Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Perpetually infected by viruses including Bitcoin and others [Solved]

virus malware

  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks. You have some services that aren't running. I have re-done the OTL fix. Hopefully it will run to completion this time and also start the services that aren't running.


Step-1.

otlicon.pngOTL Fix

Please close all open windows and browsers
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:OTL
DRV - [2012/02/14 06:08:00 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: File not found
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: File not found
[2013/02/09 00:32:06 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\firefox\profiles\vwrpn3h1.default\extensions\[email protected]
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (Reg Error: Key error.)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{23dc31f1-c451-11df-9893-0025110a65b4}\Shell - "" = AutoRun
O33 - MountPoints2\{23dc31f1-c451-11df-9893-0025110a65b4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{619b8cd6-3baa-11e2-bdb2-0025110a65b4}\Shell - "" = AutoRun
O33 - MountPoints2\{619b8cd6-3baa-11e2-bdb2-0025110a65b4}\Shell\AutoRun\command - "" = G:\INSTALL\READER\ACRORD32.EXE PDF/MAIN.PDF
O33 - MountPoints2\{bd425607-b105-11df-bd45-0025110a65b4}\Shell - "" = AutoRun
O33 - MountPoints2\{bd425607-b105-11df-bd45-0025110a65b4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2014/04/19 00:56:06 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2014/04/19 00:56:06 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2014/04/19 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Roaming\VIPRE
[2014/04/19 00:55:53 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Local\VIPRE

:FILES
net stop bits /c
net config bits start= auto /c
net start bits /c
net stop eventsystem /c
net config eventsystem start= auto /c
net start eventsystem /c

:COMMANDS
[reboot]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open otlicon.png on your desktop. To do that:

  • Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the customFix.png textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the runFixbutton.png button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the btnOK.png button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.

  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S3].txt


Step-3.

Scan with JRT:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon thisisujrt.gif and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Follow the instructions in Step 4. of post #12 and get me a fresh Farbar Service Scanner log.


Step-5.

Run OTL again and click the QuickScan.Png button. Post the log it produces in your next reply.


 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[S3].txt log
3. The JRT.txt log
4. The new FSS.txt log
5. The new OTL.txt log


  • 0

Advertisements


#17
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

Unfortunately, the OTL fix stopped midway and produced a pop-up error window again. Error window showed:
 

     OTL

     Cannot create file C:\users\A0033498\Desktop\cmd.bat.

 

At the time of the above error, the custom scans/fixes textbox showed the following entries

 

     net config bits start= auto /c
     net start bits /c
     net stop eventsystem /c
     net config eventsystem start= auto /c
     net start eventsystem /c

     :COMMANDS
     [reboot]

 

No OTL fixes log was found. All other steps ran successfully. The logs are below:

 

 

# AdwCleaner v3.205 - Report created 03/05/2014 at 00:27:59

# Updated 28/04/2014 by Xplode

# Operating System : Windows 7 Enterprise (32 bits)

# Username : a0033498 - U715025-PC

# Running from : C:\Users\A0033498\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

Key Deleted : HKCU\Software\RegisteredApplicationsEx

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

 

-\\ Mozilla Firefox v4.0.1 (en-GB)

-\\ Google Chrome v

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_638&co=SG&userid=eaea6202-fd19-c776-c433-759de74b7e4d&searchtype=ds&q={searchTerms}&installDate=16/02/2014

Deleted [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

Deleted [Search Provider] : hxxp://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=2146&r=2014/02/17&hid=17486583733120035179&lg=EN&cc=SG&unqvl=48

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

[ File : C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

*************************

AdwCleaner[R0].txt - [10008 octets] - [18/04/2014 22:10:18]

AdwCleaner[S0].txt - [8984 octets] - [18/04/2014 22:15:36]

AdwCleaner[R1].txt - [1304 octets] - [18/04/2014 22:34:06]

AdwCleaner[S1].txt - [1304 octets] - [18/04/2014 22:34:33]

AdwCleaner[R2].txt - [1304 octets] - [19/04/2014 02:27:38]

AdwCleaner[R3].txt - [8728 octets] - [02/05/2014 16:27:05]

AdwCleaner[R4].txt - [8263 octets] - [03/05/2014 00:27:32]

AdwCleaner[S2].txt - [2864 octets] - [03/05/2014 00:27:59]

########## EOF - H:\AdwCleaner\AdwCleaner[S2].txt - [2924 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Enterprise x86

Ran by a0033498 on Sat 03/05/2014 at 0:42:11.94

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

 

 

~~~ Files

 

 

~~~ Folders

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 03/05/2014 at 0:43:40.25

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Farbar Service Scanner Version: 25-02-2014

Ran by a0033498 (administrator) on 03-05-2014 at 00:48:33

Running from "C:\Users\A0033498\Desktop"

Microsoft Windows 7 Enterprise (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

Windows Firewall:

=============

Firewall Disabled Policy:

==================

 

System Restore:

============

System Restore Disabled Policy:

========================

 

Action Center:

============

 

Windows Update:

============

BITS Service is not running. Checking service configuration:

The start type of BITS service is set to Demand. The default start type is Auto.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

 

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is set to Disabled. The default start type is Auto.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

 

Windows Autoupdate Disabled Policy:

============================

 

Windows Defender:

==============

Other Services:

==============

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-02-14 01:18] - [2013-01-04 12:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD

 

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll

[2012-10-10 15:23] - [2012-06-02 12:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED

 

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\iphlpsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

**** End of log ****

 

 

OTL logfile created on: 3/5/2014 12:56:07 AM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\A0033498\Desktop

Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

 

3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.92% Memory free

4.95 Gb Paging File | 3.52 Gb Available in Paging File | 71.13% Paging File free

Paging file location(s): c:\pagefile.sys 1000 4000d:\pagef [Binary data over 200 bytes]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 225.33 Gb Total Space | 113.95 Gb Free Space | 50.57% Space Free | Partition Type: NTFS

