Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

daughters windows vista laptop SUPER SLOW. takes forever to load chro


  • This topic is locked This topic is locked

#1
demozast

demozast

    Member

  • Member
  • PipPip
  • 74 posts

My daughter recently got her laptop back from her mothers house and it is SO slow it's nearly impossible to use. We bought her a different one, but would like to give this to the next oldest child to use as a starter laptop.  Takes forever to open Google Chrome and any webpage as well as restarting .   ANY help would be greatly appreciated!

 

She has a Dell Inspiron 1525 32-bit

 

 

 

Attached Files


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

OK, let's take a look. Please do the following. Also going forward please post the contents of the logs directly into the post (vs. attaching) as it makes them easier to work with.

 

Step#1 - Warnings

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection. It appears you are running Microsoft Security Essentials and AVG 2014. You need to uninstall one. My suggestion is to uninstall AVG 2014 and keep Microsoft Security Essentials but this is your choice. Instructions for doing so are here.

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   64bytes   103 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#4 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#5 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix Log

2. Adwcleaner log

3. Junkware log
4. FRST and Addition logs

 


  • 0

#3
demozast

demozast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hopefully this is everything you need to start and I did it all correctly.  :)
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 27-03-2015 18:08:14
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-04] (Facebook Inc.)
HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\Run: [BYR_AGENT] => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\MountPoints2: F - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\MountPoints2: {2a375657-b52f-11e2-b419-0023ae14f2fc} - F:\TLBootstrap_WPP.exe
HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\MountPoints2: {c1afb172-d7ea-11e2-9f94-0023ae14f2fc} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\MountPoints2: {f81c910c-e143-11e2-b882-0023ae14f2fc} - F:\TL_Bootstrap.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com...eron_ygames_ytb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com...eron_ygames_ytb
HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6090117
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2194354101-4259944992-3842031963-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2194354101-4259944992-3842031963-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-30]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com...rchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-07-25] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-07-25] (Intel Corporation) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-14] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-14] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-14] (LG Electronics Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 18:08 - 2015-03-27 18:08 - 00013454 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-26 21:56 - 2015-03-26 21:56 - 00010476 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2015-03-26 21:54 - 2015-03-26 21:54 - 00000985 _____ () C:\Users\User\Desktop\JRT.txt
2015-03-26 21:47 - 2015-03-26 21:48 - 01388782 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-03-26 20:30 - 2015-03-26 20:37 - 00000000 ____D () C:\AdwCleaner
2015-03-26 20:28 - 2015-03-26 20:28 - 02168320 _____ () C:\Users\User\Desktop\AdwCleaner.exe
2015-03-26 17:07 - 2015-03-26 17:08 - 01135104 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-03-26 17:00 - 2015-03-27 18:08 - 00000000 ____D () C:\FRST
2015-03-26 16:59 - 2015-03-26 17:00 - 01135104 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-03-25 21:56 - 2015-03-25 21:56 - 00143800 _____ () C:\Windows\Minidump\Mini032515-01.dmp
2015-03-25 21:51 - 2015-03-25 21:51 - 00000000 __SHD () C:\found.008
2015-03-25 20:55 - 2015-03-25 22:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 20:54 - 2015-03-25 20:54 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 20:54 - 2015-03-25 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 20:54 - 2015-03-25 20:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-25 20:54 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-25 20:54 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 20:54 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-25 20:53 - 2015-03-25 20:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.4.1018.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 18:07 - 2006-11-02 07:52 - 00156726 _____ () C:\Windows\setupact.log
2015-03-27 18:05 - 2013-01-04 23:53 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000UA.job
2015-03-27 18:05 - 2012-10-31 14:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-27 18:05 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 18:05 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 22:58 - 2013-01-04 23:53 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000Core.job
2015-03-26 20:52 - 2012-12-25 10:41 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 20:52 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 20:51 - 2006-11-02 08:01 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 20:49 - 2009-01-17 04:52 - 01633252 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 20:39 - 2012-12-28 01:16 - 00005972 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2015-03-26 19:44 - 2014-06-03 18:37 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-26 19:44 - 2008-01-20 21:47 - 00123258 _____ () C:\Windows\PFRO.log
2015-03-25 22:16 - 2006-11-02 05:33 - 00758286 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-25 21:56 - 2012-10-26 15:50 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 21:55 - 2012-10-26 15:49 - 196209936 _____ () C:\Windows\MEMORY.DMP
2015-03-25 20:42 - 2012-10-31 14:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-25 20:42 - 2012-10-31 14:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-18 18:35 - 2012-12-25 10:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
==================== Files in the root of some directories =======
 
