK.
          The ImagePath of tdx service is OK.


          Connection Status:
          ==============
          Localhost is accessible.
          LAN connected.
          Google IP is accessible.
          Yahoo IP is accessible.


          Windows Firewall:
          =============
          MpsSvc Service is not running. Checking service configuration:
          The start type of MpsSvc service is OK.
          The ImagePath of MpsSvc service is OK.
          The ServiceDll of MpsSvc service is OK.
          Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

          bfe Service is not running. Checking service configuration:
          The start type of bfe service is set to Demand. The default start type is Auto.
          The ImagePath of bfe: "NADA".
          Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
          Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


          Firewall Disabled Policy:
          ==================


          System Restore:
          ============
          SDRSVC Service is not running. Checking service configuration:
          The start type of SDRSVC service is OK.
          The ImagePath of SDRSVC service is OK.
          The ServiceDll of SDRSVC service is OK.
          Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

          VSS Service is not running. Checking service configuration:
          The start type of VSS service is OK.
          The ImagePath of VSS service is OK.


          System Restore Disabled Policy:
          ========================


          Security Center:
          ============
          wscsvc Service is not running. Checking service configuration:
          The start type of wscsvc service is OK.
          The ImagePath of wscsvc service is OK.
          The ServiceDll of wscsvc service is OK.
          Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


          Windows Update:
          ============
          wuauserv Service is not running. Checking service configuration:
          The start type of wuauserv service is OK.
          The ImagePath of wuauserv service is OK.
          The ServiceDll of wuauserv service is OK.

          BITS Service is not running. Checking service configuration:
          The start type of BITS service is OK.
          The ImagePath of BITS service is OK.
          The ServiceDll of BITS service is OK.
          Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

          EventSystem Service is not running. Checking service configuration:
          The start type of EventSystem service is OK.
          The ImagePath of EventSystem service is OK.
          The ServiceDll of EventSystem service is OK.


          Windows Defender:
          =============
          WinDefend Service is not running. Checking service configuration:
          The start type of WinDefend service is set to Demand. The default start type is Auto.
          The ImagePath of WinDefend service is OK.
          The ServiceDll of WinDefend service is OK.


          File Check:
          ========
          C:\Windows\system32\nsisvc.dll => MD5 is legit
          C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
          C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
          C:\Windows\system32\Drivers\afd.sys => MD5 is legit
          Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
          C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
          C:\Windows\system32\dnsrslvr.dll => MD5 is legit
          C:\Windows\system32\mpssvc.dll => MD5 is legit
          C:\Windows\system32\bfe.dll => MD5 is legit
          C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
          C:\Windows\system32\SDRSVC.dll => MD5 is legit
          C:\Windows\system32\vssvc.exe => MD5 is legit
          C:\Windows\system32\wscsvc.dll => MD5 is legit
          C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
          C:\Windows\system32\wuaueng.dll => MD5 is legit
          C:\Windows\system32\qmgr.dll => MD5 is legit
          C:\Windows\system32\es.dll => MD5 is legit
          C:\Windows\system32\cryptsvc.dll => MD5 is legit
          C:\Program Files\Windows Defender\MpSvc.dll
          [2008-01-20 21:33] - [2008-01-20 21:33] - 0272952 ____A (Microsoft Corporation) 4575AA12561C5648483403541D0D7F2B

          C:\Windows\system32\svchost.exe => MD5 is legit
          C:\Windows\system32\rpcss.dll => MD5 is legit


          **** End of log ****

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: VistaAntispyware 2012 ???
          « Reply #67 on: February 21, 2012, 11:37:44 AM »
          Quote
          Dave, perhaps let me know how to restart at initial settings
          Do you mean to do a complete Recovery?
          Quote
          unless you feel that some of my attempts were not perfectly done (could be).
          No. I don't have a problem with how you performed the work at your end. It's just that C:\Windows\system32\Drivers\tdx.sys is missing.
          ComboFix said it replaced that file but for some reason it's still showing as MIA. If all your important data has been saved, perhaps a Recovery would be the best thing to do at this point. You can find the instructions in Reply # 42. Instead of Repair you should choose Windows Complete PC Restore
          Windows 8 and Windows 10 dual boot with two SSD's

          MtlHab39

            Topic Starter


            Beginner

            • Experience: Beginner
            • OS: Unknown
            Re: VistaAntispyware 2012 ???
            « Reply #68 on: February 22, 2012, 07:28:59 PM »
            Murphys Law has dictated that

            A valid backup location could not be found.  Attach the backup hard disk or insert the final DVD from a backup set and retry.

            AAgghh

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: VistaAntispyware 2012 ???
            « Reply #69 on: February 23, 2012, 11:42:22 AM »
            The only thing I can think of now is to find a Vista Home Basic disk to do the Restore.
            Windows 8 and Windows 10 dual boot with two SSD's

            MtlHab39

              Topic Starter


              Beginner

              • Experience: Beginner
              • OS: Unknown
              Re: VistaAntispyware 2012 ???
              « Reply #70 on: March 01, 2012, 08:29:23 AM »
              Hi SuperDave

              I want to thank you for all your help.
              Will try to find a disk somewhere; difficult to keep up as the desktop hard drive just crashed as well
              Thanks again
              MtlHab

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: VistaAntispyware 2012 ???
              « Reply #71 on: March 01, 2012, 11:55:56 AM »
              Hi SuperDave

              I want to thank you for all your help.
              Will try to find a disk somewhere; difficult to keep up as the desktop hard drive just crashed as well
              Thanks again
              MtlHab
              You're welcome and good luck getting into the playoffs. ;D
              Windows 8 and Windows 10 dual boot with two SSD's

              jimlucey



                Starter

                • Experience: Beginner
                • OS: Unknown
                Re: VistaAntispyware 2012 ???
                « Reply #72 on: March 09, 2012, 06:43:18 AM »
                Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.  If you want to help, please go here. Superdave.
                « Last Edit: March 09, 2012, 11:39:37 AM by SuperDave »

                MtlHab39

                  Topic Starter


                  Beginner

                  • Experience: Beginner
                  • OS: Unknown
                  Re: VistaAntispyware 2012 ???
                  « Reply #73 on: March 12, 2012, 10:03:34 AM »
                  Hi SuperDave
                  Which link in these forums is best for establishing security for 'new' HP lptop for teenager's usage, in terms of spyware, malware, etc?

                  The desktop has been Spybot and Avast protected so far.

                  BTW, Markov is back, the city is abuzz with the what-if??

                  Thanks again
                  Mtl

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: VistaAntispyware 2012 ???
                  « Reply #74 on: March 12, 2012, 12:36:30 PM »
                  In reviewing your thread I just realized that there appears to be no Anti-Virus on your computer. If this is, in fact, to be true please download and install one of these free AV's, then run a full scan. We also should do some cleanup

                  Remember to only install one antivirus!
                   
                  1) Avast! Home Edition
                  2) AVG Free Edition
                  3) Avira AntiVir Personal
                  4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
                  4-a) Microsoft Security Essentials for Windows XP
                  5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
                  6) PC Tools AntiVirus Free Edition
                  7) ThreatFire

                  It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
                  ***********************************************
                  Clean out your temporary internet files and temp files.

                  Download TFC by OldTimer to your desktop.

                  Double-click TFC.exe to run it.

                  Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                  TFC will close all programs when run, so make sure you have saved all your work before you begin.

                  * Click the Start button to begin the cleaning process.
                  * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                  * Please let TFC run uninterrupted until it is finished.

                  Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
                  **********************************************
                  Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

                  ***********************************************
                  Go to Microsoft Windows Update and get all critical updates.

                  ----------

                  I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                  SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                  * Using SpywareBlaster to protect your computer from Spyware and Malware
                  * If you don't know what ActiveX controls are, see here

                  Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                  Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                  Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                  Safe Surfing!
                  Windows 8 and Windows 10 dual boot with two SSD's