Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer may be infected, continous issues and errors installing/runni

office 2013 error message download error message opening documen

  • This topic is locked This topic is locked

#16
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Now that there is only one AV running, there is a couple of questions:

 

1) Have you tried the steps in this support article: https://support.offi...0e-a6b40c5bb88b ?

 

2) Did you purposely set MS updates to Manual instead of Automatic?


  • 0

Advertisements


#17
data_dumb

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

1) Yes. Several times, but never after I started this thread. I've only done what you've instructed.
2) Not that I'm aware of.

 

EDIT:

 

1)I attempted the quick repair, and the online repair for office 2013, and both times still the same result. I attempted to open a word and excel, and I as the page opened the same error message popped up that I have been getting, (Microsoft "word" or "excel" has experienced an error and is shutting down). Then it tells me that the will attempt to correct the error and notify me of what it is/was. At another attempt of opening, same results.

 

2) I just checked and I am set to automatically receive updates from Windows/Microsoft.


Edited by data_dumb, 27 September 2015 - 09:39 AM.

  • 0

#18
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


  • 0

#19
data_dumb

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by A-TEAM (administrator) on 28-09-2015 at 08:37:46
Running from "C:\Users\A-TEAM\Desktop"
Microsoft Windows 8.1  (X64)
Model: Satellite S75D-A Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/28/2015 08:24:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1da4
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (09/28/2015 08:23:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.10208.0, time stamp: 0x55b5cf7a
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x545055fe
Exception code: 0xc0000005
Fault offset: 0x00000000000017be
Faulting process id: 0x1f00
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
Faulting package full name: CompatTelRunner.exe4
Faulting package-relative application ID: CompatTelRunner.exe5

Error: (09/28/2015 08:14:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1f6c
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (09/28/2015 08:14:06 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1448

Start Time: 01d0f9556da55356

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ca8d3711-65e2-11e5-82ec-a4db307c2082

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/27/2015 01:50:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.4121.0, time stamp: 0x55d7828e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1888
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (09/27/2015 10:32:53 AM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4753.1003, time stamp: 0x55f34e46
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x54504b2e
Exception code: 0xc0000005
Fault offset: 0x0000b46c
Faulting process id: 0x23d0
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Faulting package full name: EXCEL.EXE4
Faulting package-relative application ID: EXCEL.EXE5

Error: (09/27/2015 10:32:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4753.1003, time stamp: 0x55f34d8b
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x54504b2e
Exception code: 0xc0000005
Fault offset: 0x0000b46c
Faulting process id: 0xce4
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
Faulting package full name: WINWORD.EXE4
Faulting package-relative application ID: WINWORD.EXE5

Error: (09/27/2015 10:32:38 AM) (Source: Microsoft Office 15) (User: )
Description: Microsoft Word: Accepted Safe Mode action : Word couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Word.

Error: (09/27/2015 10:32:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4753.1003, time stamp: 0x55f34d8b
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x54504b2e
Exception code: 0xc0000005
Fault offset: 0x0000b46c
Faulting process id: 0x944
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
Faulting package full name: WINWORD.EXE4
Faulting package-relative application ID: WINWORD.EXE5

Error: (09/27/2015 10:32:23 AM) (Source: Microsoft Office 15) (User: )
Description: Microsoft Word: Rejected Safe Mode action : Word couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Word.


System errors:
=============
Error: (09/25/2015 08:40:38 AM) (Source: DCOM) (User: ATEAM)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (09/25/2015 08:38:29 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/25/2015 08:38:24 AM) (Source: Service Control Manager) (User: )
Description: The WWAN AutoConfig service terminated with the following error:
%%5

Error: (09/24/2015 09:45:38 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (09/24/2015 09:45:35 AM) (Source: Service Control Manager) (User: )
Description: The WWAN AutoConfig service terminated with the following error:
%%5

Error: (09/24/2015 09:41:52 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/24/2015 09:41:22 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/24/2015 09:41:22 AM) (Source: Service Control Manager) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/24/2015 09:41:22 AM) (Source: Service Control Manager) (User: )
Description: The TMachInfo service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/24/2015 09:41:22 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (09/28/2015 08:24:01 AM) (Source: Application Error)(User: )
Description: McUpdate.exe14.0.4121.055d7828eunknown0.0.0.000000000c000000500000000000000001da401d0f9f0f010480fC:\Program Files\mcafee.com\agent\McUpdate.exeunknown2e61ed1f-65e4-11e5-82ec-a4db307c2082

Error: (09/28/2015 08:23:28 AM) (Source: Application Error)(User: )
Description: CompatTelRunner.exe10.0.10208.055b5cf7amsvcrt.dll7.0.9600.17415545055fec000000500000000000017be1f0001d0f9eff62b2edcC:\Windows\system32\CompatTelRunner.exeC:\Windows\system32\msvcrt.dll1a779685-65e4-11e5-82ec-a4db307c2082

Error: (09/28/2015 08:14:10 AM) (Source: Application Error)(User: )
Description: McUpdate.exe14.0.4121.055d7828eunknown0.0.0.000000000c000000500000000000000001f6c01d0f9ef8f533c06C:\Program Files\mcafee.com\agent\McUpdate.exeunknowncdd58785-65e2-11e5-82ec-a4db307c2082

Error: (09/28/2015 08:14:06 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20911144801d0f9556da553564294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.execa8d3711-65e2-11e5-82ec-a4db307c2082microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/27/2015 01:50:53 PM) (Source: Application Error)(User: )
Description: McUpdate.exe14.0.4121.055d7828eunknown0.0.0.000000000c00000050000000000000000188801d0f9556d5738ceC:\Program Files\mcafee.com\agent\McUpdate.exeunknownad4f8fe3-6548-11e5-82ec-a4db307c2082

Error: (09/27/2015 10:32:53 AM) (Source: Application Error)(User: )
Description: EXCEL.EXE15.0.4753.100355f34e46msvcrt.dll7.0.9600.1741554504b2ec00000050000b46c23d001d0f939c3cab14cC:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXEC:\Windows\SYSTEM32\msvcrt.dll0423c63d-652d-11e5-82ec-a4db307c2082

Error: (09/27/2015 10:32:41 AM) (Source: Application Error)(User: )
Description: WINWORD.EXE15.0.4753.100355f34d8bmsvcrt.dll7.0.9600.1741554504b2ec00000050000b46cce401d0f939bc4a077bC:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXEC:\Windows\SYSTEM32\msvcrt.dllfcdf3724-652c-11e5-82ec-a4db307c2082

Error: (09/27/2015 10:32:38 AM) (Source: Microsoft Office 15)(User: )
Description: Microsoft WordWord couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?

Error: (09/27/2015 10:32:26 AM) (Source: Application Error)(User: )
Description: WINWORD.EXE15.0.4753.100355f34d8bmsvcrt.dll7.0.9600.1741554504b2ec00000050000b46c94401d0f939afc0f82fC:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXEC:\Windows\SYSTEM32\msvcrt.dllf4769a93-652c-11e5-82ec-a4db307c2082

Error: (09/27/2015 10:32:23 AM) (Source: Microsoft Office 15)(User: )
Description: Microsoft WordWord couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?


CodeIntegrity Errors:
===================================
  Date: 2015-09-22 17:02:50.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-22 11:39:58.129
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-16 09:57:59.653
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-15 17:10:34.513
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-15 14:33:18.043
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-12 08:48:29.814
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-10 23:17:16.676
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-07 15:34:13.537
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-07 14:52:22.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-05 23:24:40.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.0.12510 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D71FAC89-D061-7BDB-C3C2-A5BAAEA26CBC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (HKLM-x32\...\WTA-4ed22c6f-119f-47f9-925e-4999d056d51d) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
ELAN Touchpad 11.8.43.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.43.1 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
InstallRoot (HKLM\...\{A765EB7C-8360-49B8-804D-E2FB6D613C1D}) (Version: 4.1 - DoD PKE)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
King Oddball (HKLM-x32\...\WTA-5dab88ef-029d-45e7-ad9b-7370d7c6b55e) (Version: 3.0.2.48 - WildTangent) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MULTIFIT visualization tool (HKLM-x32\...\14AF7854-4BCC-4E9C-927A-849E36B82DDF) (Version: 1.7 - Multi Fit)
Multifit_Elearning (HKLM-x32\...\{B506F2D9-8E77-C200-8309-727D46AA29BA}) (Version: 1.9 - UNKNOWN) Hidden
Multifit_Elearning (HKLM-x32\...\com.MultifitElearning) (Version: 1.9 - UNKNOWN)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-4ca2fe89-290a-4bf7-bf51-9cf494b1a596) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.300 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 7374.26 MB
Available physical RAM: 5424.5 MB
Total Virtual: 8526.26 MB
Available Virtual: 6272.42 MB

========================= Partitions: =====================================

1 Drive c: (TI10675800F) (Fixed) (Total:922.19 GB) (Free:852.43 GB) NTFS

========================= Users: ========================================

User accounts for \\ATEAM

Administrator            A-TEAM                   Guest                    

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

16-09-2015 14:35:09 Windows Update
17-09-2015 22:59:55 Installed InstallRoot
22-09-2015 15:54:51 Tweaking.com - Windows Repair
24-09-2015 14:40:44 Restore Point Created by FRST

**** End of log ****


  • 0

#20
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

There seems to be a lot of 'access denied' issues with your system.  I would like to see if we can get Excel to work first so can you try the first four (4) steps in this KB ( https://support.micr...2?wa=wsignin1.0) and tell me the results?


  • 0

#21
data_dumb

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

There seems to be a lot of 'access denied' issues with your system.  I would like to see if we can get Excel to work first so can you try the first four (4) steps in this KB ( https://support.micr...2?wa=wsignin1.0) and tell me the results?

 

After I ran the Offcat, in the scan results it only listed a warning, "doesn't support Information Rights Management". I selected the option to go online to find possible solutions, but the page it took me to was about configuring IRM, etc. to Office 2013. I did not want to attempt to do any of that without feedback. I really don't understand where or how to start anyway.


  • 0

#22
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

In regards to the IRM, can you explain the following install:  InstallRoot (HKLM\...\{A765EB7C-8360-49B8-804D-E2FB6D613C1D}) (Version: 4.1 - DoD PKE) .  Is this a Dept. of Defense Certificate store install?  Did you install this and was this for access to information?  (Just trying to get clearification on this as I am having a little trouble getting a clear picture of this software and why a home user would have it.  Thanks.)


  • 0

#23
data_dumb

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

In regards to the IRM, can you explain the following install:  InstallRoot (HKLM\...\{A765EB7C-8360-49B8-804D-E2FB6D613C1D}) (Version: 4.1 - DoD PKE) .  Is this a Dept. of Defense Certificate store install?  Did you install this and was this for access to information?  (Just trying to get clearification on this as I am having a little trouble getting a clear picture of this software and why a home user would have it.  Thanks.)


I installed it from a government access site Army Knowledge Online (AKO). I just retired from the Army, I use it with a smart card reader and card in order to access my government email and personal military information from my home computer (it is authorized). I can remove all of that now though because I no longer have the smart card since I'm a retiree.
  • 0

#24
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

I appologize for the delay in responce; I lost Internet access for awhile there.  Let's make sure everything is as clean as can be before reseting permissions, etc.

 

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.



Information to Reply with >>>>

  • The JRT.txt log file.
  • The AdwCleaner[C#].txt log file.

 

 


  • 0

#25
data_dumb

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by A-TEAM on Fri 10/02/2015 at 21:41:51.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\A-TEAM\AppData\Roaming\mozilla\firefox\profiles\fq7i3ocx.default\prefs.js

user_pref(browser.search.defaultenginename.US, Secure Search);
user_pref(browser.search.order.1, Secure Search);
user_pref(browser.search.selectedEngine, Secure Search);
Emptied folder: C:\Users\A-TEAM\AppData\Roaming\mozilla\firefox\profiles\fq7i3ocx.default\minidumps [36 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/02/2015 at 21:47:51.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v5.009 - Logfile created 02/10/2015 at 21:59:13
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : A-TEAM - ATEAM
# Running from : C:\Users\A-TEAM\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[x] Folder Not Deleted : C:\Program Files (x86)\Re-Markable

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[x] Task Not Deleted : Adobe Flash Player Updater

***** [ Registry ] *****

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[x] Key Not Deleted : HKCU\Software\AppDataLow\Software\Re_Markable
[x] Key Not Deleted : HKU\S-1-5-21-952693156-1331711187-3647457651-1001\Software\AppDataLow\Software\Re_Markable

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1172 bytes] ##########
 


  • 0

Advertisements


#26
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

InstallRoot

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from Here

Double Click on the mbam-setup.exe file to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
  • 2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps
  • Once the program has loaded and updated, select "Scan Now >>" to start the scan.
  • 5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps
  • The scan may take some time to finish, so please be patient.
  • If any malware is found, make sure that everything is checked, and click Remove Selected.
  • When the scan is complete, click View detailed log >> to view the results.
  • 386d1e7f-0e85-4425-b4dc-fa8ad24a4855_zps
  • The report screen will open
  • a50e2fb7-0c07-4ff6-917c-19e7329dab8a_zps
  • At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
  • ExportSaved_zpsac3a71eb.png
  • The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Information to Reply with >>>>


  • Did the uninstall of InstallRoot work correctly?  Any error messages?
  • The Malwarebytes Antimalware scan / cleaning log.
  • Any questions or concerns?  The next step will take a bit of time (just to inform you of this).

 

 


  • 0

#27
data_dumb

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

-The uninstall of InstallRoot worked correctly. I had no error messages.

-The Malwarebyes Antimalware version template was slightly different than the screenshots above. It saved my log in it's own folder on the C drive. I opened both (mbab log and protection log) in notepad and they are posted below.

-My daughter used to have a user account on this computer and would often play games from the internet. I saw a few logs from her account. I'm wondering if she did something, or something got into the system from these games.

-Where do you see this going? Do you have an idea of what may be causing the errors or are you unsure?

 

Below are the logs:

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/10/04 16:03:21 -0500</date>
<logfile>mbam-log-2015-10-04 (16-03-17).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.10.04.04</malware-database>
<rootkit-database>v2015.10.02.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>A-TEAM</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>410813</objects>
<time>1804</time>
<processes>0</processes>
<modules>0</modules>
<keys>1</keys>
<values>0</values>
<datas>0</datas>
<folders>6</folders>
<files>14</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-21-952693156-1331711187-3647457651-1001\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable</path><vendor>PUP.Optional.ReMarkable</vendor><action>success</action><hash>c13362f0cfbc181e64236c57a06457a9</hash></key>
<folder><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\GamingWonderland</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>f8fc96bcf09baa8c2da647e3a45f936d</hash></folder>
<folder><path>C:\Program Files (x86)\Re-Markable</path><vendor>PUP.Optional.ReMarkable</vendor><action>success</action><hash>fcf87ad8afdca294cb83e24f26dd17e9</hash></folder>
<folder><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></folder>
<folder><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\chrome</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></folder>
<folder><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\META-INF</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></folder>
<folder><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\plugins</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></folder>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\searchplugins\ask-web-search.xml</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>ec082f23127938fe1a874b6bbc4818e8</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\GamingWonderland\6E0724FC-C039-4C23-837A-D61605C55105.sqlite</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>f8fc96bcf09baa8c2da647e3a45f936d</hash></file>
<file><path>C:\Program Files (x86)\Re-Markable\Sqlite3.dll</path><vendor>PUP.Optional.ReMarkable</vendor><action>success</action><hash>fcf87ad8afdca294cb83e24f26dd17e9</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\install.rdf</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\bootstrap.js</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\chrome.manifest</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\install_no_bootstrap.rdf</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\chrome\gtffxtbr.jar</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\META-INF\manifest.mf</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\META-INF\zigbert.rsa</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\META-INF\zigbert.sf</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\extensions\[email protected]\plugins\NativeMessagingDispatcher.dll</path><vendor>PUP.Optional.MindSpark</vendor><action>success</action><hash>866e5200612a162037c952707c89916f</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\prefs.js</path><vendor>PUP.Optional.ASK</vendor><action>replaced</action><baddata>user_pref(&quot;keyword.URL&quot;, &quot;http://search.tb.ask...d</hash></file>
<file><path>C:\Users\Alaina\AppData\Roaming\Mozilla\Firefox\Profiles\8wnhnbin.default\prefs.js</path><vendor>PUP.Optional.ASK</vendor><action>replaced</action><baddata>browser.startup.homepage.tb&quot;, &quot;http://home.tb.ask.c....homepage&#34;,&quot;https://www.malwarebytes.org/restorebrowser/</gooddata><hash>c92b30225a3162d4922a1aab867fd12f</hash></file>
</items>
</mbam-log>
 

 

 

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:01:03.720286-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="814641b9-b82d-4630-8726-f40ec7ab987d" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:01:03.732286-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="9e27b335-8863-4b6c-8a72-998dd2e360ff" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:01:03.809291-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="6dbb27ec-5f08-4ec6-a45f-54980f320f33" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:01:04.747346-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="1030ca84-43da-4c23-9a97-af2652d245fb" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="4" datetime="2015-10-04T16:02:17.324990-05:00" source="Update" type="Error" username="SYSTEM" systemname="ATEAM" code="11" last_modified_tag="4b70e240-c818-4421-be05-be7606082570" message="Bad md5 or size: akadomains"></record>
   <record severity="debug" LoggingEventType="4" datetime="2015-10-04T16:02:17.338991-05:00" source="Update" type="Error" username="SYSTEM" systemname="ATEAM" code="11" last_modified_tag="f65a2ddf-c0b3-4de0-b6bf-cd2d6db902c1" message="Bad md5 or size: akaips"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-10-04T16:02:17.594527-05:00" source="Manual" type="Update" username="SYSTEM" systemname="ATEAM" last_modified_tag="0e8b2e3c-b0fb-4fad-b1eb-8bad987dadd4" fromVersion="0.0.0.0" name="AKA Domain Database" toVersion="2015.9.11.2"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-10-04T16:02:17.705554-05:00" source="Manual" type="Update" username="SYSTEM" systemname="ATEAM" last_modified_tag="87a1933e-0e6a-43b0-ac1a-6db46a389e59" fromVersion="0.0.0.0" name="AKA IP Database" toVersion="2015.9.11.2"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-10-04T16:02:17.739555-05:00" source="Manual" type="Update" username="SYSTEM" systemname="ATEAM" last_modified_tag="689148be-e89a-4b74-a776-564f67629ab8" fromVersion="2015.5.13.1" name="Remediation Database" toVersion="2015.9.30.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-10-04T16:02:17.884563-05:00" source="Manual" type="Update" username="SYSTEM" systemname="ATEAM" last_modified_tag="997f192d-4142-4561-892b-06db8ccf30fb" fromVersion="0.0.0.0" name="IP Database" toVersion="2015.10.4.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-10-04T16:02:17.936546-05:00" source="Manual" type="Update" username="SYSTEM" systemname="ATEAM" last_modified_tag="d5def6c6-fc8e-4523-a12f-e08e71b0f293" fromVersion="2015.6.2.1" name="Rootkit Database" toVersion="2015.10.2.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-10-04T16:02:18.364590-05:00" source="Manual" type="Update" username="SYSTEM" systemname="ATEAM" last_modified_tag="16cf79ed-c610-4366-b7d2-298da9126deb" fromVersion="0.0.0.0" name="Domain Database" toVersion="2015.10.4.3"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-10-04T16:02:53.620906-05:00" source="Manual" type="Update" username="SYSTEM" systemname="ATEAM" last_modified_tag="ec30bc8d-f581-46d7-b5ed-c852ae7b51de" fromVersion="2015.6.3.3" name="Malware Database" toVersion="2015.10.4.4"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:02:53.745913-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="4e4c91bd-bd28-4797-a90f-840560252617" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:02:53.755913-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="d949b15a-8838-49fd-9d34-5373457b9ee6" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:02:54.197963-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="18158dd4-3e65-4b98-a320-2cf53323f9b6" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:03:08.884750-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="03771ae1-dab0-4484-a82e-c049049520e8" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:03:08.929756-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="d781063e-569a-439d-ba93-18b61961f880" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:03:10.129821-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="314b0ff4-abdc-4de6-9348-9aaf129da260" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2015-10-04T16:23:53.770413-05:00" source="Scheduler" type="Update" username="SYSTEM" systemname="ATEAM" last_modified_tag="446af769-5d15-4195-8436-150bb9dc595f" fromVersion="2015.10.4.4" name="Malware Database" toVersion="2015.10.4.5"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:23:53.846417-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="931e8618-7a69-49c9-9f32-aa59703b220f" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:23:53.856418-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="957557bc-a02d-464e-bdc8-103ade27cf20" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:23:54.730466-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="08aaac53-99cf-4f17-9b4d-3c23d9590e82" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:28:07.758450-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="7098c0fc-e9a4-413a-a608-0695588b685d" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:28:07.812451-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="31de8221-ed1f-4136-ad37-3fa57b55f8a9" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:28:09.087522-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="4d193e08-fde4-4de9-b315-3f01dc09f4a2" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" nonmalwaredetections="21" LoggingEventType="6" scanresult="completed" datetime="2015-10-04T16:35:02.086942-05:00" scantype="threat" source="Manual" starttime="2015-10-04T16:03:21-05:00" type="Scan" username="SYSTEM" systemname="ATEAM" last_modified_tag="63983db1-47e6-4be9-bc8a-db59c5367e4d" duration="1804" malwaredetections="0"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:38:35.905851-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="d36d1634-1b39-400f-bd9d-c3d944f79d86" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:38:38.515424-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="096b266c-e573-4f7e-916c-2878499a17d1" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:38:40.668535-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="17960fd4-6992-43c0-9508-86327af1ad94" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2015-10-04T16:38:46.394425-05:00" source="Protection" type="Protection" username="SYSTEM" systemname="ATEAM" last_modified_tag="cbeb8b77-2e8b-4e22-80e8-984d017b206c" result="Started" subtype="Malicious Website Protection"></record>
</logs>
 


  • 0

#28
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Sorry for the lateness of this reply but after the last canned was in error I wanted to make sure that this one was correct for the latest version of the utility we need to use next.

 

Now that the system looks clean of malware, the settings and permissions need to be set to defaults.  After that, MS Office can be repaired.

 

Please download "Windows Repair - All in One" from here.  Please choose "Save file.." if you get options to open the file.   Once the download is complete, run the file and install the program on your system.  Please use the default settings for locations as it will help with log retrieval and fixing the registry should anything be needed.

Right click on the desktop shortcut for "Tweaking.com - Windows Repair" and select 'Run as administrator'.

The program will run a self check to make sure that all the correct files are in place for it to run and then it will load the program.  As you can see, there are many steps to take in using this program.  Mainly, the first few steps involve checking for proper Windows files and backing up the system as a precaution.

Step1_zpswsvkpwps.png
 
You can read the notes on the first screen but the important thing to do is click on "ReBoot to Safe Mode" and allow the system to restart itself.  Once the system is started in safe mode and you have logged in (using an administrative level account), restart the program and move onto the Step2 screen.
 
Step2_PreScan_Check_zpsz4jtz5na.png

Please click on "Open Pre-Scan" to load a utility to verify some Windows resource / build files and settings.

Step2_PreScan_Start_zpsqsnaduax.png
 
Click on "Start Scan" and allow the routine to run.  You can see the status of the checks in the window.
 
Step2_PreScan_Finish_zpscticsthm.png
 
When the routine is finished, it will report on any problems found and you can click on the appropriate repair button if needed.  Once this is done, you can close this window and click on Step3.
 
Step3_CheckDisk_zpsn3dmzb3p.png
 
Click on the "Check" to see if a repair disk check routine needs to run.  A Command Prompt window will open and you can view the status of the routine.  If the routine finds that repairs need to be made, please select "Open Disk Check at Next Boot" and then click on the "Reboot To Safe Mode" button.  Once the routine(s) completes, please select Step4.
 
Step4_SFCscan_zpsrgf8dxrt.png
 
Please click on "Do It" to run a SFC /scannow routine.  If the routine makes any repairs, please reboot your system (again into Safe Mode).  If the routine does not make any repairs, please move onto Step5.
 
Step5_Backup_zpsu1i9cqxu.png
 
Once there, click on "Backup" under the 1. Registry Backup.  This will make a complete backup of the current registry which can be reloaded should anything go wrong with the repairs that are going to be made.  Next, click on the "Create" under 2. System Restore.  Once both of these backups are made, select Repairs.
 
Step6_Repairs_Tips_zpspmp4g2yh.png

I would suggest that you read the Tips For The Best Repairs Results.  Once this is done, click on "Open Repairs".

Step6_Repairs_Start_zpsoiow1cxf.png

On this screen, click the following: Defaults.  The screen and options should look very much like the picture above.  Click "Start Repairs" and confirm that the program starts running the fixes.  This will take a while to run, so you can let it run unattended if you like.  Log files are being recorded as the repairs are being executed.  Once the repairs are finished, reboot your system (normal boot now) and tell me how it is running now.
 

Again, if there are any errors in running these steps, stop and come back and inform me of the events.  Thanks.


  • 0

#29
data_dumb

data_dumb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Upon completion of step 4 it stated that it had found corrupt files but was unable to repair them. I am going ahead with the repair and the rest of the steps. Let me know if you would like for me to paste that log.

 

I tried opening excel and word documents again, same thing as in the beginning. This is frustrating.


Edited by data_dumb, 06 October 2015 - 03:27 PM.

  • 0

#30
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Let's get a look at what SFC could not repair ...

Click Start > type cmd in the Search programs and files box.  Right click on the cmd.exe and select Run as Administrator.
Start%20cmd%20steps%20numbered_zpsreuu9r
 
In the Windows Command Processor window, type the following and press Enter.
 
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%\Desktop\sfcdetails.txt"
 
(Notice the spacing in the command string).

Please attach the resulting file located in C:\Windows\System32\sfcdetails.txt .  Thanks.

 

 

Moving onto Office, can you open a Office program directly?  If so, can you nake a new file (document or spreadsheet) and save that?


  • 0






Similar Topics


Also tagged with one or more of these keywords: office 2013, error message download, error message opening documen

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP