Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jzip infection on friend/neighbor's computer


  • This topic is locked This topic is locked
20 replies to this topic

#1 DLMal

DLMal

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 15 June 2013 - 06:27 PM

Hi all,

 

I'm a big fan of your website but have not used your services before. I'm a newbie here. I'm helping my neighbor out with a perceived issue:

 

Acer 5100
AMD Turion 64 Mobile Technology MK-38 2.2 GHz
512 MB Ram
32 -bit OS
Vista Home Basic SP2

I am helping my neighbors daughter with her computer. First, I realize that she is woefully low of Ram for this unit. She is taking my advice in adding Ram. She had JZip Icon on her desktop, before I removed it. With the low amount of Ram I didn't think that it was unusual for system to run slowly.

Did not find link on your Bleeping website but found this link through a Google search.

http://www.bleepingcomputer.com/forums/t/365956/single-incident-trojan-from-cnet-download-jzip/

Unable to run malwarebytes in safe mode. Shuts down. no restart.

Unable to run AVG because of memory limitations

She did not have restore disk so I have created an Image with Macrium Reflex. I realize that I likely saved malware in that image as well but at least she can start over in case of catostrophic loss.

Couldn't complete memtest, Windows Memory Test completed and passed.

Couldn't complete HD Test (Hitachi) scan. It just shuts down. No restart

Revo unistaller does not list yahoo toolbar as one of the programs to delete. It is also not listed in Windows programs to uninstall. Yahoo toolbar DOES NOT look like toolbar listed on yahoo website. Yahoo toolbar is installed only on IE. I added Opera and Firefox (very old version) was already installed.

Some BSOD, usually after trying to run boot level scans, I can't remember whether same occurred with malwarebytes but I do remember that computer restarted. Only had one since I installed SP2 but I have not attempted to run malwarebytes in safe mode. Malwarebytes did complete in running Windows normally. No malware after full scan ran on 06-05-13.

Computer seems to be running fairly stably but I want to be sure that there is not malware lurking. In addition now that this toolbar looks suspicious to me it would be a good idea to run scans.

 

Thanks

 

:) 
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:57 AM

Posted 20 June 2013 - 11:48 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
 
----------------

 

Please do the following next:
 
:step1:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.
 
 
:step2:
 
Please download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.pif

  • Double click on the DDS icon, allow it to run.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open the logfile.
  • You can find the logfile on your desktop as well.
  • Please post the content of that logfile with your next answer.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 DLMal

DLMal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 22 June 2013 - 05:52 PM

Thanks for your reply.

I have intermittent Internet access, therefore--in some cases--t may take as long as 36 hours to reply. I appreiate your patience in this matter. Hopefully, we will get these issues resolved sooner, but until then...If you like you can tell me what time you are likely to post--either your time or mine--which would be Central Standard Time. That way I will be looking out. I will surely check every other day--at a public wifi facility--for your post if I can't check it from my home.

Best regards,

Fogger DID NOT ask for reboot, however it did create a text file:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:10 on 22/06/2013 (Ms Davis)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

Therefore, I restarted the machine myself.

Here are the dds scans as requested:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.25.2
Run by Ms Davis at 16:54:57 on 2013-06-22
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.445.49 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMQA4ADAANwA4ADYANgA1ADAAOQAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBGAEwAKwA5AC0AWABPADkAKwAxAC0AWABPADMANgArADEALQBEAEQAVAArADAALQBGADkAMABNADEAMgBBAFQAKwAxAC0ARgA5ADAATQAxADIAQQArADEALQBGADkAMABNADEAMgBBAEIAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEEAVABCAE4AKwAxAC0AVABCAFYAVQBQAEcAKwAxADIALQBGADkAMABNADEAMgBGAE4AKwAxAC0AVABCAE4AKwAxAC0AQwBJAEEAOQAwACsAMgAtAEYAOQAwAE0AMQAyAFIAKwAxAC0AVgBJAFAAMQAyACsAMQA"&"prod=90"&"ver=9.0.901
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 4.2.2.2 4.2.2.1
TCP: Interfaces\{2422A638-4F91-4969-8E67-52CD66FD9C9A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{95D77504-9CA3-4F89-8B84-00FCD4D1F140} : DHCPNameServer = 4.2.2.2 4.2.2.1
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ms davis\appdata\roaming\mozilla\firefox\profiles\l005f41o.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-06-06 14:52; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-6 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-6 174664]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2013-6-14 16504]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-6 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-6 368944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-6 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-6 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-6 46808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-6-4 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
.
=============== Created Last 30 ================
.
2013-06-22 20:39:02 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1eee2ecf-fb41-4450-b07d-ae8184889eb5}\mpengine.dll
2013-06-22 20:03:27 -------- d-----w- c:\program files\Macrium
2013-06-22 19:53:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-14 18:01:58 13432 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2013-06-14 18:01:32 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys
2013-06-14 18:01:18 55416 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2013-06-14 14:32:06 -------- d-----w- c:\programdata\Macrium
2013-06-14 01:35:35 -------- d-----w- c:\program files\Windows Portable Devices
2013-06-14 01:25:11 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-14 01:25:02 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-06-14 01:24:57 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-06-14 01:24:08 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2013-06-14 01:24:08 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2013-06-14 01:24:07 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2013-06-14 01:22:45 839168 ----a-w- c:\windows\system32\drivers\umdf\WpdMtpDr.dll
2013-06-14 01:10:11 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-06-14 01:09:52 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-06-14 01:09:52 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-06-14 01:09:51 16896 ----a-w- c:\windows\system32\winusb.dll
2013-06-14 01:09:50 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-06-14 01:09:49 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-06-14 01:09:48 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-06-14 01:09:47 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-06-14 01:09:39 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-06-14 01:09:38 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-06-14 01:09:33 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-06-14 01:04:26 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2013-06-14 01:02:57 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2013-06-14 00:59:32 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2013-06-14 00:59:31 471552 ----a-w- c:\windows\system32\secproc.dll
2013-06-14 00:59:26 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2013-06-14 00:59:25 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2013-06-14 00:59:25 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2013-06-14 00:59:24 518144 ----a-w- c:\windows\system32\RMActivate.exe
2013-06-14 00:59:20 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2013-06-14 00:59:20 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2013-06-14 00:59:18 332288 ----a-w- c:\windows\system32\msdrm.dll
2013-06-14 00:59:02 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-14 00:56:47 797696 ----a-w- c:\windows\system32\FntCache.dll
2013-06-14 00:56:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-14 00:56:18 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-14 00:53:30 1696256 ----a-w- c:\windows\system32\gameux.dll
2013-06-14 00:53:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-06-14 00:53:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-06-14 00:53:14 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2013-06-14 00:52:01 714240 ----a-w- c:\windows\system32\timedate.cpl
2013-06-13 23:14:31 -------- d-----w- c:\users\ms davis\appdata\local\WindowsUpdate
2013-06-13 22:55:08 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-06-13 22:55:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-13 22:55:06 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-13 22:55:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-06-13 22:55:03 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-13 22:19:11 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-13 20:56:12 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 20:56:09 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 19:48:06 5120 ----a-w- c:\windows\system32\wmi.dll
2013-06-13 19:48:00 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-06-13 19:47:57 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-06-13 19:33:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-06-13 19:33:03 98816 ----a-w- c:\windows\system32\mfps.dll
2013-06-13 19:33:03 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2013-06-13 19:33:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2013-06-13 19:33:03 2873344 ----a-w- c:\windows\system32\mf.dll
2013-06-13 19:33:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-06-13 19:33:02 209920 ----a-w- c:\windows\system32\mfplat.dll
2013-06-13 19:33:01 586240 ----a-w- c:\windows\system32\stobject.dll
2013-06-13 19:32:58 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-13 19:32:58 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-06-13 19:32:57 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-13 19:32:57 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-06-13 19:32:56 478720 ----a-w- c:\windows\system32\dxgi.dll
2013-06-13 19:32:55 847360 ----a-w- c:\windows\system32\OpcServices.dll
2013-06-13 19:32:55 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2013-06-13 19:32:55 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2013-06-13 19:32:55 258048 ----a-w- c:\windows\system32\winspool.drv
2013-06-13 19:32:55 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2013-06-13 19:30:07 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-13 19:30:07 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-06-13 19:30:07 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-06-13 19:30:06 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-13 19:30:06 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-06-13 19:30:06 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-06-13 19:30:06 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-13 19:19:20 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-06-13 19:19:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-06-13 19:16:27 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-06-13 18:56:35 293376 ----a-w- c:\windows\system32\psisdecd.dll
2013-06-13 18:56:35 217088 ----a-w- c:\windows\system32\psisrndr.ax
2013-06-13 18:56:34 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2013-06-13 18:56:34 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2013-06-13 18:56:26 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2013-06-13 18:56:26 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2013-06-13 18:56:25 238080 ----a-w- c:\windows\system32\oleacc.dll
2013-06-13 18:56:23 563712 ----a-w- c:\windows\system32\oleaut32.dll
2013-06-13 18:56:05 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 18:55:59 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 18:55:59 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 18:55:57 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 18:55:57 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 18:55:55 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 18:55:41 189952 ----a-w- c:\windows\system32\winmm.dll
2013-06-13 18:55:40 23552 ----a-w- c:\windows\system32\mciseq.dll
2013-06-13 18:55:32 623616 ----a-w- c:\windows\system32\localspl.dll
2013-06-13 18:50:59 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-06-13 18:50:59 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2013-06-13 18:50:53 66560 ----a-w- c:\windows\system32\packager.dll
2013-06-13 18:49:12 680448 ----a-w- c:\windows\system32\msvcrt.dll
2013-06-13 18:49:10 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-06-13 18:49:03 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-13 18:48:30 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-06-13 18:48:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-06-13 18:48:22 2048 ----a-w- c:\windows\system32\tzres.dll
2013-06-13 18:48:07 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 18:48:06 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-13 18:48:01 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2013-06-13 18:47:55 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-06-13 18:47:48 497152 ----a-w- c:\windows\system32\qdvd.dll
2013-06-13 18:47:37 377344 ----a-w- c:\windows\system32\winhttp.dll
2013-06-13 18:44:34 1248768 ----a-w- c:\windows\system32\msxml3.dll
2013-06-13 18:44:29 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-13 18:43:39 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-06-13 18:43:35 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-06-13 18:43:28 707584 ----a-w- c:\program files\common files\system\wab32.dll
2013-06-13 18:42:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-06-13 18:42:03 278528 ----a-w- c:\windows\system32\schannel.dll
2013-06-13 18:42:02 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2013-06-13 18:42:00 72704 ----a-w- c:\windows\system32\secur32.dll
2013-06-13 18:41:59 9728 ----a-w- c:\windows\system32\lsass.exe
2013-06-13 18:41:54 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-06-13 18:01:37 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-06-13 17:14:01 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-06-13 17:13:14 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-06-13 17:12:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-06-13 17:12:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-06-13 02:17:10 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2013-06-13 02:17:07 310784 ----a-w- c:\windows\system32\unregmp2.exe
2013-06-13 00:45:39 -------- d-----w- c:\windows\system32\eu-ES
2013-06-13 00:45:39 -------- d-----w- c:\windows\system32\ca-ES
2013-06-13 00:45:35 -------- d-----w- c:\windows\system32\vi-VN
2013-06-12 23:42:48 -------- d-----w- c:\windows\system32\EventProviders
2013-06-12 23:35:06 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2013-06-12 23:33:57 324608 ----a-w- c:\windows\system32\sdohlp.dll
2013-06-12 23:32:59 37376 ----a-w- c:\windows\system32\EhStorPwdMgr.dll
2013-06-12 23:31:59 9048 ----a-w- c:\windows\system32\icardres.dll
2013-06-12 23:30:59 532992 ----a-w- c:\windows\system32\wpcao.dll
2013-06-12 23:29:58 61952 ----a-w- c:\windows\system32\wbem\xml\wmi2xml.dll
2013-06-12 23:28:41 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2013-06-12 23:28:41 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2013-06-12 23:28:41 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2013-06-12 23:28:40 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-06-12 23:28:40 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2013-06-12 23:28:39 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-06-12 23:28:39 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2013-06-12 23:28:33 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2013-06-12 23:28:27 218624 ----a-w- c:\windows\system32\wdscore.dll
2013-06-12 23:28:26 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2013-06-12 23:28:03 247808 ----a-w- c:\windows\system32\drvstore.dll
2013-06-11 00:35:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-06-11 00:35:18 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-06-11 00:35:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-06-11 00:35:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-06-11 00:35:16 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-06-10 22:30:26 128000 ----a-w- c:\windows\system32\spoolsv.exe
2013-06-10 22:30:18 157184 ----a-w- c:\windows\system32\t2embed.dll
2013-06-10 22:29:32 413696 ----a-w- c:\windows\system32\odbc32.dll
2013-06-10 22:29:26 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2013-06-10 22:29:25 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2013-06-10 22:29:24 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2013-06-10 22:29:23 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2013-06-10 22:26:24 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2013-06-10 22:26:11 1136640 ----a-w- c:\windows\system32\mfc42.dll
2013-06-10 22:26:09 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2013-06-10 22:25:59 1316864 ----a-w- c:\windows\system32\ole32.dll
2013-06-10 22:25:56 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2013-06-10 22:24:48 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2013-06-10 22:24:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2013-06-10 22:23:16 125952 ----a-w- c:\windows\system32\srvsvc.dll
2013-06-10 22:23:14 17920 ----a-w- c:\windows\system32\netevent.dll
2013-06-10 22:21:39 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2013-06-10 22:20:30 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2013-06-10 22:19:59 81920 ----a-w- c:\windows\system32\iccvid.dll
2013-06-10 22:19:43 72704 ----a-w- c:\windows\system32\fontsub.dll
2013-06-10 22:19:34 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-06-10 22:19:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-06-10 22:19:23 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2013-06-10 22:19:16 67072 ----a-w- c:\windows\system32\asycfilt.dll
2013-06-10 22:19:11 231424 ----a-w- c:\windows\system32\msshsq.dll
2013-06-10 22:19:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-06-10 22:18:54 1169408 ----a-w- c:\windows\system32\sdclt.exe
2013-06-10 22:18:49 36864 ----a-w- c:\windows\system32\rtutils.dll
2013-06-10 22:18:44 502272 ----a-w- c:\windows\system32\usp10.dll
2013-06-10 22:18:39 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-06-10 22:18:38 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-06-10 22:17:03 322560 ----a-w- c:\windows\system32\sbe.dll
2013-06-10 22:17:02 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2013-06-10 22:16:58 153088 ----a-w- c:\windows\system32\sbeio.dll
2013-06-10 21:54:26 739328 ----a-w- c:\windows\system32\inetcomm.dll
2013-06-10 21:44:02 81920 ----a-w- c:\windows\system32\consent.exe
2013-06-10 21:43:46 601600 ----a-w- c:\windows\system32\schedsvc.dll
2013-06-10 21:43:42 352768 ----a-w- c:\windows\system32\taskschd.dll
2013-06-10 21:43:35 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-06-10 21:43:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2013-06-10 21:43:31 270336 ----a-w- c:\windows\system32\taskcomp.dll
2013-06-10 21:41:55 677888 ----a-w- c:\windows\system32\mstsc.exe
2013-06-10 21:41:54 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2013-06-10 21:37:43 531968 ----a-w- c:\windows\system32\comctl32.dll
2013-06-10 21:28:48 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-10 01:18:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-06-10 01:18:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-09 19:05:00 -------- d-----w- c:\users\ms davis\appdata\roaming\Kodak
2013-06-09 18:57:34 -------- d-----w- c:\users\ms davis\appdata\roaming\WinPatrol
2013-06-09 18:57:26 -------- d-----w- c:\programdata\InstallMate
2013-06-09 18:57:26 -------- d-----w- c:\program files\BillP Studios
2013-06-06 20:05:02 -------- d-----w- c:\programdata\Licenses
2013-06-06 20:04:49 -------- d-----w- c:\program files\SpywareBlaster
2013-06-06 20:02:03 -------- d-----w- c:\program files\FileHippo.com
2013-06-06 19:59:53 -------- d-----w- c:\users\ms davis\appdata\local\Opera
2013-06-06 19:54:32 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-06 19:54:32 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-06 19:54:31 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-06 19:54:27 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-06 19:52:36 41664 ----a-w- c:\windows\avastSS.scr
2013-06-06 19:51:29 -------- d-----w- c:\program files\AVAST Software
2013-06-06 19:49:47 -------- d-----w- c:\programdata\AVAST Software
2013-06-06 14:26:17 -------- d-----w- c:\programdata\Kaspersky Lab
2013-06-06 05:16:40 -------- d-----w- c:\users\ms davis\appdata\roaming\SUPERAntiSpyware.com
2013-06-06 05:11:26 -------- d-----w- c:\users\ms davis\appdata\local\Mozilla
2013-06-06 04:33:53 -------- d-----w- c:\users\ms davis\appdata\local\jZip
2013-06-06 02:59:39 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-06-06 02:55:10 -------- d-----w- c:\program files\CCleaner
2013-06-05 23:16:12 -------- d-----w- c:\users\ms davis\appdata\roaming\Malwarebytes
2013-06-05 23:01:48 -------- d-----w- c:\program files\VS Revo Group
2013-06-05 22:56:47 -------- d-----w- c:\users\ms davis\appdata\local\Adobe
2013-06-05 22:47:48 -------- d-----w- c:\programdata\Malwarebytes
2013-06-05 22:47:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-05 22:47:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-05 21:46:20 -------- d-----w- c:\users\ms davis\appdata\local\VirtualStore
2013-06-05 17:07:27 -------- d-----w- C:\bd_logs
2013-06-05 04:49:22 -------- d-----w- C:\PerfLogs
.
==================== Find3M ====================
.
2013-06-22 19:52:25 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 22:26:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 19:30:08 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2013-06-05 04:12:59 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2013-06-05 04:12:17 82432 ----a-w- c:\windows\system32\axaltocm.dll
2013-05-02 07:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
.
============= FINISH: 16:57:24.48 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 5/28/2010 11:56:00 AM
System Uptime: 6/22/2013 4:43:50 PM (0 hours ago)
.
Motherboard: Acer | | Navarro
Processor: AMD Turion™ 64 Mobile Technology MK-38 | Socket M2/S1G1 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 7.945 GiB free.
D: is FIXED (NTFS) - 33 GiB total, 32.626 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program
avast! Free Antivirus
Broadcom Driver Installation Program
CCleaner
FileHippo.com Update Checker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java 7 Update 25
Java Auto Updater
Macrium Reflect Free Edition
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
Opera 12.15
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
SpywareBlaster 5.0
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
WinPatrol
.
==== End Of File ===========================
 

 



#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:57 AM

Posted 23 June 2013 - 04:14 PM

Hi

 

Please do the following next:

 

:step1:

 

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the <ENTER> key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.


:step2:

Please download AdwCleaner by Xplode onto your desktop.


  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 DLMal

DLMal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 24 June 2013 - 05:28 PM

Wininit did not show in event viewer, however scan finished and stated that volume was clean. I have run chkdsk since I have worked on this computer and, as I remember, received the same result.

 

Here is AdwCleaner scan:

 

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 17:20:42
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Ms Davis - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\Ms Davis\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Users\Ms Davis\AppData\Local\jZip
Folder Found : C:\Users\Ms Davis\AppData\LocalLow\jZip

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vzwc92pr.default\prefs.js

[OK] File is clean.

File : C:\Users\Ms Davis\AppData\Roaming\Mozilla\Firefox\Profiles\l005f41o.default\prefs.js

[OK] File is clean.

File : C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\qkflgiop.default\prefs.js

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\user\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Ms Davis\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Kamille\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2527 octets] - [24/06/2013 17:20:42]

########## EOF - C:\AdwCleaner[R1].txt - [2587 octets] ##########

 



#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:57 AM

Posted 25 June 2013 - 06:44 AM

Hi
 
Please do the following next:
 
:step1:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

:step2:

 

How is the computer running now?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 DLMal

DLMal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 25 June 2013 - 04:23 PM

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 15:03:30
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Ms Davis - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\Ms Davis\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Ms Davis\AppData\Local\jZip
Folder Deleted : C:\Users\Ms Davis\AppData\LocalLow\jZip

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vzwc92pr.default\prefs.js

[OK] File is clean.

File : C:\Users\Ms Davis\AppData\Roaming\Mozilla\Firefox\Profiles\l005f41o.default\prefs.js

[OK] File is clean.

File : C:\Users\Kamille\AppData\Roaming\Mozilla\Firefox\Profiles\qkflgiop.default\prefs.js

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\user\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Ms Davis\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Kamille\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2656 octets] - [24/06/2013 17:20:42]
AdwCleaner[S1].txt - [2615 octets] - [25/06/2013 15:03:30]

########## EOF - C:\AdwCleaner[S1].txt - [2675 octets] ##########

 

It is pretty difficult to tell whether the computer is running better or not with the memory configuration that she has for Vista. However, the fake yahoo toolbar is no longer present. Unfortunately, I tried to run Windows Memory Test and the computer simply shut down after half a minute. In addition, it would not boot for 4 attempts. It booted to the desktop after the 5 attempt. Consequently, I am still concerned regarding the unit's cleanliness.



#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:57 AM

Posted 26 June 2013 - 04:09 PM

Hi

We suspect that one or more of the RAM sticks has gone bad.

Please make a new post in the internal forum here asking for assistance.
Make sure to include a link in that topic to this topic.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 DLMal

DLMal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 26 June 2013 - 05:02 PM

There is only one Ram Stick in unit. In addition, this failure only occurs when I attempt to run most boot level programs: Bit Defender, Kaspersky's, Seatools HD test and Memtest. I haven't attempted to run those programs after--or during--the cleaning process. As stated in my original post this occured before any assistance by you. The only test I attempted to run--after cleaning--is the Windows Memory test and as stated before it failed and shut down the computer.



#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:57 AM

Posted 27 June 2013 - 06:25 AM

Hi I'm not a hardware expert and thus unfortunately not in a position to help you troubleshoot this, however malware is not involved.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 DLMal

DLMal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 27 June 2013 - 11:39 AM

Fair enough, are there any cleaning or settings that I need to change before I move on?

 

:)



#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:57 AM

Posted 27 June 2013 - 03:13 PM

Hi

 

No, nothing else is needed at this time.

I hope you will find the cause of the problem and get this fixed


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 DLMal

DLMal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 27 June 2013 - 03:31 PM

What about Defogger?

 

"Do not re-enable these drivers until otherwise instructed."



#14 DLMal

DLMal
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 28 June 2013 - 11:28 AM

I will need the above question answered by someone on this forum that has the authority to do so. I am not familiar with this tool at all. Therefore, I would like to get an answer before I proceed to the next step.



#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:57 AM

Posted 28 June 2013 - 11:41 AM

Please be patient. I am waiting for an instructor to advise.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users