attach file

C:\ELEVATOR is a file for work. Are you looking to do something with that file? There is not that much info in there, I could probably recreate it if needed.

Hey Scott - Everything looks pretty good. Just a couple things left to do.

You should go into Add / Remove Programs and Uninstall these:

Adobe Reader 7.1.0
J2SE Runtime Environment 5.0 Update 3
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Then, download and install the updated and more secure Adobe Reader 9

Also, please download JavaRa.zip to your Desktop and Extract it to its own folder.

-- Make sure ALL browsers are CLOSED.
-- DoubleClick on JavaRa.exe to run it and then select your language of choice.
-- Click Remove Older Versions.
-- Follow the prompts and a log will pop up. You can post this if you wish - I really don't need it, though.
-- Then, please go to http://www.java.com/en/ to download and install the latest version of Java.

Keeping your Java up to date will lessen your chances of getting hit by more Vundo....


Also, this bothers me a bit:
12/6/2009 7:34:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

It looks like Norton is interfering with System Restore monitoring ability. I think you should address that - I'm not all that familiar with Norton (much too bloated IMO). That might be something you'd need to take up with them. You definitely do not want to lose System Restore functionality!

Personally, I'd check to see what SrtETmp does and if it is needed - if not needed, I'd delete it.

If you don't want to mess with that, then I suggest this:
-- Turn System Restore off.
-- Use ERUNT to back up the registry on a regular basis. You can even set it to run automatically, if so desired.

Cheers :)
PP

Viewpoint Manager (Remove Only)

I am not sure why you worded that one differently. Just like the others on the list I should remove all those, right?


Also,

12/6/2009 7:34:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Where do I find this when I call Norton. I have been on the phone with them daily with other issues I am having on my server. I would like to show them I am also having problems on my client computers as well as my server.

Let me know if I am supposed to remover all those programs and I will get this wrapped up tonight.

Thanks PP

Scott

Viewpoint Manager (Remove Only)
I am not sure why you worded that one differently. Just like the others on the list I should remove all those, right?

That's just the way it is listed in Add / Remove programs.
That one is not a big deal - not really malware. Rather, it is considered "foistware." Put there without your consent....

The other two definitely need to be replaced with updated versions.
With the Java, you especially need to remove older versions because Vundo can still exploit them even if you have the new version installed as well....

Also,
12/6/2009 7:34:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
Where do I find this when I call Norton. I have been on the phone with them daily with other issues I am having on my server. I would like to show them I am also having problems on my client computers as well as my server.

I would imagine if you read them that error message they could reference it.
The fact that the file name starts with Sr could indicate something that deals with System Restore monitoring, but that is merely a guess.
That error also occurred in one of Judy's threads here as well, so we are going to look into it. I hope to have some time this evening to do so. I don't like the idea of System Restore being disabled....

-- What happens if you turn System Restore Off and then turn it back on? Any error messages?

BTW: that C:\ELEVATOR folder - I was just asking because I did not recognize it. Malware often comes up with the strangest names for it's components. Often they are random characters, but sometimes they are random words . . . such as ELEVATOR. LOL!

PP:)

I will turn off system restore and turn it back on to see what that does. What report or where would I see that error message?

Thanks

OK, I removed and added the above programs.

Can I delete all the files and folders I put on my desktop or are we going to need these some more?

I would like to turn off system restore and turn it back on and see about that error. Where would I find that error?

Thanks for your help
Scott

Can I delete all the files and folders I put on my desktop or are we going to need these some more?

Yes - you can delete them.
Did you run Combofix /uninstall?

-- I should add that you should update Adobe and Java (and anything else that needs it) on all your other computers. Keeping up to date is the first line of defense.

I would like to turn off system restore and turn it back on and see about that error. Where would I find that error?

Well . .. In some cases, when you try to turn it back on, an error message will pop up saying that it us unable to monitor the drive.
If that doesn't happen, you'll need to check the event log.
http://support.microsoft.com/kb/308427

Your logs show Restore Points being set up until 12-3. Then comes the Norton message (haven't had time to check that out yet. Sorry - time is hard to come by).
I am not sure if this is due to the malware or solely a Norton thing. What bothers me is that you probably wouldn't know it had happened until you tried to use System Restore...

Frankly, I do not care much for Norton - It does the job, but is bloated and a resource hog. Should your subscription lapse, I'd suggest Kaspersky Internet Security 2010 as a better alternative. But that's just my opinion ;)

Thanks for your help
Scott

You're welcome - Happy to help :)

PP,
FYI my computer will allow me to turn off restart and then turn on system restore without any issue.

I did try to do a system restore when this issue came up and it wouldn't let me. The computer wouldn't let me do a lot of things so I just figured it was related to the sickness that the terminal had.

THanks again for all your help.

I did try to do a system restore when this issue came up and it wouldn't let me. The computer wouldn't let me do a lot of things so I just figured it was related to the sickness that the terminal had.

That could be the case because you had viable points set up to the 3rd of December.
Can you do a System Restore now? (to the point that was created when you turned it off and back on)

Judy has found a couple links that point to this as being related to Norton's "tamper protection."
http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=9633

http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2005113009323013

Maybe disabling the Tamper Protection will head off the System Restore errors, but I wonder what that will do to Norton's effectiveness?

I guess that's something you'll need to weigh.... It might be better just to turn off System Restore and use ERUNT instead, as I suggested before. At least for as long as you stick with Norton.

Cheers :)
PP

PP,
everytime I start up that terminal I get my desktop and a window of explorer opens that is C:\Program Files\Adobe\Acrobat.com.

I am not sure why that is showing up at startup but how can I stop that?

Thanks

PP,
everytime I start up that terminal I get my desktop and a window of explorer opens that is C:\Program Files\Adobe\Acrobat.com.

Well . . . There are a number of ways to stop this. You could uninstall the Acrobat.com component, but I would try that last.
Let's first see if we can remove the startup registry entry.

Please download HijackThis

Start HJT & press the "Do a system scan and save a log file" button. Please post that log for me.

PP :)

Hello PhilliePhan and sklingb,

This is Mike from the Norton Authorized Support Team.

I am responding to this thread to better explain the Norton Tamper Protection feature and how/why it affects the ability to complete a System Restore in Windows. This feature was put into place to thwart the affects of certain threats that try to disable security software. Due to the ever-increasing complexity of threats found on the internet, Norton products are tightly integrated with Windows to provide the highest level of protection. This process requires that certain system level files be "locked-down" which is why the System Restore feature may fail.

The overall effectiveness of the many technologies that provide protection from threats in Norton Internet Security are still preserved , as the instructions clearly state that if you do need to carry out a System Restore, that the Norton Product Tamper Protection feature will only be temporarily disabled. The real-time scanning engine , SONAR technologies, etc, are still active when this feature is disabled. The instructions in that document also tell you how to re-enable this feature after you have finished the System Restore.

Lastly, and this is for "sklingb", one of the advantages of having a subscription to Norton Internet Security is that you are entitled to free product updates for the life of your subscription. This allows you to take advantage of the new and enhanced features that come with the newer releases of the software, as well as the new threat detection and removal technologies as well. As soon as your current infections are resolved, I would strongly encourage you to update to the 2010 version of Norton Internet Security. Since you mention that your current installation was corrupted, please carefully follow the steps below to properly remove the 2009 version and then install the 2010 version.

1. Click on the following link to download the Norton Removal Tool:

Norton Removal Tool and Instructions

2. After you run the tool, please restart your computer. Log into Windows again and run the removal tool again. Restart your computer after it is finished running the second time as well.

3. Click on the link below and choose "Save File". This is the newest installer for Norton Internet Security 2010.

Download the latest installer for Norton Internet Security 2010

4. Double-click on the file to begin the installation, which should take 2-3 minutes total.

5. When the installation is complete, launch Norton Internet Security 2010 and manually run LiveUpdate to ensure you get the latest patches applied.

6. After the updates have been installed, complete a "Full System Scan" to make sure there are no more infections on your computer.

Let me know if you have any further questions.

Thank you,
Mike

That could be the case because you had viable points set up to the 3rd of December.
Can you do a System Restore now? (to the point that was created when you turned it off and back on)

Judy has found a couple links that point to this as being related to Norton's "tamper protection."
http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=9633

http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/2005113009323013

Maybe disabling the Tamper Protection will head off the System Restore errors, but I wonder what that will do to Norton's effectiveness?

I guess that's something you'll need to weigh.... It might be better just to turn off System Restore and use ERUNT instead, as I suggested before. At least for as long as you stick with Norton.

Cheers :)
PP

Michael York, I appreciate you getting involved with this. I spent several hours on the phone with someone from your company to reinstall internet security. I am hoping they installed 2010. Ironically there was an issue with the install with the Sonar. Sometimes it is on and other times it shuts itself off. As it stands now it is working.

The computer with the restore error is a networked computer running Endpoint Security. Is there a system within Endpoint that accounts for the system restore? I guess it got confusing having two computers involved. The sick one was running Endpoint and the healthy one was running Internet security. The helthy computer somehow got the corrupt file and had to be reinstalled. The sick computer, running End point, is the one with the restore error.

I hope that makes sense.

. . . . This process requires that certain system level files be "locked-down" which is why the System Restore feature may fail.
. . . . as the instructions clearly state that if you do need to carry out a System Restore, that the Norton Product Tamper Protection feature will only be temporarily disabled. . . . .
Let me know if you have any further questions.

Hi Mike - thanks for jumping in :)

I do have a question - If Norton disables System Restore monitoring as noted in the Event Log message, then there are no viable Restore Points being created thus defeating the purpose of the System Restore function. This is less than desireable.
How do we stop that from happening?

PP:)

PP, I have the same problem on another computer. Should I follow the same steps in this post? I will start a new topic.

Hi sklingb1,

Symantec Endpoint is an enterprise product and I do not support Enterprise products. I would suggest that you call our Technical Support line at : 1 800 342 0652 or 407 357 7600

Another way to get support is to sign up for the Symantec Community Forums and then post your question.

Symantec Endpoint Community Forums

Thanks,
Mike

Michael York, I appreciate you getting involved with this. I spent several hours on the phone with someone from your company to reinstall internet security. I am hoping they installed 2010. Ironically there was an issue with the install with the Sonar. Sometimes it is on and other times it shuts itself off. As it stands now it is working.

The computer with the restore error is a networked computer running Endpoint Security. Is there a system within Endpoint that accounts for the system restore? I guess it got confusing having two computers involved. The sick one was running Endpoint and the healthy one was running Internet security. The helthy computer somehow got the corrupt file and had to be reinstalled. The sick computer, running End point, is the one with the restore error.

I hope that makes sense.

Hi Mike - thanks for jumping in :)

I do have a question - If Norton disables System Restore monitoring as noted in the Event Log message, then there are no viable Restore Points being created thus defeating the purpose of the System Restore function. This is less than desireable.
How do we stop that from happening?

PP:)

Hi PhilliePhan,

Norton products do not disable or interfere with the monitoring of System Restore points. As long as System Restore is enabled, and there are no threats that have disabled or corrupted the restore points, the available restore points are visible in the Calendar view portion of the restore utility. In order to complete the process, you need to temporarily disable the Norton Product Protection feature that I explained earlier.

Thank you,

Mike

Norton products do not disable or interfere with the monitoring of System Restore points.

Thanks, Mike.

I am assuming SrtETmp is some sort of protected file? Judy has a recent thread with the same error, so I'm a bit curious....

It clearly states the SR has stopped monitoring - I imagine then that deleting SrtETmp is out of the question?

12/6/2009 7:34:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

PP:)

Hi PhilliePhan,

The file you mention is part of an Enterprise product that I do not support. I would suggest that you either contact Symantec Enterprise Support and/or join the Symantec Forums and post your question there.

Symantec Community Forums

Thanks,
Mike

Thanks, Mike.

I am assuming SrtETmp is some sort of protected file? Judy has a recent thread with the same error, so I'm a bit curious....

It clearly states the SR has stopped monitoring - I imagine then that deleting SrtETmp is out of the question?

12/6/2009 7:34:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

PP:)

The file you mention is part of an Enterprise product that I do not support. I would suggest that you either contact Symantec Enterprise Support and/or join the Symantec Forums and post your question there.

As an unpaid volunteer like most of us in the forums, I have neither the time nor the inclination to do that.
Hopefully Symantec has noted this problem and will address it.

Cheers :)
PP

the best thing now u can do is just format an re-install the os

the best thing now u can do is just format an re-install the os

Really?
Please explain the reasoning for that.

PP:)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.