Jump to content

windows updates fail vulnerability scan java out dated pc slow only runs in safe mode

veronica8910
 Share

Recommended Posts

veronica8910 Newbie

veronica8910

Posted
Posted (edited)

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.03.06.13

 

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

veron pc :: VERONPC-PC [administrator]

 

 

Protection: Disabled

 

06/03/2013 21:39:36

mbam-log-2013-03-06 (21-39-36).txt

 

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 319945

Time elapsed: 39 minute(s), 29 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Extras.Txt

OTL.Txt

Edited by veronica8910
  • Replies 15
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Hi veronica

 

Please elaborate on your topic title:

windows updates fail vulnerability scan java out dated pc slow only runs in safe mode

Your uninstall list is showing:

Java 7 Update 17 .... this is the latest version.

 

The error logs are advising that CHKDSK be run.

So let's try that first.

 

You can do this by running the Scandisk utility within Windows.

  • Click Start >> Computer
  • Right click on your main drive (usually 'C')
  • Select Properties
  • Click on the Tools tab
  • Under Error Checking.. Click Check Now
  • Tick the options that you require ( Please tick both options )
  • Click Start
  • On the screen that comes up.. Click Yes then OK
  • Now restart your computer.

Note: Be patient. Analyzing the drive can be a lengthy process

 

Let me know how that goes.

 

Thanks

Member of:

UNITE

veronica8910 Newbie

veronica8910

Posted
  • Author
Posted (edited)

Hi there, well firstly Kaspersky Internet Security 2012 which came in the set up of the pc says in the vulnarability scan that there are issues with java and adobe I also have secunia psi that says that my adobe is preparing to install been like ages cant update that.

 

windows updates fail currently having a lot of issues with that

 

 

when i first switch the pc on i ger the message on a black screen PRESS 11 to run recovery so something in the bios has changed SATA i think as i have read a few articles just not sure on how to amend the bios.

 

the pc should power on and say loading windows then go to welcome screen. but it hangs there for a while

 

 

 

the pc freezse its slow when ever i actually do manage to update it .. ive been to numerous forums done all the stuff but then around three weeks later problem start coming back again

 

its a nightmare!

 

 

I( ran CHKDSK like advised had a few issues there that were resolved bad clusters in files security discriptors were amended so I think that has run accordingly, and we'll see how it goes .. awaiting further advise

 

 

 

thanks

Edited by veronica8910
  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Hi veronica

 

From what you are describing, it looks as though you may have some corrupt system files.

We can try this and see if it corrects anything.

Sometimes it may ask for the Operating Disc, so if you have one it may be needed.

You may not be asked for it, so just follow the instructions below and let me know how it goes.

 

click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.

Type the following command, and then press the ENTER key:

sfc /scannow (there is a space between the 'c' and the '/' )

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Member of:

UNITE

veronica8910 Newbie

veronica8910

Posted
  • Author
Posted

Hi there I tried the sfc /scannow prompt and ran as adminstrator the scan only went to 36% complete then the following message appeared. Windows Resource Could Not Perform the Rquired Operation.

 

I tried again to run the sfc /scannow prompt but the message appeared again.

 

 

Awaiting Further Instructions

 

Thank you

veronica8910 Newbie

veronica8910

Posted
  • Author
Posted (edited)

I have 2 discs that came with the Medion tower,

 

Medion Recovery disc

it says on it: the software included on the recovery disc was pre installed on your hard drive at the factory and may only be used as a back up.

Only for recovery of the originally selected language.

 

The other disc is named Application & support Disc that disc is written in another language.

then at the bottom of the disc it states

 

Bundle software, not for resale

part no 2005 1677

Edited by veronica8910
  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Hi veronica

 

The other disc is named Application & support Disc that disc is written in another language.

Probably German..... as Medion is a German Company. ( but you should have been supplied with both discs in English)

 

I was hoping that you would have had a separate installation disc.

We could then have run a recovery install which would have only reinstalled the operating system and would have left your personal files etc untouched.

As it is.... with the this type of setup, we could only do a full install. ( which would mean your personal files etc would all be erased )

 

It really does look as though some of the system files have become either corrupted or lost.

How long after you had the system, did this happen?

Was it after you installed any new software?

 

If you wanted to run a full install ( back to how the system was when it was bought) let me know and i can explain how to run the Medion Recovery.

 

Sometimes Combofix can find and replace missing or corrupt files, it's worth giving it a go.

 

Take no notice of the recover console sections in the combofix instructions.... they only relate to Win XP.

This program is designed to run in normal mode, but can be run in safe mode if required.

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
    Then:
     
    Double click on Combo-Fix.exe & follow the prompts.
     
    Vista/Win7 users should right click on the icon and select Run as Administrator.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Thanks

Member of:

UNITE

veronica8910 Newbie

veronica8910

Posted
  • Author
Posted

Hi there, Well firstly I got the tower as a christmas present my brother set up installation but it was not completing windows updates the day I opened it fresh out of the box. problems persisted for a while after then a couple of weeks later i would crash BSOD run real slow its been having problems for a good while now. As for recovering the system. It really does not matter as I have not any personal files on this tower there all on my old xp and will stay there untill this one is in better working condition as I am currently always recovering the pc.

 

heres the combo fix log for once that ran fully completed no BSOD

 

ComboFix 13-03-11.01 - veronica 12/03/2013 12:34:06.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3939.2606 [GMT 0:00]

Running from: c:\users\veronica\Downloads\Combo-Fix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-02-12 to 2013-03-12 )))))))))))))))))))))))))))))))

.

.

2013-03-12 12:37 . 2013-03-12 12:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-11 21:45 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2013-03-11 21:45 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-03-09 02:20 . 2013-03-09 02:20 310688 ----a-w- c:\windows\system32\javaws.exe

2013-03-09 02:20 . 2013-03-09 02:20 188832 ----a-w- c:\windows\system32\javaw.exe

2013-03-09 02:20 . 2013-03-09 02:20 188320 ----a-w- c:\windows\system32\java.exe

2013-03-09 02:20 . 2013-03-09 02:20 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-03-09 02:20 . 2013-03-09 02:20 -------- d-----w- c:\program files\Java

2013-03-09 02:19 . 2013-03-09 02:19 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-09 02:18 . 2013-03-09 02:18 -------- d-----w- c:\program files (x86)\Java

2013-03-09 02:16 . 2013-03-09 02:16 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-09 02:11 . 2013-03-09 02:11 -------- d-----w- c:\program files (x86)\Secunia

2013-03-09 01:58 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-03-09 01:58 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-03-09 01:58 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-03-09 01:58 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-03-09 01:58 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-03-09 01:58 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-03-08 19:58 . 2013-03-08 19:58 -------- d-----w- c:\windows\SysWow64\Wat

2013-03-08 19:58 . 2013-03-08 19:58 -------- d-----w- c:\windows\system32\Wat

2013-03-08 03:43 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-03-08 03:43 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-03-08 03:43 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2013-03-08 03:43 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-03-08 03:39 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2013-03-08 03:38 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-08 03:38 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-03-08 03:30 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-03-08 03:30 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-03-08 03:30 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-03-08 03:30 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-03-08 03:29 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-03-08 03:29 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-03-08 03:29 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2013-03-08 03:29 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-03-08 03:29 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2013-03-08 03:29 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-03-08 03:29 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-03-08 03:26 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-03-08 03:26 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-03-08 03:26 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2013-03-08 03:26 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-03-08 03:26 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2013-03-08 03:13 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-08 03:12 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2013-03-08 03:11 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2013-03-07 17:45 . 2013-03-07 17:45 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2013-03-07 08:18 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2013-03-07 08:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2013-03-07 08:18 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2013-03-07 08:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2013-03-07 08:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2013-03-07 08:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2013-03-07 08:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2013-03-07 08:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2013-03-07 08:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2013-03-07 08:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2013-03-07 08:11 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2013-03-07 08:11 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2013-03-07 08:11 . 2013-03-07 08:11 -------- d--h--w- c:\programdata\Medion Reminder

2013-03-07 08:10 . 2013-03-07 08:10 -------- d-----w- c:\users\veronica

2013-03-07 08:10 . 2013-03-07 08:10 -------- d-----w- c:\program files (x86)\Common Files\Memeo

2013-03-07 08:10 . 2013-03-07 08:10 -------- d-----w- c:\program files (x86)\Memeo

2013-03-07 08:09 . 2013-03-07 08:09 -------- d-----w- c:\programdata\Kaspersky Rescue Disk 10

2013-03-07 08:08 . 2013-03-12 11:48 -------- d-----w- c:\programdata\Kaspersky Lab

2013-03-07 08:08 . 2013-03-07 08:08 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2013-03-07 08:08 . 2013-03-07 08:34 637272 ----a-w- c:\windows\system32\drivers\klif.sys

2013-03-07 08:08 . 2013-03-07 08:08 -------- d-----w- c:\program files\PlayReady

2013-03-07 08:08 . 2013-03-07 08:08 -------- d-----w- c:\programdata\Partner

2013-03-07 08:08 . 2013-03-07 08:08 -------- d-----w- c:\program files\Google

2013-03-07 08:07 . 2013-03-07 08:08 -------- d-----w- c:\program files (x86)\Google

2013-03-07 08:06 . 2013-03-07 08:06 -------- d-sh--we C:\Documents and Settings

2013-03-07 08:06 . 2013-03-07 08:06 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-09 02:20 . 2012-01-09 17:18 1085344 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-03-09 02:20 . 2011-07-18 21:14 963488 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-09 02:18 . 2012-01-09 17:18 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-09 02:18 . 2011-07-18 21:13 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-09 02:16 . 2011-11-30 19:25 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-07 12:15 . 2013-02-07 12:15 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys

2013-02-04 22:49 . 2011-07-18 20:31 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-01-04 04:43 . 2013-03-09 01:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2013-03-07 08:08 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-03-07 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2013-03-07 206448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-2-7 575000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2013-02-07 660504]

R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-08-02 129000]

R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-08-02 391144]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2013-03-07 332272]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-08 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2013-02-07 1223704]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys [2013-02-07 18456]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-09 02:21 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.160\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-09 02:16]

.

2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-07 08:07]

.

2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-07 08:07]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2013-03-07 08:08 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]

"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4

TCP: DhcpNameServer = 192.168.0.1

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-12 12:39:18

ComboFix-quarantined-files.txt 2013-03-12 12:39

.

Pre-Run: 906,238,705,664 bytes free

Post-Run: 906,001,739,776 bytes free

.

- - End Of File - - 985CCF9A981C32616945118EB15625C5

 

 

 

thank you

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Hi veronica

 

my brother set up installation but it was not completing windows updates the day I opened it fresh out of the box. problems persisted for a while after then a couple of weeks later i would crash BSOD run real slow its been having problems for a good while now.

So the system has never worked correctly?

Why did you not just return it and ask for an exchange...... it would still be under warranty.

 

It really does not matter as I have not any personal files on this tower there all on my old xp and will stay there untill this one is in better working condition as I am currently always recovering the pc.

Ok, if returning the system is not an option, then the next best thing would be to reinstall everything.

 

I will give you instructions using the recovery partition, if that doesn't work for some reason we could then try the disc that came with the PC.

 

You would have thought that the Operating System would have been on the Medion Recovery disc , but it's not.

Medion being a strange company, they put it on the Application & support Disc.

My old Win98 system was a Medion and i found this out when i went to reinstall from the disc.

 

I looked up the manual for your system and got the information on the recovery partition from there.

If you ever need a manual, you'll find it here:

http://download5.medion.com/downloads/anleitungen/bda_20048853.pdf

 

Ok, let's see if this goes according to plan:

  • Remove any mass storage devices you may be
    using (memory cards, USB sticks, external hard drives, etc.).
  • Switch on the PC.
  • Press the corresponding key when you see the message "Press F11 to run recovery"
    or
    "Press F12 to run recovery" (use which ever key the screen tells you to use).
  • After a few seconds, the message "Windows is loading files" will appear.... Wait until the files are loaded.
  • The "Power Recover" menu will then appear.
  • Select the language of the restoration menu.
  • Click on "Next".
  • Select now Restore to HDD – no backup of user data.
    All data on the PC are irretrievably erased, restoring delivery condition.
  • Click on Next and follow the further instructions, which will appear on the screen, to restore the delivery condition.

.

This will reset the system back to the original setup.

 

If you are connected to the internet by way of an ethernet cable, the connection should be made automatically.

If you are connected wirelessly, you will have to reconfigure the connection before you can use the internet.

 

You will then obviously have to add your Kaspersky Anti Virus again.

Did you download it yourself or did it come already installed?

All of the programs that came preinstalled will be on the backup partition of the hard drive.

 

 

If for any reason this doesn't work..... you can put the Application & support Disc into the PC and then reboot the system.

The system should then boot from the disc and give you an option to install the Operating System.

 

Let me know how it goes.

Any questions, just shout out.

Member of:

UNITE

veronica8910 Newbie

veronica8910

Posted
  • Author
Posted

Hi there.

Kaspersky is preinstalled in the tower. It is only a trial version.

 

If I restore to factory settings will I have to run CHKDSK again Will I have to run combo fix ?

 

I have installed Secunia PSI and I have managed to successfully update windows important updates, and adobe etc.

 

But now when I switch on the pc it's saying that I cannot start the pc normally. I have to do a start up repair which does not work, I have tried to restore the pc to an earlier restore point but it fails.

 

Can you please tell me If I restore the pc once again to factory settings what is that doing ? as I see no improvement as then I'm back to not being able to update windows important updates again then adobe java is outdated and I have so much difficulty trying to sort it all again. Is there a virus in my system? I just can't fathom the problem

 

Thank you

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted (edited)
If I restore to factory settings will I have to run CHKDSK again Will I have to run combo fix ?

No you won't have to.

 

Can you please tell me If I restore the pc once again to factory settings what is that doing ?

It will wipe out all the settings, files etc and install fresh ones.

Basically it should be like a brand new system.

 

Kaspersky is preinstalled in the tower. It is only a trial version.

Obviously after the trial you will either have to pay for Kaspersky or will have to uninstall it and download another Anti Virus protector.

Or, don't bother with Kaspersky and download another AV straight away.

Here's 2 i can recommend:

 

Note*:

Avira can include the Ask.com Toolbar unless you choose not to install it. This means it is sometimes pre-checked by default and it is recommended that you uncheck that option during installation.

 

Note**:

Upon installation MS Security Essentials will check that your OS is a legal copy.

 

Only install one AntiVirus program

Is there a virus in my system?

 

No, the problems don't seem to be malware related.

No malware in the OTL report and none in the Combofix report.

 

If the problem did still exist after going back to factory settings, it would point to a bad image on the system.

The way around that would be to use the disc i mentioned and run a full reformat/reinstall from that.

The chances are the image on the disc wouldn't have the same problems.

But try the recovery partition method first.

Edited by Starbuck

Member of:

UNITE

veronica8910 Newbie

veronica8910

Posted
  • Author
Posted (edited)

Hi there,

I did once again restore the pc to the original factory settings via the application disk as you recommended. I uninstalled Kaspersky trial that came pre installed & instead I opted for Microsoft security Essentials instead. Windows completed 1 update KB26214404

 

I don't know if my java or adobe is up to date. the pc certainly is faster. but that's because all other updates haven't been done manually. hmmm anyway I have set pc to install updates automatically so we'll see how that goes.

 

Also could you please tell me how I will know if everything is up to date now?, and whether my pc has this time been successfully repaired.

I am in doubt! and that's only because I have been through this rigmarole since opening it from the box 25/12/13... that's a lot of restoring to factory settings with no improvement as yet.... I don't know how I've lasted this long lol

 

 

Thank you for your time

Edited by veronica8910
  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Hi veronica

 

Let's hope you have better luck this time around.

 

I uninstalled Kaspersky trial that came pre installed & instead I opted for Microsoft security Essentials instead.

Wise decision.

 

I don't know if my java or adobe is up to date.

Ok, i'll give you the links for the latest versions.

 

Java:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 17 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 17".
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.

.

 

Adobe Flash Player

http://get.adobe.com/flashplayer/

 

Adobe Reader

http://get.adobe.com/uk/reader/

 

With both of these downloads, Do NOT install the McAfee security scan.

Make sure you UNtick the option before downloading either.

It's just not necessary and for some reason they keep pushing it.

Member of:

UNITE

veronica8910 Newbie

veronica8910

Posted
  • Author
Posted (edited)

Thanks for the advice about java , however it's no good to me at this point in time. After giving my pc a good rest all night I awake to switch it on to my surprise once again the start up repair grey box appears .. attempting to check the pc for problems... this may take several minutes. Several hours later no progress, disgusted I switch it off at the main power socket and attempt another 6-7 times to boot the pc.. I then get a black screen white writing Windows has detected a problem with a device to the pc.. this is nonsense I have not connected nothing to this flipping pc only the mouse and keyboard! File:\BOOT\BCD STATUS: 0XC00000e9

 

Unexpected I\O error occured

 

I even tried to to press F11 to recover the damn thing but it hangs there doesn't do nada.

 

I am so furious with this pc I have connected my old xp that I have had for about 8 years and its in better working condition to be fair! this Medion is going to be returned my brother can sort that out tonight once I drop it off to him I have had enough!

 

Thank you again for your time

Edited by veronica8910
  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Hi veronica

 

Given that you have reinstalled everything fresh and the problems still occur, it looks like it may well be hardware related.

I think returning the system and getting a replacement is the best option.

Keep us informed as it would be interesting to know the outcome of the problems.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...