Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible infection, wireless indicator has a red cross through but is


  • This topic is locked This topic is locked

#16
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Here are the logs, computer is behaving fine, still got all the same issues though. Thanks for your thoroughness and patience!

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.04.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Dom :: DOM-PC [administrator]

05/10/2013 18:37:44
mbam-log-2013-10-05 (18-37-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232448
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff3a365fbac3c349bc1d4aaa7a4bc36f
# engine=15362
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-05 11:00:15
# local_time=2013-10-06 12:00:15 (+1200, New Zealand Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 132604265 0 0
# scanned=284165
# found=6
# cleaned=6
# scan_time=7245
sh=21C23C470BDABB763D2FC372D86E9D3FB9F923AE ft=1 fh=1a43b0206fc57ad6 vn="Win32/HackTool.Crack.O application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Codemasters\DiRT 3\paul.dll"
sh=5B31FB5741304E8486ACFD81E30B314B87A28E9F ft=1 fh=b4b60b69ec22cbd1 vn="Win32/HackTool.Crack.O application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Codemasters\DiRT 3\SKIDROW.dll"
sh=785DFABC46C9C7565399D88303FCCEEE74CC3232 ft=1 fh=aec9b4377c177968 vn="a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=06586A975DD03695C96988C8E21CFB24CBCBC663 ft=1 fh=3674938796638cd0 vn="Win32/HackTool.Crack.BC application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Rockstar Games\LaunchGTAIV.exe"
sh=06586A975DD03695C96988C8E21CFB24CBCBC663 ft=1 fh=3674938796638cd0 vn="Win32/HackTool.Crack.BC application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"
sh=19B8CA2365A8414B4EDC8A06170977F1DFD2EA2E ft=1 fh=ec4cfa85e2cd59d5 vn="Win32/HackTool.Crack.BA application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Dom\Documents\FIFA 13\rldea.dll"


Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 24.0.1312.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

Advertisements


#17
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#18
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\cyberlink\powerdvd9\navfilter\kmsvc.exe
c:\program files (x86)\panasonic\photofunstudio 8.1 ae\movieretouch\resource\xaml\palette\data\stamp\s002_animation\s085_cracker.xaml
c:\programdata\adobe\photoshop elements\9.0\photo creations\backgrounds\bg_creamcrackled.metadata.xml
c:\programdata\adobe\photoshop elements\9.0\photo creations\backgrounds\cracked paint.metadata.xml
c:\users\dom\desktop\downloads\ad muncher 4.93 build 33707\ad muncher v4.93.33707 acue crack [liberator v2]\aml_v493_b33707.exe
c:\users\dom\desktop\downloads\crack\downloaded from skidrowgames.com.txt
c:\users\dom\desktop\downloads\crack\fifa13.exe
c:\users\dom\desktop\downloads\crack\skidrowgames.com.url
c:\users\dom\documents\macdrive-v8.0.5.31-keygen.included\macdrive-v8.0.5.31-keygen.included\core.nfo
c:\users\dom\downloads\kindle library 12-26-10\library\writers of cracked dot com.zip
c:\users\dom\music\itunes\itunes media\mobile applications\plumbercrack 1.41.ipa
c:\users\dom\music\pixies\doolittle\09 crackity jones.m4a
scanner sequence 3.FF.11.CINAGZ
----- EOF -----
  • 0

#19
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use. If you persist in their use you will no-longer receive help from this site in the future.

Go here to read Geekstogo Terms of Use and note in particular article 4 the items Illegal and Infringing of intellectual property rights (such as copyright and trademark rights).

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.



As a result, in order for me to continue helping you, please remove all of them and run the following OTL fix:


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    
    
    :files
    ipconfig /flushdns /c
    c:\program files (x86)\cyberlink\powerdvd9\navfilter\kmsvc.exe
    c:\program files (x86)\panasonic\photofunstudio 8.1 ae\movieretouch\resource\xaml\palette\data\stamp\s002_animation\s085_cracker.xaml
    c:\users\dom\desktop\downloads\ad muncher 4.93 build 33707
    c:\users\dom\desktop\downloads\crack
    c:\users\dom\documents\macdrive-v8.0.5.31-keygen.included\macdrive-v8.0.5.31-keygen.included
    c:\users\dom\music\itunes\itunes media\mobile applications\plumbercrack 1.41.ipa
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Please affirm removals and post the OTL fix file.
  • 0

#20
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Ok, all cracks deleted. A few of the things listed were not cracks though, Panasonic file was a photo image I believe, and iTunes plumbers crack is an iphone game downloaded from the app store. Not sure what the power dvd one was but it definitely wasn't a crack, hope the software still works? No problem if the have been deleted though, I can find them again if needed. Here is the log, sorry for breaking the rules.

processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dom\Desktop\cmd.bat deleted successfully.
C:\Users\Dom\Desktop\cmd.txt deleted successfully.
c:\program files (x86)\cyberlink\powerdvd9\navfilter\kmsvc.exe moved successfully.
c:\program files (x86)\panasonic\photofunstudio 8.1 ae\movieretouch\resource\xaml\palette\data\stamp\s002_animation\S085_cracker.xaml moved successfully.
c:\users\dom\desktop\downloads\Ad Muncher 4.93 Build 33707\AdMuncherTrialReset_v1.0.0.3 folder moved successfully.
c:\users\dom\desktop\downloads\Ad Muncher 4.93 Build 33707 folder moved successfully.
File\Folder c:\users\dom\desktop\downloads\crack not found.
File\Folder c:\users\dom\documents\macdrive-v8.0.5.31-keygen.included\macdrive-v8.0.5.31-keygen.included not found.
c:\users\dom\music\itunes\itunes media\mobile applications\PlumberCrack 1.41.ipa moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dom
->Temp folder emptied: 113806907 bytes
->Temporary Internet Files folder emptied: 256626357 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1350 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 443485026 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 776.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10072013_083004

Files\Folders moved on Reboot...
C:\Users\Dom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N51HBH7R\page__st__15[1].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\32USDQWE\toolbar_iframe[2].htm moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Dom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#21
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1

This will restore those two.


