Virus has disabled Microsoft installer

Question

sevichu 0 Newbie Poster

10 Years Ago

I got a virus that turned off Microsoft Essentials and prevented me from starting it. I tried getting other programs to remove it but i believe that the virus also disabled Microsoft installer. My skype wont start properly along with other programs i use daily taking an extremely long time to start then starts to not respond. Any scans I perform come up empty and any attepmt to start microsoft defender says, file not found did you type it in correctly, or something like that despite me opening it from it's specific folder in program files. Renaming the application in a copy paste version of that folder will let me start it but cant do much from there. Thank you for your time anyone that reads this and thank you in advance for any help offered.

windows-virus

5 Contributors
22 Replies
693 Views
2 Weeks Discussion Span
Latest Post 10 Years Ago Latest Post by robert02

AffineMesh 0 Newbie Poster

10 Years Ago

Have you tried Malwarebytes? If the installation is blocked you may also need to try Malwarebytes Chameleon.

nullptr 167 Occasional Poster

10 Years Ago

This sounds like a ZeroAccess infection. Run a scan with RogueKiller and post the log file.
For 32 bit OS - http://www.adlice.com/softs/roguekiller/RogueKiller.exe
For 64 bit OS - http://www.adlice.com/softs/roguekiller/RogueKillerX64.exe

Also post the log from Malwarebytes as suggested in the above post.

nullptr 167 Occasional Poster

10 Years Ago

Re-scan with RogueKiller and have it remove everything except:

[HJ SMENU][PUM] HKCU[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK][PUM] HKLM[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

If you intentionally disabled System Restore, then uncheck:

[HJ][PUM] HKLM[...]\Wow6432Node[...]\SystemRestore : DisableSR (1) -> FOUND

Reboot - MSE + Malwarebytes should be able to run.

Edited 10 Years Ago by nullptr

nullptr 167 Occasional Poster

10 Years Ago

it tells me to make sure windows is up to date and I have no idea where to update it since I cant seem to from my computer.

Do you mean that Windows Update will not run?

Run Junkware Removal Tool, reboot, then run DDS. Run another scan with RogueKiller, then post the logs from all scans.

nullptr 167 Occasional Poster

10 Years Ago

Have you run the scans with JRT and DDS?

Running services, microsoft management console stops responding.

I'll look at this once I see your logs.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

sevichu 0 Newbie Poster · Answer 1 · 2013-12-19T22:25:34+00:00

"Windows could not find c:.....malwarebyte make sure it is typed in correctly"
And here is the RougeKiller log:

RogueKiller V8.7.13 x64 [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : 00000000000000000000 [Admin rights]
Mode : Scan -- Date : 12/19/2013 17:23:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] msconfig.exe -- C:\ProgramData{$7187-6415-6885-1855$}\msconfig.exe [-] -> KILLED [TermProc]
[SUSP PATH] mseinstall.exe -- C:\Users\00000000000000000000\Desktop\mseinstall.exe [7] -> KILLED [TermProc]
[HIDDEN] msconfig.exe -- C:\ProgramData{$7187-6415-6885-1855$}\msconfig.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 25 ¤¤¤
[RUN][SUSP PATH] HKCU[...]\Run : Browser Protect (C:\Users\00000000000000000000\AppData\Local\Temp\Browser Protect\Browser Protect.exe [-]) -> FOUND
[SHELL][SUSP PATH] HKCU[...]\Windows : load (C:\ProgramData{$7187-6415-6885-1855$}\msconfig.exe [-]) -> FOUND
[IFEO] HKLM[...]\avcenter.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\avguard.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\avp.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\bdagent.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\ccuac.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\ComboFix.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\egui.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\hijackthis.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\keyscrambler.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\mbam.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\MpCmdRun.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\MSASCui.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\MsMpEng.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\msseces.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\NisSrv.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\spybotsd.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\wireshark.exe : Debugger (nsjw.exe [x]) -> FOUND
[IFEO] HKLM[...]\zlclient.exe : Debugger (nsjw.exe [x]) -> FOUND
[HJ][PUM] HKLM[...]\Wow6432Node[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ SMENU][PUM] HKCU[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK][PUM] HKLM[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) TOSHIBA DT01ACA100 ATA Device +++++
--- User ---
[MBR] 1d652e16b25a11d5522b2474eb0e1685
[BSP] 817ff837094291983d34add63df2087b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12192013_172308.txt >>

sevichu 0 Newbie Poster · Answer 2 · 2013-12-20T02:06:52+00:00

Between Rougekiller and malwarebytes I was able to get essentials to reinstal and launch. I am now doing a full scan with it but my skype still has issues starting. Once it is up it seems to run somewhat smoothly until someone calls me. Also, when logging into my League of Legends account I get "did not receive a response from server" and it tells me to make sure windows is up to date and I have no idea where to update it since I cant seem to from my computer.

sevichu 0 Newbie Poster · Answer 3 · 2013-12-20T03:34:57+00:00

Sorry if I was unclear but my skype runs awful and windows update does run but has not helped after I just updated it. Running services, microsoft management console stops responding. I feel like the virus took or shut down something that made these things run smoothly.

sevichu 0 Newbie Poster · Answer 4 · 2013-12-20T12:21:57+00:00

JRT:
~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\dw7
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID{3C471948-F874-49F5-B338-4F214A2EE0B1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID{FB684D26-01F4-4D9D-87CB-F486BEBA56DC
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287806
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3291326
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-sound-recorder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-sound-recorder_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_free-sound-recorder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_free-sound-recorder_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes{CACA0828-9262-4FDB-B3C9-E0B46C9CACDF

~~~ Files

Successfully deleted: [File] "C:\Users\00000000000000000000\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\00000000000000000000\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\00000000000000000000\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\00000000000000000000\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\00000000000000000000\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\00000000000000000000\appdata\local\webplayer"
Successfully deleted: [Folder] "C:\Users\00000000000000000000\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj

~~~ Event Viewer Logs were cleared

Scan was completed on Thu 12/19/2013 at 22:10:19.03
End of JRT log

Could not post DDS because of code snippets formated incorrectly in this post.

nullptr 167 Occasional Poster · Answer 5 · 2013-12-20T12:29:08+00:00

Just click on the paperclip in the toolbar and attach the DDS logs.

sevichu 0 Newbie Poster · Answer 6 · 2013-12-20T12:40:55+00:00

sevichu 0 Newbie Poster

10 Years Ago

DDS

dds.txt (19.5 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.40.2
Run by 00000000000000000000 at 22:11:52 on 2013-12-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8163.5852 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\dlcqcoms.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = www.worldplaycity.blogspot.com
mDefault_Page_URL = hxxp://www.worldplaycity.blogspot.com
mDefault_Search_URL = hxxp://www.google.com.pk
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{EBEFFCB0-808D-4F8C-BFDA-79AC516C3B06} : DHCPNameServer = 192.168.0.1 205.171.2.226
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-1-10 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-1-10 42624]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-2-15 23832]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-1-10 22128]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-1-10 27792]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-10 46136]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-1-10 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-1-10 88832]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-10 565352]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-1-10 56448]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-1-10 2206352]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-2-15 290600]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-2-15 565528]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-18 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-19 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-19 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: wordview.exe: NCHconvertdoc="C:\Program Files (x86)\NCH Software\Prism\prism.exe" -extfind Doxillion "%L"
.
=============== Created Last 30 ================
.
2013-12-20 03:04:16	--------	d-----w-	C:\Windows\ERUNT
2013-12-20 02:46:44	--------	d-----w-	C:\Windows\Migration
2013-12-2

nullptr 167 Occasional Poster · Answer 7 · 2013-12-21T00:18:05+00:00

There's a bit of junk to remove and outdated java to uninstall. Also Skype seems to be corrupted.
Download OTL and save it to your desktop. Click on Run Scan.
When it has finished, there'll be 2 logs created. Attach the logs to your post.

sevichu 0 Newbie Poster · Answer 8 · 2013-12-21T02:45:12+00:00

sevichu 0 Newbie Poster

10 Years Ago

Otl

OTL.Txt (378.18 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

OTL logfile created on: 12/20/2013 9:35:59 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\00000000000000000000\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.97 Gb Total Physical Memory | 4.95 Gb Available Physical Memory | 62.07% Memory free

15.94 Gb Paging File | 12.53 Gb Available in Paging File | 78.62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 518.92 Gb Free Space | 55.71% Space Free | Partition Type: NTFS

 

Computer Name: 000000000000000 | User Name: 00000000000000000000 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

[color=#E56717]========== Processes (All) ==========[/color]

 

PRC - [2013/12/20 21:35:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\00000000000000000000\Downloads\OTL.exe

PRC - [2013/12/11 14:40:36 | 001,823,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/11/15 10:58:34 | 020,588,704 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe

PRC - [2013/10/27 09:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2013/10/18 11:24:33 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2013/01/10 18:16:56 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

 

[color=#E56717]========== Modules (All) ==========[/color]

 

MOD - [2013/12/20 21:35:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\00000000000000000000\Downloads\OTL.exe

MOD - [2013/12/18 04:45:53 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll

MOD - [2013/12/11 14:41:00 | 000,236,456 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\vstdlib_s.dll

MOD - [2013/12/11 14:40:50 | 000,261,032 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\tier0_s.dll

MOD - [2013/12/11 14:40:48 | 008,782,248 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steamclient.dll

MOD - [2013/12/11 14:40:38 | 002,489,768 | ---- | M] (Valve Corporation) -- c:\Program Files (x86)\Steam\bin\friendsui.dll

MOD - [2013/12/11 14:40:38 | 001,135,016 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2013/12/11 14:40:38 | 000,696,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\vgui2_s.dll

MOD - [2013/12/11 14:40:38 | 000,289,704 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\crashhandler.dll

MOD - [2013/12/11 14:40:38 | 000,169,384 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\filesystem_stdio.dll

MOD - [2013/12/11 14:40:36 | 011,280,296 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\SteamUI.dll

MOD - [2013/12/11 14:40:36 | 001,823,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

MOD - [2013/12/11 14:40:36 | 001,810,856 | ---- | M] (Valve Corporation) -- c:\Program Files (x86)\Steam\bin\serverbrowser.dll

MOD - [2013/12/06 14:42:44 | 002,882,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.dll

MOD - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

MOD - [2013/12/03 21:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 21:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013/12/03 21:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 21:47:12 | 002,134,480 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libpeerconnection.dll

MOD - [2013/12/03 21:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

MOD - [2013/12/03 21:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

MOD - [2013/12/03 21:47:10 | 009,962,960 | ---- | M] (The ICU Project) -- C:\Program Files (x86)\Google

Extras.Txt (133.15 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

OTL Extras logfile created on: 12/20/2013 9:35:59 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\00000000000000000000\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.97 Gb Total Physical Memory | 4.95 Gb Available Physical Memory | 62.07% Memory free

15.94 Gb Paging File | 12.53 Gb Available in Paging File | 78.62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 518.92 Gb Free Space | 55.71% Space Free | Partition Type: NTFS

 

Computer Name: 000000000000000 | User Name: 00000000000000000000 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

[color=#E56717]========== Extra Registry (All) ==========[/color]

 

 

[color=#E56717]========== File Associations ==========[/color]

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)

.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- "%1" %*

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cmd [@ = cmdfile] -- "%1" %*

.com [@ = comfile] -- "%1" %*

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.exe [@ = exefile] -- "%1" %*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)

.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*

.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

.scr [@ = scrfile] -- "%1" /S

.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[color=#E56717]========== Shell Spawning ==========[/color]

 

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Prog

nullptr 167 Occasional Poster · Answer 9 · 2013-12-21T05:16:03+00:00

The latest Java JRE version is 7 Update 45, uninstall all older versions from Programs and Features.
Java 7 Update 25
Java 7 Update 40

Download the updated version (if needed) from http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html

Run OTL, paste the content of the following code box into the main window, then click Run Fix. (double click in the code box to select all, then right click copy)

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O32 - AutoRun File - [2013/12/02 18:34:50 | 000,013,547 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[EMPTYTEMP]

Reboot your PC if it doesn't automatically do so. Post the log.
Go to start menu -> all programs -> accessories -> right click on command prompt and Run as administrator.
At the command prompt, type in SFC /SCANNOW press Enter. Let me know if it finds any errors that can't be fixed.

sevichu 0 Newbie Poster · Answer 10 · 2013-12-21T05:54:12+00:00

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
C:\autoupdate.log moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: 00000000000000000000
->Flash cache emptied: 84412 bytes

User: All Users

User: Default
->Flash cache emptied: 57616 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: 00000000000000000000
->Java cache emptied: 16634297 bytes

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 16.00 mb

[EMPTYTEMP]

User: 00000000000000000000
->Temp folder emptied: 788861269 bytes
->Temporary Internet Files folder emptied: 464362049 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 525352960 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 543700293 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 88915 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287446 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,255.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12212013_003302

Files\Folders moved on Reboot...
C:\Users\00000000000000000000\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\00000000000000000000\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

And the command prompt said corrupt files found and fixed no errors.

nullptr 167 Occasional Poster · Answer 11 · 2013-12-21T08:00:20+00:00

And the command prompt said corrupt files found and fixed no errors.

Open an elevated command prompt as before and paste in the following:
findstr /c:"[SR] Cannot" %windir%\logs\cbs\cbs.log >"%userprofile%\Desktop\sfcdetails.txt"

If the sfcdetails.txt saved to your desktop isn't an empty file, attach it to your post. Hopefully this will show how much file corruption there is.

sevichu 0 Newbie Poster · Answer 12 · 2013-12-21T08:03:08+00:00

cmd said cannot open c:\windows...
and the file saved to desktop was blank

nullptr 167 Occasional Poster · Answer 13 · 2013-12-21T08:14:29+00:00

It's likely that MSE accessed the file, blocking you from reading it. Try temporarily disabling MSE protection, then open a new elevated cmd prompt and try again.

sevichu 0 Newbie Poster · Answer 14 · 2013-12-21T08:17:22+00:00

sevichu 0 Newbie Poster

10 Years Ago

nope

nullptr 167 Occasional Poster · Answer 15 · 2013-12-21T08:29:06+00:00

Go to %windir%\logs\cbs\cbs.log and see if you can copy/paste the log to your desktop.
If successful try again with command:
findstr /c:"[SR] Cannot" "%userprofile%\Desktop\cbs.log" >"%userprofile%\Desktop\sfcdetails.txt"

pelle12 -3 Newbie Poster · Answer 16 · 2013-12-21T17:55:11+00:00

Hi,

You can use Norton Anti Virus to get rig of the virus.

Regards,
JP

robert02 -1 Light Poster · Answer 17 · 2014-01-07T16:47:44+00:00

use avg antivirus free it will remove any malware or virus