this is my wife’s computer. windows xp professional SP3
here is briefly what happened. after i threw everything at this: malwarebytes, ccleaner, superantispyware, and even deleted some things which windows defender found as trojans, the computer still wasn’t connecting to windows updates and i couldn’t install microsoft fix it. this was before i found out about this forum. So at that time [june 20th i believe] I decided to revert back to a previous date in the restore option under admin tools. That automatically fixed the windows update issue, but then other things seemed to be messed up like the volume button no longer displays the volume indicator on the screen. the volume goes up and down when you press the button but the green bars on the screen are gone. and similar things like that. I left it alone because my wife wants to continue to go to school and it is working so what the heck right? but now I am starting to notice other things like a window just came up that said something about security certificates - do you want to proceed “yes” or “no” and I clicked “no”, and another one popped up even though i didn’t have a browser open, “no” again and then another one, etc. until eventually it stopped. And I regret not capturing it with screen capture… microsoft fix it still won’t install and windows defender seems like it is not updating itself now…
aswMBR says: service safeboot c:\windows\system32\drivers\safeboot.sys LOCKED 32
and computer seems to be running slower than before…
so I have decided to get going with this process, and I am very thankful and appreciative of you guys being here and helping us with this!
attached are MBAM, OTL and aswMBR logs
looking forward to working with you! Thanks again in advance!
Safeboot.sys is part of McAfees endpoint protection… Did you have that on the computer at some stage ?
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[]Accept the disclaimer and allow to update if it asks
[]Allow the installation of the recovery console
regarding McAfee - no she never had that installed
one of the viruses she had, looked like antivirus program but it wasn’t - it basically took over her entire system not letting you do anything…
now, I was able to screen capture the dialog box that is talking about the certificates. That is the first attachment.
Also when I ran Combo Fix it was trying to create a restore point but it said that the restore software wasn’t installed and tried to connect to the internet but said that I wasn’t connected, which I was, because I ran Chrome and Chrome was navigating to igoogle and google.com but super slow.
after Combo Fix was done it rebooted the computer and that is when the dialog box about the certificates popped-up again [after the reboot]. The second attachment is the first log that Combo Fix created.
after I ran FSS, and got that log [the third attachment] I decided to run Combo Fix one more time to see if this time it will do a restore point but the same thing happened - it said that I wasn’t connected to the internet even though i clearly was connected [I verified that via browsing with Chrome]. the fourth attachment is the second log that Combo Fix created.
Microsoft has messed up the location of the recovery console files so Combofix at this stage cannot download it
Do you have more than one user on the system ? If so could you log onto another user and see if the same popups appear as this appears to be a user related logon problem
but even before that I couldn’t install microsoft fix it center tool either, it says “encountered error”
plus the internet [chrome browser wise] runs much slower on this machine than any other machine in the house.
It seems to me that for some reason the programs are not able to connect to the internet or something of that sort. Eventhough the browser can. Like windows defender for example also doesn’t seem to update itself perhaps because it cannot connect to the internet…
see attached pictures for visuals taken in chronological order 1-3 and the 4th is MS fix it tool.
PS
besides - why does combo fix say that there is no recovery software installed, when I clearly was able to use windows recovery to restore to a previous date…
sorry i don’t know what is VM?
where is CC? what log am I looking for?
I have to go to work now… I will reply back in 8 hours. plus take note above post I posted a PS.
From those logs it appears that you thought you had sirfef/zero access
There is no indication of that and none of the tools you used would have cleared it
However as we are looking at well over a month some items would not show within my 30 day scan limit
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
i finished everything as per your instructions, unfortunately there is no change - all the problems are there as before… these last two exercises seemed to have made no difference…
going back to your comment: "However as we are looking at well over a month some items would not show within my 30 day scan limit "
in OTL there is an option to go back 60, 90 days etc. and i’ve done that before I ran the OTL scan and posted those logs. I just don’t remember which one [i am pretty certain that I selected the 60 days option]
anyway, hope that you can come back to me with some further instructions. thanks a million for all your help so far!
Could you go Start > Run and type in the following commands pressing enter after each one
This will re-register the CRL files that produce the revocation popup