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    
    
    :files
    ipconfig /flushdns /c
    xcopy C:\_OTL\MovedFiles\10072013_083004\C_program files (x86)\panasonic\photofunstudio 8.1 ae\movieretouch\resource\xaml\palette\data\stamp\s002_animation\s085_cracker.xaml C:\program files (x86)\panasonic\photofunstudio 8.1 ae\movieretouch\resource\xaml\palette\data\stamp\s002_animation /H /S /I /c
    xcopy C:\_OTL\MovedFiles\10072013_083004\C_users\dom\music\itunes\itunes media\mobile applications\plumbercrack 1.41.ipa C:\users\dom\music\itunes\itunes media\mobile applications /H /S /l /c
    
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2

Windows update MS fixit:

Please go to this page.


Go down the page to here and click the plus sign:

Method 1: Reset Windows Update components and update your computer


Now click on the Fixit button.

Run the fix in defautl mode first. Then try to run the updates.

If the default mode did not work then run it in aggressive mode. Then try updates.


Please let me know the status of updates in your next post.
  • 0

#22
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I ran the Reset Windows Update components and update your computer fix it in default mode and it made no difference, after restart it still requires 10 important updates that 3 fail and it loops back to 10 again. I tried aggressive mode and also this did the same. However after running aggressive mode the wireless icon changed to the Ethernet icon with a cross through it, but was still connected to my wifi. Then, after restarting, the icon has vanished?!? And is still connected.
  • 0

#23
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Download Windows Repair (all in one) from this site

Install the program then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


  • On the start repairs tab click start
  • Click yes to make a registry backup
Posted Image

Select the following items and tick restart system when finished
Posted Image



After this try the updates again. Windows update can be very fickle so please be patient as we step through this portion of the process.

Please let me know the status of updates and your wireless icon.
  • 0

#24
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
The updates are still looping back, I have tried them one by one, some work and if I restart they are all back. the wireless indicator has returned to its usual icon with a red cross.
  • 0

#25
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
  • Which ones install or say they do and then come back?
  • Which never work?

  • 0

Advertisements


#26
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
These are the 10 updates

No.1

Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939)

Installation date: ‎07/‎10/‎2013 13:41

Installation status: Failed

Error details: Code 648

Update type: Recommended

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft..../?LinkID=299084

Help and Support:
http://support.microsoft.com

No.2

Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595)

Installation date: ‎07/‎10/‎2013 12:43

Installation status: Failed

Error details: Code 648

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft..../?LinkID=261905

Help and Support:
http://support.microsoft.com

No.3

Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)

Installation date: ‎07/‎10/‎2013 12:38

Installation status: Failed

Error details: Code 64C

Update type: Important

A security issue has been identified leading to MFC application vulnerability in DLL planting due to MFC not specifying the full path to system/localization DLLs. You can protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft..../?LinkId=216803

Help and Support:
http://support.microsoft.com

No.4

Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871)

Installation date: ‎07/‎10/‎2013 12:38

Installation status: Failed

Error details: Code 648

Update type: Recommended

Install this update to resolve issues in Microsoft .NET Framework 4. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft..../?LinkID=210664

Help and Support:
http://support.microsoft.com

No.5

Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449)

Installation date: ‎07/‎10/‎2013 12:33

Installation status: Successful

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft..../?LinkID=248030

Help and Support:
http://support.microsoft.com

No.6

Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121)

Installation date: ‎07/‎10/‎2013 12:32

Installation status: Successful

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft..../?LinkID=226972

Help and Support:
http://support.microsoft.com

No.7

Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)

Installation date: ‎07/‎10/‎2013 12:31

Installation status: Failed

Error details: Code 648

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft..../?LinkID=237373

Help and Support:
http://support.microsoft.com

No.8

Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523)

Installation date: ‎07/‎10/‎2013 12:27

Installation status: Failed

Error details: Code 648

Update type: Recommended

This update addresses stability, reliability, and performance issues in Microsoft .NET Framework 4. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft..../?LinkId=219466

Help and Support:
http://support.microsoft.com


No.9

Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)

Installation date: ‎07/‎10/‎2013 12:27

Installation status: Failed

Error details: Code 648

Update type: Recommended

This update addresses stability, reliability, and performance issues in Microsoft .NET Framework 4. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft..../?LinkId=232526

Help and Support:
http://support.microsoft.com


No.10

Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242)

Installation date: ‎07/‎10/‎2013 12:23

Installation status: Successful

Update type: Important

A security issue has been identified leading to MFC application vulnerability in DLL planting due to MFC not specifying the full path to system/localization DLLs. You can protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft..../?LinkId=216804

Help and Support:
http://support.microsoft.com
  • 0

#27
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Be back soon!

Edited by CompCav, 06 October 2013 - 07:30 PM.
Bad link for download will post when I get correct one.

  • 0

#28
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
  • Download the Microsoft .NET Framework Repair Tool to your desktop.
  • Right click and select Run as administrator.
  • Accept the license terms by checking the box then click Next.
  • It will open a window with the recommended steps.
  • Please let me know what the recommended steps are but do not do them. Just report.

  • 0

#29
Dom2276

Dom2276

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Recommended steps are 1. Reregister windows installer service. and 2. Restart windows installer service.
  • 0

#30
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK go ahead and rerun the tool and click next where it suggests the work on the installer.
Reboot and try the installs again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP