Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC slow, many dllhost files running, won't allow sw downloads


  • Please log in to reply
7 replies to this topic

#1 Bee-rad Nelson

Bee-rad Nelson

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 15 September 2013 - 10:29 PM

Hello.  My son gave me his HP Pavilion dv6 to fix.  I am far from an expert, but know my way around a computer better than he does.  He's running Windows 7 Home Premium, SP1, 64-bit.  On start-up, it stopped McAfee and I couldn't turn it back on.  I rebooted in Safe mode with networking.  I tried downloading anti-virus/anti-malware software and was blocked from doing so.  Task manager shows approximately 14 dllhost.exe COM SURROGATE processes running and if I cancel them - they repopulate.  The system is running so hard, it finally pops off due to overheating.  I tried system restore.  That was also unsuccessful - in fact, it froze and I had to do a hard reset, so then had to run a checkdisk before booting again.  I currently only have IE open, to create this post....Processes: 97; CPU Usage goes between 55 and 100 but usually stays at 100%; Physical Memory: 57%.  Even though I've now booted in standard mode - I still cannot download any anti-virus software.  I get a pop up that says my security settings won't allow it. 


Edited by Orange Blossom, 15 September 2013 - 11:14 PM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:49 AM

Posted 16 September 2013 - 12:42 AM

Hi  Bee-rad Nelson -
Try a few other downloads listed below please.

From here we may be able to see a source of the problem -

 

Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Download MiniToolBox, Save it to your desktop and run it.
Checkmark all of the following checkboxes:
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List content of Hosts
* List IP configuration
* List Winsock Entries
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (Only Problems)
* List Users, Partitions and Memory size.
* List Minidump Files
* List Restore points
NOTE: When using "Reset FF Proxy Settings" option, Firefox should be closed.

Click GO and Copy/Paste the result (Result.txt)

 

 

Thank You -



#3 Bee-rad Nelson

Bee-rad Nelson
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 16 September 2013 - 09:10 AM

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 40  
 Java version out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Brad Nelson (administrator) on 16-09-2013 at 09:04:03
Running from "C:\Users\Brad Nelson\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : BradNelson-HP
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 2A-F4-6A-B6-22-C9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 18-F4-6A-B6-22-C9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f101:9551:345c:c524%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, September 16, 2013 8:54:54 AM
   Lease Expires . . . . . . . . . . : Tuesday, September 17, 2013 8:54:54 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 320402538
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-8B-AD-62-78-AC-C0-42-1E-2E
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{EAD0793A-9E7D-418E-B2BB-C2AE8C4942B3}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.hsd1.il.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4009:803::1004
 74.125.225.40
 74.125.225.36
 74.125.225.41
 74.125.225.37
 74.125.225.33
 74.125.225.46
 74.125.225.32
 74.125.225.35
 74.125.225.39
 74.125.225.38
 74.125.225.34
 
 
Pinging google.com [74.125.225.133] with 32 bytes of data:
Reply from 74.125.225.133: bytes=32 time=15ms TTL=55
Reply from 74.125.225.133: bytes=32 time=13ms TTL=55
 
Ping statistics for 74.125.225.133:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 15ms, Average = 14ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=31ms TTL=51
Reply from 98.138.253.109: bytes=32 time=33ms TTL=51
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 31ms, Maximum = 33ms, Average = 32ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...2a f4 6a b6 22 c9 ......Microsoft Virtual WiFi Miniport Adapter
 12...18 f4 6a b6 22 c9 ......Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.7    281
      192.168.1.7  255.255.255.255         On-link       192.168.1.7    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.7    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.7    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.7    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::f101:9551:345c:c524/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/15/2013 09:42:03 PM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Installed Java 7 Update 40).
 