2014-06-30 00:34 - 2014-06-30 00:34 - 6010880 _____ () C:\Program Files\GUTA0A3.tmp
2013-07-13 04:28 - 2013-07-13 04:28 - 4188160 _____ () C:\Program Files\GUTFDAB.tmp
2013-01-14 01:49 - 2012-02-01 15:03 - 3278888 _____ (Yahoo! Inc.) C:\Users\User\AppData\Roaming\ytb_8.4.3.34_2.4.6_mail_bts_pub_uber_Rev_setup_2012.01.19.01.exe
2012-12-28 01:16 - 2015-03-26 20:39 - 0005972 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2012-12-25 10:28 - 2013-02-01 00:35 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\msieftp.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-26 20:53
 
==================== End Of Log ============================
 
# AdwCleaner v4.113 - Logfile created 26/03/2015 at 20:36:56
# Updated 22/03/2015 by Xplode
# Database : 2015-03-26.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : YahooAUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\WNLT
Folder Deleted : C:\Users\User\AppData\Local\Conduit
Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\User\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\User\AppData\Roaming\Systweak
File Deleted : C:\END
File Deleted : C:\Windows\system32\dmwu.exe
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Users\User\AppData\LocalLow\SkwConfig.bin
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16520
 
 
-\\ Google Chrome v41.0.2272.101
 
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={BA722F13-53B0-408D-878E-3F7B5CBAD904}&crg=3.61010009&st=23&ptr=100
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3318152&octid=EB_ORIGINAL_CTID&ISID=M55B6AC67-0861-4104-9466-6324808B7491&SearchSource=58&CUI=&UM=2&UP=SP00CDE773-2A09-442E-AFF4-7064F6C67435&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3318152&octid=EB_ORIGINAL_CTID&ISID=M55B6AC67-0861-4104-9466-6324808B7491&SearchSource=58&CUI=&UM=2&UP=SP00CDE773-2A09-442E-AFF4-7064F6C67435&q={searchTerms}&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [10647 bytes] - [26/03/2015 20:30:41]
AdwCleaner[S0].txt - [10335 bytes] - [26/03/2015 20:36:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10395  bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by User on Thu 03/26/2015 at 21:48:46.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{503EF254-3618-47B7-AC13-FAB1D2AA0BFE}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\User\Local Settings\Application Data\cre"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/26/2015 at 21:54:50.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by User at 2015-03-27 18:09:19
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Cake Queen (HKLM\...\Cake Queen_is1) (Version: 1.0 - Media Contact LLC)
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.74.00 - Conexant)
Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08267 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Earth Plug-in (HKLM\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
LG United Mobile Drivers (HKLM\...\{B03954CC-E130-4E57-BC83-869978685902}) (Version: 3.3.0.0 - LG Electronics)
Magic Jigsaw (HKLM\...\MagicJigsaw_is1) (Version: 1.0 - Media Contact LLC)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
mHelp (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.24.0 - Dell)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mWMI (Version: 9.24.0000 - Intel Corporation) Hidden
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Plants vs. Zombies (HKLM\...\Plants vs. Zombies) (Version:  - PopCap Games)
QualXServ Service Agreement (HKLM\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
Red Light Center 3D Client (HKLM\...\Red Light Center 3D Client) (Version: 1.9.4421 - Utherverse Digital Inc)
Slingo Supreme (HKLM\...\am-slingosupreme) (Version:  - gamehouse)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
THE GAME OF LIFE (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005734}) (Version:  - Oberon Media)
Unity Web Player (HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\User\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\User\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
==================== Restore Points  =========================
 
26-03-2015 19:30:27 Removed AVG 2014
26-03-2015 19:34:52 Removed AVG 2014
26-03-2015 20:19:12 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04744CBC-0A96-4219-8639-E4240B02621B} - System32\Tasks\Norton Security Scan for User => C:\PROGRA~1\NORTON~2\Engine\401~1.16\Nss.exe
Task: {1A5B2D1D-CD0B-4F55-93D7-4022758B62CC} - System32\Tasks\{288F86D8-25FB-40BC-B881-F089F1049D84} => pcalua.exe -a C:\LGMobileUpgrade\LGMOBILEAX\BYRLauncher.exe -d C:\LGMobileUpgrade\LGMOBILEAX\
Task: {303987C1-3B80-4F2F-867A-6202D1EF7ADA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000Core => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04] (Facebook Inc.)
Task: {30C33844-0890-478C-B53D-5C931729608A} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {432E53D9-BEDD-43B3-8C18-417C6AB2E394} - \PC Performer_DEFAULT No Task File <==== ATTENTION
Task: {6DBA4281-7CF3-4A7F-A999-655DCAB254A7} - \PC Performer_UPDATES No Task File <==== ATTENTION
Task: {7FCEE231-2EE7-45A2-8E80-1360841F04C3} - \PC Performer No Task File <==== ATTENTION
Task: {A232FB45-58C3-45FB-8C94-14E75E56818F} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTION
Task: {A6395106-69A9-4E31-8F2C-72A228E58990} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)
Task: {ACFDE225-0A48-47CC-B88E-2E429FFE5774} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000UA => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04] (Facebook Inc.)
Task: {D14638DE-33A9-4FB6-85EF-C82BDF3F066C} - \RegClean Pro No Task File <==== ATTENTION
Task: {E0A878AE-6048-43AE-A079-078F9C9508DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-25] (Adobe Systems Incorporated)
Task: {EEE9DDB4-669C-45F9-AF52-428DDCBA6DC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2007-04-25 11:55 - 2007-04-25 11:55 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-07-25 17:25 - 2007-07-25 17:25 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2013-08-16 03:46 - 2013-08-16 03:46 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\0e47927f23b2b510e83586cabb6dfa3e\VistaBridgeLibrary.ni.dll
2015-03-26 19:53 - 2015-03-14 05:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:CCB55ECB
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Oryx Antelope.jpg
DNS Servers: 24.220.0.10 - 24.220.0.11
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2194354101-4259944992-3842031963-500 - Administrator - Disabled)
Guest (S-1-5-21-2194354101-4259944992-3842031963-501 - Limited - Disabled) => C:\Users\Guest
User (S-1-5-21-2194354101-4259944992-3842031963-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-27 18:09:00.129
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 18:08:59.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 18:08:59.161
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 18:08:58.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 18:08:58.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 18:08:57.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 18:08:57.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 18:08:56.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 18:08:27.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-27 18:08:27.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 560 @ 2.13GHz
Percentage of memory in use: 56%
Total physical RAM: 2037.31 MB
Available physical RAM: 880.11 MB
Total Pagefile: 4313.9 MB
Available Pagefile: 3095.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.49 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:57.34 GB) (Free:24.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 696D9402)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=57.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

You missed the FixLog.txt but that's OK. We'll get it on this round. How's the machine doing? It looks much better. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.19KB   119 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Malwarebytes Scan

  • I see you have Malwarebytes installed which is great. Please open this program.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#3 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

Step#4 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

 

 

Items for your next post

1. FRST Fix Log

2. Malwarebytes Log

3. Security Check Log


  • 0

#5
demozast

demozast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
It's a lot better, but still slow when opening the internet.  There is a box that pops up but of course I didn't get a shot of it
 
 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by User at 2015-03-27 19:27:48 Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com...rchTerms}&SSPV=
Task: {04744CBC-0A96-4219-8639-E4240B02621B} - System32\Tasks\Norton Security Scan for User => C:\PROGRA~1\NORTON~2\Engine\401~1.16\Nss.exe
Task: {30C33844-0890-478C-B53D-5C931729608A} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {432E53D9-BEDD-43B3-8C18-417C6AB2E394} - \PC Performer_DEFAULT No Task File <==== ATTENTION
Task: {6DBA4281-7CF3-4A7F-A999-655DCAB254A7} - \PC Performer_UPDATES No Task File <==== ATTENTION
Task: {7FCEE231-2EE7-45A2-8E80-1360841F04C3} - \PC Performer No Task File <==== ATTENTION
Task: {A232FB45-58C3-45FB-8C94-14E75E56818F} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTION
Task: {D14638DE-33A9-4FB6-85EF-C82BDF3F066C} - \RegClean Pro No Task File <==== ATTENTION
Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
AlternateDataStreams: C:\ProgramData\TEMP:CCB55ECB
EmptyTemp:
*****************
 
Restore point was successfully created.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04744CBC-0A96-4219-8639-E4240B02621B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04744CBC-0A96-4219-8639-E4240B02621B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Security Scan for User => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Scan for User" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30C33844-0890-478C-B53D-5C931729608A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30C33844-0890-478C-B53D-5C931729608A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{432E53D9-BEDD-43B3-8C18-417C6AB2E394}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{432E53D9-BEDD-43B3-8C18-417C6AB2E394}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_DEFAULT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DBA4281-7CF3-4A7F-A999-655DCAB254A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DBA4281-7CF3-4A7F-A999-655DCAB254A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_UPDATES" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FCEE231-2EE7-45A2-8E80-1360841F04C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FCEE231-2EE7-45A2-8E80-1360841F04C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A232FB45-58C3-45FB-8C94-14E75E56818F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A232FB45-58C3-45FB-8C94-14E75E56818F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D14638DE-33A9-4FB6-85EF-C82BDF3F066C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14638DE-33A9-4FB6-85EF-C82BDF3F066C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully.
C:\Windows\Tasks\0214dUpdateInfo.job => Moved successfully.
C:\Windows\Tasks\1114avUpdateInfo.job => Moved successfully.
C:\ProgramData\TEMP => ":CCB55ECB" ADS removed successfully.
EmptyTemp: => Removed 40.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:28:34 ====
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/27/2015
Scan Time: 7:40:35 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.03.27.10
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349054
Time Elapsed: 32 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 

 Results of screen317's Security Check version 0.99.99  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Java™ 6 Update 7  
 Java version 32-bit out of Date! 
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Google Chrome 38.0.2125.122 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 31 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, now that the malware is off of your machine let's get your machine buttoned up from exploits and vulnerabilities.

 

1. Keeping Java Updated
If you don't use Java or don't know if you need Java, please simply uninstall Java 7 Update 45 and Java™ 6 Update 7 from your machine and skip this step. If you do use it please read on.

WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 40.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
8u40.JPG
 
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Java 7 Update 45 and Java™ 6 Update 7
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u40-windows-i586.exe or jre-8u40-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).

 

2. Keep Adobe Reader Updated
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

3. Update Google Chrome.

It's extremely important to keep your internet browser current to avoid vulnerabilities. Please update to the newest version of 41. Instructions for doing so are here.

 

Let me know when this is done. Thanks.


  • 0

#7
demozast

demozast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

got all this done.  I attached a picture of the box that continues to pop up.  So far this is way better and I appreciate all you've done so far :)

Attached Thumbnails

  • Capture.JPG

  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the info. Please do the following so we can track down the issue.

 

Step#1 - Retrieve Event Log Messages
1. Download Event Viewer Tool  by Vino Rosso to your Desktop
2. Right-click on the file (VEW.exe) and select Run as administrator.
3. Check the options as shown below and put 20 in for the number of events.
4. Click Run. After a few moments, notepad will open with the contents of the Event Logs. Please copy and paste these in your next post. Thank you.
 
Capture.JPG
 
 


  • 0

#9
demozast

demozast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 28/03/2015 10:53:09 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/03/2015 3:52:44 PM
Type: Information Category: 0
Event: 1531 Source: Microsoft-Windows-User Profiles Service
The User Profile Service has started successfully.    
 
Log: 'Application' Date/Time: 28/03/2015 3:52:26 PM
Type: Information Category: 1
Event: 1003 Source: Microsoft-Windows-Search
The Windows Search Service started.
 
 
Log: 'Application' Date/Time: 28/03/2015 3:52:22 PM
Type: Information Category: 1
Event: 102 Source: ESENT
Windows (3336) Windows: The database engine (6.00.6002.0000) started a new instance (0).
 
Log: 'Application' Date/Time: 28/03/2015 3:50:37 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 28/03/2015 2:24:58 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 28/03/2015 2:24:05 PM
Type: Information Category: 0
Event: 5617 Source: Microsoft-Windows-WMI
Windows Management Instrumentation Service subsystems initialized successfully
 
Log: 'Application' Date/Time: 28/03/2015 2:23:05 PM
Type: Information Category: 0
Event: 5615 Source: Microsoft-Windows-WMI
Windows Management Instrumentation Service started sucessfully
 
Log: 'Application' Date/Time: 28/03/2015 2:21:15 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket 3302396490, type 1 Event Name: APPCRASH Response: None Cab Id: 0  Problem signature: P1: svchost.exe_wuauserv P2: 6.0.6001.18000 P3: 47918b89 P4: kernel32.dll P5: 6.0.6002.18704 P6: 5065ccb6 P7: c0000005 P8: 00071cf6 P9:  P10:   Attached files: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4EF4.tmp.version.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4EF5.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4F92.tmp.hdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WERCEC1.tmp.mdmp  These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report09f70892
 
Log: 'Application' Date/Time: 28/03/2015 2:17:28 PM
Type: Information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.
 
Log: 'Application' Date/Time: 28/03/2015 2:17:28 PM
Type: Information Category: 0
Event: 0 Source: gupdatem
The event description cannot be found.
 
Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM
Type: Information Category: 0
Event: 1042 Source: MsiInstaller
Ending a Windows Installer transaction: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\AcroRead.msi. Client Process Id: 1624.
 
Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM
Type: Information Category: 0
Event: 1033 Source: MsiInstaller
Windows Installer installed the product. Product Name: Adobe Reader X (10.1.4). Product Version: 10.1.4. Product Language: 1033. Installation success or error status: 0.
 
Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM
Type: Information Category: 0
Event: 11707 Source: MsiInstaller
Product: Adobe Reader X (10.1.4) -- Installation operation completed successfully.
 
Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM
Type: Information Category: 0
Event: 1036 Source: MsiInstaller
Windows Installer installed an update. Product Name: Adobe Reader X (10.1.4). Product Version: 10.1.4. Product Language: 1033. Update Name: Adobe Reader X (10.1.4). Installation success or error status: 0.
 
Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM
Type: Information Category: 0
Event: 1022 Source: MsiInstaller
Product: Adobe Reader X (10.1.4) - Update 'Adobe Reader X (10.1.4)' installed successfully.
 
Log: 'Application' Date/Time: 28/03/2015 2:12:33 PM
Type: Information Category: 1
Event: 103 Source: ESENT
Windows (2960) Windows: The database engine stopped the instance (0).
 
Log: 'Application' Date/Time: 28/03/2015 2:12:31 PM
Type: Information Category: 1
Event: 1013 Source: Microsoft-Windows-Search
Windows Search Service stopped normally.
 
 
Log: 'Application' Date/Time: 28/03/2015 2:12:20 PM
Type: Information Category: 0
Event: 1040 Source: MsiInstaller
Beginning a Windows Installer transaction: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\AcroRead.msi. Client Process Id: 1624.
 
Log: 'Application' Date/Time: 28/03/2015 2:11:31 PM
Type: Information Category: 0
Event: 8224 Source: VSS
The VSS service is shutting down due to idle timeout. 
 
Log: 'Application' Date/Time: 28/03/2015 2:10:18 PM
Type: Information Category: 1
Event: 1003 Source: Microsoft-Windows-Search
The Windows Search Service started.
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/03/2015 2:24:58 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.
 
Log: 'Application' Date/Time: 28/03/2015 2:58:59 AM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.
 
Log: 'Application' Date/Time: 27/03/2015 11:55:55 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/03/2015 3:52:44 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Application Information service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 3:52:44 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The User Profile Service service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 3:52:30 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Remote Access Connection Manager service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 3:52:27 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Telephony service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 3:52:26 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Search service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 3:52:22 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Search service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 3:50:38 PM
Type: Information Category: 0
Event: 1 Source: Microsoft-Windows-Power-Troubleshooter
The system has resumed from sleep.  Sleep Time: 2015-03-28T14:24:55.641Z Wake Time: 2015-03-28T15:50:34.916Z  Wake Source: Unknown
 
Log: 'System' Date/Time: 28/03/2015 3:50:37 PM
Type: Information Category: 0
Event: 83 Source: yukonwlh
Port A is down 
 
Log: 'System' Date/Time: 28/03/2015 3:50:37 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Image Acquisition (WIA) service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 3:50:37 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Modules Installer service entered the stopped state.
 
Log: 'System' Date/Time: 28/03/2015 2:24:59 PM
Type: Information Category: 0
Event: 42 Source: Microsoft-Windows-Kernel-Power
The system is entering sleep.
 
Log: 'System' Date/Time: 28/03/2015 2:24:58 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Image Acquisition (WIA) service entered the paused state.
 
Log: 'System' Date/Time: 28/03/2015 2:20:38 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Background Intelligent Transfer Service service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 2:20:36 PM
Type: Information Category: 0
Event: 10029 Source: Microsoft-Windows-DistributedCOM
DCOM  started the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Log: 'System' Date/Time: 28/03/2015 2:18:41 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Modules Installer service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 2:17:28 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate) service entered the stopped state.
 
Log: 'System' Date/Time: 28/03/2015 2:17:28 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdatem) service entered the stopped state.
 
Log: 'System' Date/Time: 28/03/2015 2:17:27 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate) service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 2:17:27 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdatem) service entered the running state.
 
Log: 'System' Date/Time: 28/03/2015 2:17:27 PM
Type: Information Category: 0
Event: 10029 Source: Microsoft-Windows-DistributedCOM
DCOM  started the service gupdatem with arguments "/comsvc" in order to run the server: {9465B4B4-5216-4042-9A2C-754D3BCDC410}
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/03/2015 12:29:58 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 28/03/2015 12:29:54 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. Let's check your services.
 
Step#1 - Services Check
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.


  • 0

Advertisements


#11
demozast

demozast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Farbar Service Scanner Version: 17-01-2015
Ran by User (administrator) on 28-03-2015 at 11:32:49
Running from "C:\Users\User\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

It doesn't appear that you checked all of the checkboxes before hitting Scan. Can you re-run?

 

Capture.JPG


  • 0

#13
demozast

demozast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Oops.  Lets see if this is better :)
 
 
 
Farbar Service Scanner Version: 17-01-2015
Ran by User (administrator) on 28-03-2015 at 11:52:05
Running from "C:\Users\User\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Much better! Thanks. That's what I expected to see based on the error I saw previously.
 
wuauserv Service is not running.
 

Log: 'Application' Date/Time: 28/03/2015 2:21:15 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket 3302396490, type 1 Event Name: APPCRASH Response: None Cab Id: 0  Problem signature: P1: svchost.exe_wuauserv P2: 6.0.6001.18000 P3: 47918b89 P4: kernel32.dll P5: 6.0.6002.18704 P6: 5065ccb6 P7: c0000005 P8: 00071cf6 P9:  P10:   Attached files: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4EF4.tmp.version.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4EF5.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4F92.tmp.hdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WERCEC1.tmp.mdmp  These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report09f70892

 

Please perform the steps below.

Step#1 - Repair Services

  • Please download the ESET services repair tool to your desktop.
  • Right-click on the ServicesRepair.exe file and choose Run as administrator.
  • If security notifications appear, click Allow and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log named SvcRepair.log will be saved in the CCSupport\Logs folder the tool created on your desktop, please post the content in your next reply

Step#2 - Verify
1. Open up FarBar Service Scanner (FSS.exe) from your desktop.
2. Ensure all options are checked and click Scan.
Capture.JPG
 
3. It will create a log (FSS.txt) in the same directory the tool is run.
4. Please copy and paste the log to your reply.
 
Things For Your Next Post:
1. Contents of SvcRepair.log
2. Contents of FSS.txt

 


  • 0

#15
demozast

demozast

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Log Opened: 2015-03-28 @ 12:20:19
12:20:19 - -----------------
12:20:19 - | Begin Logging |
12:20:19 - -----------------
12:20:19 - Fix started on a WIN_VISTA X86 computer
12:20:19 - Prep in progress.  Please Wait.
12:20:23 - Prep complete
12:20:23 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
 
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
 
SetACL finished successfully.
12:20:25 - Services Repair Complete.
12:20:30 - Reboot Initiated
 
 
 
Farbar Service Scanner Version: 17-01-2015
Ran by User (administrator) on 28-03-2015 at 12:24:16
Running from "C:\Users\User\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP