Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't download simple things like Google Chrome, nor do I have admin rights


  • Please log in to reply
22 replies to this topic

#1 kranklebird

kranklebird

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 28 September 2013 - 02:31 AM

I have been instructed to post this topic by the Moderator to get a deeper look.

 

Here is a link back to the original "Am I infected?"  thread:

 

http://www.bleepingcomputer.com/forums/t/508057/im-not-sure-what-the-computer-is-doing/page-2#entry3168866

 

Also, I just ran a Spybot Search & Destroy scan and it found and removed (hopefully) a Trojan called Zalmaninstaller that it considered high threat.  I just posted the .txt report in the original thread (at above link). 



BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:06 PM

Posted 28 September 2013 - 04:20 AM

Do you know who is the administrator of the system?



#3 kranklebird

kranklebird
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 29 September 2013 - 03:52 PM

No.  How do I tell?

 

_________________________________________

 

I just ran AdwCleaner and it found (again) a registry key change related to "grusskartencenter.com".  (Pretty sure one of the utilities I was instructed to run eliminated this, but it came back?  Is this a known virus?)

 

I also just noticed that I has some language packs for Microsoft Office (I don't have Office installed nor do I use the trial version there that came with the computer) sitting in installed programs (in Control Panel).  I just uninstalled the one for German/Dutch.  (Is it normal that English is not an available language to use during the uninstall?  I uninstalled in French.)) 

 

Here's the AdwCleaner report I just ran:

 

# AdwCleaner v3.005 - Report created 29/09/2013 at 16:31:15
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Richard - RICHARD-PC
# Running from : C:\Users\Richard\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [941 octets] - [23/09/2013 00:57:38]
AdwCleaner[R1].txt - [1000 octets] - [23/09/2013 01:19:39]
AdwCleaner[R2].txt - [1074 octets] - [23/09/2013 20:25:44]
AdwCleaner[R3].txt - [3333 octets] - [25/09/2013 16:58:06]
AdwCleaner[R4].txt - [1580 octets] - [25/09/2013 17:56:07]
AdwCleaner[R5].txt - [1142 octets] - [26/09/2013 14:43:49]
AdwCleaner[R6].txt - [1262 octets] - [27/09/2013 22:49:13]
AdwCleaner[R7].txt - [1618 octets] - [29/09/2013 16:29:07]
AdwCleaner[S0].txt - [1145 octets] - [23/09/2013 20:30:53]
AdwCleaner[S1].txt - [3338 octets] - [25/09/2013 17:02:41]
AdwCleaner[S2].txt - [1521 octets] - [25/09/2013 17:57:32]
AdwCleaner[S3].txt - [1204 octets] - [26/09/2013 14:46:44]
AdwCleaner[S4].txt - [1324 octets] - [27/09/2013 22:53:09]
AdwCleaner[S5].txt - [1543 octets] - [29/09/2013 16:31:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1603 octets] ##########


Edited by kranklebird, 29 September 2013 - 04:00 PM.


#4 kranklebird

kranklebird
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 30 September 2013 - 08:41 AM

UPDATE:

 

I did a system factory reboot again after running all major utilities suggested.  

 

I immediately attemptd to downloaded Chrome and it worked.  I'm running the major utilities right away to see what's there.  So far haven't found ZalmanInstaller (Otshot) or russgartkencenter, Conduit (which I read is packcaged within the OtShot Installer).  So far so good.  My expectations are low though!

 

I would like to ask a question about Admin privileges because I thin there's a chance I've had them this whole time!...

 

Is it normal that Windows brings up a box that basically says "You will need Admin privileges to perform this."  during certain tasks?  Similarly, is this standard for even someone who is the Admin?  (I may have been assuming the machine was saying I don't have Admin when I in fact may have?)

 

Also, I noticed that I actually CAN change priority level in Task Manager for some tasks.  However, for some I can't, and a little bell sound rings.  (For example when just running MinitToolBox it denied a changeto above normal priority setting.)

 

I'll post anything that pops up but this machine is not that important as I don't store anything important on it and am really just surfing the web here and there, although it would be nice if it worked smoothly. 


Edited by kranklebird, 30 September 2013 - 08:41 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:06 PM

Posted 01 October 2013 - 09:06 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair


#6 kranklebird

kranklebird
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 01 October 2013 - 04:34 PM

Thank you!

 

About to start the program.  When you say "check mark the following options alone"...do you mean..

 

uncheck the options that are checked by default when I open the program (or leave them checked)?


Edited by kranklebird, 01 October 2013 - 04:42 PM.


#7 kranklebird

kranklebird
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 01 October 2013 - 08:27 PM

UPDATE:

 

I checked all the boxes you mentioned and left the default ones checked.  Windows Repair All-in-one stated that it did complete all repairs.  There were 18 total log files created.  The first one appears to be the main one (?) titled _Windows_Repair_Log.  There appear to be major speed improvements, but I tried changing priority in task manager while running CCleaner and sccess still denied (is this strange or no?)  Also, CCleaner did find a lot more changes to registry that it wants to correct.  Should I trust these?(Some were related to things like Microsoft Office (I don't use) which I figure I'll uninstall with the more thorough Revo (?) or should I use regular uninstaller?  )  Here is the Win Repair All-in-one tool report.  Please just let me know if you need me to post others too.  Thank you very much for your help. :

 

Starting Repairs...
   Start (10/1/2013 5:47:15 PM)
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (10/1/2013 5:47:15 PM)
   Running Repair Under Current User Account
   Done (10/1/2013 5:48:07 PM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (10/1/2013 5:48:07 PM)
   Running Repair Under System Account
   Done (10/1/2013 5:54:59 PM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (10/1/2013 5:54:59 PM)
   Running Repair Under System Account
   Done (10/1/2013 5:57:08 PM)
 
02 - Reset File Permissions 01/10
   C:\AdwCleaner & Sub Folders
   Start (10/1/2013 5:57:08 PM)
   Running Repair Under System Account
   Done (10/1/2013 5:57:13 PM)
 
02 - Reset File Permissions 02/10
   C:\Boot & Sub Folders
   Start (10/1/2013 5:57:13 PM)
   Running Repair Under System Account
   Done (10/1/2013 5:57:18 PM)
 
02 - Reset File Permissions 03/10
   C:\Config.Msi & Sub Folders
   Start (10/1/2013 5:57:18 PM)
   Running Repair Under System Account
   Done (10/1/2013 5:57:20 PM)
 
02 - Reset File Permissions 04/10
   C:\Intel & Sub Folders
   Start (10/1/2013 5:57:20 PM)
   Running Repair Under System Account
   Done (10/1/2013 5:57:23 PM)
 
02 - Reset File Permissions 05/10
   C:\MSOCache & Sub Folders
   Start (10/1/2013 5:57:23 PM)
   Running Repair Under System Account
   Done (10/1/2013 5:57:37 PM)
 
02 - Reset File Permissions 06/10
   C:\PerfLogs & Sub Folders
   Start (10/1/2013 5:57:37 PM)
   Running Repair Under System Account
   Done (10/1/2013 5:57:40 PM)
 
02 - Reset File Permissions 07/10
   C:\Program Files & Sub Folders
   Start (10/1/2013 5:57:40 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:00:35 PM)
 
02 - Reset File Permissions 08/10
   C:\ProgramData & Sub Folders
   Start (10/1/2013 6:00:35 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:00:56 PM)
 
02 - Reset File Permissions 09/10
   C:\Recovery & Sub Folders
   Start (10/1/2013 6:00:56 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:00:58 PM)
 
02 - Reset File Permissions 10/10
   C:\Windows & Sub Folders
   Start (10/1/2013 6:00:58 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:20:42 PM)
 
02 - Reset File Permissions 01/12
   D:\2e1a243749b780921a3b154a3c57bd & Sub Folders
   Start (10/1/2013 6:20:42 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:20:45 PM)
 
02 - Reset File Permissions 02/12
   D:\Config.Msi & Sub Folders
   Start (10/1/2013 6:20:45 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:20:47 PM)
 
02 - Reset File Permissions 03/12
   D:\Contacts & Sub Folders
   Start (10/1/2013 6:20:48 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:20:52 PM)
 
02 - Reset File Permissions 04/12
   D:\Desktop & Sub Folders
   Start (10/1/2013 6:20:52 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:20:55 PM)
 
02 - Reset File Permissions 05/12
   D:\Downloads & Sub Folders
   Start (10/1/2013 6:20:55 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:20:58 PM)
 
02 - Reset File Permissions 06/12
   D:\Favorites & Sub Folders
   Start (10/1/2013 6:20:58 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:21:03 PM)
 
02 - Reset File Permissions 07/12
   D:\Links & Sub Folders
   Start (10/1/2013 6:21:03 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:21:05 PM)
 
02 - Reset File Permissions 08/12
   D:\My Docs & Sub Folders
   Start (10/1/2013 6:21:05 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:21:25 PM)
 
02 - Reset File Permissions 09/12
   D:\My Music & Sub Folders
   Start (10/1/2013 6:21:26 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:22:01 PM)
 
02 - Reset File Permissions 10/12
   D:\My Pictures & Sub Folders
   Start (10/1/2013 6:22:01 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:22:03 PM)
 
02 - Reset File Permissions 11/12
   D:\My Videos & Sub Folders
   Start (10/1/2013 6:22:03 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:22:06 PM)
 
02 - Reset File Permissions 12/12
   D:\Saved Games & Sub Folders
   Start (10/1/2013 6:22:06 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:22:09 PM)
 
02 - Reset File Permissions: Cleanup
    & Sub Folders
   Start (10/1/2013 6:22:09 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:22:18 PM)
 
03 - Register System Files
   Start (10/1/2013 6:22:18 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:23:07 PM)
 
04 - Repair WMI
   Start (10/1/2013 6:23:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:29:40 PM)
 
05 - Repair Windows Firewall
   Start (10/1/2013 6:29:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:30:26 PM)
 
06 - Repair Internet Explorer
   Start (10/1/2013 6:30:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:31:15 PM)
 
07 - Repair MDAC/MS Jet
   Start (10/1/2013 6:31:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:31:40 PM)
 
08 - Repair Hosts File
   Start (10/1/2013 6:31:40 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:31:42 PM)
 
09 - Remove Policies Set By Infections
   Start (10/1/2013 6:31:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:31:47 PM)
 
11 - Repair Icons
   Start (10/1/2013 6:31:48 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:31:50 PM)
 
12 - Repair Winsock & DNS Cache
   Start (10/1/2013 6:31:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:32:06 PM)
 
13 - Remove Temp Files
   Start (10/1/2013 6:32:06 PM)
   Running Repair Under System Account
   Done (10/1/2013 6:32:08 PM)
 
14 - Repair Proxy Settings
   Start (10/1/2013 6:32:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:32:13 PM)
 
15 - Unhide Non System Files
   Start (10/1/2013 6:32:14 PM)
   C:\ - Total Files Unhidden: 264Check Unhidden_Files.txt for list of files unhidden
   D:\ - Total Files Unhidden: 5Check Unhidden_Files.txt for list of files unhidden
   Done (10/1/2013 6:38:54 PM)
 
16 - Repair Windows Updates
   Start (10/1/2013 6:38:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:49:23 PM)
 
17 - Repair CD/DVD Missing/Not Working
   Start (10/1/2013 6:49:23 PM)
   Done (10/1/2013 6:49:23 PM)
 
18 - Repair Volume Shadow Copy Service
   Start (10/1/2013 6:49:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:49:32 PM)
 
20 - Repair MSI (Windows Installer)
   Start (10/1/2013 6:49:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:49:41 PM)
 
22.01 - Repair bat Association
   Start (10/1/2013 6:49:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:49:47 PM)
 
22.02 - Repair cmd Association
   Start (10/1/2013 6:49:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:49:52 PM)
 
22.03 - Repair com Association
   Start (10/1/2013 6:49:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:49:57 PM)
 
22.04 - Repair Directory Association
   Start (10/1/2013 6:49:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:02 PM)
 
22.05 - Repair Drive Association
   Start (10/1/2013 6:50:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:07 PM)
 
22.06 - Repair exe Association
   Start (10/1/2013 6:50:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:12 PM)
 
22.07 - Repair Folder Association
   Start (10/1/2013 6:50:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:17 PM)
 
22.08 - Repair inf Association
   Start (10/1/2013 6:50:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:22 PM)
 
22.09 - Repair lnk (Shortcuts) Association
   Start (10/1/2013 6:50:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:27 PM)
 
22.10 - Repair msc Association
   Start (10/1/2013 6:50:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:32 PM)
 
22.11 - Repair reg Association
   Start (10/1/2013 6:50:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:37 PM)
 
22.12 - Repair scr Association
   Start (10/1/2013 6:50:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:42 PM)
 
23 - Repair Windows Safe Mode
   Start (10/1/2013 6:50:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:50:47 PM)
 
24 - Repair Print Spooler
   Start (10/1/2013 6:50:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:51:01 PM)
 
25 - Restore Important Windows Services
   Start (10/1/2013 6:51:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:51:19 PM)
 
26 - Set Windows Services To Default Startup
   Start (10/1/2013 6:51:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/1/2013 6:51:39 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (10/1/2013 6:51:39 PM)
   Total Repair Time: 01:04:25
 
 
...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:06 PM

Posted 02 October 2013 - 09:20 AM

but I tried changing priority in task manager while running CCleaner and sccess still denied (is this strange or no?)


The Access Denied message means it is a protected process or one started by the system or another user and you do not have permission to change it. Usually I see these when they are system processes such as antivirus or firewall etc.
Do not worry about it.
===

Also, CCleaner did find a lot more changes to registry that it wants to correct. Should I trust these?(Some were related to things like Microsoft Office (I don't use) which I figure I'll uninstall with the more thorough Revo (?) or should I use regular uninstaller? )

It's not suggested that you use CCleaner to fix the registry.
Always use the uninstall provided by the operating system first.
It that fails then use Revo uninstaller.
===

If no apparent problems I do not need to see the other logs.

#9 kranklebird

kranklebird
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 04 October 2013 - 08:23 PM

Thank you.

 

1)  AutoRuns sees "Igfxtray Module" which is an undesirable program.  Is there a thread on how to remove this malware?  (Also just to be certain if Autoruns' description lists it as "module" can I be certain it's malware as opposed to the Igfxtray that is not harmful?)

 

2)  One thing I noticed after the factory default settings change is that Windows updates (is set to do auto updates) is updating often, and rebooting fairly often.  Is this normal?  I looked at the update history and Service Pack 1 failed recently.  It's attempting download of Service Pack 1 now but it's been sitting for 10 minutes waiting to start and the web connection is good. Are there some viruses that are designed to be downloaded through Windows Update, or is it solid?

 

3)  Also, rdpclip is a startup program that is listed as "Y" needed by Windows, but AutoRuns can't find it.  (Why is it required though if it's for remote access from another machine?  I don't recall ever giving remote access to a machine.)  Do I need it?

 

4)  There's also 2 googleupdate.exe files in Autoruns.  One is called gupdate the other gupdatem.  Are these good google installer files or bad?


Edited by kranklebird, 04 October 2013 - 11:18 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:06 PM

Posted 05 October 2013 - 08:15 AM


1) AutoRuns sees "Igfxtray Module" which is an undesirable program. Is there a thread on how to remove this malware? (Also just to be certain if Autoruns' description lists it as "module" can I be certain it's malware as opposed to the Igfxtray that is not harmful?)


I do not see this in any of your logs. igfxtray.exe is not required at Startup.
Where is it located.

http://www.systemlookup.com/search.php?type=name&client=malwaresearch-chrome&search=Igfxtray
Make sure that your copy of in \Windows\System32 folder.
===

2) One thing I noticed after the factory default settings change is that Windows updates (is set to do auto updates) is updating often, and rebooting fairly often. Is this normal? I looked at the update history and Service Pack 1 failed recently. It's attempting download of Service Pack 1 now but it's been sitting for 10 minutes waiting to start and the web connection is good. Are there some viruses that are designed to be downloaded through Windows Update, or is it solid?


Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
How is the update issue.
===

3) Also, rdpclip is a startup program that is listed as "Y" needed by Windows, but AutoRuns can't find it. (Why is it required though if it's for remote access from another machine? I don't recall ever giving remote access to a machine.) Do I need it?


You can disable it.
http://forum.sysinternals.com/rdpclip_topic4729.html

===

4) There's also 2 googleupdate.exe files in Autoruns. One is called gupdate the other gupdatem. Are these good google installer files or bad?

Both are good. If all is well with Google do not change it.
http://www.bleepingcomputer.com/startups/GoogleUpdate.exe-25026.html
<<<>>>

#11 kranklebird

kranklebird
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 05 October 2013 - 10:24 AM

Those are all good then.  Thank you so much Nasdaq!

 

I have two final questions:

 

1)  Revo uninstalled ebi book reader.  I don't know if it was malicious (not finding it on your site in virus section).  However, I was in moderate mode when uninstalling, and it left behind 1303 registry changes.  Could this be more to do with the type of application it is, or do you find this odd?

 

2)  Is there a section on this site where I can find a program that based on a a usage style like "I just surf the web, watch youtube, listen to music) will disable unnecessary services with just a few clicks, for speed/hardware optimization?  Or do all of the programs that address this require a user to go through each service and research each one?

 

Thanks again.

Sincerely,

kranklebird



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:06 PM

Posted 05 October 2013 - 01:01 PM

1) Revo uninstalled ebi book reader. I don't know if it was malicious (not finding it on your site in virus section). However, I was in moderate mode when uninstalling, and it left behind 1303 registry changes. Could this be more to do with the type of application it is, or do you find this odd?


As far as I know Reve do not install anything as a stand alone program.

I'm sure you can reinstall the application if you need it.
===

2) Is there a section on this site where I can find a program that based on a a usage style like "I just surf the web, watch youtube, listen to music) will disable unnecessary services with just a few clicks, for speed/hardware optimization? Or do all of the programs that address this require a user to go through each service and research each one?

Not that I know of.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

I will tell you what problem is not required at startup.

#13 kranklebird

kranklebird
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 05 October 2013 - 02:53 PM

Ok thank you I will run DDS.  However, first though here are results of after I ran the Windows Repair Tool:

 

1)  The system restarted and when the desktop came up for some reason windows explorer opened automatically to this folder:

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

 

Inside the folder was a Widcomm Bluetooth application shortcut.

 

Why would there be an "AutorunsDisabled" folder?

__________________________________________________________________________________________________

 

2)  There are problems on your machine that have not have been reported to Microsoft.  Some of these might have solutions available:

 

FIRST ONE;
Description
Faulting Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
 
Problem signature
Problem Event Name: APPCRASH
Application Name: chrome.exe
Application Version: 29.0.1547.76
Application Timestamp: 5237a3c2
Fault Module Name: chrome.dll
Fault Module Version: 29.0.1547.76
Fault Module Timestamp: 5237a345
Exception Code: 80000003
Exception Offset: 01179318
OS Version: 6.1.7600.2.0.0.768.11
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
 
__________________________

 

SECOND ONE:

Problem signature
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.11
Locale ID: 1033
 
Files that help describe the problem
093013-28033-01.dmp
sysdata.xml
WERInternalMetadata.xml
 
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.
 
Extra information about the problem
BCCode: d1
BCP1: 00000CF0
BCP2: 00000002
BCP3: 00000000
BCP4: 8DC9C73C
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

____________________________

 

THIRD ONE:

 

Description
Faulting Application Path: C:\Windows\System32\msiexec.exe
 
Problem signature
Problem Event Name: BEX
Application Name: MsiExec.exe
Application Version: 5.0.7601.17514
Application Timestamp: 4ce792c4
Fault Module Name: MSI7CE2.tmp
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4a7a6e82
Exception Offset: 0000b576
Exception Code: c000000d
Exception Data: 00000000
OS Version: 6.1.7601.2.1.0.768.11
Locale ID: 1033
Additional Information 1: 6d7c
Additional Information 2: 6d7c7e6cef8242f4f56e593739e392d8
Additional Information 3: 3027
Additional Information 4: 3027e2136598055b2c2fe9aad91008fd
__________________________________________________________________________________________

 

Lastly, for about ten minutes after restart while my antivirus software was back up (was disabled during Win Repair Tool scan), Windows Defender reported it was off and when I manually turned it back on it wouldn't come on, but instead opened up Windows Explorer to a bunch of System 32 folders .  Then I went away  for 20 mins (no web connection during this) and it was back on all of the sudden.  Seemed wierd.


Edited by kranklebird, 05 October 2013 - 03:04 PM.


#14 kranklebird

kranklebird
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 05 October 2013 - 03:54 PM

DDS Results:

 

 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/29/2013 11:14:51 PM
System Uptime: 10/5/2013 2:49:40 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | 1005PR
Processor: Intel® Atom™ CPU N450   @ 1.66GHz | CPU 1 | 1667/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 77.95 GiB free.
D: is FIXED (NTFS) - 123 GiB total, 90.457 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: BT-270
Device ID: USB\VID_0B05&PID_1788\002243D6E0DD
Manufacturer: Broadcom
Name: BT-270
PNP Device ID: USB\VID_0B05&PID_1788\002243D6E0DD
Service: BTHUSB
.
==== System Restore Points ===================
.
RP54: 10/5/2013 10:05:57 AM - Revo Uninstaller's restore point - CyberLink YouCam
RP56: 10/5/2013 10:07:32 AM - Configured YouCam
RP58: 10/5/2013 10:11:31 AM - Revo Uninstaller's restore point - EeeSplendid
RP59: 10/5/2013 10:12:09 AM - Removed EeeSplendid
RP61: 10/5/2013 10:15:36 AM - Revo Uninstaller's restore point - ASUS WebStorage
RP63: 10/5/2013 10:17:58 AM - Revo Uninstaller's restore point - LivCam
RP65: 10/5/2013 10:20:14 AM - Revo Uninstaller's restore point - LiveUpdate
RP67: 10/5/2013 10:23:10 AM - Revo Uninstaller's restore point - LocaleMe
RP69: 10/5/2013 10:25:28 AM - Revo Uninstaller's restore point - Microsoft Office Live Add-in 1.3
RP70: 10/5/2013 10:26:01 AM - Removed Microsoft Office Live Add-in 1.3
RP72: 10/5/2013 10:29:10 AM - Revo Uninstaller's restore point - Microsoft Office Suite Activation Assistant
RP73: 10/5/2013 10:29:38 AM - Removed Microsoft Office Suite Activation Assistant.
RP75: 10/5/2013 10:36:11 AM - Revo Uninstaller's restore point - Skype web features
RP77: 10/5/2013 10:38:33 AM - Revo Uninstaller's restore point - Microsoft Office Language Pack 2007 - Italian/Italiano
RP79: 10/5/2013 10:40:11 AM - Removed Microsoft Office Language Pack 2007 - Italian/Italiano
RP81: 10/5/2013 10:46:42 AM - Revo Uninstaller's restore point - Microsoft Office Language Pack 2007 - French/Français
RP83: 10/5/2013 10:50:36 AM - Removed Microsoft Office Language Pack 2007 - French/Français
RP85: 10/5/2013 10:57:00 AM - Revo Uninstaller's restore point - Chicken Invaders 2
RP87: 10/5/2013 10:58:58 AM - Revo Uninstaller's restore point - Microsoft Choice Guard
RP88: 10/5/2013 11:00:06 AM - Removed Microsoft Choice Guard
RP90: 10/5/2013 11:05:59 AM - Revo Uninstaller's restore point - Microsoft Office PowerPoint Viewer 2007 (English)
RP91: 10/5/2013 11:06:53 AM - Removed Microsoft Office PowerPoint Viewer 2007 (English)
RP92: 10/5/2013 12:46:54 PM - Tweaking.com - Windows Repair
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
ArcSoft TotalMedia Theatre 3
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Broadcom CrystalHD Decoder
CapsHook
CCleaner
Chicken Invaders 2
Eee Docking 3.6.2
FontResizer
Google Chrome
Hotkey Service
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype™ 5.10
Spybot - Search & Destroy
Super Hybrid Engine
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
.
==== End Of File ===========================


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:06 PM

Posted 06 October 2013 - 08:13 AM

1) The system restarted and when the desktop came up for some reason windows explorer opened automatically to this folder:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

Inside the folder was a Widcomm Bluetooth application shortcut.

Why would there be an "AutorunsDisabled" folder?

Check this article.
http://www.winhelponline.com/blog/autorunsdisabled-folder-launch-at-startup/

 

FIRST ONE;
Description
Faulting Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe


Remove Chrome using the Add/Remove Programs.

Restart the computer normally.

Reinstall the application.
===
 

SECOND ONE:
Problem signature
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.11
Locale ID: 1033

Files that help describe the problem
093013-28033-01.dmp
sysdata.xml
WERInternalMetadata.xml

View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Extra information about the problem
BCCode: d1


The Error D1 can be caused by many things.

Did you install any new hardware, drivers recently.

Read this article.
http://answers.microsoft.com/en-us/windows/forum/windows_7-system/blue-screen-error-bccode-d1-windows-7-64-bit/803905d1-1d49-45c7-a118-50c69348f487
===

I suggest you follow the instructions on this page.

How to perform a clean boot to troubleshoot a problem in Windows 8, Windows 7, or Windows Vista
http://support.microsoft.com/kb/929135

You may be able to find out what is the cause of these issues.

http://support.microsoft.com/kb/929135

Just in case Chrome is part of the problem I would remove it as suggested above and reinstall the application.

Then proceed with the clean boot.

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users