Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Shut down


  • Please log in to reply
18 replies to this topic

#1 peteranko

peteranko

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 20 July 2013 - 03:42 AM

Hi,

 

I will probably get some scolding for this question however I have to ask.

 

I purchased a new computer last year and have all the good stuff running the machine. However I tried to save myself some money by not getting Microsoft Office. As I don't use it much and only word of excel from time to time.

 

Anyway I found one online and down loaded it.Been using it for about 6 months.

 

Last month my PC got locked down. I can't open Chrome or IE without running it as an administrator or anything else associated with Microsoft.

 

My question is do I have to humbly go to Microsoft and say I had an illegal Office program and can I have my PC back or is there another way of getting my PC back to me. I have deleted all Office Programs Now and have Down Loaded OpenOffice now but still would like to have full use of it back.

 

If any one knows what I can do.

 

Please let me know.

 

Thank you,

 


:bowdown:  :busy:

Anko


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 20 July 2013 - 05:14 AM

Hi -

Anyone can use Non M/soft programs, I even use another Notepad / Text editor program and other things.

You also have Google Chrome installed which is not a M/soft program. Do you still use Windows Updates ?

 

Your big question is where did you download the program(s) from ?

Were they from a Torrent site, an illegal site, or some other unknown site ?

 

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

 

Please download MiniToolBox, Save it to your desktop and run it.
Now close any Firefox browsers you may have open during Reset Firefox Settings
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 
Click Go and copy / paste the result (Result.txt).

 

 

Thank You -



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:54 PM

Posted 20 July 2013 - 08:05 AM

<<Last month my PC got locked down. I can't open Chrome or IE without running it as an administrator or anything else associated with Microsoft.>>

 

Not sure what you mean..."locked down" how?  No such thing AFAIK, you are talking about a system with limited privileges that belongs or is under the control of someone other than the user.  And, of course, various malware can result in this.

 

Is your system infected?

 

Any onscreen error messages?

 

Louis

 



#4 peteranko

peteranko
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 20 July 2013 - 08:48 AM

Hi,
 
This is the read from Security Check and minitoolbox.
 
Hi Louis, 
As I said above I'm not sure what it is that is the problem but I can't open as Just Me I have to open things as an administrator on my PC. even the printer will not print just will not not print. 
I don't know if it is hijacked or not.
I had a virus on here a while ago which one of your guys fixed and I was really grateful for all the help I got and it had been fine till a month ago.
 
Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Google Chrome 27.0.1453.116  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Google Chrome 27.0.1453.116  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Google Chrome 27.0.1453.116  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by User (administrator) on 20-07-2013 at 23:36:40
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : User-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : C8-60-00-D3-E0-7F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::49c6:16b7:a961:4d47%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, 20 July 2013 11:24:28 PM
   Lease Expires . . . . . . . . . . : Sunday, 21 July 2013 11:24:28 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 331898880
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-06-83-57-30-85-A9-46-12-4F
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 30-85-A9-46-12-4F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{6BDE0FF3-F6AD-44D0-B969-C240242FCFFB}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3cd1:234c:9a5e:14aa(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3cd1:234c:9a5e:14aa%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{F01C15DA-B0D4-48CF-8706-C84664B7CD31}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2404:6800:4006:804::1002
 74.125.237.136
 74.125.237.133
 74.125.237.137
 74.125.237.135
 74.125.237.142
 74.125.237.131
 74.125.237.132
 74.125.237.128
 74.125.237.130
 74.125.237.134
 74.125.237.129
 
 
Pinging google.com [74.125.237.133] with 32 bytes of data:
Reply from 74.125.237.133: bytes=32 time=22ms TTL=53
Reply from 74.125.237.133: bytes=32 time=26ms TTL=53
 
Ping statistics for 74.125.237.133:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 26ms, Average = 24ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=312ms TTL=44
Reply from 98.139.183.24: bytes=32 time=293ms TTL=44
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 293ms, Maximum = 312ms, Average = 302ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...c8 60 00 d3 e0 7f ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
 11...30 85 a9 46 12 4f ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.107     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.107    281
    192.168.1.107  255.255.255.255         On-link     192.168.1.107    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.107    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.107    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.107    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:5ef5:79fb:3cd1:234c:9a5e:14aa/128
                                    On-link
 12    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::3cd1:234c:9a5e:14aa/128
                                    On-link
 12    281 fe80::49c6:16b7:a961:4d47/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/20/2013 11:36:39 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/20/2013 11:36:29 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/20/2013 11:36:19 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/20/2013 11:36:09 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/20/2013 11:35:59 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/20/2013 11:35:49 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/20/2013 11:35:39 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/20/2013 11:35:29 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/20/2013 11:35:19 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/20/2013 11:35:09 PM) (Source: ESENT) (User: )
Description: taskhost (1784) WebCacheLocal: An attempt to open the file "C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (07/20/2013 11:24:13 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:24:55 PM on ?19/?07/?2013 was unexpected.
 
Error: (07/15/2013 01:01:54 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (07/14/2013 11:22:53 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (07/14/2013 09:28:58 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (07/14/2013 03:24:30 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (07/10/2013 08:00:50 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/29/2013 00:02:36 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/27/2013 05:34:40 PM) (Source: NetBT) (User: )
Description: The name "USER-PC        :20" could not be registered on the interface with IP address 10.34.99.56.
The computer with the IP address 10.32.99.18 did not allow the name to be claimed by
this computer.
 
Error: (06/27/2013 05:34:39 PM) (Source: NetBT) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.34.99.56.
The computer with the IP address 10.32.99.18 did not allow the name to be claimed by
this computer.
 
Error: (06/27/2013 05:34:40 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F01C15DA-B0D4-48CF-8706-C84664B7CD31} because another computer on the network has the same name.  The server could not start.
 
 
Microsoft Office Sessions:
=========================
Error: (07/20/2013 11:36:49 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (07/20/2013 11:36:39 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (07/20/2013 11:36:29 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (07/20/2013 11:36:19 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (07/20/2013 11:36:09 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (07/20/2013 11:35:59 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (07/20/2013 11:35:49 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (07/20/2013 11:35:39 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (07/20/2013 11:35:29 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (07/20/2013 11:35:19 PM) (Source: ESENT)(User: )
Description: taskhost1784WebCacheLocal: C:\Users\User\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-15 06:47:59.429
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-15 06:47:59.413
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-15 06:47:59.397
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-15 06:47:59.382
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-15 01:42:11.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-15 01:42:11.501
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-15 01:42:11.485
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-15 01:42:11.470
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-13 11:31:24.617
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-13 11:31:24.602
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.0.29625)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AMD APP SDK Runtime (Version: 2.4.650.9)
ASUS PCE-N10 WLAN Card Utilities & Driver (Version: 1.0.0.9)
ASUS VGA Driver (Version: 3.0.0.1)
ATI AVIVO64 Codecs (Version: 11.6.0.10524)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Bonjour (Version: 2.0.4.0)
BufferChm (Version: 130.0.331.000)
C4400 (Version: 130.0.365.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0524.2352.41027)
Catalyst Control Center InstallProxy (Version: 2011.0524.2352.41027)
Catalyst Control Center Localization All (Version: 2011.0524.2352.41027)
Catalyst Control Center Profiles Desktop (Version: 2011.0524.2352.41027)
CCC Help English (Version: 2011.0524.2351.41027)
ccc-utility64 (Version: 2011.0524.2352.41027)
CCleaner (Version: 4.00)
ContinueToSave (Version: 1.0)
Copy (Version: 130.0.428.000)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocProc (Version: 13.0.0.0)
Dropbox (Version: 2.0.22)
Foxit Reader (Version: 6.0.2.413)
Google Chrome (Version: 28.0.1500.72)
Google Drive (Version: 1.9.4536.8202)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GoToMeeting 5.5.0.1132 (Version: 5.5.0.1132)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
HydraVision (Version: 4.2.206.0)
Intel® Management Engine Components (Version: 8.0.4.1441)
Intel® OpenCL CPU Runtime
Intel® Processor Graphics (Version: 8.15.10.2669)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 21 (Version: 7.0.210)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.5)
LaCie Network Assistant 1.5.15.72 (Version: 1.5.15.72)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (Version: 17.0.2006.0314)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Opera 12.15 (Version: 12.15.1748)
Picasa 3 (Version: 3.9)
Platform (Version: 1.39)
PS_AIO_03_C4400_Software_Min (Version: 130.0.365.000)
Realtek Ethernet Controller Driver (Version: 7.52.203.2012)
Revo Uninstaller 1.94 (Version: 1.94)
Samsung Kies (Version: 2.5.2.13021_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.22.0)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skype™ 6.3 (Version: 6.3.107)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
SpeedSim (Version: 0.9.8.1b)
Status (Version: 130.0.469.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VIA Platform Device Manager (Version: 1.39)
VLC media player 2.0.6 (Version: 2.0.6)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 62%
Total physical RAM: 8143.97 MB
Available physical RAM: 3016.1 MB
Total Pagefile: 16286.12 MB
Available Pagefile: 10979.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.07 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931.41 GB) (Free:826.15 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USER-PC
 
Administrator            Guest                    Mcx1-USER-PC             
User                     
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
 

 


:bowdown:  :busy:

Anko


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,086 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:54 PM

Posted 20 July 2013 - 10:03 AM

Since it appears that you are still downloading torrents...I would NOT bet money against your being infected again.  If you have truly lost control of your system...that sounds too much like ransomware, in my uneducated opinion.  Your java is outdated...your firewall appears to be disabled (if I'm reading correctly)...sounds like a crecipe for a malware situation, not a Windows problem...IMO.

 

I can't make anything out of the errors reflected by Event Viewer...other than the reference to "taskhost1784".  From what I see, that may be a malware item.

 

Just opinion from someone not qualified to identtfy malware issues.

 

Louis



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 20 July 2013 - 06:18 PM

Must agree with hamluis -

Windows Firewall Enabled!  

Windows Firewall Disabled! << These 2 items are always ? confusing as they are conflicting -
 
Disable or remove µTorrent while we look for problems.
Update Java to Version7 Update25 and remove All old entries -
 
CodeIntegrity Errors: Are all dated  2013-04-15, was this when ComboFix was run ? Was it fully Uninstalled ?

 

A quick check for Malware .........

 

As you have Malwarebytes Anti-Malware installed please Update it and run a quick scan.

Post the results back here

 

Download SUPERAntiSpyware Free (aka SAS)

Be sure to select the Free version, and do not accept the 15 day Trial version offered -
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be sure it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to reboot the computer after you post the log.

 

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE : Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can also find the logfile at C:\AdwCleaner[S1].txt as well.[Sx] being the number of times it has been run.

 

 

 

Scan your machine with ESET OnlineScan

This is best done with Internet Sxplorer, but instructions are left for other browsers also.

1.Hold down Control and click HERE to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3.NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

For Firefox, Opera, Chrome and other users >

- 1.Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2.Double click on the ESET Online Scanner icon on your desktop.

 

 4.Now - Check "YES, I accept the Terms of Use."
 5.Click the Start button.
 6.Accept any security warnings from your browser.
 7.Under scan settings, check "Scan Archives" and "Remove found threats"
8.Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10.When the scan completes, click List Threats
11.Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12.Click the Back button.
13.Click the Finish button

 

 

Thank You -



#7 peteranko

peteranko
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 20 July 2013 - 06:32 PM

Hi Louis,

 

Thanks for that information.  

 

However I paid for torrents with a Bit Defender antivirus and malware  to protect against hidden malware. As for Java I have not used the PC for a month as it was too much trouble to use.

 

All I asked, was there something that could be done. As you and Noknojon have mentioned it seems someone has Hijacked my system. I thought it was microsoft! as I had a call from them around christmas time saying there was something wrong with my system. The phone call came, said they were Microsoft and wanted to check a deep rooted problem within my system. I believed them and let them look at it. Until they asked me to buy something, I then checked what they were selling and it said it was malware, so I didn't get it. They were very convincing. 

 

After that there was an infection and that's when I found Bleeping Computer, you guys were very helpful and cleaned everything out.

 

Now you know my story. Is there something that can be done or is it get rid of the PC? 

 

I'm only asking for help, and I do know a little bit about what I have done but not what I need to do now. 


:bowdown:  :busy:

Anko


#8 peteranko

peteranko
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 20 July 2013 - 07:41 PM

Hi noknojon,

 

I can't open malwarebytes. I tried to uninstall and reinstall but still will not open up Just did the SuperAntiSpyware and it is not displaying any results I or bring up any notepad. It keeps finding 84 Threats I remove them and they just don't go.

I have just tried to open adwcleaner it will not open!

 

I am lost as to what I can do next. 


:bowdown:  :busy:

Anko


#9 peteranko

peteranko
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 20 July 2013 - 07:47 PM

hi,

Adwcleaner just opened and this is the report from the scan.

 

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 10:45:36
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\continuetosave
Folder Found : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\conntiniUetoosyavee
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\conntiniUetoosyavee
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpegmkaemaenadddelkbllmkddblddhp
 
***** [Registry] *****
 
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6EDA88-B9FC-9E76-A67E-8B8C8B023C00}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6EDA88-B9FC-9E76-A67E-8B8C8B023C00}
Key Found : HKCU\Software\5c57d9d1b06fef47
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\SOFTWARE\Wow6432Node\5c57d9d1b06fef47
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6EDA88-B9FC-9E76-A67E-8B8C8B023C00}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6EDA88-B9FC-9E76-A67E-8B8C8B023C00}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKU\S-1-5-21-2265385362-566959095-1771347191-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2265385362-566959095-1771347191-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.72
 
-\\ Opera v12.15.1748.0
 
*************************
 
AdwCleaner[R3].txt - [6216 octets] - [21/07/2013 10:43:19]
AdwCleaner[R4].txt - [6163 octets] - [21/07/2013 10:45:36]
 
########## EOF - C:\AdwCleaner[R4].txt - [6223 octets] ##########

:bowdown:  :busy:

Anko


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 20 July 2013 - 07:48 PM

Microsoft Survey & Advice on Phone Scamming
Microsoft Advice on Phone Scamming for UK Citizens

it seems someone has Hijacked my system. I thought it was microsoft! as I had a call from them around christmas time saying there was something wrong with my system. The phone call came, said they were Microsoft and wanted to check a deep rooted problem within my system. I believed them and let them look at it.
2 items jumped out from that -

 

First is that Microsoft will NEVER ring you. This is a 100% scam, usually originating from India or a similar Asian area -

 

Second is that we never said "your system was hacked" but if the (usually Indian caller) was allowed access to your system, I know that they may ask to type EVENTVWR (or similar) and say look at all those errors - Everyone will have ( ! or ? ) marks there and some Red and Yellow icons showing.

From here they take control of the computer to find all your private details and any bank or credit card details on there.
If this computer has ever been used for banking or credit cards, check your balances as soon as you can.

They may still have access to all passwords, emails, and any current details that you enter.

 

Best option is Reinstall the system, with all new passwords, or at least change every password on the system -

 

Sorry if this is a bit alarmist, but this is a well known problem, and they may have placed Keylogger programs on the system as soon as you allowed them access to the system -

 

Thank You -



#11 peteranko

peteranko
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 20 July 2013 - 07:50 PM

eset online scanner has opened and I will try a scan with it now, if that's ok. Don't know how to open Malwarebytes to make it work, even what I open as administrator it tells me I will have to reboot all the time and nothing gets done


:bowdown:  :busy:

Anko


#12 peteranko

peteranko
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 20 July 2013 - 07:56 PM

I know why your saying that and that's why I haven't been using the PC just wasn't sure what to do. I have checked all my banking details and all seems fine have contacted the bank and said if any transactions are not from Here in Australia do not process it. It's as much as I could do at the time. 

 

I do thank you for your concern and appreciate it. Your are NOT alarmist as I'm sure you have seen and heard of this a lot more than we have.

 

Should I re-install the system!  


:bowdown:  :busy:

Anko


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 20 July 2013 - 08:06 PM

Should I re-install the system! < < Do you have Genuine install Disks for this system, or just Backup disks that you have made, and you will lose ALL data you currently have.

I would not, in this case, ask you to save anything unless it is 100% important and can not be reinstalled -

 

Try this - Download Chameleon from the Malwarebytes site. < < Instructions are there for how to scan -

 

Thanks -



#14 peteranko

peteranko
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 20 July 2013 - 08:37 PM

It was all installed by the computer place and I got it all made up. So I don't have original discs. I now think I probably need a complete re-install. Should I call my Computer Shop and ask if they have them or should I do something else.


:bowdown:  :busy:

Anko


#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:54 AM

Posted 20 July 2013 - 08:55 PM

Hi -

Not sure of your locale but some shops will do these reinstalls for a "reasonable" price -

Now don't ask me what is a "reasonable" price, as this can vary from state to state and city to city.

It will also depend if this is Capitol City related (more choice) or rural area (mine is outer Geelong).

 

This is your best option if a few $$ is not a problem, but compare it to purchasing Win 7 Genuine Disks.

If the shop wants ~ $200, you could purchase Genuine installs for about this price. But if they will do it for $20 or $30 then that is your option.

 

Just My Opinion -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users