Error: (09/14/2013 08:53:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: Flash64_11_8_800_174.ocx, version: 11.8.800.174, time stamp: 0x5230c1da
Exception code: 0xc0000005
Fault offset: 0x0000000000296c15
Faulting process id: 0x1dd0
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
 
Error: (09/14/2013 10:49:47 AM) (Source: Application Hang) (User: )
Description: The program dllhost.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2328
 
Start Time: 01ceb160c79b15d1
 
Termination Time: 948
 
Application Path: C:\Windows\system32\dllhost.exe
 
Report Id:
 
Error: (09/14/2013 10:49:46 AM) (Source: Application Hang) (User: )
Description: The program dllhost.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1194
 
Start Time: 01ceb160a70fc484
 
Termination Time: 102
 
Application Path: C:\Windows\system32\dllhost.exe
 
Report Id:
 
Error: (09/14/2013 09:22:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4431
 
Error: (09/14/2013 09:22:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4431
 
Error: (09/14/2013 09:22:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2013 09:22:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2917
 
Error: (09/14/2013 09:22:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2917
 
Error: (09/14/2013 09:22:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/16/2013 09:01:28 AM) (Source: DCOM) (User: )
Description: 1084defragsvc{D20A3293-3341-4AE8-9AAF-8E397CB63C34}
 
Error: (09/16/2013 08:59:15 AM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
 
Error: (09/16/2013 08:57:59 AM) (Source: DCOM) (User: )
Description: 1084McAfee SiteAdvisor Service{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
 
Error: (09/16/2013 08:55:25 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (09/16/2013 08:55:22 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/16/2013 08:55:22 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/16/2013 08:55:19 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (09/16/2013 08:55:13 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/16/2013 08:55:13 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
discache
spldr
Wanarpv6
 
Error: (09/16/2013 08:54:53 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
Error: (09/15/2013 09:42:03 PM) (Source: System Restore)(User: )
Description: Installed Java 7 Update 40
 
Error: (09/14/2013 08:53:39 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54Flash64_11_8_800_174.ocx11.8.800.1745230c1dac00000050000000000296c151dd001ceb1b631d49547C:\Windows\system32\dllhost.exeC:\Windows\system32\Macromed\Flash\Flash64_11_8_800_174.ocxa3a3e3bc-1da9-11e3-b0a0-b6e9be6de858
 
Error: (09/14/2013 10:49:47 AM) (Source: Application Hang)(User: )
Description: dllhost.exe6.1.7600.16385232801ceb160c79b15d1948C:\Windows\system32\dllhost.exe
 
Error: (09/14/2013 10:49:46 AM) (Source: Application Hang)(User: )
Description: dllhost.exe6.1.7600.16385119401ceb160a70fc484102C:\Windows\system32\dllhost.exe
 
Error: (09/14/2013 09:22:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4431
 
Error: (09/14/2013 09:22:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4431
 
Error: (09/14/2013 09:22:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/14/2013 09:22:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2917
 
Error: (09/14/2013 09:22:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2917
 
Error: (09/14/2013 09:22:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-15 20:06:49.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-15 20:06:49.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-15 20:06:49.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 17:31:37.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 17:31:37.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 17:31:37.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 12:11:00.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 12:11:00.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 12:11:00.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-12 08:43:16.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.2.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Acrobat.com (Version: 1.6.65)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Reader 9.5.5 MUI (Version: 9.5.5)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Amway Business Modeler (Version: 1.0)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
Atheros Driver Installation Program (Version: 9.0)
ATI Catalyst Install Manager (Version: 3.0.790.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.0.614.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 2.0.4.0)
Build-a-lot 2 (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0929.2212.37971)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0929.2212.37971)
Catalyst Control Center InstallProxy (Version: 2010.0416.541.8279)
Catalyst Control Center InstallProxy (Version: 2010.0929.2212.37971)
Catalyst Control Center Localization All (Version: 2010.0929.2212.37971)
CCC Help Chinese Standard (Version: 2010.0929.2211.37971)
CCC Help Chinese Traditional (Version: 2010.0929.2211.37971)
CCC Help Czech (Version: 2010.0929.2211.37971)
CCC Help Danish (Version: 2010.0929.2211.37971)
CCC Help Dutch (Version: 2010.0929.2211.37971)
CCC Help English (Version: 2010.0929.2211.37971)
CCC Help Finnish (Version: 2010.0929.2211.37971)
CCC Help French (Version: 2010.0929.2211.37971)
CCC Help German (Version: 2010.0929.2211.37971)
CCC Help Greek (Version: 2010.0929.2211.37971)
CCC Help Hungarian (Version: 2010.0929.2211.37971)
CCC Help Italian (Version: 2010.0929.2211.37971)
CCC Help Japanese (Version: 2010.0929.2211.37971)
CCC Help Korean (Version: 2010.0929.2211.37971)
CCC Help Norwegian (Version: 2010.0929.2211.37971)
CCC Help Polish (Version: 2010.0929.2211.37971)
CCC Help Portuguese (Version: 2010.0929.2211.37971)
CCC Help Russian (Version: 2010.0929.2211.37971)
CCC Help Spanish (Version: 2010.0929.2211.37971)
CCC Help Swedish (Version: 2010.0929.2211.37971)
CCC Help Thai (Version: 2010.0929.2211.37971)
CCC Help Turkish (Version: 2010.0929.2211.37971)
ccc-core-static (Version: 2010.0929.2212.37971)
ccc-utility64 (Version: 2010.0929.2212.37971)
Chuzzle Deluxe (Version: 2.2.0.95)
CinemaNow Media Manager (Version: 1.9.1.105)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CyberLink DVD Suite (Version: 7.0.3003)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Toolbar (Version: 1.8.12.0)
Dell V310-V510 Series
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's Carnival Adventure (Version: 2.2.0.95)
DVD Menu Pack for HP MediaSmart Video (Version: 4.1.4121)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESU for Microsoft Windows 7 (Version: 1.0.0)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
FoxTab FLV Player (remove only)
Google Chrome (Version: 29.0.1547.66)
Google Update Helper (Version: 1.3.21.153)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Heroes of Might and Magic III Complete
HP 3D DriveGuard (Version: 4.0.5.1)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Documentation (Version: 1.1.1.0)
HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)
HP Games (Version: 1.0.1.3)
HP MediaSmart CinemaNow 2.0 (Version: 2.0)
HP MediaSmart DVD (Version: 4.1.4229)
HP MediaSmart Movies and TV (Version: 1.0.0.10)
HP MediaSmart Music (Version: 4.1.4215)
HP MediaSmart Photo (Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (Version: 4.1.4214)
HP MediaSmart Webcam (Version: 4.1.3024)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.2.0)
HP Photo Creations (Version: 1.0.0.3611)
HP Power Manager (Version: 1.0.3)
HP Quick Launch (Version: 2.3.6)
HP Setup (Version: 8.1.4186.3400)
HP Software Framework (Version: 4.0.39.1)
HP Support Assistant (Version: 5.1.10.7)
HP Wireless Assistant (Version: 4.0.9.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
Hulu Desktop (Version: 0.9.13)
IDT Audio (Version: 1.0.6292.0)
iTunes (Version: 10.2.1.1)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Jewel Quest 3 (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.2907)
LG USB Modem driver
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee SecurityCenter (Version: 11.6.511)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MotoHelper 2.0.45 Driver 5.0.0 (Version: 2.0.45)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0)
Movie Theme Pack for HP MediaSmart Video (Version: 4.1.4030)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Online Backup (Version: 2.1.17869)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
Plants vs. Zombies (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4204)
PowerDirector (Version: 8.0.3003)
QuickTime (Version: 7.69.80.9)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.11.1127.2009)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30113)
Recovery Manager (Version: 5.5.3023)
Revo Uninstaller 1.94 (Version: 1.94)
Revo Uninstaller Pro 2.5.8 (Version: 2.5.8)
Roxio CinemaNow 2.0 (Version: 1.0.284)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64 (Version: 10.0.0)
Shutterfly Express Uploader (Version: 1.0.0)
Shutterfly Express Uploader (Version: 1.0.0.4)
Skype™ 5.10 (Version: 5.10.116)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Times Reader (Version: 2.061)
TurboTax 2010
TurboTax 2010 wiliper (Version: 010.000.1836)
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 wiliper (Version: 011.000.1639)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 wiliper (Version: 012.000.1416)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wrapper (Version: 012.000.0127)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update Installer for WildTangent Games App
uTorrentBar Toolbar (Version: 6.2.7.3)
Virtual Families (Version: 2.2.0.95)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
VLC media player 1.1.11 (Version: 1.1.11)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma Deluxe (Version: 2.2.0.95)
 
========================= Devices: ================================
 
Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 51%
Total physical RAM: 5882.9 MB
Available physical RAM: 2882.11 MB
Total Pagefile: 11763.99 MB
Available Pagefile: 8607.61 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.04 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:445.8 GB) (Free:109.78 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:19.66 GB) (Free:2.86 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BRADNELSON-HP
 
Administrator            Brad Nelson              Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
10-09-2013 04:15:27 Revo Uninstaller's restore point - Java™ 6 Update 35
10-09-2013 04:24:14 Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
11-09-2013 03:52:37 Installed Java 7 Update 40
11-09-2013 04:14:19 Windows Update
11-09-2013 13:43:49 Windows Update
 
**** End of log ****


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:49 AM

Posted 16 September 2013 - 07:53 PM

Check in Control Panel > Programs and Features for these programs and Delete any that you find.

Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
µTorrent (Version: 3.2.0)
µTorrentBar Toolbar (Version: 6.2.7.3)
Norton Online Backup (Version: 2.1.17869) is now Version 2.3.0.7. Update or Remove this.
McAfee SecurityCenter (Version: 11.6.511) Try to replace with Microsoft Security Essentials
McAfee Security is installed, but it is blocking a lot of other programs from running.

Please Update Malwarebytes Anti-Malware and run a Quick scan only.
Post the result back here -

 

Only when these are finished please run this -

 

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from an antivirus about this tool, ignore them.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
*  Do not reboot your computer after running RKill as the malware programs will start again.
* Run AdwCleaner directly after this program runs
* If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.

 

 

Scan your machine with ESET OnlineScan
Note that the first link is for Internet Explorer use, see below for other browsers -

1. Hold down Control and click HERE to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the ESET Online Scanner icon on your desktop.

 

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser.
 7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (up to 2  hours is not unusual)
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button

 

Reboot after you have posted the log back here -

 

Please post back with any problems running this program.

 

Thank You -



#5 Bee-rad Nelson

Bee-rad Nelson
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 18 September 2013 - 07:30 AM

Thank you for all your help.  Booted in SAFE MODE with Networking.  Uninstalled µTorrent (Version: 3.2.0).  When I tried uninstalling Java, Norton, or anything else for that  matter - I got a Windows Installer pop-up "The Windows Installer Service could not be accessed.  This can occur if the Windows Installer is not correctly installed.  Contact your support personnel for assistance."  Updated MalwareBytes and ran a quick scan.  It found nothing malicious.  Rebooted in SAFE MODE and still couldn't uninstall programs. 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:49 AM

Posted 18 September 2013 - 08:16 AM

OK -

Just try the ESET Scan please - How To Temporarily Disable Your Anti-virus

 

Next - Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

Fiish with Please download TFC, or Temp File Cleaner By Old Timer
Usage Instructions:
* Download TFC from the download link above and save the file on your desktop.
* Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
* Double-click on the TFC icon.
* When the program opens, click on the Start button. 
* TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
* When done, press OK to reboot your computer and finish the cleanup.[/list]Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

 

 

Thanks -



#7 Bee-rad Nelson

Bee-rad Nelson
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 18 September 2013 - 02:28 PM

ESET Scan:

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1] multiple threats
C:\Program Files (x86)\FoxTabFlvPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Users\Brad Nelson\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll Win32/Toolbar.Linkury.D application cleaned by deleting - quarantined
C:\Users\Brad Nelson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1c001042-37b08b03 a variant of Java/TrojanDownloader.Agent.NDN trojan cleaned by deleting - quarantined
C:\Users\Brad Nelson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6f4ddb1a-480e0b74 Java/Exploit.Agent.OMX trojan cleaned by deleting - quarantined
C:\Users\Brad Nelson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\18187edc-45c661d4 a variant of Java/Agent.BP trojan cleaned by deleting - quarantined
C:\Windows\Installer\e7d21.msi multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1] multiple threats cleaned by deleting - quarantined
C:\Windows\Temp\INJ001\ExtensionUpdate.exe multiple threats cleaned by deleting - quarantined
 
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Brad Nelson on Wed 09/18/2013 at 13:49:20.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
 
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4042374049-3635263495-414073876-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4042374049-3635263495-414073876-1001\Software\Wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\driverscanner_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100567.FCTB000100567Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100567.FCTB000100567Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100567.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100567.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100567.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100567.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100567.FCTB000100567Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100567.FCTB000100567Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100567.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100567.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100567.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000100567.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3251747
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298578
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
 
~~~ Files
Successfully deleted: [File] C:\Windows\Tasks\driverscanner.job
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] "C:\end"
 
~~~ Folders
Successfully deleted: [Folder] C:\Users\Brad Nelson\AppData\LocalLow\FCTB000100567
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Brad Nelson\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Brad Nelson\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Brad Nelson\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Brad Nelson\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Brad Nelson\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Users\Brad Nelson\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Brad Nelson\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Users\Brad Nelson\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\gamesagogo_w3i"
Successfully deleted: [Folder] "C:\Program Files (x86)\gamesbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{04173443-FF68-426E-A1A3-D84C5B10FBF0}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{0798037F-A4F6-4A1D-8115-B3E9F6097E9D}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{09872E6A-579C-4E8A-B417-7561DC9948AB}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{186E6A9D-3F5B-4263-A155-425EAA1D033B}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{18AC063A-CCB7-4A12-ADD0-737DFCEA3478}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{1BCCC227-B7A6-4F14-9695-42684504F56E}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{208DCED2-8E24-4A0A-9668-ADC7B57379A8}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{2464B56A-3CCF-46F1-9CDD-F424C419C757}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{2711F111-5729-4968-94AB-188C7274498C}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{2875D280-DB8D-4B4C-9D60-C986B5382C4F}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{2D4DD80E-35E0-4DB2-A0CB-F4098F85A5E4}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{305B8318-FDA3-4E33-AD95-9E196D95B0D9}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{350D525F-AF82-4A68-8048-F018813FAE53}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{39A7D1B2-B3D0-47EC-8B67-09A86F645787}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{3F8A1A4C-49B2-482D-A0A5-731E74F134AB}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{4A18B585-F6CF-40CB-B29A-4453B4B13F37}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{5206B883-3BED-434F-AF16-20795C2441C9}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{5263653D-58B4-4F6E-BC68-1F22B5B8522C}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{528DA691-9FCE-459E-9B22-F944FAB44D90}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{57596F31-1B73-4887-9CE4-BFCB22B2A60B}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{5E6FFF4E-43B9-4575-8704-785AA440EF2D}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{6077DDD1-16CD-491C-B7B0-8A3118B6AEB1}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{623AD41B-7542-4DE8-9729-96E373983A60}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{63A2A770-737D-426E-9052-610CB3F91D53}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{6B0C12E8-6F25-48FC-8F03-5EBED5822BC4}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{75B33875-28E9-47FD-AA81-ADF2ACD6E70B}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{9F0179D4-DBED-4FD7-8DFF-73C6E0C21FD2}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{A24754CF-CE53-4CAD-A165-8751949003B9}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{ABEB870D-2712-4A67-B47D-636429AB363F}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{ADE81002-8739-406C-AF11-05BA8C5618F2}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{B0FF685E-5297-4557-9EBA-0AB26BB085A7}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{B220B515-60C4-402A-B589-723AFF10AAAC}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{C09682B5-775E-407E-BF8F-B44895B016CF}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{CA6D1E95-D118-4A02-AA03-06166FA9794A}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{D44C0198-6D64-4A5E-9FBB-810EEA22EE96}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{E331D516-97D2-4CE2-9966-6C8F70BC6FDA}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{F0607B46-71C4-43A9-B93A-24718F117C13}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{F252CC69-A507-435D-A36C-C8F0E619E80C}
Successfully deleted: [Empty Folder] C:\Users\Brad Nelson\appdata\local\{FDC90663-2CD1-44C2-A980-820FD5B386F7}
 
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Brad Nelson\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
 
~~~ Event Viewer Logs were cleared
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/18/2013 at 14:01:11.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
TFC:  Ran TFC and rebooted to post this.
 
NOTES:  dll.host files still running; internet explorer not open, but window keeps popping up, asking to leave or stay on page.  Task manager lists IE in processes.  I end the task and eventually, the window pops up again.  Up to three instances of IE running.  McAffee still inactive.
 
Thank you.  
 
 


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:49 AM

Posted 18 September 2013 - 10:20 PM

Hi -

The problems seem worse than first thought, so please follow these instructions for Expert help

 

Please follow the instructions in ==>This Guide<== starting at Step #6

If you cannot complete a step, skip it and continue.

 

Once the proper logs are created, then make a NEW TOPIC and post it ==>Malware Removal Logs<==


Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get.

 

If you cannot produce any of the logs, then please still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

NOTE : Please Copy / Paste all logs requested, and do not use Attach unless specifically asked -


Good luck and be very patient, as the area can get very busy.

 

If HelpBot replies to your topic, PLEASE follow Its Step One so it will report your topic to the team members.

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users