Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Prism on steroids that killed Task manager & only safe mode [Solve


  • This topic is locked This topic is locked

#31
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Don't upload it in this case. Can you please check Task Manager and system now and tell me current problems.
  • 0

Advertisements


#32
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Task Manager still has the miniature tabs and no words in the dialog boxes. Can see that in the screen shot.The only real visible part is the 3rd page with the resourse monitor. I'll attach a screen shot. (Thanks for showing how) . Also a screenshot of msconfig.
There's still something hoky going on. It takes a long time for the screen to appear after selecting the user.
The IE will lock up quite easy if you've several windows or attachments open.
We've made dynamite progress, but it still doesn't act as sharp as it should.
Can we run Combofix again? It didn't run to the end last time.
BUT, you've done a great job so far. THANKS.

Attached Thumbnails

  • ClickShoot_003511.jpg
  • ClickShoot_004903.jpg

  • 0

#33
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.

    Here is OTL picture if you don't get any text when you open it.
    Posted Image
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#34
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Well. Not quite sure how to handle. Download of OTL was OK. But the view has no graphics. I can't see which area to paste in , nor to check for the scan. I tried to paste in the lower area, in case that would work, but it showed up as in this screen shot. In addition, somewhere, someplace in clicking with my sticky mouse, the blue band has showed up on the right side of the screen and I can't see what it says and can't get rid of it.

Attached Thumbnails

  • ClickShoot_112334.jpg

  • 0

#35
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi steveAA,

This is really interesting. Can you try to run aswMBR and get logs from it?
  • 0

#36
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's the Adw info.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-22 10:35:36
-----------------------------
10:35:36.540 OS Version: Windows x64 6.1.7601 Service Pack 1
10:35:36.540 Number of processors: 1 586 0x602
10:35:36.540 ComputerName: NEW-PC UserName: New
10:35:40.206 Initialize success
10:36:33.822 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
10:36:33.822 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 3
10:36:34.056 Disk 0 MBR read successfully
10:36:34.056 Disk 0 MBR scan
10:36:34.056 Disk 0 Windows 7 default MBR code
10:36:34.072 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:36:34.072 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
10:36:34.103 Disk 0 scanning C:\Windows\system32\drivers
10:37:01.699 Service scanning
10:37:30.356 Modules scanning
10:37:30.356 Disk 0 trace - called modules:
10:37:30.372 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
10:37:30.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c6c490]
10:37:30.388 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007b04280]
10:37:30.388 5 ACPI.sys[fffff88000ef67a1] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8007b044a0]
10:37:30.715 Scan finished successfully
10:38:15.628 Disk 0 MBR has been saved successfully to "C:\Users\New\Desktop\MBR.dat"
10:38:15.643 The log file has been saved successfully to "C:\Users\New\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.dat   512bytes   33 downloads

  • 0

#37
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Something seems strange. IE has a http/// With the 3 bars as the home page, which of course doesn't go anywhere. And I couldn't get to AOL and GTG. I went to safe mode and IE worked well. And then the background screen colors started to flash in Green and stayed green, but occasionally changes to Black???
Then I noticed a NEW icon on the desktop. It may have been from adw scan, but it was only 20 minutes old and was
%LocalAppData% . I don't know where it came from, but I only looked at properties and security. I removed "SYSTEM" off of the security and kept administrator only. It made me nervous as it was 20 minutes old and I had no idea what or where it was from. Especially when the background graphics started changing while in safe mode.
  • 0

#38
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
The %LocalAppData% file is from the Microsoft Network Diagnostics which I used when I was trying to get IE working. I can't see the dialog boxes in Internet Options to reset back to default, which might fix it.
  • 0

#39
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Maliprog>>>Hey, we've got some progress !!!! I was able to get the dialog boxes going! And Also OTL. Basically, the way it was acting, I decided to run Efix pro, followed by Microsoft updates, a lot of them due to the Efixpro. Upon start up,,The graphics looked better and I clicked on OTL and it's dialog boxes were working. I then tried Task Manager, and it was working! I just ran OTL. Had to run it twice as the first time I forgot to paste your instructions in the custom scan. Here's the results. There was also a "Extras.txt" I'll include it too.
So, we now have the Adw and the OTL scans. And we have the graphics running OK for the moment. Let me know what's next.

Attached Files


  • 0

#40
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi steveAA,

I'm glad that your system is better. Because I don't know what is your current problems I would like to hear it now. Can you use your system? Any problems that you can see now?
  • 0

Advertisements


#41
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Presently, I can start up and log on and use the internet, so it's almost normal. I had to put GTG and AOL in the task bar to get access to them as the Goggle and IE redirects were a pain. Now that I can see the TM and other dialog boxes, I can probably change the home pages.
Basically, I'm up and operating, but I'm concerned about the redirects and any other "stuff" that might be still in the system.
  • 0

#42
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I'm sorry but I don't understand.... Do you have redirect problems now? Can you give me example of redirect you experience right now.

Let's check your network settings too.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • 0

#43
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
The redirects, at least looked that way to me, were when I would enter either Geekstogo.com or AOL.com into the IE browzer. IE would just hang up and not go anywhere. Reminded me of when Conduit or Mixi were involved. It wasn't until I did a search for GTG and AOL then clicked on them, then saved the shortcut to the task bar, Then I could accesss those sites. It was almost as if whenever I tried to access a AV help site, that it was blocking me? I also went to look at Event Viewer and it had a different view than I remember. That was a couple of days ago and I haven't checked yesterday or today. I'll run your instructions tonight and we'll see what we come up with.
  • 0

#44
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's the mini toolbox report.
For whatever reason, IE seems to be working better now.

MiniToolBox by Farbar Version: 13-07-2013
Ran by New (administrator) on 24-09-2013 at 20:42:42
Running from "C:\Users\New\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : New-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 6C-62-6D-06-3D-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25a3:8f30:b0ed:96ad%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 24, 2013 8:37:53 PM
Lease Expires . . . . . . . . . . : Wednesday, September 25, 2013 8:37:53 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 275538541
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-FA-E7-22-6C-62-6D-06-3D-1F
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1cc0:fc1:bc57:9a6f(Preferred)
Link-local IPv6 Address . . . . . : fe80::1cc0:fc1:bc57:9a6f%20(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.hsd1.wa.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:400a:801::100e
173.194.33.41
173.194.33.36
173.194.33.33
173.194.33.46
173.194.33.40
173.194.33.34
173.194.33.37
173.194.33.35
173.194.33.32
173.194.33.38
173.194.33.39


Pinging google.com [173.194.33.33] with 32 bytes of data:
Reply from 173.194.33.33: bytes=32 time=12ms TTL=55
Reply from 173.194.33.33: bytes=32 time=9ms TTL=55

Ping statistics for 173.194.33.33:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 12ms, Average = 10ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=86ms TTL=49
Reply from 98.138.253.109: bytes=32 time=86ms TTL=49

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 86ms, Maximum = 86ms, Average = 86ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...6c 62 6d 06 3d 1f ......NVIDIA nForce 10/100 Mbps Ethernet
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
20 58 ::/0 On-link
1 306 ::1/128 On-link
20 58 2001::/32 On-link
20 306 2001:0:9d38:6ab8:1cc0:fc1:bc57:9a6f/128
On-link
11 276 fe80::/64 On-link
20 306 fe80::/64 On-link
20 306 fe80::1cc0:fc1:bc57:9a6f/128
On-link
11 276 fe80::25a3:8f30:b0ed:96ad/128
On-link
1 306 ff00::/8 On-link
20 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/24/2013 08:43:12 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The system cannot find the file specified. (HRESULT : 0x80070002) (0x80070002)

Error: (09/24/2013 08:43:12 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The system cannot find the file specified. (HRESULT : 0x80070002) (0x80070002)

Error: (09/24/2013 08:43:12 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The system cannot find the file specified. (HRESULT : 0x80070002) (0x80070002)

Error: (09/24/2013 08:43:12 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The system cannot find the file specified. (HRESULT : 0x80070002) (0x80070002)

Error: (09/24/2013 08:42:40 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (09/24/2013 08:41:55 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (09/24/2013 08:41:54 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The system cannot find the file specified.

Error: (09/24/2013 08:41:49 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The system cannot find the file specified. (HRESULT : 0x80070002) (0x80070002)

Error: (09/24/2013 08:41:49 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The system cannot find the file specified. (HRESULT : 0x80070002) (0x80070002)

Error: (09/24/2013 08:41:49 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The system cannot find the file specified. (HRESULT : 0x80070002) (0x80070002)


System errors:
=============
Error: (09/24/2013 08:43:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 6 time(s).

Error: (09/24/2013 08:43:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (09/24/2013 08:41:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 5 time(s).

Error: (09/24/2013 08:41:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (09/24/2013 08:41:48 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 4 time(s).

Error: (09/24/2013 08:41:48 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (09/24/2013 08:41:18 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 3 time(s).

Error: (09/24/2013 08:41:18 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (09/24/2013 08:41:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/24/2013 08:41:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-09-18 16:35:25.507
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-18 16:19:14.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-18 16:09:29.678
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-18 15:57:12.464
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-18 14:15:02.104
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-18 14:02:46.495
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 21:47:48.714
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 19:15:57.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 18:36:03.976
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-05 18:00:49.926
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Advanced SystemCare 6 (Version: 6.4)
Ant.com IE add-on (Version: 2.2.4.1076)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Applet
AVG SafeGuard toolbar (Version: 15.4.0.5)
Bonjour (Version: 3.0.0.10)
Debug Diagnostics 1.2 (Version: 1.2.0.52)
eFix Pro (Version: 1.7.0.5)
Exterminate It! (Version: 2.05.01.15)
File Type Assistant
Final Media Player 2010
FreeFixer (Version: 1.03)
Google Chrome (Version: 29.0.1547.76)
Google Quick Search Box (Version: 1.2.1151.245)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
Google Updater (Version: 2.4.2432.1652)
HiJackThis (Version: 1.0.0)
HitmanPro 3.7 (Version: 3.7.7.205)
iCloud (Version: 1.0.2.17)
IObit Malware Fighter (Version: 2.0)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XML Parser (Version: 8.70.1104.04)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MyPC Backup (Version: )
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Panda Cloud Cleaner (Version: 1.0.68)
Panda Global Protection 2014 (Version: 7.00.01)
Panda Gold Protection (Version: 7.00.01)
Panda Security URL Filtering (Version: 2.0.0.14)
Password Depot 6 - Panda Secure Vault Edition (Version: 6.1.5)
Picasa 3 (Version: 3.9)
Printatree
Prism Video File Converter
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.71.80.42)
Smart Defrag 2 (Version: 2.7)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Free Files Convert 1.1 (Version: 1.1)
VideoPad Video Editor
WebConnect 3.0.0 (Version: 3.0.0)
WebM Media Foundation Components (Version: 1.0.0.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 7935.24 MB
Available physical RAM: 6077.2 MB
Total Pagefile: 15868.67 MB
Available Pagefile: 13719.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:13.15 GB) NTFS

========================= Users: ========================================

User accounts for \\NEW-PC

Administrator Guest New
Steve UpdatusUser

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Edited by steveAA, 24 September 2013 - 10:12 PM.

  • 0

#45
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi steveAA,

I don't see any other malware issues in your logs. If you don't have any I'll call this one done.

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP