• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PC May have been compromised

Status
Not open for further replies.
#41
FRST FIX killed Internet access on my machine (I'm using another machine that I have to post this reply). I was afraid something would get messed up with the deletions. I'm attaching the FIXLOG file here. Then I'll start the Acronis restore from my backup (that takes about three hours)to restore my machine from last night.

Understand that I am not complaining about your helping me - I appreciate everything you are doing for me.
 

Attachments

  • Fixlog.txt
    14.9 KB · Views: 17
Last edited:
#46
Actually - if all you did was flush the DNS internet wise then I expect that we can dispense with that and we can resume with the other steps you outlined after I do the Acronis restore .
 
#47
User101 said:
what does Repair Install do?
Click to expand...


Install (use the direct download) the Tweaking.com - Windows all in one repair tool. Then boot Windows into Safe Mode, (Make Certain To Run This Program As Administrator) then run through the Prescan on step 2 tab. Then skip to step 5 and create a system restore point. Then go to the repair tab...

Notice create a registry backup is ticked by default, so no need to do so in step 5...
upload_2016-12-6_9-21-46.png


Now run the program, with the boxes ticked in the picture below.

Click Image Below For Better Resolution.

upload_2016-12-6_9-21-46.png


May want to save picture or write down what boxes need ticked, since you will run this in Safe Mode.

Important: Make certain to reboot twice after running this tool!!




Gets everything back in order. Just to let you know I have never had any issues such as this with such a simple fix , it appears from your logs that your HDD may be on it's way out.

Code: 
Error: (12/05/2016 11:59:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.

Error: (12/05/2016 11:59:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.

Error: (12/05/2016 11:59:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.

Error: (12/05/2016 11:59:35 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.

Error: (12/05/2016 11:59:35 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR5.

Might I suggest a CHKDSK /r /f Run ths after you do a windows all in one repair.


Run chkdsk /f /r from elevated command prompt.

 
#48
User101 said:
Actually - if all you did was flush the DNS internet wise then I expect that we can dispense with that and we can resume with the other steps you outlined after I do the Acronis restore
Click to expand...


We also removed a few redundant files, none of which I had any issue with before, not sure what happened on your end as your machine was the first to respond this way, i suspect things are not right with your machine.... Hence the repair and check disk --- which should put things in order. :)
 
#50
thank you for all the detail explanations. Will have to restore machine before I can access the links.

Have not gone to SP1 because my experience with Microsoft (whom I don't trust) is that if something is working (more or less) don't look for trouble by updating it. And if I did update and it went bananas I don't have someone to come here and do a hands-on fixing (I've seen that happen enough times at work).
 
#51
I suggest creating a backup then going to SP1 and see how things go from there. Others I think we are dead in the water. Nothing in my fix should have caused internet loss, But the errors in yuor HDD are concerning. If your hDD is failing then many un for seen errors are bound to arise.
 
#52
User101 said:
thank you for all the detail explanations. Will have to restore machine before I can access the links.

Have not gone to SP1 because my experience with Microsoft (whom I don't trust) is that if something is working (more or less) don't look for trouble by updating it. And if I did update and it went bananas I don't have someone to come here and do a hands-on fixing (I've seen that happen enough times at work).
Click to expand...

Hi User101,

Please pardon my intrusion here. It is not my intention to offend you in any way, but...

Have you ever allowed Windows to update since you bought the computer? I see you still have IE8 installed which is the version that Win7 was shipped with and no SP1. Updates are there to correct bugs in the system (and sometimes to add minor functions) - and there are thousands of bugs, not to mention the many security patches to protect you from the enormous amount of malware floating around in cyber space waiting for the next outdated system to be detected so it can be used to spread malware. It is perfectly alright if you want to live with the bugs and do not want to update if you are happy with your system, so why bother, but you come here because you encountered a problem and one of the first things we are going to ask of you is to update your system. We are trained professionals. That is what trained professionals do.

Your connection issue may be due to the multiple security programs you have installed. See below:

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
Click to expand...

The real-time protection of two or more antivirus programs may conflict with each other and cause the following:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

Avast Pro Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
ZoneAlarm Security (x32 Version: 10.2.081.000 - Check Point Software Technologies Ltd.) Hidden
Click to expand...
Without doing the research, I do believe that Avast Pro has a firewall and you not only have the ZoneAlarm firewall installed but it appears that the Windows Firewall is enabled as well.

This could be the number one reason why you can not connect to the internet. Personally, I would uninstall all the above programs except one. Let us know which one you want to keep. ZoneAlarm will need to be unhidden with a fix script before you uninstall it through the Control Panel. We'll then need to double check to see if all the residual files were removed properly to prevent conflict.

Donna :)
 
  • Like
Reactions: gus, Malnutrition and veeg
#53
My apologies. After reviewing the previous posts more thoroughly, I see that Malnutrition instructed you to uninstall Avast and Microsoft Security Essentials here. I am wondering if residual services left behind by the uninstall is what preventing you from connecting to the internet. I still think the cause is related to the security software...

Let me know where you are at with this. I would like to see a fresh set of FRST logs to make sure all residual files were removed and possibly check the services to see which are running. Could be why you can not create a restore point.
 
  • Like
Reactions: Malnutrition
#54
DonnaB:

You are not intruding. I welcome your comments and advice. To answer your question: yes, I have applied many Windows fixes. Just have not gone to SP1. My experience with Microsoft - and I understand you disagree with this - is that if something from Microsoft is mostly working, leave it alone. There's a good chance it will get worse or break if I touch it. (I have seen that both at work and on my home machines.) I won't get in to the issue of Microsoft's philosophy of "fixing" and changing things as they please without regard for the customer.

I appreciate, and in general agree with, your approach to have software at a more "current" level. I do regular updates on my non-Microsoft products (including, but not limited to, security ones) but with them I can quickly tell if the new release has a problem and can easily regress to the previous one. With Windows it can be not immediately obvious and/or not easy to regress what has changed and doesn't work.

IE8 is indeed there but I do not use it. I use FF and, if an A/B test is needed, Chrome.

I had removed MSE but the FRSTFIX disabled my Internet access. I restored my disk backup, which had MSE in it. I'll remove MSE again.

Regarding the firewall, Avast Pro, which is what I have, does not include a firewall (that's in Avast Premier and Avast Internet Security). The ZA version that I have has a problem when I turn on Application Control and so that part is off. When I can get my machine stable I'll try replacing it with ZA 2017 Free.

From other indications, I believe what you and Malnutrition have written about the disk having problems is correct. I will run Chkdsk to verify that, and if confirmed order a replacement disk.

Again, I really do appreciate your taking the time to write your posts to help me.
 
  • Like
Reactions: jmarket
#55
I don't understand this. One of the scans above showed disk errors and observing how the machine is running agrees with that. But Chkdsk found nothing:

Checking file system on C:

The type of the file system is NTFS.

Volume label is OS.


A disk check has been scheduled.

Windows will now check the disk.


CHKDSK is verifying files (stage 1 of 5)...

Cleaning up instance tags for file 0x23bed.

Cleaning up instance tags for file 0x2445b.

293632 file records processed.

File verification completed.

2073 large file records processed.

0 bad file records processed.

0 EA records processed.

93 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...

375006 index entries processed.

Index verification completed.

0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...

293632 file SDs/SIDs processed.

Cleaning up 1212 unused index entries from index $SII of file 0x9.

Cleaning up 1212 unused index entries from index $SDH of file 0x9.

Cleaning up 1212 unused security descriptors.

Security descriptor verification completed.

40688 data files processed.

CHKDSK is verifying Usn Journal...

35039544 USN bytes processed.

Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

293616 files processed.

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

158321534 free clusters processed.

Free space verification is complete.

Windows has made corrections to the file system.



961187836 KB total disk space.

327356420 KB in 225771 files.

118520 KB in 40689 indexes.

0 KB in bad sectors.

426756 KB in use by the system.

65536 KB occupied by the log file.

633286140 KB available on disk.



4096 bytes in each allocation unit.

240296959 total allocation units on disk.

158321535 allocation units available on disk.



Internal Info:

00 7b 04 00 e7 10 04 00 a3 33 07 00 00 00 00 00 .{.......3......

75 06 00 00 5d 00 00 00 00 00 00 00 00 00 00 00 u...]...........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................



Windows has finished checking your disk.

Please wait while your computer restarts.

</Data>

</EventData>

</Event>
 
#56
Hi user101,

I apologize for the delay. Just got home from work and need to settle in, make dinner, etc..

Before I do that I wanted to take a moment to see if you replied. You did! Excellent.. :) I need a bit of time to review the whole topic here so I can see what all has been done and what brought you to this point.

My experience with Microsoft - and I understand you disagree with this - is that if something from Microsoft is mostly working, leave it alone. There's a good chance it will get worse or break if I touch it.
Click to expand...
I am not going to disagree with you. Everyone has their opinion and my personal feelings for MS are what they are and I feel at times we are at their mercy, hands tied. I am still somewhat peeved at MS with that forced upgrade to W10. The way I see it, if I want a W10 computer I'll go buy a brand new one that was designed for W10.

As for windows updates, I have mine configured to download but let me choose which to install and I refuse to be their guinea pig for patch Tuesday. Fortunate for me, I am in a position where I frequent many forums to learn about the failed updates before I install them and have a good friend who is the Windows Updates king (a real whiz kid) so I know a little bit about WU's and have access to his private Windows Updates training ground. You really should allow SP1 to download and install for the sake of your system.

As for IE8, even though you do not use it, it is outdated and malware can detect this and use it as a way to attack your system.

As for chkdsk, no bad sectors so that is good but it appears there were corrections made to the files system > Windows has made corrections to the file system.

Probably wouldn't hurt to run system file checker a couple times. To do that,


SFC Scan

  • Click on the Start
    Start%20Orb.jpg
    button and in the search box, type cmd.exe
  • When you see cmd in the list, right-click on it and select Run as administrator
  • When command prompt opens, please type or copy/paste the following command into it, then press Enter

    sfc /scannow

    Wait for this to finish before you continue.

    Once the scan completes, type or copy/paste the following into notepad

    @echo off
    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcresults.txt"
    notepad %userprofile%\Desktop\sfcresults.txt
    del %0

  • Click on File > Save As... and type sfc.bat then click Save
  • Right click on the .bat file and choose Run as administrator.
  • This will create the file, sfcdetail.txt on your Desktop and the .bat file icon will self delete. Please upload this file to your next post.

I restored my disk backup,
Click to expand...
What condition was your disk in when to created that back up? Many people don't realize that if the back up is "tainted" the system will only reflect the condition it was in at the time of the back up. So, if the back up is not stable it's not worth going back to.

One of the scans above showed disk errors and observing how the machine is running agrees with that.
Click to expand...
Please share with me, what exactly are you experiencing? Go into as much detail as possible.

In the meantime, let me get the family off my back and fix them their dinner so I can go over this topic with a fine toothed comb to see what is going on with that connection thing. What little I saw yesterday, that should not have happened with any of the fixes that Malnutrition had you execute. I am thinking this is a software issue due to one of the security programs or a setting configuration. For all we know it could have been a ZA update that caused this. I have seen that happen with the Norton firewall many times. Could the same happen with ZA? Sure it can!

You mentioned ZA 2017 free. Do you mean the free AV and firewall? Only link I found to that is not at the ZA site. I don't trust nor use sites like softonic, softpedia, cnet, etc. for downloads. They bundle software in with their downloads that they get paid for if you install it.

Back as soon as I can.
 
Last edited by a moderator:
  • Like
Reactions: Malnutrition
#57
Hi user101,

I have reviewed the full topic. Let me know where you are at with this...

Are you still unable to connect? I would like to see fresh FRST/Addition.txt logs though if you are not able to connect we will need to use a USB Flashdrive to transfer files so you can post them in the forum.

Thank you,
Donna :)
 
  • Like
Reactions: Malnutrition
#58
DonnaB

Thank you for your lengthy posts - they are appreciated :)
Having restored my PC from the latest backup (at that time) I have full Internet access and back to where I was. I do backups daily (more than that if I'm running a "scan/fix" tool) so my backup that I used was a stable one of the pre-FRBR machine.

Thank you for pointing out the IE8 exposure. I'll get if off the machine.

ZA is not set to do automatic updates so that wasn't the cause. By the way, the ZA 2017 FREE has to be installed without the AV. Otherwise it will not run with Malwarebytes. It is available to be downloaded directly from ZA (Checkpoint) site http://www.zonealarm.com/software/free-firewall/.

In searching SFC I found that it will "fix" bad files that it finds. So first I need to do another backup before I run it and I won't have time to run the SFC today (it make take hour+ to run and if there is a problem need time to restore PC, which I can't do today). Will do it on Sunday and post everything as you requested.

As for what I've been seeing regarding the disk, I have seen delays when starting the machine. There have also been one or two occasions when it hung during startup and I had to do a button hard shutdown, after which it started up OK. I have seen delays in some programs starting up (from an analysis that was done defragging is not an issue). In addition, Acronis backups run but half the time do not update the catalog (I have to manually force the update). Acronis support said that one cause of this problem can be hardware issues. Given all of this I was expecting Chkdsk to find something.

By the way, someone told me that he heard about software (from Dell??) that can do a check on the PC's components (motherboard, cards etc.). Have you heard of something like that?

Not related to this topic but I love your tag line in your signature.
 
#59
Hi user101,

Do me a favor, don't do anything more in the way of restoring for the moment. You're only prolonging the process and wasting my time (nothing personal) of getting your system running in tip top shape by undoing everything that has been done. The backup is fine since you now have internet access, but I was waiting for you to reply because in your absence I was preparing a fix to correct the registry keys that rendered your computer unconnectable. But now that you are able to connect, I want to see more logs to see where we are at with this so we can move forward to getting your system in working order.

But first, let's talk...

Not related to this topic but I love your tag line in your signature.
Click to expand...
I put that there so you could see what my credentials are and qualifications and that you are in good hands.

My dear, you need to start trusting the right people or you will always be the victim. I am not trying to impress you in any way nor offend you, but I am a global instructor that teaches malware analysis\removal to 14 yr olds that know more about computing than you do and I want to help educate you and share my knowledge to protect you from being the next victim but there is not much I can do if you continue to not trust the need to update your system. This is one reason why you have so many issues. Like it or not, you have to update your system using Windows Updates.

User101, please do not take this personal. I am doing my best to not only help you, but to educate you as well to make your computer user experience more enjoyable and rewarding. You may not like it, but you are going to have to learn to trust Microsoft and that they have your best interests in mind when they offer Window Updates.

I read in your first post where you allowed a total stranger to access your computer and he wanted you to pay $400 to fix what he found ($500 if you delayed). What I don't understand is why you would allow a total stranger to access your computer that could result in stealing your private passwords and other credentials, yet you will not allow MS updates to install vital security patches that will protect you from file encrypting ransomeware that could do much worse. Do you pay your bills online, do any kind of banking etc.?

Thank you for pointing out the IE8 exposure. I'll get if off the machine.
Click to expand...
Oh my goodness no! Please do not do uninstall IE. Like one brick that strengthens a solid wall, IE is integrated into the Windows operating system. Internet Explorer's rendering engine is also used throughout Windows and with third-party applications as an embeddable component, it won't completely uninstall—only the executable is actually removed. Explorer.exe is a part of IE so if you remove IE, you won't have your file browser, classic start button, start search, desktop, etc.

The point I was trying to make is that you say you keep all your other 3rd party software updated, yet you leave Windows software outdated and vulnerable. I don't care if you use the software or not. You still need to keep it updated.

Your back ups? Where are you saving them to? If on your computer somewhere, you may not be able to use them if you uninstall IE (I never tried that so not sure) and if your computer crashes you are doomed because you will not be able to restore the system using the backups.


By the way, someone told me that he heard about software (from Dell??) that can do a check on the PC's components (motherboard, cards etc.). Have you heard of something like that?
Click to expand...
Yes. Many branded computers (Dell, Hewette Packard (aka HP), ASUS, etc.) have on board, built in diagnostic tools. What make and model is your computer? I will need that to find out exactly what is included on your computer and provide instruction on how to access and use them.

Now that you have your connection back, I need to see some logs now.

If the copy of FRST is still on your desktop, please right click and delete it. That program is updated daily and I want you to use a fresh, updated copy to provide logs for m viewing pleasure. Once it is deleted, please do as follows:

Since your system is 64-bit, I need for you to download Farbar Recovery Scan Tool to your desktop from link below:

For x64 bit systems download Farbar Recovery Scan Tool x64.

  • Right click on the FRST.exe and choose Run as administrator.
  • When the tool opens click Yes to disclaimer.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press Scan button.
  • Please copy and paste both logs into your next reply.

Donna :)
 
Last edited by a moderator:
  • Like
Reactions: jmarket and Malnutrition
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu