Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help getting computer back to normal


  • Please log in to reply
10 replies to this topic

#1 JohnBoi

JohnBoi

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 February 2014 - 07:31 PM

OK. So I have a freinds computer to fix. It was infected with some trash. It can be read about here..http://www.bleepingcomputer.com/forums/t/519918/antivirus-security-pro/  

 

I was able to get rid of it (I think)  but now I am trying to get everything back to Normal. All the small things like putting icons back on the desktop and having everything run normal. 

 

All of your help will be greatly appreciated.

 

John



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:15 AM

Posted 07 February 2014 - 08:39 PM

Hi -

Please follow these few instructions and Copy and Paste the results here.

Download all programs to Desktop to run them - XP users double click on programs to run them,

Vista/Windows 7/8 users right-click and select Run As Administrator.

 

First -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox and run it.
Checkmark following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Next -

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

At most the tool will run for about 2 minutes

Copy / Paste the logs back here.

 

Important: Do not reboot your computer until you complete the next step.

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

* Check the list of programs you will be removing.
* NOW - Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.

* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



#3 JohnBoi

JohnBoi
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 10 February 2014 - 09:27 PM

Hi Aussie,

 

Sorry it took so long for me to get back to you.

 

Here are the logs you requested:

 

Screen317 Security Check:

 

 Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Google Chrome 31.0.1650.63 
 Google Chrome 32.0.1700.107 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

 

 

MiniToolBox:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Owner (administrator) on 10-02-2014 at 21:04:27
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/14/2014 09:08:54 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgCx_SC1.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgCx_SC1.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/14/2014 09:08:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000006
Fault offset: 0x000000000001d859
Faulting process id: 0x348
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (01/14/2014 08:19:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam-chameleon.exe, version: 0.0.0.0, time stamp: 0x502ba4ec
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003b42d
Faulting process id: 0xd38
Faulting application start time: 0xmbam-chameleon.exe0
Faulting application path: mbam-chameleon.exe1
Faulting module path: mbam-chameleon.exe2
Report Id: mbam-chameleon.exe3

Error: (01/13/2014 09:00:37 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgCx_SC1.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgCx_SC1.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/13/2014 09:00:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000006
Fault offset: 0x000000000001d859
Faulting process id: 0x35c
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (01/13/2014 08:29:30 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/06/2014 06:35:18 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgCx_SC1.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgCx_SC1.db

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/06/2014 06:35:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000006
Fault offset: 0x000000000001d859
Faulting process id: 0x364
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (01/05/2014 07:00:00 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/05/2014 04:05:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

System errors:
=============
Error: (02/10/2014 08:56:44 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service hung on starting.

Error: (02/10/2014 08:52:08 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:00:12 PM on ?1/?22/?2014 was unexpected.

Error: (01/16/2014 00:52:28 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/16/2014 00:52:26 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/16/2014 00:52:25 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/16/2014 00:52:23 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/16/2014 00:52:21 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/16/2014 00:52:19 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/16/2014 00:52:17 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/16/2014 00:52:16 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (01/14/2014 09:08:54 PM) (Source: Application Error)(User: )
Description: C:\Windows\Prefetch\AgCx_SC1.dbHost Process for Windows ServicesC000009C3

Error: (01/14/2014 09:08:54 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000001d85934801cf1192474baa03C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dllfb2f9d21-7d89-11e3-81d2-6431501d7a29

Error: (01/14/2014 08:19:31 PM) (Source: Application Error)(User: )
Description: mbam-chameleon.exe0.0.0.0502ba4ecole32.dll6.1.7601.175144ce7b96fc00000050003b42dd3801cf10c85b88882cC:\Users\Owner\Documents\mbam-chameleon-1.62.1.1000\mbam-chameleon.exeC:\Windows\syswow64\ole32.dll15274e76-7d83-11e3-b418-6431501d7a29

Error: (01/13/2014 09:00:37 PM) (Source: Application Error)(User: )
Description: C:\Windows\Prefetch\AgCx_SC1.dbHost Process for Windows ServicesC000009C3

Error: (01/13/2014 09:00:37 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000001d85935c01cf10c6a9ea4097C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dlla8e8817d-7cbf-11e3-b418-6431501d7a29

Error: (01/13/2014 08:29:30 PM) (Source: Windows Backup)(User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/06/2014 06:35:18 PM) (Source: Application Error)(User: )
Description: C:\Windows\Prefetch\AgCx_SC1.dbHost Process for Windows ServicesC000009C3

Error: (01/06/2014 06:35:18 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000001d85936401cf0b3522dce65eC:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll331ec90b-772b-11e3-bc45-6431501d7a29

Error: (01/05/2014 07:00:00 PM) (Source: Windows Backup)(User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/05/2014 04:05:51 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

=========================== Installed Programs ============================

Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 7.6.11.10)
Blio (Version: 2.0.5350)
Bonjour (Version: 1.0.104)
Broan Right-Suite Universal
C4USelfUpdater (Version: 1.00.0000)
center (Version: 6.2.5.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DriverUpdate (Version: 2.2.30452)
Elevated Installer (Version: 2.1.13)
essentials (Version: 6.0.14.0)
Garmin BaseCamp (Version: 4.1.2)
Garmin City Navigator North America NT 2013.10 Update (Version: 16.10.0.0)
Garmin City Navigator North America NT 2013.40 Update (Version: 16.40.0.0)
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin MapInstall (Version: 4.0.1)
Garmin Update Service (Version: 2.1.13)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.4)
Garmin WebUpdater (Version: 2.5.5)
Google Chrome (Version: 32.0.1700.107)
Google Earth Plug-in (Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.3)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Connect Solutions (Version: 1.0.0.4)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Desktop Keyboard (Version: 1.0.0.13)
HP MAINSTREAM KEYBOARD (Version: 1.4.3.0)
HP Odometer (Version: 2.10.0000)
HP Remote Solution (Version: 1.1.14.0)
HP Setup (Version: 1.2.4093.3340)
HP Support Assistant (Version: 7.0.39.15)
HP Support Information (Version: 10.1.0002)
HP Vision Hardware Diagnostics (Version: 2.1.6.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2119)
InterVideo WinDVD 8 (Version: 8.5.10.84)
Junk Mail filter update (Version: 15.4.3502.0922)
Kodak AIO Printer (Version: 7.0.3.0)
KODAK AiO Software (Version: 7.6.12.20)
LaserCalc.NET (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.10)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET 2.0 AJAX Extensions 1.0 (Version: 1.0.61025)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC90_CRT_x86 (Version: 1.0.0)
Mocha TN5250 for Vista (Version: 1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
ocr (Version: 6.2.3.50)
PC SpeedScan Pro (Version: 7.5.3)
PDF Complete Special Edition (Version: 4.0.57)
Performance Center (Version: 2.40)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PreReq (Version: 6.2.4.0)
PressReader (Version: 5.10.621.0)
PrintProjects (Version: 1.0.0.9282)
Realtek High Definition Audio Driver (Version: 6.0.1.6463)
Recovery Manager (Version: 5.5.2926)
Right-Suite Residential PE/BE
ShopAtHome.com Toolbar
Sony RAW Driver (Version: 2.0.00.08130)
Touch The Sky
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
WD SmartWare (Version: 1.1.0.2)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Xobni
Xobni Core (Version: 1.0.0)
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4 (Version: 4.0.3184)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 4061.24 MB
Available physical RAM: 1683.8 MB
Total Pagefile: 8120.66 MB
Available Pagefile: 5599.25 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.65 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:453.11 GB) (Free:385.14 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.56 GB) (Free:1.5 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-HP

Administrator            Guest                    Owner                   

**** End of log ****

 

 

 

 

RKill:

 

 

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/10/2014 09:06:11 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * Your %Temp% folder is set to C:\Windows\TEMP, which can be dangerous. Skipping termination for this folder.
 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Advanced Explorer Setting Removed:  HideIcons [HKCU]

Backup Registry file created at:
 C:\Users\Owner\Desktop\rkill\rkill-02-10-2014-09-06-14.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/10/2014 09:06:27 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

 

 

 

 

AdwCleaner:

 

 

# AdwCleaner v3.018 - Report created 10/02/2014 at 21:12:19
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [13417 octets] - [15/01/2014 23:25:26]
AdwCleaner[R1].txt - [883 octets] - [10/02/2014 21:09:39]
AdwCleaner[S0].txt - [12977 octets] - [15/01/2014 23:27:12]
AdwCleaner[S1].txt - [805 octets] - [10/02/2014 21:12:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [864 octets] ##########

 

 

 

 

Thanks again for your help!!!!
 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:15 AM

Posted 10 February 2014 - 09:56 PM

IMPORTANT - PC SpeedScan Pro (Version: 7.5.3) Warning, multiple anti-virus scanners have detected possible malware in PC SpeedScan Pro.
PC SpeedScan Pro has been found to be bundled with 3rd party software.
Remove it from Programs and Features first.

 

Hello -
I do not see any Antivirus program installed ??

This => McAfee Security Scan Plus is just an advice service from McAfee, and not very good.

This => Malwarebytes Anti-Malware is not an Antivirus program, and is designed to run with an Antivirus program.

 

Did you think you had one or just did not bother ??

I can give you links to several Free Antivirus programs if you wish.

 

 

Many Disk errors in the report so please run a Disk Check

Run a Disk Check on your C: drive in Windows 7:
• Click Start and open Computer
• Right-click on C: (or your hard drive letter) and select Properties
• Click on the Tools tab
• Under Error-checking click the Check Now... button
• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
• Click on the Start button
• When the message box pops up, click the Schedule disk check button and Restart your computer
• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This will take (on average) 1 to 2 hours depending on your system, so please let it finish.
DO NOT force a reboot once started a you will lose data and may damage the computer
NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.
The computer will reboot to normal mode once it has completed all 5 stages -

 

 

When this finishes, please Update and run a Full Scan with Malwarebytes Anti-Malware program.

Copy and paste the log back here -



#5 JohnBoi

JohnBoi
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 11 February 2014 - 11:33 AM

So, I deleted PC SpeedScan Pro.

 

As for the no Antivirus installed, this is not my computer so I am not sure what he has. But as you say you do not see any therefore there isn't any. I would gladly put something on here for him to use.

 

And the I did all that you said and here is the log...

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Owner :: OWNER-HP [administrator]

2/11/2014 10:31:24 AM
MBAM-log-2014-02-11 (11-24-14).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390337
Time elapsed: 45 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> No action taken.

(end)



#6 JohnBoi

JohnBoi
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 11 February 2014 - 11:36 AM

As it is right now, computer seems to be running ok. I have noticed that I can not put any shortcuts on the desktop. That seems to be about the only thing out of the norm. Then again, it is not mine and I do not know what is the norm for this machine.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:15 AM

Posted 11 February 2014 - 04:09 PM

OK -

 

Do you think that we should wait for a reply from the owner ??

 

I can ask you to run several tests / scans, but the owner should make some comment ....



#8 JohnBoi

JohnBoi
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 11 February 2014 - 04:55 PM

The problem is the owner is an older man and his wife. I think if I can get it to where they can put the icons back on the desktop that they would be fine.



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:15 AM

Posted 11 February 2014 - 05:14 PM

Hi -

These are the basic directions from Microsoft to restore desktop icons.

 

Right click an empty spot on the desktop and select Personalize.

On the left side of the window, click the Change Desktop icons link.

Place a check mark in the icons that you want to be displayed on the desktop.

 

Hope this helps.



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:15 AM

Posted 11 February 2014 - 05:22 PM

The article is repeated again here -

 

1. Right click the desktop

2. Select View -> Show Desktop Icon

3. Make sure the option is checked.

I hope this helps.

 

You can check here: http://support.microsoft.com/kb/2670504



#11 JohnBoi

JohnBoi
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 11 February 2014 - 10:06 PM

noknojon,

 

 

Thank you so much for your help!!! Seems everything is going great now and now I can return his desktop back to him.

 

If he has another issue, I will start another topic. 

 

Once again, Thank you.

 

This thread can be closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users