Drive D: | 225.33 Gb Total Space | 40.51 Gb Free Space | 17.98% Space Free | Partition Type: NTFS

Drive H: | 4.00 Mb Total Space | 2.20 Mb Free Space | 54.88% Space Free | Partition Type: NTFS

Drive I: | 1378.64 Gb Total Space | 250.37 Gb Free Space | 18.16% Space Free | Partition Type: NTFS

Drive U: | 4.00 Gb Total Space | 3.99 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

 

Computer Name: U715025-PC | User Name: a0033498 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/05/01 00:30:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A0033498\Desktop\OTL.exe

PRC - [2014/02/21 22:04:06 | 000,841,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe

PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/05/23 19:29:02 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2013/01/04 10:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/08/29 03:23:20 | 001,105,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

PRC - [2011/08/26 01:52:34 | 001,828,032 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

PRC - [2011/08/26 01:43:18 | 001,900,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

PRC - [2011/06/16 16:46:22 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe

PRC - [2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe

PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Users\A0033498\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Users\A0033498\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2011/07/19 05:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2014/02/21 23:04:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/05/06 21:33:45 | 000,408,888 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider)

SRV - [2013/05/06 21:12:37 | 001,548,088 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)

SRV - [2011/10/21 15:08:42 | 000,213,376 | ---- | M] (FileOpen Systems Inc.) [Disabled | Stopped] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)

SRV - [2011/08/26 01:52:34 | 001,828,032 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)

SRV - [2011/08/26 01:43:18 | 001,900,904 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)

SRV - [2011/06/16 16:46:22 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2011/04/15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2010/10/01 02:52:50 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2010/07/19 11:18:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\npstartersvc.exe -- (nPStarterSVC)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/07/21 14:40:56 | 002,066,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)

SRV - [2009/07/21 14:40:50 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)

SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2007/01/31 04:57:12 | 001,198,080 | ---- | M] (United Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\United Devices\mpagent\MPAGENT.EXE -- (mpagent)

SRV - [2002/10/04 04:02:32 | 000,118,784 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\urtclsvc.exe -- (urtclientservice)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nvhda32v.sys -- (NVHDA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)

DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)

DRV - [2014/04/26 23:24:51 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV - [2013/09/02 15:58:46 | 000,263,072 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2013/08/14 15:24:22 | 000,263,968 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)

DRV - [2013/08/14 15:24:10 | 000,036,128 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)

DRV - [2013/08/14 14:53:10 | 001,517,600 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)

DRV - [2011/07/20 01:28:40 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2011/07/20 01:28:40 | 000,059,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2010/12/07 14:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2010/09/22 16:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)

DRV - [2010/07/19 11:18:23 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)

DRV - [2010/07/19 11:18:23 | 000,021,432 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSKD24.SYS -- (JRSKD24)

DRV - [2010/07/19 11:18:23 | 000,012,728 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)

DRV - [2010/05/13 14:55:18 | 000,047,712 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\NPIdsVt.sys -- (NPIDS)

DRV - [2009/11/09 11:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009/07/14 08:15:00 | 009,788,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 07:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009/06/23 13:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2009/06/22 11:04:24 | 000,202,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = {56D72E4E-A828-49B5-B5E4-646D5F8EEC9E}

IE - HKCU\..\SearchScopes\{56D72E4E-A828-49B5-B5E4-646D5F8EEC9E}: "URL" = http://www.google.co...1I7ADFA_enSG496

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {eaea6202-fd19-c776-c433-759de74b7e4d}:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (SoftForum Co., Ltd.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/06/06 15:30:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/06/05 09:01:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/21 17:05:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/01 17:35:47 | 000,000,000 | ---D | M]

 

[2010/09/23 03:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\Extensions

[2014/05/01 17:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions

[2011/05/15 20:04:49 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions\[email protected]

[2011/05/15 20:08:26 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\A0033498\AppData\Roaming\mozilla\Firefox\Profiles\vwrpn3h1.default\extensions\[email protected]

[2012/06/28 15:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/04/15 00:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Wallet = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2012/08/18 02:11:40 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found

O4 - Startup: C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: nus.edu.sg ([]* in Local intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.132.0.252 137.132.0.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stf.nus.edu.sg

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAA9E2B3-2338-4640-A43F-3A0CC84B359E}: DhcpNameServer = 137.132.0.252 137.132.0.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008/11/11 17:41:58 | 000,000,000 | ---D | M] - I:\autocad-viewer -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/05/03 00:33:46 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\A0033498\Desktop\JRT.exe

[2014/05/02 16:33:34 | 000,000,000 | ---D | C] -- C:\Users\A0033498\Desktop\FRST-OlderVersion

[2014/05/02 16:29:48 | 000,409,600 | ---- | C] (Farbar) -- C:\Users\A0033498\Desktop\FSS.exe

[2014/05/02 16:26:29 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll

[2014/05/01 17:35:34 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/05/01 00:30:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A0033498\Desktop\OTL.exe

[2014/04/29 21:18:27 | 000,000,000 | ---D | C] -- C:\FRST

[2014/04/29 21:09:49 | 001,050,624 | ---- | C] (Farbar) -- C:\Users\A0033498\Desktop\FRST.exe

[2014/04/24 20:41:06 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Local\Skype

[2014/04/24 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2014/04/24 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2014/04/24 20:07:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/04/20 22:44:49 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Local\CrashDumps

[2014/04/18 22:26:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2014/04/18 22:25:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2014/04/12 23:48:31 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/04/12 23:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/04/12 14:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Aurora

[2014/04/12 14:40:27 | 000,000,000 | ---D | C] -- C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aurora

[2014/04/12 14:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora

[1 C:\Users\A0033498\Desktop\*.tmp files -> C:\Users\A0033498\Desktop\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/05/03 00:59:31 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/05/03 00:52:01 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/05/03 00:52:01 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/05/03 00:49:19 | 000,785,712 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2014/05/03 00:49:19 | 000,736,996 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2014/05/03 00:49:19 | 000,717,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014/05/03 00:49:19 | 000,458,038 | ---- | M] () -- C:\Windows\System32\perfh011.dat

[2014/05/03 00:49:19 | 000,440,440 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2014/05/03 00:49:19 | 000,165,012 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2014/05/03 00:49:19 | 000,164,502 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2014/05/03 00:49:19 | 000,145,288 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014/05/03 00:49:19 | 000,143,148 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2014/05/03 00:49:19 | 000,137,914 | ---- | M] () -- C:\Windows\System32\perfc011.dat

[2014/05/03 00:45:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/03 00:44:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/05/03 00:33:54 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\A0033498\Desktop\JRT.exe

[2014/05/03 00:20:36 | 000,001,000 | RHS- | M] () -- C:\Users\A0033498\ntuser.pol

[2014/05/03 00:09:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438UA.job

[2014/05/03 00:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/05/02 23:09:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438Core.job

[2014/05/02 21:10:42 | 000,008,966 | ---- | M] () -- C:\Windows\cfgall.ini

[2014/05/02 16:33:34 | 001,050,624 | ---- | M] (Farbar) -- C:\Users\A0033498\Desktop\FRST.exe

[2014/05/02 16:29:53 | 000,409,600 | ---- | M] (Farbar) -- C:\Users\A0033498\Desktop\FSS.exe

[2014/05/02 16:23:50 | 001,310,621 | ---- | M] () -- C:\Users\A0033498\Desktop\AdwCleaner.exe

[2014/05/01 00:30:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A0033498\Desktop\OTL.exe

[2014/04/29 23:19:33 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2014/04/26 23:24:51 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/04/26 01:18:42 | 004,052,728 | ---- | M] () -- C:\Users\A0033498\Desktop\JLT_Paper_to_review_Joint_Iterative_Carrier_Synchronization_and_Signal_Detection_Employing_Expectation_Maximization_Dec_2013_Revised.pdf

[2014/04/25 20:51:46 | 000,011,757 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2014/04/25 00:08:57 | 000,000,180 | ---- | M] () -- C:\Windows\hpbafd.ini

[2014/04/13 00:32:56 | 003,970,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2014/04/13 00:16:14 | 000,181,272 | ---- | M] () -- C:\Windows\RegBootClean.exe

[2014/04/12 20:29:43 | 000,000,036 | ---- | M] () -- C:\Users\A0033498\AppData\Local\housecall.guid.cache

[2014/04/12 20:24:26 | 000,332,728 | ---- | M] () -- C:\Users\A0033498\AppData\Local\census.cache

[2014/04/12 20:24:12 | 000,121,676 | ---- | M] () -- C:\Users\A0033498\AppData\Local\ars.cache

[2014/04/12 20:12:02 | 000,000,010 | ---- | M] () -- C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

[1 C:\Users\A0033498\Desktop\*.tmp files -> C:\Users\A0033498\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/05/02 16:23:36 | 001,310,621 | ---- | C] () -- C:\Users\A0033498\Desktop\AdwCleaner.exe

[2014/04/29 23:19:33 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2014/04/26 01:18:42 | 004,052,728 | ---- | C] () -- C:\Users\A0033498\Desktop\JLT_Paper_to_review_Joint_Iterative_Carrier_Synchronization_and_Signal_Detection_Employing_Expectation_Maximization_Dec_2013_Revised.pdf

[2014/04/12 20:24:26 | 000,332,728 | ---- | C] () -- C:\Users\A0033498\AppData\Local\census.cache

[2014/04/12 20:24:12 | 000,121,676 | ---- | C] () -- C:\Users\A0033498\AppData\Local\ars.cache

[2014/04/12 20:12:02 | 000,000,010 | ---- | C] () -- C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

[2014/04/12 20:05:19 | 000,000,036 | ---- | C] () -- C:\Users\A0033498\AppData\Local\housecall.guid.cache

[2014/02/24 14:56:47 | 000,005,472 | ---- | C] () -- C:\Users\A0033498\AppData\Local\recently-used.xbel

[2014/02/22 18:20:32 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini

[2014/02/18 00:29:18 | 000,000,086 | ---- | C] () -- C:\Users\A0033498\gsview32.ini

[2013/06/28 10:47:41 | 000,004,096 | -H-- | C] () -- C:\Users\A0033498\AppData\Local\keyfile3.drm

[2013/02/26 10:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2012/10/18 20:46:01 | 000,004,830 | ---- | C] () -- C:\Users\A0033498\AppData\Roaming\LTspiceIV.ini

[2012/09/25 18:45:35 | 000,000,913 | ---- | C] () -- C:\Windows\MD_MicroDiffs.INI

[2012/09/25 18:45:34 | 000,000,913 | ---- | C] () -- C:\Windows\MD_MacroDiffs.INI

[2012/09/25 18:45:34 | 000,000,817 | ---- | C] () -- C:\Windows\CFX.INI

[2012/09/25 18:45:34 | 000,000,144 | ---- | C] () -- C:\Windows\FifX_v2.INI

[2012/08/16 17:27:13 | 000,000,600 | ---- | C] () -- C:\Users\A0033498\AppData\Local\PUTTY.RND

[2012/07/21 00:11:58 | 000,181,272 | ---- | C] () -- C:\Windows\RegBootClean.exe

[2012/05/29 12:28:06 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2012/05/03 09:54:01 | 000,000,600 | ---- | C] () -- C:\Users\A0033498\AppData\Roaming\winscp.rnd

[2011/06/29 10:24:57 | 000,007,602 | ---- | C] () -- C:\Users\A0033498\AppData\Local\Resmon.ResmonCfg

[2010/08/10 15:49:54 | 000,001,000 | RHS- | C] () -- C:\Users\A0033498\ntuser.pol

[2009/11/18 14:49:13 | 000,011,757 | RHS- | C] () -- C:\ProgramData\ntuser.pol

 

========== ZeroAccess Check ==========

 

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/11/27 16:51:43 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/09/08 13:12:26 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/08/22 11:28:59 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Design Science

[2010/10/12 10:09:36 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Downloaded Installations

[2014/05/03 00:45:31 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Dropbox

[2013/11/29 00:23:33 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\EndNote

[2012/10/08 13:18:33 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Eyes Relax

[2011/12/05 15:21:43 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\FileOpen

[2012/05/29 11:45:12 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Foxit Software

[2014/02/27 12:54:18 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\inkscape

[2012/11/09 11:02:49 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\JAM Software

[2012/08/18 02:09:23 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Juniper Networks

[2013/12/20 09:51:57 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\l2rshell

[2013/10/31 02:06:23 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\LibreOffice

[2010/10/12 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Nitro PDF

[2014/01/29 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Notepad++

[2012/06/27 13:34:57 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\PDF reDirect

[2012/05/29 12:32:12 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\PrimoPDF

[2014/01/11 13:41:34 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Publish or Perish

[2012/09/25 18:41:05 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Softinterface, Inc

[2013/01/02 12:22:22 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\SSH

[2012/09/19 13:03:59 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\System

[2014/04/04 13:04:55 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\texstudio

[2012/08/13 20:35:26 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Windows Live Writer

[2010/08/15 16:11:22 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\Windows SideBar

[2013/10/31 01:30:57 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\WordKutools

[2013/11/23 14:28:29 | 000,000,000 | ---D | M] -- C:\Users\A0033498\AppData\Roaming\xm1

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:5B811727

@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences

< End of report >


  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Actually OTL has removed some things. It seems to get stuck at the Files command.

 

 

Run CKScanner

Please click here to download CKScanner.

Important : Save it to your desktop.

  • Please DO NOT run the program more than once.
  • Right click the CKScanner.exe file and click Run as Administrator. OK any UAC prompts.
  • Click Search For Files
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

 


  • 0

#19
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

Attached is the CKFiles.txt 

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad

c:\program files\adobe\adobe dreamweaver cs5.5\configuration\taglibraries\html\keygen.vtm

c:\program files\adobe\adobe flash catalyst cs5.5\plugins\com.adobe.thermo.core_1.5.0.308731\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class

c:\program files\common files\adobe\adobe contribute cs5.1\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl

c:\program files\common files\adobe\adobe contribute cs5.1\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h

c:\program files\matlab\r2010b\toolbox\pde\crackb.m

c:\program files\matlab\r2010b\toolbox\pde\crackg.m

c:\program files\matlab\r2010b\toolbox\pde\ja\crackb.m

c:\program files\matlab\r2010b\toolbox\pde\ja\crackg.m

c:\program files\ssh communications security\ssh secure shell\ssh-keygen2.exe

c:\program files\wolfram research\mathematica\8.0\systemfiles\java\wolframsshkeygen.jar

scanner sequence 3.DI.11.ONAPVZ

----- EOF -----


  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thanks. Let's see if we can get those services started like this:

Step-1.
Create and Run a Batch File

1. Please copy everything in the Quote box below, except the word Quote, into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
sc stop bits
sc config bits start= auto
sc start bits
sc stop eventsystem
sc configure eventsystem start= auto
sc start eventsystem
shutdown -r -t 1
del %0

  • Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
  • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
  • On the File menu, click Save
  • On the Save AS window that comes up, do the following:
  • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
  • At the bottom in the File Name: box type ServicesFix.bat
  • In the Save as type: box, click the down arrow and click All Files(*.*)
  • Click Save

This will put a new file on the Desktop named ServicesFix.bat
The file icon will look like this:  vista_bat_icon.png
Close all open windows and any open Browsers.

2. Right click the ServicesFix.bat file on the desktop  and click Run as Administrator to run the fix. A command window will open briefly, then close. This is quite normal.
When the Command window closes the computer should shut down and reboot automatically. IF it doesn't, please manually reboot the computer.


Step-2.

Re-run Farbar Service Scanner

  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    fss1.jpg
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

Step-3.
Re-Run Fabar Recovery Scan

Close all open Windows and browsers

  • Right click the FRST.exe file and click Run as Administrator to run the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The new FSS.txt log
2. The new FRST.txt log
3 How is the computer behaving now?


  • 0

#21
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

I had tried running the ServicesFix.bat file as instructed but the cmd window gave the following error

 

[SC] ControlService FAILED 1062:

 

The service has not been started.

 

[SC] ChangeServiceConfig SUCCESS

[SC] StartService FAILED 1068:

 

The dependency service or group failed to start.

 

[SC] ControlService FAILED 1062:

 

The service has not been started.

 

 

ERROR:  Unrecognized command

 

DESCRIPTION:

        SC is a command line program used for communicating with the

        Service Control Manager and services.

USAGE:

        sc <server> [command] [service name] <option1> <option2>...

 

 

        The option <server> has the form "\\ServerName"

        Further help on commands can be obtained by typing: "sc [command]"

        Commands:

          query-----------Queries the status for a service, or

                          enumerates the status for types of services.

          queryex---------Queries the extended status for a service, or

                          enumerates the status for types of services.

          start-----------Starts a service.

          pause-----------Sends a PAUSE control request to a service.

          interrogate-----Sends an INTERROGATE control request to a service.

          continue--------Sends a CONTINUE control request to a service.

          stop------------Sends a STOP request to a service.

          config----------Changes the configuration of a service (persistent).

          description-----Changes the description of a service.

          failure---------Changes the actions taken by a service upon failure.

          failureflag-----Changes the failure actions flag of a service.

          sidtype---------Changes the service SID type of a service.

          privs-----------Changes the required privileges of a service.

          qc--------------Queries the configuration information for a service.

          qdescription----Queries the description for a service.

          qfailure--------Queries the actions taken by a service upon failure.

          qfailureflag----Queries the failure actions flag of a service.

          qsidtype--------Queries the service SID type of a service.

          qprivs----------Queries the required privileges of a service.

          qtriggerinfo----Queries the trigger parameters of a service.

          qpreferrednode--Queries the preferred NUMA node of a service.

          delete----------Deletes a service (from the registry).

          create----------Creates a service. (adds it to the registry).

          control---------Sends a control to a service.

          sdshow----------Displays a service's security descriptor.

          sdset-----------Sets a service's security descriptor.

          showsid---------Displays the service SID string corresponding to an ar

bitrary name.

          triggerinfo-----Configures the trigger parameters of a service.

          preferrednode---Sets the preferred NUMA node of a service.

          GetDisplayName--Gets the DisplayName for a service.

          GetKeyName------Gets the ServiceKeyName for a service.

          EnumDepend------Enumerates Service Dependencies.

 

        The following commands don't require a service name:

        sc <server> <command> <option>

          boot------------(ok | bad) Indicates whether the last boot should

                          be saved as the last-known-good boot configuration

          Lock------------Locks the Service Database

          QueryLock-------Queries the LockStatus for the SCManager Database

EXAMPLE:

        sc start MyService

 

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:

 

I found this site http://www.sevenforu...tml#post2166722 where post #1 describes the exact same situation, with pictures, that I am experiencing with regards to starting BITS. I receive the same error "Error 1068 : The depedency service or group failed to start." when attempting to start BITS. The error code 1068 is also produced in the command window error above (when running the ServiceFix.bat).

 

Currently the computer is very responsive and the symptoms (i.e., sluggish computer and windows becoming not responsive) seems to have disappeared.

 

The BITS and EventSystem services are still not running, but the start type of BITS service is now OK.

 

The FSS and FRST logs are attached below:

 

Farbar Service Scanner Version: 25-02-2014

Ran by a0033498 (administrator) on 04-05-2014 at 02:55:35

Running from "C:\Users\A0033498\Desktop"

Microsoft Windows 7 Enterprise (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

Action Center:

============

 

Windows Update:

============

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

 

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is set to Disabled. The default start type is Auto.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

 

Windows Autoupdate Disabled Policy:

============================

 

Windows Defender:

==============

 

Other Services:

==============

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-02-14 01:18] - [2013-01-04 12:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll

[2012-10-10 15:23] - [2012-06-02 12:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\iphlpsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

**** End of log ****

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014

Ran by a0033498 (administrator) on U715025-PC on 04-05-2014 03:10:50

Running from C:\Users\A0033498\Desktop

Microsoft Windows 7 Enterprise (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Google Inc.) C:\Users\A0033498\AppData\Local\Google\Update\GoogleUpdate.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Dropbox, Inc.) C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

 

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]

HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1105744 2011-08-29] (Trend Micro Inc.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-12] (Google Inc.)

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\Run: [Google Update] => C:\Users\A0033498\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-30] (Google Inc.)

HKU\S-1-5-21-1086020445-1760312889-1512734326-400438\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

Startup: C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\A0033498\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 137.132.0.252 137.132.0.254

 

FireFox:

========

FF ProfilePath: C:\Users\A0033498\AppData\Roaming\Mozilla\Firefox\Profiles\vwrpn3h1.default

FF NewTab: about:blank

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Homepage: www.google.com

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @softforum.com/npKeyPro - C:\Windows\system32\npKeyPro.dll (SoftForum Co., Ltd.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @wolfram.com/Mathematica - C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)

FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\A0033498\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext

FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009-11-18]

FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-06-06]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-06-06]

 

Chrome:

=======

CHR HomePage:

CHR DefaultSearchKeyword: google.com.sg

CHR Extension: (Google Docs) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]

CHR Extension: (Google Drive) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]

CHR Extension: (YouTube) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]

CHR Extension: (Google Search) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]

CHR Extension: (Google Wallet) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]

CHR Extension: (Gmail) - C:\Users\A0033498\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]

CHR StartMenuInternet: Google Chrome - C:\Users\A0033498\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

========================== Services (Whitelisted) =================

S4 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [1548088 2013-05-06] (Symantec Corporation)

S4 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408888 2013-05-06] (Symantec Corporation)

S4 mpagent; C:\Program Files\United Devices\mpagent\MPAGENT.EXE [1198080 2007-01-31] (United Devices, Inc.)

S4 nPStarterSVC; C:\Windows\system32\nPStarterSVC.exe [250145 2010-07-19] (INCA Internet Co., Ltd.)

R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [1900904 2011-08-26] (Trend Micro Inc.)

R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345616 2011-06-16] (Trend Micro Inc.)

R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [1828032 2011-08-26] (Trend Micro Inc.)

S3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689680 2011-04-15] (Trend Micro Inc.)

S4 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)

S4 urtclientservice; C:\Windows\System32\urtclsvc.exe [118784 2002-10-04] ()

 

==================== Drivers (Whitelisted) ====================

S3 JRSKD24; C:\Windows\system32\JRSKD24.SYS [21432 2010-07-19] (SoftForum Corporation)

R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [12728 2010-07-19] (SoftForum Corporation)

S3 kcrtx86; C:\Windows\system32\kcrtx86.sys [126048 2010-07-19] (Kings Information & Network)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-26] (Malwarebytes Corporation)

S3 NPIDS; C:\Windows\system32\NpIdsVt.sys [47712 2010-05-13] (INCA Internet Co., Ltd.)

S3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)

R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [68368 2011-07-20] (Trend Micro Inc.)

R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)

R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [59152 2011-07-20] (Trend Micro Inc.)

R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)

R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)

R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2010-12-07] (Trend Micro Inc.)

R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)

S2 adfs; No ImagePath

S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

S3 NVHDA; system32\drivers\nvhda32v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2014-05-04 03:01 - 2014-05-04 03:10 - 00015024 _____ () C:\Users\A0033498\Desktop\FRST.txt

2014-05-04 02:57 - 2014-05-04 02:57 - 00000175 _____ () C:\Users\A0033498\Desktop\ServicesFix.bat

2014-05-04 02:12 - 2014-05-04 02:12 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\DropboxMaster

2014-05-04 02:07 - 2014-05-04 02:55 - 00002705 _____ () C:\Users\A0033498\Desktop\FSS.txt

2014-05-03 22:04 - 2014-05-03 22:04 - 00468480 _____ () C:\Users\A0033498\Desktop\CKScanner.exe

2014-05-03 00:33 - 2014-05-03 00:33 - 01016261 _____ (Thisisu) C:\Users\A0033498\Desktop\JRT.exe

2014-05-02 16:29 - 2014-05-02 16:29 - 00409600 _____ (Farbar) C:\Users\A0033498\Desktop\FSS.exe

2014-05-02 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-05-02 16:23 - 2014-05-02 16:23 - 01310621 _____ () C:\Users\A0033498\Desktop\AdwCleaner.exe

2014-05-01 17:35 - 2014-05-01 17:35 - 00000000 ____D () C:\_OTL

2014-05-01 00:30 - 2014-05-01 00:30 - 00602112 _____ (OldTimer Tools) C:\Users\A0033498\Desktop\OTL.exe

2014-04-29 23:19 - 2014-04-29 23:19 - 00000193 _____ () C:\Windows\WORDPAD.INI

2014-04-29 21:18 - 2014-05-04 03:10 - 00000000 ____D () C:\FRST

2014-04-29 21:09 - 2014-05-02 16:33 - 01050624 _____ (Farbar) C:\Users\A0033498\Desktop\FRST.exe

2014-04-24 20:41 - 2014-04-24 20:41 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-04-24 20:07 - 2014-04-24 20:07 - 00000000 ____D () C:\Windows\ERUNT

2014-04-20 22:44 - 2014-05-04 03:08 - 00000000 ____D () C:\Users\A0033498\AppData\Local\CrashDumps

2014-04-18 22:26 - 2014-04-18 22:26 - 00000000 ____D () C:\Windows\erdnt

2014-04-18 22:25 - 2014-04-26 17:29 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-12 23:48 - 2014-04-26 23:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-12 23:48 - 2014-04-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-12 20:24 - 2014-04-12 20:24 - 00332728 _____ () C:\Users\A0033498\AppData\Local\census.cache

2014-04-12 20:24 - 2014-04-12 20:24 - 00121676 _____ () C:\Users\A0033498\AppData\Local\ars.cache

2014-04-12 20:12 - 2014-04-12 20:12 - 00000010 _____ () C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

2014-04-12 20:05 - 2014-04-12 20:29 - 00000036 _____ () C:\Users\A0033498\AppData\Local\housecall.guid.cache

2014-04-12 14:54 - 2014-04-12 14:54 - 00000000 ____D () C:\Program Files\Aurora

2014-04-12 14:50 - 2014-05-04 03:02 - 00806889 ____N () C:\Windows\WindowsUpdate.log

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aurora

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora

 

==================== One Month Modified Files and Folders =======

2014-05-04 03:10 - 2014-05-04 03:01 - 00015024 _____ () C:\Users\A0033498\Desktop\FRST.txt

2014-05-04 03:10 - 2014-04-29 21:18 - 00000000 ____D () C:\FRST

2014-05-04 03:08 - 2014-04-20 22:44 - 00000000 ____D () C:\Users\A0033498\AppData\Local\CrashDumps

2014-05-04 03:02 - 2014-04-12 14:50 - 00806889 ____N () C:\Windows\WindowsUpdate.log

2014-05-04 02:57 - 2014-05-04 02:57 - 00000175 _____ () C:\Users\A0033498\Desktop\ServicesFix.bat

2014-05-04 02:56 - 2009-11-18 17:41 - 00458038 _____ () C:\Windows\system32\perfh011.dat

2014-05-04 02:56 - 2009-11-18 17:41 - 00137914 _____ () C:\Windows\system32\perfc011.dat

2014-05-04 02:56 - 2009-11-18 13:29 - 00440440 _____ () C:\Windows\system32\prfh0804.dat

2014-05-04 02:56 - 2009-11-18 13:29 - 00143148 _____ () C:\Windows\system32\prfc0804.dat

2014-05-04 02:56 - 2009-11-18 12:42 - 03823894 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-04 02:55 - 2014-05-04 02:07 - 00002705 _____ () C:\Users\A0033498\Desktop\FSS.txt

2014-05-04 02:53 - 2010-08-15 17:21 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Skype

2014-05-04 02:53 - 2010-08-12 13:31 - 00000000 ___RD () C:\Users\A0033498\Desktop\My Dropbox

2014-05-04 02:53 - 2010-08-12 13:29 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Dropbox

2014-05-04 02:53 - 2009-11-18 15:05 - 10297986 _____ () C:\Windows\system32\TmInstall.log

2014-05-04 02:53 - 2009-11-18 15:05 - 00008966 _____ () C:\Windows\cfgall.ini

2014-05-04 02:52 - 2009-11-18 14:47 - 00004712 _____ () C:\Windows\system32\config\netlogon.ftl

2014-05-04 02:51 - 2009-07-14 12:34 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-04 02:51 - 2009-07-14 12:34 - 00012048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-04 02:12 - 2014-05-04 02:12 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\DropboxMaster

2014-05-04 02:12 - 2010-08-12 13:30 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-05-04 02:09 - 2010-08-30 16:34 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438UA.job

2014-05-04 02:07 - 2012-08-12 17:15 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-04 02:06 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-04 02:04 - 2012-08-12 17:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-04 01:59 - 2012-08-12 17:15 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-03 23:09 - 2010-08-30 16:34 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086020445-1760312889-1512734326-400438Core.job

2014-05-03 22:43 - 2012-02-26 16:20 - 05243071 _____ () C:\Users\A0033498\AppData\Local\OfflineVaultPH.log

2014-05-03 22:04 - 2014-05-03 22:04 - 00468480 _____ () C:\Users\A0033498\Desktop\CKScanner.exe

2014-05-03 21:18 - 2013-11-22 15:38 - 00000000 ____D () C:\Users\A0033498\Desktop\Resume

