Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG showing trojan threats constantly [Solved]


  • This topic is locked This topic is locked

#46
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
If that didn't fix the Google issue your profile may be corrupted. I will keep researching this. Can you still use Chrome?

Let's get an antivirus program on the system.

  • Click here to go to the Microsoft Security Essentials download page.
  • Click the down arrow beside Select Your Version and select Windows Vista/ Windows 7 64-bit and click the Download button.
  • Download the mseinstall.exe file to the desktop.
  • Close the browser and all open windows.
  • Right click the mseinsall.exe file, click Run as Administrator and OK any UAC prompts to start the installation.
  • Follow any on screen instructions.
You can read more about getting started with MSE on this Microsoft Security Essentials page.

After MSE has been installed please run a full scan and let me know if anything was found.
  • 0

Advertisements


#47
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Okay the scan is finished, it says that 5 potential threats are detected on the computer. Under the "History" tab it listed one detected item that is called "Exploit:JS/Coolex.C" and it says the alert level is severe. And it wants me to click on a "Clean PC" button.
  • 0

#48
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
For the MSE scan, please click the Clean PC button.

Before completing Steps 1 and 2 please disable any screen saver you might have running.


Step-1.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the MalwareBytes icon on the desktop, click Run As Administrator, then click the Continue button on the UAC window.)
  • You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application and screen saver after running the above scan!


Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Double click the FSS.exe file to run it.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-4.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. the ESET scan log (If it found anything). If it didn't just tell me.
3. The FSS.txt.log
4. The checkup.txt log
  • 0

#49
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1Okay, so I ran the scan and had the log, but since I couldn't figure out how to temporarily disable MBAM for the second step I uninstalled it, and re installed it after the scan. But I couldn't find the log. Sorry :unsure:



2 C:\MGtools\Process.exe Win32/PrcView application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application
C:\Users\FamilyRoom\AppData\Local\Temp\Av-test.txt Eicar test file
C:\Users\FamilyRoom\AppData\Local\Temp\107918886.Uninstall\uninstaller.exe a variant of Win32/InstallCore.AZ application
C:\Users\FamilyRoom\AppData\Local\Temp\A73D43CB-BAB0-7891-A145-B03AFD61ECA0\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.F application
C:\Users\FamilyRoom\AppData\Local\Temp\A73D43CB-BAB0-7891-A145-B03AFD61ECA0\Latest\IEHelper.dll Win32/Toolbar.Babylon.E application
C:\Users\FamilyRoom\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\FamilyRoom\Documents\Teen SS\SmitfraudFix\Process.exe Win32/PrcView application
C:\Users\FamilyRoom\Documents\Teen SS\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\Users\FamilyRoom\Downloads\ARO2012_tbt.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\FamilyRoom\Downloads\asc-setup.exe a variant of Win32/ELEX application

3 Farbar Service Scanner Version: 13-09-2013
Ran by FamilyRoom (administrator) on 19-09-2013 at 07:29:33
Running from "C:\Users\FamilyRoom\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

4 Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java™ 6 Update 25
Java 7 Update 17
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#50
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

1Okay, so I ran the scan and had the log, but since I couldn't figure out how to temporarily disable MBAM for the second step I uninstalled it, and re installed it after the scan. But I couldn't find the log. Sorry

You didn't need to disable MBAM. It is an antimalware program and not an antivirus program. But let's see if we can find the log. Then we will kill the residual malware files and work on all of the system services that aren't working and the programs that need to be updated.


Step-1.

Show Hidden Files and Folders
  • Click the Start Orb. Click Computer.
  • On the next window, at the top of the window, click Tools then click Folder Options.
  • On the Folder Options window click the View tab.
  • Under the Files and Folders section:
  • Make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

    Posted Image
  • Also make sure that Hide protected system operating files(recommended) is un-checked.

    Posted Image
  • Also make sure the Hide extensions for known file types box is un-checked.

    Posted Image

    Posted Image

Step-2.

  • Right click the Start Orb and in the right column, click the user's name (it should be FamilyRoom). The FamilyRoom window will open.
  • In the left column under Folders click the down arrow beside AppData
  • Click the down arrow beside Roaming.
  • Click the down arrow beside MalwareBytes
  • Click the Logs folder. The right pane will populate with the list of log files.
  • Click, or double click, the log file with the most recent date on it to open it.
  • Copy and Paste the contents of this file into your next reply.

  • 0

#51
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Okay, thank you.


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
FamilyRoom :: FAMILYROOM-PC [administrator]

9/15/2013 12:58:12 PM
mbam-log-2013-09-15 (12-58-12).txt

Scan type: Full scan (C:\|F:\|G:\|H:\|I:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 470739
Time elapsed: 1 hour(s), 16 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp (PUP.Optional.WhiteSmoke.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\FRST\Quarantine\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.

(end)
  • 0

#52
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\MGtools\Process.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\Program Files (x86)\PDFCreator\message.exe
C:\Users\FamilyRoom\AppData\Local\Temp\107918886.Uninstall\uninstaller.exe
C:\Users\FamilyRoom\AppData\Local\Temp\A73D43CB-BAB0-7891-A145-B03AFD61ECA0
C:\Users\FamilyRoom\Documents\ApnStub.exe
C:\Users\FamilyRoom\Downloads\ARO2012_tbt.exe
C:\Users\FamilyRoom\Downloads\asc-setup.exe

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run Windows All-In-One

Download Windows Repair (all in one) from this site. Under the Installer (5.12 MB) click the Download button beside Direct Download and save the tweaking.com_windows_repair_aio_setup.exe file to the desktop.

Close the browser and all open windows

  • Right click the tweaking.com_windows_repair_aio_setup.exe file, click Run as Administrator and allow any UAC prompts to install the program. Let it install to the default locations. After the program has been installed:
  • Right click the Windows Repair (All-In-One) icon on the desktop, click Run as Administrator and OK any UAC prompts to launch the program.

    Posted Image
  • Go to Step 4 to create a Restore point and backup the Registry

    Posted Image
    • Under System Restore click the Create button. You will see a message saying that system Restore is creating a Restore point. When it is finished you will see a message saying that the Restore point wes created.
    • Under Registry Backup click the Backup button. When it is finished you will see the message telling you that the Registry is backed up.
    • Click the Next button. You will be taken to the Start Repairs screen.
  • On the Start Repairs tab click Start. You will see a Repair Options screen like the image below with the Default options checked.

    Posted Image
  • Please make the following changes:
    Click the box beside the following numbers to remove the checkmark:
    07
    08
    11
    17
    18
    22
    23
    24
  • In the lower right corner click the box beside Shutdown/Restart System when Finished and tick the radio button beside Restart System.
  • Click the Start button.
NOTE: These repairs will take some time to complete depending on the speed of the system, the number of files and the number of reg keys. On a few systems it is possible for these repairs to get stuck in an infinite loop and thus never complete. This is because of symbolic links. Symbolic links are a way for a folder or reg key to point to a different location. On a normal system this isn't a problem. But if a system has a bad link that points back to a parent path then everything it hits in that link it will hit it again and again forever.
IF the repairs are running for a insane amount of time then they are most likely stuck in a loop. If that is the case stop the repairs and let me know.


Step-3.

Please run the Farbar Service Scanner again using the instructions in Step 3. of post #48 and post the new FSS.txt log in your next reply.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The new FSS.txt log
  • 0

#53
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1 Okay so about 10 minutes into the scan I came over to check on it, and I noticed it had frozen, and it said "Not Responding" in the upper corner, and it was no longer doing anything. I left it alone for a bit, and when I saw it was still frozen I decided to close it out and restart the computer, when I logged back in I found the log it left. If you need me too I can run the scan again, but here's the log it left me:

Files\Folders moved on Reboot...
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_BD43FA56-D4CA-47C1-BB2D-B476502EB791.0\C0145762. not found!
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_7F1630B9-40CC-40EF-80D3-C93E2647413E.0\809095A5. not found!
File move failed. C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Windows\temp\hsperfdata_FAMILYROOM-PC$\1892 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


2

Farbar Service Scanner Version: 13-09-2013
Ran by FamilyRoom (administrator) on 20-09-2013 at 18:46:23
Running from "C:\Users\FamilyRoom\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#54
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Looks like you didn't run the Windows Repair tool and OTL didn't complete. So let's try this one step at a time.

Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\MGtools\Process.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
C:\Program Files (x86)\PDFCreator\message.exe
C:\Users\FamilyRoom\AppData\Local\Temp\107918886.Uninstall
C:\Users\FamilyRoom\AppData\Local\Temp\A73D43CB-BAB0-7891-A145-B03AFD61ECA0
C:\Users\FamilyRoom\Documents\ApnStub.exe
C:\Users\FamilyRoom\Downloads\ARO2012_tbt.exe
C:\Users\FamilyRoom\Downloads\asc-setup.exe

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

IF the scan hangs this time I want you to go into Internet Explorer and clear the TEMP files:

  • Click the Start Orb then click Control Panel.
  • Click Network and Internet
  • Under the Internet Options heading, click Delete browsing history and cookies. The Internet Properties window will open.
  • Under the Browsing history section click the Delete button and confirm any deletion prompts you get.
Don't be alarmed if this seems to stop responding also. Depending on how often you clean the Temp files this can take hours.

After it finishes try the OTL fix again.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
The OTL fixes log.
  • 0

#55
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\MGtools\Process.exe not found.
File\Folder C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe not found.
File\Folder C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe not found.
File\Folder C:\Program Files (x86)\PDFCreator\message.exe not found.
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\107918886.Uninstall not found.
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\A73D43CB-BAB0-7891-A145-B03AFD61ECA0 not found.
File\Folder C:\Users\FamilyRoom\Documents\ApnStub.exe not found.
File\Folder C:\Users\FamilyRoom\Downloads\ARO2012_tbt.exe not found.
File\Folder C:\Users\FamilyRoom\Downloads\asc-setup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FamilyRoom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10288708 bytes
->Flash cache emptied: 291 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14500 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 12057279399 bytes
RecycleBin emptied: 45335595 bytes

Total Files Cleaned = 11,552.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09222013_195000

Files\Folders moved on Reboot...
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_BD43FA56-D4CA-47C1-BB2D-B476502EB791.0\C0145762. not found!
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_7F1630B9-40CC-40EF-80D3-C93E2647413E.0\809095A5. not found!
File move failed. C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252F%253Fcid%253D62000.0001%2526utm_source%253D65687978_570033_272950_114486_2684_27264%2526utm_medium%253Dcpc%2526utm_campaign%253DEducation[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252F%253Fcid%253D62000.0001%2526utm_source%253D65687978_570033_272950_114486_2684_27264%2526utm_medium%253Dcpc%2526utm_campaign%253DEducation[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2kQ8fXSAxjbyBAgAA..%2526vpid%253D655%2526apid%253D180684%2526referrer%253Dhttp%25253A%25252F%25252Fads.adexchangemarket.com%25252Fshow_content[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A%252F%252Fwww.chinaflix.com%252Fvideoplayer_movie.php%253Fpid%253D162%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A%252F%252Fwww.chinaflix.com%252Fvideoplayer_movie.php%253Fpid%253D162%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fpr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D8193319%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fpr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D8193319%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\r%253De21b4e72bc680e3344d28e64925538e4%2526width%253D300%2526height%253D250%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\r%253De21b4e72bc680e3344d28e64925538e4%2526width%253D300%2526height%253D250%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#56
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

The new OTL fixes log shows that none of the files could be found so it did remove them on the last run. And it also shows why the tool seemed to hang up and display Not Responding at times: Total Files Cleaned = 11,552.00 mb
A lot of that rubbish was in the Chrome cache. That's a ton of cache and Temp files for any program to remove. I have seen it take hours and hours when cleaning that many cache/Temp files.

And I apologize, you did run the Windows Repair tool. I just misread the FSS log you posted. The Windows Repair tool fixed all of the broken services and replaced all of the missing Registry keys and values except one for the Action Center. We will replace that key and value with another OTL fix.
Then we need to update some programs.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Please run the Farbar Service Scanner tool again and post the new FSS.txt log so we can verify that the Action Center registry key/value was restored.


Step-3.

Posted Image JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u40
  • Click the "Download button under the JRE" column.
  • On the Java SE Runtime Environment 7u40 page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 7u40 heading:
    To install the version for your system:
    • For Windows 64bit systems, look for Windows x64 29.25MB, click the jre-7u40-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

  • Click Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Click to (highlight) any Java item. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    • JavaFX 2.1.1
      Java™ 6 Update 25
      Java 7 Update 17
  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
C.
Install the latest JAVA

  • Back on your desktop:
    • Right click the jre-7u40-windows-x64.exefile and click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Step-4.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
  • Windows Vista /7 Users: Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
  • Remove ALL instances of Adobe Reader. The version(s) I see on the computer are:
    • Adobe Reader 9
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here and save it to the desktop.
  • Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
  • Click the Download Now button to download Adobe Reader and follow the directions.
Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar or any other 3rd party software.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if the updates were successful.
2. Let me know what issues remain with the computer.
3. The OTL fixes log
4. The new FSS.txt log
  • 0

#57
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1 I updated Adobe, and I deleted Java.

2 The only issues I have are these: 1)I cannot view any pictures in the pictures files on the computer that were previously uploaded, the only pictures I can view are those that were downloaded from the internet. 2) Chrome still isn't saving any of my settings. Other then those two issues, everything seems to be in order.

3 All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FamilyRoom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 72678214 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 11327661 bytes
->Flash cache emptied: 602 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89810 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5624 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 80.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09242013_155213

Files\Folders moved on Reboot...
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_BD43FA56-D4CA-47C1-BB2D-B476502EB791.0\C0145762. not found!
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_7F1630B9-40CC-40EF-80D3-C93E2647413E.0\809095A5. not found!
C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_FAMILYROOM-PC$\1936 not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252F%253Fcid%253D62000.0001%2526utm_source%253D65687978_570033_272950_114486_2684_27264%2526utm_medium%253Dcpc%2526utm_campaign%253DEducation[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252F%253Fcid%253D62000.0001%2526utm_source%253D65687978_570033_272950_114486_2684_27264%2526utm_medium%253Dcpc%2526utm_campaign%253DEducation[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2kQ8fXSAxjbyBAgAA..%2526vpid%253D655%2526apid%253D180684%2526referrer%253Dhttp%25253A%25252F%25252Fads.adexchangemarket.com%25252Fshow_content[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A%252F%252Fwww.chinaflix.com%252Fvideoplayer_movie.php%253Fpid%253D162%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A%252F%252Fwww.chinaflix.com%252Fvideoplayer_movie.php%253Fpid%253D162%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fpr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D8193319%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fpr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D8193319%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\r%253De21b4e72bc680e3344d28e64925538e4%2526width%253D300%2526height%253D250%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\r%253De21b4e72bc680e3344d28e64925538e4%2526width%253D300%2526height%253D250%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


I don't know why it's still saying "not found", I'm sorry.

4 Farbar Service Scanner Version: 13-09-2013
Ran by FamilyRoom (administrator) on 24-09-2013 at 16:26:17
Running from "C:\Users\FamilyRoom\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#58
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Step-1.

For the Chrome issue:

  • Close Google Chrome.
  • Click the Start Orb. Right click Computer and click Explore. Windows Explorer will open.
  • Click the arrow beside Computer, click the arrow beside OS(C:), click the arrow beside Users, click the arrow beside FamilyRoom, click the arrow beside AppData, click the arrow beside Local, click the arrow beside Google, click the arrow beside Chrome, click the arrow beside User Data and click the Default folder to open it.
  • Find the file named Web Data and delete it.
  • Close chrome and restart it and see if chrome will save your settings now.

If that didn't work your Chrome profile is most likely corrupted. To create a new profile click here to go to the Chrome support page on how to create a new browser user profile. Click the blue link for Windows instructions and follow the instructions and then re-open Chrome and see if you are still getting the message.


Please let me know if either of the options above resolved the issue with Chrome.


Step-2.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • IMPORTANT: Click the greyed out NONE button at the top of the console.
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
    DO NOT check the boxes beside Lop Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if the issue with Chrome was resolved.
2. The new OTL.txt log
  • 0

#59
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1 The Chrome issue has been solved, thank you.


2 OTL logfile created on: 9/28/2013 10:06:55 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\FamilyRoom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 70.99% Memory free
16.00 Gb Paging File | 13.44 Gb Available in Paging File | 84.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.88 Gb Total Space | 767.04 Gb Free Space | 83.29% Space Free | Partition Type: NTFS

Computer Name: FAMILYROOM-PC | User Name: FamilyRoom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} >
"AutoStart" =

< End of report >
  • 0

#60
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

1 The Chrome issue has been solved, thank you.

You're welcome. Did deleting the Web Data file do it or did you have to create a new profile?

I think we are down to the pictures issue. In an earlier post you said that you couldn't import pictures from the camera because you got an Access Denied error message. In a later post, #57, you say that you can't view pictures that were previously uploaded.

Can you please describe the problem in as much detail as possible. Also could you try to copy one of the picture files to a different place, like the desktop, and then see if you can view it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP