Inactive Virus/Malware Help

The locations and names would be the same as last time, so:

ESETScan Report:

C:\da.bat BAT/Agent.NGP trojan
C:\Radi-radi.wsf JS/Agent.NCF trojan
 
There are a quite a few security updates as well as Windows 7 service pack 1. I tried to download them all using Windows Update and they all fail. I also tried installing Windows 7 Service Pack 1 on its own using Windows Update and that too failed and came up with the error code '800B0100'
 
Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif



Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif



Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif


Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
Running Repair Under System Account
Starting Repairs...
Start (16/06/2013 14:39:49)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (16/06/2013 14:39:49)
Running Repair Under Current User Account
Done (16/06/2013 14:39:51)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (16/06/2013 14:39:51)
Running Repair Under System Account
Done (16/06/2013 14:40:48)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (16/06/2013 14:40:48)
Running Repair Under System Account
Starting Repairs...
Start (16/06/2013 14:45:39)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (16/06/2013 14:45:39)
Running Repair Under Current User Account
Done (16/06/2013 14:45:43)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (16/06/2013 14:45:43)
Running Repair Under System Account
Done (16/06/2013 14:46:51)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (16/06/2013 14:46:51)
Running Repair Under System Account
Done (16/06/2013 14:47:29)

Register System Files
Start (16/06/2013 14:47:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:48:01)

Repair WMI
Start (16/06/2013 14:48:01)
Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

Done (16/06/2013 14:51:24)

Repair Windows Firewall
Start (16/06/2013 14:51:24)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (16/06/2013 14:51:51)

Repair Internet Explorer
Start (16/06/2013 14:51:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:52:12)

Repair MDAC/MS Jet
Start (16/06/2013 14:52:12)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:52:23)

Repair Hosts File
Start (16/06/2013 14:52:23)
Running Repair Under System Account
Done (16/06/2013 14:52:25)

Remove Policies Set By Infections
Start (16/06/2013 14:52:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:52:30)

Repair Icons
Start (16/06/2013 14:52:30)
Running Repair Under System Account
Could Not Find C:\Users\Finn\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Finn\AppData\Local\IconCache.db
Done (16/06/2013 14:52:32)

Repair Winsock & DNS Cache
Start (16/06/2013 14:52:32)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:52:47)

Repair Proxy Settings
Start (16/06/2013 14:52:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:52:52)

Repair Windows Updates
Start (16/06/2013 14:52:52)
Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (16/06/2013 14:54:21)

Repair CD/DVD Missing/Not Working
Start (16/06/2013 14:54:21)
Done (16/06/2013 14:54:21)

Repair Volume Shadow Copy Service
Start (16/06/2013 14:54:21)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (16/06/2013 14:54:25)

Repair MSI (Windows Installer)
Start (16/06/2013 14:54:26)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:54:36)

Repair bat Association
Start (16/06/2013 14:54:36)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:54:41)

Repair cmd Association
Start (16/06/2013 14:54:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:54:46)

Repair com Association
Start (16/06/2013 14:54:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:54:50)

Repair Directory Association
Start (16/06/2013 14:54:50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:54:55)

Repair Drive Association
Start (16/06/2013 14:54:55)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:54:59)

Repair exe Association
Start (16/06/2013 14:55:00)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:04)

Repair Folder Association
Start (16/06/2013 14:55:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:09)

Repair inf Association
Start (16/06/2013 14:55:09)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:13)

Repair lnk (Shortcuts) Association
Start (16/06/2013 14:55:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:18)

Repair msc Association
Start (16/06/2013 14:55:18)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:23)

Repair reg Association
Start (16/06/2013 14:55:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:27)

Repair scr Association
Start (16/06/2013 14:55:27)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:32)

Repair Windows Safe Mode
Start (16/06/2013 14:55:32)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:37)

Repair Print Spooler
Start (16/06/2013 14:55:37)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:50)

Restore Important Windows Services
Start (16/06/2013 14:55:50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:55:54)

Set Windows Services To Default Startup
Start (16/06/2013 14:55:54)
Running Repair Under Current User Account
Running Repair Under System Account
Done (16/06/2013 14:56:11)

Cleaning up empty logs...

All Selected Repairs Done.
Done (16/06/2013 14:56:11)
Total Repair Time: 00:10:32


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
 
Problems such as Windows Firewall not working have been fixed and the PC seems pretty stable now. Is there anyway to check if it is virus free now?
 
Windows Update successfully installed some updates but some failed. Now when I try to check for updates again I get this error 'Code C80003FA'
 
I've done all steps in the link provided up to step 12, where I get the messages 'You can't upgrade 64-bit Windows to a 32-bit version of Windows.' This makes no sense as I have a 64-bit version of Windows 7 and I chose to install 64-bit.
 
Should I just move all files and programs I want to keep onto an external hard drive and do a clean install then move everything back onto the pc after I am done?
 
I'm going to have to obtain a new copy of Windows 7 as mine does not work anymore:confused:
I'll post once I've downloaded a new copy and copied everything back on
 
Things seem to be going okay actually, everything's working okay. I still get the occasional 'program has stopped working' error or a blue screen but the computer is usable. I can't do a repair install because my copy of windows seems to be broken so I will keep my computer like this until I can buy a new copy of Windows.
Thank you so much for your help and if I have other problems I will just open a new thread.
Thanks again,
Finn
 
Back