2014-05-03 00:33 - 2014-05-03 00:33 - 01016261 _____ (Thisisu) C:\Users\A0033498\Desktop\JRT.exe

2014-05-03 00:20 - 2010-08-10 15:49 - 00001000 __RSH () C:\Users\A0033498\ntuser.pol

2014-05-03 00:20 - 2010-08-10 15:49 - 00000000 ____D () C:\Users\A0033498

2014-05-02 16:33 - 2014-04-29 21:09 - 01050624 _____ (Farbar) C:\Users\A0033498\Desktop\FRST.exe

2014-05-02 16:29 - 2014-05-02 16:29 - 00409600 _____ (Farbar) C:\Users\A0033498\Desktop\FSS.exe

2014-05-02 16:23 - 2014-05-02 16:23 - 01310621 _____ () C:\Users\A0033498\Desktop\AdwCleaner.exe

2014-05-01 17:35 - 2014-05-01 17:35 - 00000000 ____D () C:\_OTL

2014-05-01 00:30 - 2014-05-01 00:30 - 00602112 _____ (OldTimer Tools) C:\Users\A0033498\Desktop\OTL.exe

2014-04-29 23:19 - 2014-04-29 23:19 - 00000193 _____ () C:\Windows\WORDPAD.INI

2014-04-26 23:49 - 2010-09-08 00:06 - 00000000 ____D () C:\Users\A0033498\Desktop\NUS Graduate Affairs

2014-04-26 23:24 - 2014-04-12 23:48 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-26 17:29 - 2014-04-18 22:25 - 00000000 ___SD () C:\32788R22FWJFW

2014-04-25 21:59 - 2014-03-11 00:53 - 00000000 ____D () C:\Users\A0033498\Desktop\Visio diagrams

2014-04-25 20:51 - 2009-11-18 14:49 - 00011757 __RSH () C:\ProgramData\ntuser.pol

2014-04-25 00:08 - 2010-08-17 10:55 - 00000180 _____ () C:\Windows\hpbafd.ini

2014-04-24 20:41 - 2014-04-24 20:41 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Skype

2014-04-24 20:41 - 2010-08-15 17:20 - 00000000 ____D () C:\ProgramData\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-04-24 20:40 - 2014-04-24 20:40 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-04-24 20:40 - 2010-08-15 17:20 - 00000000 ___RD () C:\Program Files\Skype

2014-04-24 20:07 - 2014-04-24 20:07 - 00000000 ____D () C:\Windows\ERUNT

2014-04-24 19:31 - 2009-11-18 16:10 - 00000000 ____D () C:\Program Files\Adobe

2014-04-20 13:58 - 2011-04-16 13:04 - 00000000 ____D () C:\Users\A0033498\Desktop\OriginLab85 User Files

2014-04-19 16:53 - 2010-10-01 18:06 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Windows Live

2014-04-18 22:26 - 2014-04-18 22:26 - 00000000 ____D () C:\Windows\erdnt

2014-04-15 18:21 - 2010-09-20 12:51 - 00000000 ____D () C:\Users\A0033498\Documents\EndNote X4

2014-04-13 00:32 - 2009-11-18 17:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-04-13 00:32 - 2009-07-14 12:33 - 03970104 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-04-13 00:16 - 2012-07-21 00:11 - 00181272 _____ () C:\Windows\RegBootClean.exe

2014-04-12 23:48 - 2014-04-12 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-12 20:29 - 2014-04-12 20:05 - 00000036 _____ () C:\Users\A0033498\AppData\Local\housecall.guid.cache

2014-04-12 20:24 - 2014-04-12 20:24 - 00332728 _____ () C:\Users\A0033498\AppData\Local\census.cache

2014-04-12 20:24 - 2014-04-12 20:24 - 00121676 _____ () C:\Users\A0033498\AppData\Local\ars.cache

2014-04-12 20:12 - 2014-04-12 20:12 - 00000010 _____ () C:\Users\A0033498\AppData\Local\sponge.last.runtime.cache

2014-04-12 17:52 - 2011-01-28 05:43 - 00000000 ____D () C:\Users\A0033498\AppData\Local\Microsoft Help

2014-04-12 15:16 - 2010-10-11 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-04-12 14:54 - 2014-04-12 14:54 - 00000000 ____D () C:\Program Files\Aurora

2014-04-12 14:54 - 2010-08-10 15:49 - 00139752 _____ () C:\Users\A0033498\AppData\Local\GDIPFONTCACHEV1.DAT

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aurora

2014-04-12 14:40 - 2014-04-12 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora

2014-04-12 01:48 - 2013-02-18 20:01 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1

2014-04-04 13:04 - 2014-02-27 14:19 - 00000000 ____D () C:\Users\A0033498\AppData\Roaming\texstudio

2014-04-04 09:54 - 2010-10-08 14:11 - 00000000 ____D () C:\Users\A0033498\Desktop\Textbooks

 

Some content of TEMP:

====================

C:\Users\A0033498\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpspvre8.dll

 

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe

[2009-11-18 13:20] - [2009-08-03 13:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

LastRegBack: 2014-04-29 00:43

==================== End Of Log ============================


  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Currently the computer is very responsive and the symptoms (i.e., sluggish computer and windows becoming not responsive) seems to have disappeared.

That's good news  :thumbsup:

 

The BITS and EventSystem services are still not running, but the start type of BITS service is now OK.

Yeah. I screwed up part of the syntax on the last ServiceFix.bat file. Let's see if this will do it.


Step-1.
Create and Run a Batch File

1. Please copy everything in the Quote box below, except the word Quote, into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
sc stop eventsystem
sc config eventsystem start= auto
sc start eventsystem
shutdown -r -t 1
del %0

  • Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
  • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
  • On the File menu, click Save
  • On the Save AS window that comes up, do the following:
  • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
  • At the bottom in the File Name: box type ServicesFix.bat
  • In the Save as type: box, click the down arrow and click All Files(*.*)
  • Click Save

This will put a new file on the Desktop named ServicesFix.bat
The file icon will look like this:  vista_bat_icon.png
Close all open windows and any open Browsers.

2. Right click the ServicesFix.bat file on the desktop  and click Run as Administrator to run the fix. A command window will open briefly, then close. This is quite normal.
When the Command window closes the computer should shut down and reboot automatically. IF it doesn't, please manually reboot the computer.


Step-2.
Please get me a fresh FSS scan and post the log.


  • 0

#23
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

Yes, it worked and the services are now running. Thanks for the help.

 

Farbar Service Scanner Version: 25-02-2014

Ran by a0033498 (administrator) on 04-05-2014 at 22:20:46

Running from "C:\Users\A0033498\Desktop"

Microsoft Windows 7 Enterprise (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

Windows Firewall:

=============

Firewall Disabled Policy:

==================

 

System Restore:

============

System Restore Disabled Policy:

========================

 

Action Center:

============

 

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

 

Windows Defender:

==============

Other Services:

==============

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2013-02-14 01:18] - [2013-01-04 12:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD

 

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll

[2012-10-10 15:23] - [2012-06-02 12:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED

 

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\iphlpsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

**** End of log ****


  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Yes, it worked and the services are now running. Thanks for the help.

:thumbsup:
 
 
Let's do a FRST fix and check for residual malware files.
 
Step-1.
FRST Fix

Warning: This fix is relevant for this system and no other. If you are not this user, Do NOT follow these directions as they could damage the workings of your system.

  • Download attached fixlist.txt file and save it to the same location the FRST.exe file is in. [attachment=70383:fixlist.txt]
  • NOTE: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work.
  • Run FRST and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normall
  • y. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • The Fixlog.txt file can also be found in the same location that the program was run from.

Before running Steps 2 and 3 please disable any screen saver you have running.


Step-2.
Run MalwareBytes

  • Right click the MalwareBytes icon on the desktop and click Run as Administrator to start the program. OK any UAC prompts.
  • The MBAM console/dashboard will appear.
  • Select Settings > Detection and Protection and check (tick) Scan for rootkits

    MBAMSettings-1.jpg
  • Go back to the Dashboard and click the green Scan Now button.

    MBAM1.jpg
     
  • If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.

    MBAMReboot.JPG
  • On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
  • Click on the Export button and select Text file and save to the desktop

MBAMLog.JPG

Copy and paste the log back here.


Step-3.
Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.
Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    realrunesetscannerbutton.jpg

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the esetsmartinstaller_enu.png icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:
     
    eseteula.jpg
  • Select the option YES, I accept the Terms of Use then click on:

    esetstartaftereulaapproval.jpg
         
  • When prompted allow the Add-On/Active X to install. The following window will open:

    esetdirectionalchecks.jpg
    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: esetstartaftersettingsmade.jpg
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

A.
If No Threats Were Found:

  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found

B.
If Threats Were Found:

  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program

Don't forget to enable your Antivirus program and screen saver.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The Fixlog.txt log
2. The MalwareBytes log
3. The ESET scan log (IF it found anything). If it didn't just let me know.


  • 0

#25
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

No threats were found in ESET scan.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:04-05-2014

Ran by a0033498 at 2014-05-05 17:27:47 Run:1

Running from C:\Users\A0033498\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

S2 adfs; No ImagePath

stop

 

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

adfs => Service deleted successfully.

 

The system needed a reboot.

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 5/5/2014

Scan Time: 6:05:29 PM

Logfile: MBAM.txt

Administrator: Yes

Version: 2.00.1.1004

Malware Database: v2014.05.05.04

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

OS: Windows 7

CPU: x86

File System: NTFS

User: a0033498

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 351833

Time Elapsed: 22 min, 59 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

 

(end)


  • 0

Advertisements


#26
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Hello,

I apologize for not getting back yo you sooner. I just flat missed the notification that you had replied back on the 5th. I am so sorry. The MBAM scan looks good and ESET didn't find anything so the last thing I want to do befroe we clean up the tools we've used is check for any programs that need updating.


Run Security Check

Download Security Check from here or here and save it to the Desktop.

  • Right click the SecurityCheck icon SecurityCheckIcon2.png and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    securitycheck.jpg
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.

1. The checkup.txt log

 

 


  • 0

#27
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs, 

 

Results of screen317's Security Check version 0.99.82 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Trend Micro OfficeScan Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java 7 Update 51 
 Java version out of Date!
  Adobe Flash Player  12.0.0.70 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (4.0.1)
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbam.exe 
 Trend Micro OfficeScan Client pccntmon.exe
 Trend Micro OfficeScan Client ntrtscan.exe 
 Trend Micro OfficeScan Client tmlisten.exe 
 Trend Micro OfficeScan Client CNTAoSMgr.exe 
 Trend Micro BM TMBMSRV.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I need to apologize again. I swear I answered you on the 9th. But something must have happened. And I'm not a big fan of the new notification system :upset:

 

You Windows is out of date. It should have Service Pack 1 installed. Support ended for Windows 7 without a Service Pack in April of 2013. And once support ended, Windows stopped offering updates. That combined with the services that weren't working. I want you to go to the Microsoft Windows Update site and see if any updates, including SP1, are offered. If they are please install them. If they aren't, we will install SP1 another way.

 

Please let me know if you were able to update Windows with SP1 and any other current updates and we will go from there.

 

Again, I'm sorry.


  • 0

#29
adai2020

adai2020

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Dear godawgs,

 

Sorry for my late reply. I hope you will be able to kindly offer me a couple of days more to get back to you regarding the Windows update as I am currently tied down with several work matters. I will try to reply by the 18th May.

 

Thanks.


  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Absolutely. After missing your last two posts, your wish is my command. But please keep in mind that your computer is very vulnerable until this service pack and any other windows updates are installed. Especially if you have it connected to the internet. <_<


  • 0






Similar Topics


Also tagged with one or more of these keywords: virus, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP