Cant access any admin tools like device manager!

Pravin

Member
Joined
Feb 28, 2014
Posts
24
Location
Bangalore
Hello,

Thank you very much for helping me so far. Here's my first post: https://www.sysnative.com/forums/wi...corrupt-files-unable-to-repair.html#post68627

I hope you can access it if not let me know and I will copy/paste the content. I was being suggested to post a new thread here. Please help.

I cant open any admin tools like device manager, services....and so on.

Problem started with my audio. I would see that little red cross mark and message on mouse hover was "audio device not installed".. so I ran sfc /scannow and few files were repaired. Audio started working but also this command says there were so many other corrupt files those not repaired. I am still unable to open any admin tools.

I went through the page: Malware Removal Posting Instructions and I am posting the log files requested.

Edit to add logs:

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
JavaFX 2.1.1
Java version out of Date!
Adobe Flash Player 11.6.602.168 Flash Player out of Date!
Adobe Reader XI
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender vsserv.exe
Bitdefender Bitdefender updatesrv.exe
Bitdefender Bitdefender SafeBox safeboxservice.exe
Bitdefender Bitdefender bdagent.exe
Bitdefender Bitdefender pmbxag.exe
Bitdefender Bitdefender bdapppassmgr.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518
Run by saraswati at 2:52:30 on 2014-03-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1950.533 [GMT 5.5:30]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\MONyog\bin\MONyog.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Citrix\GoToMeeting\1259\g2mstart.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Users\saraswati\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Citrix\GoToMeeting\1259\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\1259\g2mlauncher.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\saraswati\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saraswati\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saraswati\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saraswati\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Users\saraswati\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saraswati\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\saraswati\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\saraswati\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [Google Update] "c:\users\saraswati\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\1259\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
dRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
StartupFolder: c:\users\sarasw~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\saraswati\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: Interfaces\{3C1763B4-E4B1-41C0-B816-F29D55AC53A6} : NameServer = 125.22.47.125,202.56.250.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2014-2-27 778032]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2014-2-27 165744]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2014-2-27 78144]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2014-2-27 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2014-2-27 72704]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-7-8 109728]
R2 MONyog;MONyog;c:\program files\monyog\bin\monyog.exe -s --> c:\program files\monyog\bin\MONyog.exe -s [?]
R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2014-2-27 81704]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-7-8 2656280]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2014-2-27 54424]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2014-2-27 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2014-2-27 516936]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-7-8 41088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf_pc.sys [2014-2-27 108008]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2014-2-27 66832]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-12 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-14 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-14 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-11 1343400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-7-5 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-7-5 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-7-5 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-7-5 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-7-5 25704]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2014-2-27 69880]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-03-14 21:03:24 -------- d-----w- c:\users\saraswati\appdata\local\{D6CEBC62-C8B7-4678-9FC0-36543FEEC969}
2014-03-14 19:08:29 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{70014167-51a9-44fb-9c1a-b84e29cfb4c4}\mpengine.dll
2014-03-14 19:01:06 -------- d-----w- c:\users\saraswati\appdata\local\{CA395410-1A6F-4275-A396-F2E239B2D041}
2014-03-14 14:31:35 -------- d-----w- c:\users\saraswati\appdata\local\{8F2A90D1-BA12-4CC6-8FB3-7B6DD47ABFDE}
2014-03-14 13:12:12 -------- d-----w- c:\users\saraswati\appdata\local\{B7219869-972C-457A-9386-95A77F62D88C}
2014-03-13 11:29:05 -------- d-----w- c:\users\saraswati\appdata\local\{D4049CCA-5C80-446E-8A09-5CFDF4E06D5C}
2014-03-12 14:59:28 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 14:59:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-12 14:59:27 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-12 14:57:34 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-12 14:57:34 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 14:36:25 -------- d-----w- c:\users\saraswati\appdata\local\{FBDEE3DF-7092-4682-8D42-5E41FD4A7FC6}
2014-03-11 12:09:15 -------- d-----w- c:\users\saraswati\appdata\local\{2242ED6C-F012-4FC0-837B-05BDCFEB8433}
2014-03-10 09:56:48 -------- d-----w- c:\users\saraswati\appdata\local\{E618C2FB-ADE1-493A-9F46-8914D32B0C09}
2014-03-10 03:15:13 1672 ----a-w- c:\windows\system32\ASOROSet.bin
2014-03-10 03:09:48 -------- d-----w- c:\users\saraswati\appdata\roaming\Systweak
2014-03-10 02:40:41 -------- d-----w- c:\programdata\REGSERVO
2014-03-10 01:40:08 -------- d-----w- c:\users\saraswati\appdata\roaming\Malwarebytes
2014-03-10 01:39:44 -------- d-----w- c:\programdata\Malwarebytes
2014-03-10 01:39:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-10 01:39:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-10 01:39:00 -------- d-----w- c:\users\saraswati\appdata\local\Programs
2014-03-09 21:56:18 -------- d-----w- c:\users\saraswati\appdata\local\{93E9E877-383A-42FB-8EF5-2400CFFB0F57}
2014-03-09 09:55:30 -------- d-----w- c:\users\saraswati\appdata\local\{09945C96-3E7A-4E55-A7FB-851AD917DEF2}
2014-03-08 21:57:23 -------- d-----w- C:\SFCFix
2014-03-08 21:50:50 -------- d-----w- c:\users\saraswati\appdata\local\{C7C8A2C4-D46F-45EE-B01B-C6821B2DC797}
2014-03-08 09:50:20 -------- d-----w- c:\users\saraswati\appdata\local\{803C9E49-DFE6-4E8C-86B0-056A34D040FE}
2014-03-07 17:35:56 -------- d-----w- c:\users\saraswati\appdata\local\{CBBB28B1-776B-47F6-8AB1-5D751C306486}
2014-03-07 05:35:25 -------- d-----w- c:\users\saraswati\appdata\local\{E4596935-7698-442F-8DFB-0C716425CDCD}
2014-03-06 09:33:07 -------- d-----w- c:\users\saraswati\appdata\local\{FF78909A-CCEA-4B14-A5E0-FA099FEF4EE0}
2014-03-05 10:50:46 -------- d-----w- c:\users\saraswati\appdata\local\{57609CD2-6DA0-4820-A99E-B9DB82E4C50C}
2014-03-04 08:16:03 -------- d-----w- c:\users\saraswati\appdata\local\{24100420-CC24-44E2-A4DC-F24BDB146C79}
2014-03-03 14:52:31 -------- d-----w- c:\users\saraswati\appdata\local\{D797D62B-3ABE-4C59-9886-764DEAB65807}
2014-03-03 02:52:02 -------- d-----w- c:\users\saraswati\appdata\local\{2DFC6304-B344-4D30-A715-467D369E98F9}
2014-03-02 21:50:01 -------- d-----w- c:\programdata\Package Cache
2014-03-02 21:49:48 -------- d-----w- c:\program files\Seagate
2014-03-02 15:15:08 -------- d-----w- c:\programdata\YTD Video Downloader
2014-03-02 12:54:50 -------- d-----w- c:\users\saraswati\appdata\local\{48AAE40C-CCDB-4593-A2E7-70549C00A533}
2014-03-01 16:07:21 -------- d-----w- c:\users\saraswati\appdata\local\{5FFEB84F-196B-45B7-B8C1-F2446BFB58D4}
2014-03-01 03:43:18 -------- d-----w- c:\users\saraswati\appdata\local\{B34536EF-344B-4C6C-B0E4-3ADA47CFE836}
2014-02-28 13:54:56 -------- d-----w- c:\users\saraswati\appdata\local\{D458BCD8-ED98-4AE6-9CE7-8722D49E0095}
2014-02-28 11:48:44 -------- d-----w- c:\windows\CheckSur
2014-02-28 01:54:25 -------- d-----w- c:\users\saraswati\appdata\local\{5A646299-98D8-4433-A466-14D47F452833}
2014-02-27 17:44:23 7168 ----a-w- c:\windows\system32\drivers\errdev.sys
2014-02-27 14:26:57 672141 ----a-w- c:\programdata\1393510082.bdinstall.bin
2014-02-27 14:15:02 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-27 14:14:57 -------- d-----w- c:\programdata\BDLogging
2014-02-27 14:14:49 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2014-02-27 14:14:48 78144 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2014-02-27 14:14:48 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2014-02-27 14:14:48 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2014-02-27 14:14:48 511328 ----a-w- c:\windows\capicom.dll
2014-02-27 14:14:48 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
2014-02-27 14:14:41 778032 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-02-27 14:14:41 516936 ----a-w- c:\windows\system32\drivers\avckf.sys
2014-02-27 14:14:41 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2014-02-27 14:11:08 -------- d-----w- c:\users\saraswati\appdata\roaming\Bitdefender
2014-02-27 14:08:23 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
2014-02-27 14:08:23 -------- d-----w- c:\programdata\Bitdefender
2014-02-27 14:08:21 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
2014-02-27 14:08:21 -------- d-----w- c:\program files\Bitdefender
2014-02-27 14:08:02 -------- d-----w- c:\users\saraswati\appdata\roaming\QuickScan
2014-02-27 13:37:16 -------- d-----w- c:\program files\common files\Bitdefender
2014-02-27 13:36:03 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{367846c0-cb51-4a55-8e3d-4ab6dad3b682}\gapaengine.dll
2014-02-27 13:35:38 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a9df466b-7832-43e6-b8fc-ad257f892a72}\mpengine.dll
2014-02-27 13:29:31 -------- d-----w- c:\program files\AVAST Software
2014-02-27 13:25:40 -------- d-----w- c:\programdata\AVAST Software
2014-02-27 13:22:08 -------- d-----w- c:\users\saraswati\appdata\local\{BB2C46AB-0CF6-43D2-98EF-15B46E751700}
2014-02-27 13:21:18 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-27 13:10:13 -------- d-----w- c:\users\saraswati\appdata\local\{E0982A33-512F-4D64-97C2-3A942CE182D8}
2014-02-26 14:15:19 -------- d-----w- C:\SWTOOLS
2014-02-26 13:24:06 -------- d-----w- c:\users\saraswati\appdata\local\{CF8FB836-1FE8-4CFB-9A6C-8723EF940191}
2014-02-25 15:30:15 -------- d-----w- c:\windows\system32\RTCOM
2014-02-25 11:23:37 -------- d-----w- c:\users\saraswati\appdata\local\{404769A7-5922-4D34-8AC6-3AF3EBDD6A43}
2014-02-25 11:21:13 -------- d-sh--w- C:\found.000
2014-02-24 15:41:40 -------- d-----w- c:\users\saraswati\appdata\local\{72FE0875-1CA5-4B52-8054-3B0993072181}
2014-02-23 05:56:31 -------- d-----w- c:\users\saraswati\appdata\local\{EEF571DF-4667-47E4-81EB-6D2736F8CED5}
2014-02-22 17:32:30 -------- d-----w- c:\users\saraswati\appdata\local\{F63132D9-0FEE-4C02-8C47-46DB8E2FAA60}
2014-02-22 05:31:46 -------- d-----w- c:\users\saraswati\appdata\local\{31DA545E-F50E-4E59-9260-09EB3CCF8C6E}
2014-02-21 13:48:57 -------- d-----w- c:\users\saraswati\appdata\local\{F5D24083-CA4C-4E52-BA5D-F757A81BC0AC}
2014-02-21 01:48:29 -------- d-----w- c:\users\saraswati\appdata\local\{8B724C20-63EE-4C0C-952F-ED8F46A9FEFC}
2014-02-20 06:00:54 -------- d-----w- c:\users\saraswati\appdata\local\{59EA75B6-4871-456A-B865-0ECCE13968D1}
2014-02-19 05:45:47 -------- d-----w- c:\users\saraswati\appdata\local\{9002C28A-40E9-46F0-87E6-5119989EF4A2}
2014-02-18 08:02:16 -------- d-----w- c:\users\saraswati\appdata\local\{64615662-ACF2-4FB4-BD22-DDA16BDD5FEA}
2014-02-17 19:54:10 -------- d-----w- c:\users\saraswati\appdata\local\{51D45473-0378-41DE-9301-13AEEF80C6B7}
2014-02-17 07:51:37 -------- d-----w- c:\users\saraswati\appdata\local\{798055AC-094D-41F4-A91E-655DE510F9CC}
2014-02-16 17:55:21 -------- d-----w- c:\users\saraswati\appdata\local\{AD1287D8-76E1-45C1-BA4D-A3BF3A8EB72C}
2014-02-16 05:46:55 -------- d-----w- c:\users\saraswati\appdata\local\{A69EAC1D-6F3E-4A02-A2CD-126ED818BD95}
2014-02-15 09:35:22 -------- d-----w- c:\users\saraswati\appdata\local\{4DC82737-B26C-4ED9-AC56-9A82541AA25F}
2014-02-14 21:34:56 -------- d-----w- c:\users\saraswati\appdata\local\{5A137058-985F-49E7-A077-394100477B91}
2014-02-14 08:00:22 -------- d-----w- c:\users\saraswati\appdata\local\{12558188-FFF5-43B4-A17A-3026504D53CF}
2014-02-13 19:59:57 -------- d-----w- c:\users\saraswati\appdata\local\{57D9447E-7E7F-4266-A2C2-8A8752F58D65}
2014-02-13 07:25:52 -------- d-----w- c:\users\saraswati\appdata\local\{00A1BE0B-3A87-4372-BB28-88FF951B0E62}
.
==================== Find3M ====================
.
2014-02-27 17:44:18 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2014-02-27 17:44:16 57856 ----a-w- c:\windows\system32\AxInstUI.exe
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-03 06:50:54 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 08:56:47 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-20 20:21:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-20 20:21:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 2:54:06.34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume4
Install Date: 7/8/2011 1:25:14 PM
System Uptime: 3/15/2014 2:31:31 AM (0 hours ago)
.
Motherboard: Intel Corporation | | DH61WW
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz | LGA1155 CPU 1 | 1581/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 16.313 GiB free.
D: is FIXED (NTFS) - 24 GiB total, 18.153 GiB free.
E: is FIXED (NTFS) - 49 GiB total, 6.383 GiB free.
F: is FIXED (NTFS) - 368 GiB total, 36.232 GiB free.
G: is FIXED (NTFS) - 16 GiB total, 9.884 GiB free.
H: is FIXED (NTFS) - 109 GiB total, 41.851 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Remote Access IPv6 ARP Driver
Device ID: ROOT\LEGACY_WANARPV6\0000
Manufacturer:
Name: Remote Access IPv6 ARP Driver
PNP Device ID: ROOT\LEGACY_WANARPV6\0000
Service: Wanarpv6
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: HTTP
Device ID: ROOT\LEGACY_HTTP\0000
Manufacturer:
Name: HTTP
PNP Device ID: ROOT\LEGACY_HTTP\0000
Service: HTTP
.
==== System Restore Points ===================
.
RP517: 3/14/2014 10:53:10 PM - Scheduled Checkpoint
RP518: 3/15/2014 2:25:53 AM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader XI
Bitcasa version beta
Bitdefender Total Security
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot A3300 IS and A3200 IS and A2200 Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Citrix Online Launcher
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
FileZilla Client 3.5.3
Google Chrome
Google Talk (remove only)
Google Talk Plugin
GoToMeeting 6.0.0.1259
Intel(R) Control Center
Intel(R) Desktop Utilities
Intel(R) Integrator Assistant
Intel(R) Management Engine Components
Intel(R) Network Connections 16.0.19.0
Intel(R) Processor Graphics
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
MONyog 5.63
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySQL Server 5.5
NetBeans IDE 7.1.2
Notepad++
PCmover OEM Express
Realtek High Definition Audio Driver
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
SQLyog 9.10
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VLC media player 2.1.3
WebEx
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinZip 17.5
WordWeb
Yahoo! Search Protection
YTD Video Downloader 4.7.3
.
==== End Of File ===========================

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Database version: v2014.03.10.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
saraswati :: SARASWATI-PC [administrator]

3/10/2014 7:10:57 AM
MBAM-log-2014-03-10 (07-23-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244199
Time elapsed: 11 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 28
HKCR\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken.
HKCR\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> No action taken.
HKCR\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> No action taken.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShoppingReport2) -> No action taken.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShoppingReport2) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> No action taken.
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> No action taken.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> No action taken.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> No action taken.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> No action taken.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> No action taken.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> No action taken.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> No action taken.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> No action taken.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> No action taken.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> No action taken.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> No action taken.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> No action taken.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> No action taken.
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> No action taken.

Registry Values Detected: 1
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Data: C:\Program Files\QuestScan\questscan.dll -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files\Movies Toolbar\Datamngr (PUP.Optional.MoviesToolbar.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826 (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 16
C:\Users\saraswati\AppData\Local\Temp\uttC729.tmp.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\Local Settings\Temporary Internet Files\Content.IE5\0LZ4Y15U\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\Local Settings\Temporary Internet Files\Content.IE5\0LZ4Y15U\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\Local Settings\Temporary Internet Files\Content.IE5\DCIMKIH2\BitTorrentControl_v12[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\Local Settings\Temporary Internet Files\Content.IE5\K3YM77ZY\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> No action taken.
C:\Program Files\Movies Toolbar\Datamngr\del_DM_LL_nsh77C7.dll (PUP.Optional.MoviesToolbar.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826\CT3225826.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826\initdata.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\saraswati\AppData\Local\Temp\ct3225826\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.

(end)
 

Attachments

Last edited by a moderator:
Hi, Pravin. Thank you for the logs. As you will note, I edited your post to paste the logs. It simplifies review.

1. MBAM didn't removing anything because the items were not selected. Please scan with MBAM again and be sure all items are checked.
  • Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  • Once the update has been installed and the program has loaded, select Quick scan
    [*]When the scan is complete, click OK, then Show Results to view the results.
    [*]Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    MBAM_SR_zps573fd52e.jpg

    [*] Click Remove Selected.
    [*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
    [*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    [*]Please post contents of that file in your next reply.


** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

2. Please download Junkware Removal Tool to your desktop.

Note: A few seconds after landing on the above link, depending on the browser you are using, you will see the following:
  • If you're using Firefox, click Save file:
  • If you're using IE, click Save:
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

3. Please download AdwCleaner by Xplode onto your Desktop.

Note: A few seconds after landing on the above link, depending on the browser you are using, you will see the following:
  • If you're using Firefox, click Save File:
  • If you're using IE, click Save:
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

4. Do you use JavaFX? It is a software platform for creating apps and applets for media such as browser, mobile phones etc. etc. If you use it, you need to update to the most recent version. Otherwise, go ahead and uninstall it.

5. You have a vulnerable version of Adobe Flash Player installed. Please install the most recent version, 12.0.0.77 for both browsers from the direct links below:

Non-IE (Opera, Firefox, Etc.): http://download.macromedia.com/get/...ensing/win/install_flash_player_12_plugin.exe
Windows XP, Vista and 7: Flash Player For Internet Explorer 7, 8, 9, 10, 11: http://download.macromedia.com/get/...sing/win/install_flash_player_12_active_x.exe
 
I have updated JavaFX and Flash Player both now. Atached are the logs:

Malware Bytes Log:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware


Database version: v2014.03.16.04


Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
saraswati :: SARASWATI-PC [administrator]


3/19/2014 8:21:23 PM
mbam-log-2014-03-19 (20-21-23).txt


Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243611
Time elapsed: 10 minute(s), 6 second(s)


Memory Processes Detected: 0
(No malicious items detected)


Memory Modules Detected: 0
(No malicious items detected)


Registry Keys Detected: 0
(No malicious items detected)


Registry Values Detected: 0
(No malicious items detected)


Registry Data Items Detected: 0
(No malicious items detected)


Folders Detected: 0
(No malicious items detected)


Files Detected: 0
(No malicious items detected)


(end)


JRt Logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x86
Ran by saraswati on Wed 03/19/2014 at 20:42:51.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








~~~ Services






~~~ Registry Values






~~~ Registry Keys






~~~ Files






~~~ Folders


Successfully deleted: [Empty Folder] C:\Users\saraswati\appdata\local\{5FFE5D3E-D3D2-4EF2-8788-ABEFDD1CBEAC}
Successfully deleted: [Empty Folder] C:\Users\saraswati\appdata\local\{CE1C4491-13B3-4144-8B77-82011A91DF9F}
Successfully deleted: [Empty Folder] C:\Users\saraswati\appdata\local\{F151DE22-DF22-4535-B58F-40E2EE401F2E}
Successfully deleted: [Empty Folder] C:\Users\saraswati\appdata\local\{F2E99741-AE47-4CE0-83FD-D40995BCBF85}






~~~ Event Viewer Logs were cleared










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/19/2014 at 20:45:59.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adwcleaner log:

# AdwCleaner v3.022 - Report created 19/03/2014 at 20:52:57
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : saraswati - SARASWATI-PC
# Running from : C:\Users\saraswati\Downloads\AdwCleaner.exe
# Option : Clean


***** [ Services ] *****




***** [ Files / Folders ] *****




***** [ Shortcuts ] *****




***** [ Registry ] *****




***** [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.16518




-\\ Google Chrome v


[ File : C:\Users\saraswati\AppData\Local\Google\Chrome\User Data\Default\preferences ]




*************************


AdwCleaner[R0].txt - [2468 octets] - [17/03/2014 03:56:05]
AdwCleaner[R1].txt - [882 octets] - [19/03/2014 20:50:59]
AdwCleaner[S0].txt - [2581 octets] - [17/03/2014 04:00:57]
AdwCleaner[S1].txt - [804 octets] - [19/03/2014 20:52:57]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [863 octets] ##########
 
Hi, Pravin.

In researching your problem regarding the Admin Tools, it sounds as though the shortcuts may have been deleted. If that is the case, you will need to recreate the links.

  1. Navigate "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools". If this folder is empty do the following to recreate the links.
  2. From within the above folder, right-click new -> shortcut and, one-by-one, add the items listed below.

    Note: you will be prompted for the path first, then name. Listed below is the path followed by the name.
%windir%\system32\comexp.msc -- Component Services

%windir%\system32\compmgmt.msc /s -- Computer Management

%windir%\system32\odbcad32.exe -- Data Sources (ODBC)

%windir%\system32\eventvwr.msc /s -- Event Viewer

%windir%\system32\iscsicpl.exe -- iSCSI Initiator

%windir%\system32\secpol.msc /s -- Local Security Policy

%windir%\system32\perfmon.msc /s -- Performance Monitor

%systemroot%\system32\printmanagement.msc -- Print Management

%windir%\system32\nfsmgmt.msc -- Services for Network File System (NFS)

%windir%\system32\services.msc -- Services

%windir%\system32\msconfig.exe -- System Configuration

%windir%\system32\taskschd.msc /s -- Task Scheduler

%windir%\system32\WF.msc -- Windows Firewall with Advanced Security

%windir%\system32\MdSched.exe -- Windows Memory Diagnostic

%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -NoExit -ImportSystemModules -- Windows PowerShell Modules​

Please let us know how you make out.
 
Corrine, if any of that still fails to solve the problem, once you're happy with the machine it may be worth sending this back to the original thread, as I suspect the admin tools problem may potentially not have been caused by the infection but by the corrupt system files reported by SFC I was initially trying to fix. I can't be sure as there are so many, but I could try fixing those first.

Richard
 
Thank you, Richard.

Pravin -- Please advise if the Administrative Tools folder is not empty.
 
Hi Corrine, Richard,

I am really sorry for not being able to update you quickly. This problem is what I am experiencing at my home pc and I think our work times are different. Please bear with me and I will try to update you guys asap.

Once again thank you very much for being with me on the issue.
 
That is no problem, Pravin. Time zone differences are more often the normal with online forums.
 
Hi Corrine,

The shortcuts are present in the Administrative Tools folder. Here are the shortcuts I see there:

Component Services
Computer Management
Data Sources (ODBC)
Event Viewer
iSCSI Initiator
Local Security Policy
Performance Monitor
Print Management
Services
System Conmfiguration
Task Scheduler
Windows Firewall with Advanced Security
Windows Memory Diagnostic
Windows Powershell Module

I just wanted to add few more details just in case if it helps.

I have 2 HDD. One is 3 years old and another one is around 6 years old. When I switch on my computer there's always one beep sound. Is that expected? It wasnt there always.

I am starting to get into programming so I have downloaded various ide's and few open source programs. I hope none of them are infectious, atleast from the scripts what I have executed as per sysnative suggestions.

Regards,
Pravin Singh
 
Also since I saw these shortcuts I tried double clicking, didnt work. Right click and "Run as administrator" didnt work as well..

I guess I am in big trouble and only option I have is to have fresh OS installed? That would be disaster. Please help.

Regards,
Pravin Singh
 
Hi, Pravin. Since the shortcuts are in the folder, it appears that the problem was caused by the corrupt files reported by SFC, as Richard wrote:

Corrine, if any of that still fails to solve the problem, once you're happy with the machine it may be worth sending this back to the original thread, as I suspect the admin tools problem may potentially not have been caused by the infection but by the corrupt system files reported by SFC I was initially trying to fix. I can't be sure as there are so many, but I could try fixing those first.

Richard

Please return to your topic at SFC scannow error - windows resource protection found corrupt files unable to repair and Richard will attempt a repair of the corrupt files.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top