Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Malware, laptop slow, command prompt window opened by itself

Started by mango_nj , Dec 11 2013 12:18 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 15 December 2013 - 01:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like we will have to do this offline

Do you have a repair my computer option on the safe mode menu

Reboot the computer and immediately press and hold F8
A menu should appear
  • 0

Advertisements

#17
Essexboy
Posted 15 December 2013 - 01:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ignore my previous there may be a better way to do this

Download the system update readiness tool from here http://support.microsoft.com/kb/947821

The version you need is :

x86-based (32-bit) versions of Windows Vista SP2

Once downloaded then run the programme it may take up to 30 minutes but it should resolve the errors
  • 0

#18
mango_nj
Posted 15 December 2013 - 10:23 PM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
OK...will do
  • 0

#19
mango_nj
Posted 17 December 2013 - 05:14 AM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hi Essex, sorry it took me so long. quite busy yesterday.

I installed the hotfix KB947821, but problem is still there.
update icon in system tray still asking to check for updates and never goes away.
still appearing to be stuck in a loop.
I did not run any of the repair programs you gave me again, just tried the windows update.

Update status is still NEVER installs [see attached].
Makes no sense when I just installed an update.


Is there anything else I can try?

Saw your previous post RE: running windows repair offline

I would try that, but Windows Recovery center was taken off my system & put on disk by the store I bought the laptop from and I cannot find it.
It had a repair option. All I could find were the driver disks. Would the recovery center still be on my system somewhere, just hidden?

Attached Thumbnails

  • updatestatus.jpg

  • 0

#20
Essexboy
Posted 17 December 2013 - 07:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will PM you the link for a usb ISO to install the RC and the instructions are below

Download the following two programmes to your desktop :


1. Rufus
2. Windows Vista RC


Insert the USB stick Then run Rufus
Posted Image
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image

Once burnt

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this.
Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

Allow it to run its course then reboot to normal windows and try updates again
  • 0

#21
mango_nj
Posted 18 December 2013 - 02:37 AM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
YOU ARE SO AWESOME! :notworthy:


I sent you a personal message, pls check.

Downloaded both files. I will let you know how things go. Thank you so much!
  • 0

#22
Essexboy
Posted 18 December 2013 - 07:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ta I wallow in flattery :rofl:
  • 0

#23
mango_nj
Posted 19 December 2013 - 06:18 AM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hi Essex!

Your instructions were flawless, but the problem still exists.

The good news---I have RC thanks to you!! :cheers:

Rufus updated to the newest version. Great lil program!
I will burn a disk jst incase I ever lose my stick.

Everything loaded smoothly after I changed boot order in bios. I ran repair and followed your details to the letter.
When I clicked repair the command prompt window opened. Before I could start typing it closed and a msg said
did I want to do a repair and restart. I clicked no.

I then clicked the command prompt option in rc to open another command prompt and typed in the info you gave me.

Then restarted and ran windows update. The problem was still there, so I ran the program again.

This time I allowed it to repair and restart, like it suggested originally. I restarted, problem still there.

Anymore suggestions, I'll surely give it a go.
  • 0

#24
Essexboy
Posted 19 December 2013 - 07:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a manual fix, try again after the reboot

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:Files
net stop bits /c
net stop wuauserv /c
Ren %systemroot%\SoftwareDistribution\DataStore *.bak /c
Ren %systemroot%\SoftwareDistribution\Download *.bak /c
Ren %systemroot%\system32\catroot2 *.bak /c
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) /c
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) /c
bitsadmin.exe /reset /allusers /c
net start bits /c
net start wuauserv /c

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#25
mango_nj
Posted 19 December 2013 - 08:30 AM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hi Essex, I will get right on it!!

I do have a question for you if you wouldn't mind answering.

When I went into boot menu, lots of options listed there.
For future reference....
Could you explain to me what these mean [I know #2 & #7]...
and what exactly should #1 normally be set to?

These are the options listed in BOOT MENU

1 - IDE CD: HL-DT-STCD-RW/DVD DRIVE-(P
2 - USB HDD
3 - USB FDC
4 - IDE HDD: HTS421280H9AT00
5 - USB KEY
6 - PCI BEV: B02 D00 YUKON PXE
7 - USB CDROM
  • 0

Advertisements

#26
Essexboy
Posted 19 December 2013 - 08:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Here you go

1 - IDE CD: HL-DT-STCD-RW/DVD DRIVE-(P Your CD drive
2 - USB HDD An external USB drive
3 - USB FDC A USB stick/card
4 - IDE HDD: HTS421280H9AT00 Main hard drive
5 - USB KEY A secondary USB stick
6 - PCI BEV: B02 D00 YUKON PXE Recovery partition
7 - USB CDROM External CD
  • 0

#27
mango_nj
Posted 19 December 2013 - 09:15 AM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Thank you so much for breaking things down to me.
Making a note of it.

When do you ever sleep Essex?!! LOL



OTL

OTL logfile created on: 12/19/2013 6:47:59 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.43 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 42.46% Memory free
3.12 Gb Paging File | 2.04 Gb Available in Paging File | 65.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 18.66 Gb Free Space | 28.60% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.61% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/10 18:04:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/07 01:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2012/08/22 05:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2007/01/25 20:11:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\wbengine.exe -- (wbengine)
SRV - [2013/12/11 07:39:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/25 17:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/02 11:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/11/12 16:08:28 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/11/07 14:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/04/11 14:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 14:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 14:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 14:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 14:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/25 20:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 23:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/01 23:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/06 14:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 16:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/05 18:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/12/10 23:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0zmjktat.default-1386741420574\extensions
[2013/12/10 23:33:19 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0zmjktat.default-1386741420574\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/15 10:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 10:02:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/12/11 16:00:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKCU..\Run: [MyDefragReminder] C:\Program Files\ConsumerSoft\My Defragmenter\DefragReminder.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: NameServer = 208.69.150.252,208.69.150.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444}: NameServer = 208.69.150.252,208.69.150.250
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/18 23:40:07 | 000,547,256 | ---- | C] (Akeo Consulting (http://akeo.ie)) -- C:\Users\Owner\Desktop\rufus_v1.4.1.exe
[2013/12/18 00:16:24 | 000,453,048 | ---- | C] (Akeo Consulting (http://akeo.ie)) -- C:\Users\Owner\Desktop\rufus_v1.3.2.exe
[2013/12/15 10:11:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2013/12/15 05:00:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/12/11 16:49:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/11 15:58:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/10 18:04:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/10 17:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\runonce
[2013/12/01 00:54:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TO PRINT
[2013/11/25 22:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/11/20 09:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/19 06:45:40 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 06:45:40 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 06:42:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/19 06:31:33 | 000,056,764 | ---- | M] () -- C:\Users\Owner\Documents\geeks.rtf
[2013/12/19 05:39:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/19 02:03:05 | 000,004,239 | ---- | M] () -- C:\Users\Owner\Documents\rufus.rtf
[2013/12/19 02:00:29 | 000,821,248 | ---- | M] () -- C:\Users\Owner\Desktop\..exe
[2013/12/18 23:47:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/12/18 23:40:17 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/18 23:40:17 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/18 23:40:11 | 000,547,256 | ---- | M] (Akeo Consulting (http://akeo.ie)) -- C:\Users\Owner\Desktop\rufus_v1.4.1.exe
[2013/12/18 05:25:28 | 000,002,330 | ---- | M] () -- C:\Users\Owner\Documents\friends phone numbers.rtf
[2013/12/18 05:24:11 | 000,006,254 | ---- | M] () -- C:\Users\Owner\Documents\Michael.rtf
[2013/12/18 00:20:25 | 126,310,400 | ---- | M] () -- C:\Users\Owner\Desktop\vista32 rc.iso
[2013/12/18 00:16:42 | 000,453,048 | ---- | M] (Akeo Consulting (http://akeo.ie)) -- C:\Users\Owner\Desktop\rufus_v1.3.2.exe
[2013/12/15 20:33:34 | 147,445,671 | ---- | M] () -- C:\Users\Owner\Desktop\Windows6.0-KB947821-v32-x86.msu
[2013/12/15 04:40:38 | 000,031,556 | ---- | M] () -- C:\Users\Owner\Desktop\angelsculpt.jpg
[2013/12/15 00:40:06 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/12/14 08:05:42 | 000,008,182 | ---- | M] () -- C:\Users\Owner\Documents\friend.rtf
[2013/12/14 00:32:27 | 000,054,356 | ---- | M] () -- C:\Users\Owner\Documents\quotes.rtf
[2013/12/12 20:03:40 | 000,049,776 | ---- | M] () -- C:\Users\Owner\Documents\lights.rtf
[2013/12/11 16:00:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/12/11 15:55:35 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/12/11 05:32:55 | 000,007,222 | ---- | M] () -- C:\Users\Owner\Documents\sosoblessed.rtf
[2013/12/10 18:04:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/09 00:05:24 | 000,012,975 | ---- | M] () -- C:\Users\Owner\Documents\watch online.rtf
[2013/12/08 23:20:16 | 038,726,675 | ---- | M] () -- C:\Users\Owner\Desktop\EFT.flv
[2013/12/05 02:25:52 | 000,037,995 | ---- | M] () -- C:\Users\Owner\Documents\recipes.rtf
[2013/12/04 06:00:19 | 000,003,715 | ---- | M] () -- C:\Users\Owner\Documents\MH Resume.rtf
[2013/12/03 17:39:25 | 000,001,788 | ---- | M] () -- C:\Users\Owner\Documents\Marcus cover letter2.rtf
[2013/12/02 16:25:13 | 000,000,384 | ---- | M] () -- C:\Users\Owner\Documents\MArcus wages.rtf
[2013/12/02 01:32:11 | 000,001,695 | ---- | M] () -- C:\Users\Owner\Documents\sansa view.rtf
[2013/12/01 04:40:19 | 003,654,136 | ---- | M] () -- C:\Users\Owner\Desktop\Psalm 91.flv
[2013/12/01 04:26:58 | 006,678,730 | ---- | M] () -- C:\Users\Owner\Desktop\Novena Saint Jospeh.flv
[2013/11/25 22:32:26 | 000,001,764 | ---- | M] () -- C:\Users\Owner\Desktop\wordview - Shortcut.lnk
[2013/11/25 19:17:34 | 000,002,717 | ---- | M] () -- C:\Users\Owner\Documents\social sec.rtf
[2013/11/24 21:56:32 | 000,002,638 | ---- | M] () -- C:\Users\Owner\Documents\AaA.rtf
[2013/11/19 23:15:45 | 000,004,215 | ---- | M] () -- C:\Users\Owner\Documents\ralph.rtf
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/19 02:00:19 | 000,821,248 | ---- | C] () -- C:\Users\Owner\Desktop\..exe
[2013/12/18 23:50:56 | 000,004,239 | ---- | C] () -- C:\Users\Owner\Documents\rufus.rtf
[2013/12/18 00:18:38 | 126,310,400 | ---- | C] () -- C:\Users\Owner\Desktop\vista32 rc.iso
[2013/12/15 20:27:51 | 147,445,671 | ---- | C] () -- C:\Users\Owner\Desktop\Windows6.0-KB947821-v32-x86.msu
[2013/12/15 04:40:31 | 000,031,556 | ---- | C] () -- C:\Users\Owner\Desktop\angelsculpt.jpg
[2013/12/13 22:10:29 | 000,008,182 | ---- | C] () -- C:\Users\Owner\Documents\friend.rtf
[2013/12/11 04:55:56 | 000,007,222 | ---- | C] () -- C:\Users\Owner\Documents\sosoblessed.rtf
[2013/12/08 23:18:11 | 038,726,675 | ---- | C] () -- C:\Users\Owner\Desktop\EFT.flv
[2013/12/05 21:57:03 | 000,012,975 | ---- | C] () -- C:\Users\Owner\Documents\watch online.rtf
[2013/12/02 16:25:13 | 000,000,384 | ---- | C] () -- C:\Users\Owner\Documents\MArcus wages.rtf
[2013/12/01 04:35:06 | 003,654,136 | ---- | C] () -- C:\Users\Owner\Desktop\Psalm 91.flv
[2013/12/01 04:26:37 | 006,678,730 | ---- | C] () -- C:\Users\Owner\Desktop\Novena Saint Jospeh.flv
[2013/11/25 22:32:17 | 000,001,764 | ---- | C] () -- C:\Users\Owner\Desktop\wordview - Shortcut.lnk
[2013/11/25 22:26:48 | 000,002,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2013/11/25 19:48:38 | 000,001,788 | ---- | C] () -- C:\Users\Owner\Documents\Marcus cover letter2.rtf
[2013/11/24 21:26:03 | 000,002,638 | ---- | C] () -- C:\Users\Owner\Documents\AaA.rtf
[2013/11/14 21:02:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/11/12 16:17:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 16:17:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2013/11/07 09:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2013/11/07 09:26:10 | 000,000,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2013/11/07 09:20:49 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2013/10/02 16:16:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/26 11:14:34 | 000,006,169 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/06/22 19:58:01 | 000,000,114 | -H-- | C] () -- C:\Users\Owner\AppData\Local\tokdet56.dat
[2013/05/18 23:01:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/05/18 23:01:40 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/04/27 12:58:00 | 000,000,079 | ---- | C] () -- C:\Windows\WinInit.Ini
[2013/04/19 22:43:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2013/04/19 22:36:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2013/04/19 22:36:49 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2013/04/19 22:36:49 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2013/04/19 22:35:55 | 001,077,248 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2013/04/19 22:35:55 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2013/04/19 22:35:55 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2013/03/19 19:58:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
[2013/01/19 01:52:09 | 000,000,022 | ---- | C] () -- C:\Users\Owner\AppData\Local\xftredahs.dat
[2011/08/20 21:57:13 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2010/01/26 13:22:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/12/13 13:59:46 | 000,000,560 | ---- | C] () -- C:\ProgramData\lxdf
[2007/10/14 18:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 01:04:24 | 000,000,682 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 04:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/12/13 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\6500 Series
[2008/12/13 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lexmark Productivity Studio
[2013/06/28 05:35:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2007/10/11 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#28
Essexboy
Posted 19 December 2013 - 11:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is windows updates working now ?
  • 0

#29
mango_nj
Posted 19 December 2013 - 01:57 PM

mango_nj

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 206 posts
Hi Essex!

Windows update still doing the same thing.

I don't know what to do at this point.

I guess there's no hope for me eh?
  • 0

#30
Essexboy
Posted 19 December 2013 - 02:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
More to try.. OK lets now update the agent

Go to this page http://support.microsoft.com/kb/949104
Ignore the two fixits and go to Windows 7, Windows Vista, or Windows XP
Click the link
A fixit will appear Microsoft Fix it 50362



Run this fixit :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP