Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Locked Registry Keys, Unknown User Accounts, Probably More Issues...


  • This topic is locked This topic is locked
221 replies to this topic

#16 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 20 February 2015 - 08:07 PM

Hi Gary,

 

Thanks for getting back to me so quickly and for addressing my questions.  Here are the requested logs.  NOTE: In the FRST, the reason mdnsNSP.dll and hpslpsvc32.dll is because I manually removed them previously.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by Joe Collura at 2015-02-20 17:36:44 Run:2
Running from C:\Users\Joe Collura\Desktop\Tools
Loaded Profiles: Joe Collura (Available profiles: Joe Collura & UpdatusUser & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
S3 HPSLPSVC;
C:\Users\Joe Collura\AppData\Local\Temp\7zS6A13\hpslpsvc32.dll [X]
S3 dc3d; system32\DRIVERS\dc3d.sys [X]
S0 hcfdkkag; System32\drivers\qwfrch.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 mferkdk; system32\drivers\mferkdk.sys [X]
S3 mfesmfk; system32\drivers\mfesmfk.sys [X]
S3 NuidFltr; system32\DRIVERS\NuidFltr.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
cmd: dir C:\Windows\system32\%userprofile /s
*****************

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007 => Key not found.
HPSLPSVC => Service not found.
"C:\Users\Joe Collura\AppData\Local\Temp\7zS6A13\hpslpsvc32.dll [X]" => File/Directory not found.
dc3d => Service deleted successfully.
hcfdkkag => Service deleted successfully.
mdmxsdk => Service deleted successfully.
mferkdk => Service deleted successfully.
mfesmfk => Service deleted successfully.
NuidFltr => Service deleted successfully.
nvvad_WaveExtensible => Service deleted successfully.
VGPU => Service deleted successfully.

=========  dir C:\Windows\system32\%userprofile /s =========

 Volume in drive C has no label.
 Volume Serial Number is 7042-DE6B

 Directory of C:\Windows\system32
 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-20 18:53:41
-----------------------------
18:53:41.218    OS Version: Windows 6.1.7601 Service Pack 1
18:53:41.218    Number of processors: 2 586 0x6B01
18:53:41.234    ComputerName: JOECOLLURA-PC  UserName: Joe Collura
18:53:42.606    Initialize success
18:53:42.887    VM: initialized successfully
18:53:42.903    VM: Amd CPU virtualization not supported
18:53:46.522    AVAST engine defs: 15022001
18:53:48.815    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
18:53:48.831    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:53:49.548    Disk 0 MBR read successfully
18:53:49.548    Disk 0 MBR scan
18:53:49.564    Disk 0 Windows 7 default MBR code
18:53:49.595    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
18:53:49.642    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        20489 MB offset 112455
18:53:49.689    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       456394 MB offset 42076160
18:53:49.751    Disk 0 default boot code
18:53:49.782    Disk 0 scanning sectors +976771072
18:53:50.765    Disk 0 scanning C:\Windows\system32\drivers
18:54:56.878    Service scanning
18:55:19.326    Modules scanning
18:55:19.358    Disk 0 trace - called modules:
18:55:19.420    ntkrnlpa.exe halmacpi.dll HDAudBus.sys CLASSPNP.SYS disk.sys ACPI.sys storport.sys nvstor.sys
18:55:19.436    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8c07d030]
18:55:19.451    3 CLASSPNP.SYS[86dc459e] -> nt!IofCallDriver -> [0x8b9fa6b8]
18:55:19.467    5 ACPI.sys[83fbb3d4] -> nt!IofCallDriver -> \Device\00000067[0x8b9fa8e8]
18:55:20.793    AVAST engine scan C:\Windows
18:56:28.746    AVAST engine scan C:\Windows\system32
19:06:48.478    AVAST engine scan C:\Windows\system32\drivers
19:07:01.738    AVAST engine scan C:\Users\Joe Collura
19:40:01.175    AVAST engine scan C:\ProgramData
19:45:38.980    Disk 0 statistics 4203392/0/0 @ 0.74 MB/s
19:45:38.980    Scan finished successfully
19:47:22.003    Disk 0 MBR has been saved successfully to "C:\Users\Joe Collura\Desktop\MBR.dat"
19:47:22.019    The log file has been saved successfully to "C:\Users\Joe Collura\Desktop\aswMBR.txt"
 

Let me know your thoughts.  Also, I gather you don't want me to send the SFC and CBS logs?  I would love for you to review them but I understand if I'm asking too much or if you feel it's simply unnecessary.

 

Thanks again!



BC AdBot (Login to Remove)

 


#17 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 20 February 2015 - 08:49 PM

Greetings,

Those reports look good. The 2 logs can be quite cumbersome to review. If you are having issues that is one thing, if things are running smoothly the cost vs. benefit tips in the wrong direction.

Please run this.

===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Security Check log
  • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#18 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 21 February 2015 - 09:08 PM

Hi Gary,

 

Understood re: CBS and SFC.

 

Here is the report:

 

Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 CCleaner     
 Wise Disk Cleaner 8.42  
 Wise Registry Cleaner 8.31  
 Java 8 Update 31  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31  
 Adobe Flash Player     16.0.0.305  
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

 

IE and Mozilla browsers start up very slow for me.  I just ran a speed test and I have virtually no download speed (only 3 mbps).  That's so abnormal that I'm sure it'll correct itself soon.  I should be getting 75.  No issues with my upload speed; it's 75 which is what it should be.  Browsing is OK.

 

Let me know your thoughts and the next step.

 

Thanks!



#19 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 21 February 2015 - 09:15 PM

Your security programs are up to date. :thumbsup2:

 

Unless you have any other concerns I think we are done. I will be leaving the Topic open for a day and if you become concerned about your Internet performance you can post.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#20 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 21 February 2015 - 09:48 PM

Thanks for leaving this open for a day, just in case.  I'm sure I'm fine at this point thanks to you guys.

 

Is it any cause for alarm that it said my Java is out of date considering I have the latest update (31) installed?

 

Machiavelli had suggested I run DelFix as a last step.  The tools it said it deleted remain on my desktop, though.  Here's the log:

 

# DelFix v10.8 - Logfile created 21/02/2015 at 21:36:39
# Updated 29/07/2014 by Xplode
# Username : Joe Collura - JOECOLLURA-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #743 [Windows Update | 02/19/2015 04:42:14]
Deleted : RP #744 [Windows Update | 02/19/2015 05:14:30]
Deleted : RP #745 [Windows Update | 02/20/2015 05:23:57]
Deleted : RP #747 [Created by Wise Disk Cleaner | 02/20/2015 23:46:04]

New restore point created !

########## - EOF - ##########
 

Do you think I should manually remove the tools we used or is it not such a big deal?



#21 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 21 February 2015 - 10:15 PM

My apologies, you do have a 32 bit Operating System. Please do this.

===================================================

Update Java

-------------------
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed allow the program to complete that
  • Reboot your computer once all Java components are removed.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java update properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#22 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 21 February 2015 - 10:42 PM

As I said, I already have the latest Java.

 

I ran the Java applet to double check and it gave me the "congratulations you have the latest version" message...



#23 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 21 February 2015 - 10:55 PM

The Security Check report is indicating you need to update the 32 bit version but since Oracle is telling you that you have the latest version then we will go with that.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#24 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 21 February 2015 - 11:01 PM

If there isn't a newer Java to download, I guess we have to go with Oracle.  Unless you think I should uninstall my Java, then reinstall?

 

Re: DelFix - is the log OK?  Do you recommend I physically delete any tools that DelFix missed?  



#25 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 21 February 2015 - 11:14 PM

I think Java is fine.

Yes, you can delete any other tools/logs still remaining on your computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#26 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 23 February 2015 - 09:13 PM

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#27 fjrules

fjrules
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 23 February 2015 - 10:16 PM

Hi Gary,

 

I've had considerable variances in my download/upload speeds but browsing has been efficient and without incident.  I'm pretty sure everything is OK at this point. 

 

You and Machiavelli were a tremendous help!  Thank you again!



#28 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 23 February 2015 - 11:48 PM

Very good and you are quite welcome.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#29 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 25 February 2015 - 10:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#30 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:54 PM

Posted 04 March 2015 - 11:25 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users