Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot use Windows Update, suspect virus


  • Please log in to reply
41 replies to this topic

#1 karrun

karrun

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 28 February 2014 - 11:53 AM

I was trying to use Windows Update, and I keep getting the message " Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer". Of course a restart did nothing. I checked mmc.exe and Windows Update service is showing as started. I tried following instructions http://helpdeskgeek.com/windows-7/cannot-run-windows-update-on-a-windows-7-pc/   and it did nothing to help.  I also ran Malwarebytes in admin mode. It found several infections so I followed the directions, rebooted, ran again in admin mode and it was clean. But i still can't run Windows Update.

 

 



BC AdBot (Login to Remove)

 


m

#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:53 AM

Posted 28 February 2014 - 12:05 PM

Hi karrun and welcome to Bleepingcomputer! :)

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 karrun

karrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 28 February 2014 - 12:41 PM

Thanks for the fast response. Here's my log:

 

Farbar Service Scanner Version: 25-02-2014
Ran by Dell (administrator) on 28-02-2014 at 11:39:48
Running from "C:\Users\Dell\Downloads"
Microsoft Windows 7 Home Premium   (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:53 AM

Posted 28 February 2014 - 07:51 PM

:step1:
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
* Click on the Scan button.
* AdwCleaner will begin to scan your computer.
* This time click on the Clean button.
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
* Copy and paste the contents of that logfile in your next reply.
* A copy of that logfile will also be saved in the C:\AdwCleaner folder.

:step2:
Please download Junkware Removal Tool  to your desktop.

* Shut down your protection software now to avoid potential conflicts.
* Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

:step3:
Please download Minitoolbox and save to your desktop.
Close all programs, run minitoolbox and select these boxes:
* Flush DNS
* Report IE proxy settings
* Reset IE proxy settings
* Report FF proxy settings
* Reset proxy settings
* List Content of Hosts
* List last 10 Event Viewer Errors
* List Installed Programs
* List Devices (Only Problems)
* List User, partitions and memory size.
Click GO and wait, please post the log here.

What we need in your next reply:
Adwcleaner log
JRT log
Minitoolbox log

Thank you.

Edited by Sirawit, 28 February 2014 - 07:57 PM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 karrun

karrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 01 March 2014 - 10:39 AM

# AdwCleaner v3.020 - Report created 01/03/2014 at 08:58:59
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : Dell - DELL-PC
# Running from : C:\Users\Dell\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Application Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Vuze Remote toolbar
Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Dell\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\END
File Deleted : C:\Users\Dell\AppData\Local\Temp\Uninstall.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4476 octets] - [01/03/2014 08:57:12]
AdwCleaner[S0].txt - [4501 octets] - [01/03/2014 08:58:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4561 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x86
Ran by Dell on Sat 03/01/2014 at  9:03:23.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{817A9A11-B6A1-47B8-A585-BF747CAAF52A}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/01/2014 at  9:05:44.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Dell (administrator) on 01-03-2014 at 09:37:41
Running from "C:\Users\Dell\Desktop"
Microsoft Windows 7 Home Premium   (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/01/2014 09:36:47 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (03/01/2014 09:36:47 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (03/01/2014 09:36:41 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (03/01/2014 09:36:41 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (03/01/2014 09:36:35 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (03/01/2014 09:36:35 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (03/01/2014 09:36:18 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (03/01/2014 09:36:18 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (03/01/2014 09:36:04 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (03/01/2014 09:36:04 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
 
System errors:
=============
Error: (03/01/2014 09:36:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 11 time(s).
 
Error: (03/01/2014 09:36:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.
 
Error: (03/01/2014 09:36:42 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 10 time(s).
 
Error: (03/01/2014 09:36:42 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.
 
Error: (03/01/2014 09:36:36 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 9 time(s).
 
Error: (03/01/2014 09:36:36 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.
 
Error: (03/01/2014 09:36:19 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 8 time(s).
 
Error: (03/01/2014 09:36:19 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.
 
Error: (03/01/2014 09:36:05 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 7 time(s).
 
Error: (03/01/2014 09:36:05 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.
 
 
Microsoft Office Sessions:
=========================
Error: (03/01/2014 09:36:47 AM) (Source: Windows Search Service)(User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (03/01/2014 09:36:47 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (03/01/2014 09:36:41 AM) (Source: Windows Search Service)(User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (03/01/2014 09:36:41 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (03/01/2014 09:36:35 AM) (Source: Windows Search Service)(User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (03/01/2014 09:36:35 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (03/01/2014 09:36:18 AM) (Source: Windows Search Service)(User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (03/01/2014 09:36:18 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
Error: (03/01/2014 09:36:04 AM) (Source: Windows Search Service)(User: )
Description: 40x8004117fFailed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (03/01/2014 09:36:04 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader 9.1.2 (Version: 9.1.2)
AVG 2014 (Version: 14.0.3705)
AVG 2014 (Version: 14.0.4335)
AVG 2014 (Version: 2014.0.4335)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Dell Backup and Recovery Manager (Version: 1.1.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 7.4.102.103)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Google Chrome (Version: 33.0.1750.117)
Google Update Helper (Version: 1.3.22.5)
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 14.0.1468.721)
Nero 12 (Version: 12.0.02000)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp (Version: 12.0.2001)
Nero BackItUp Help (CHM) (Version: 12.0.3000)
Nero Blu-ray Player (Version: 12.0.14300)
Nero Blu-ray Player Help (CHM) (Version: 12.0.4000)
Nero Burning ROM (Version: 12.0.20000)
Nero Burning ROM Help (CHM) (Version: 12.0.3000)
Nero ControlCenter (Version: 11.0.15200)
Nero ControlCenter Help (CHM) (Version: 12.0.5000)
Nero Core Components (Version: 11.0.18100)
Nero Disc Menus Basic (Version: 12.0.11500)
Nero Effects Basic (Version: 12.0.11500)
Nero Express (Version: 12.0.20000)
Nero Express Help (CHM) (Version: 12.0.5000)
Nero Kwik Media (Version: 1.18.18200)
Nero Kwik Media Help (CHM) (Version: 12.0.4000)
Nero Kwik Themes Basic (Version: 12.0.11500)
Nero PiP Effects Basic (Version: 12.0.11500)
Nero Recode (Version: 12.0.24000)
Nero Recode Help (CHM) (Version: 12.0.4000)
Nero RescueAgent (Version: 12.0.9000)
Nero RescueAgent Help (CHM) (Version: 12.0.3000)
Nero SharedVideoCodecs (Version: 1.0.12100.2.0)
Nero Update (Version: 11.0.11800.31.0)
Nero Video (Version: 12.0.3000)
Nero Video Help (CHM) (Version: 12.0.4000)
neroxml (Version: 1.0.0)
NVIDIA Drivers (Version: 1.3)
PowerDVD DX (Version: 8.3.5424)
Prerequisite installer (Version: 12.0.0002)
Private Internet Access Support Files (Version: 1.0.0.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.2 (Version: 2.1.2)
Vuze (Version: 5.3.0.0)
Vuze Remote Toolbar v8.8 (Version: 8.8)
Welcome App (Start-up experience) (Version: 12.0.14000)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 28%
Total physical RAM: 3066.96 MB
Available physical RAM: 2179.69 MB
Total Pagefile: 6132.19 MB
Available Pagefile: 4954.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.44 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:463.81 GB) (Free:403.13 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DELL-PC
 
Administrator            Dell                     Guest                    
 
 
**** End of log ****
 


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:53 AM

Posted 02 March 2014 - 10:47 PM

:step1:

Download the fixit here : http://support.microsoft.com/kb/971058/en-us and follow the instructions in fixit. (Don't follow manual steps below.)

Please post the result of it.

 

:step2:

Get your MBAM log from here : C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd and post it.

 

:step3:

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: ESET will not produce log if no threats were found.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 karrun

karrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 03 March 2014 - 05:50 PM

I can't run the FixIt program. I get "The troubleshooter has encountered an unexpected error has cannot proceed".



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:53 AM

Posted 04 March 2014 - 10:31 PM

Please continue with step 2 and 3.

Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 karrun

karrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 05 March 2014 - 09:21 PM

I can't figure out how to attach a file, and the Malwarebytes file is quite large ad my reply kept timing out when  tried to post. But the file is largely the same listing, and is apparently becaise MWB doesn't like my VPN service. I've attached a portion of the txt file below. Like I said, the entire file is largely the same thing and is related to my vpn.

 

2014/03/05 00:00:59 -0600 DELL-PC Dell IP-BLOCK 37.221.165.196 (Type: outgoing, Port: 53718, Process: rubyw.exe)
2014/03/05 00:01:55 -0600 DELL-PC Dell IP-BLOCK 37.221.165.196 (Type: outgoing, Port: 53737, Process: rubyw.exe)
2014/03/05 00:03:00 -0600 DELL-PC Dell IP-BLOCK 37.221.165.196 (Type: outgoing, Port: 53757, Process: rubyw.exe)
2014/03/05 00:03:56 -0600 DELL-PC Dell IP-BLOCK 37.221.165.196 (Type: outgoing, Port: 53776, Process: rubyw.exe)
2014/03/05 00:05:00 -0600 DELL-PC Dell IP-BLOCK 37.221.165.196 (Type: outgoing, Port: 53795, Process: rubyw.exe)
2014/03/05 00:05:56 -0600 DELL-PC Dell IP-BLOCK 37.221.165.196 (Type: outgoing, Port: 53814, Process: rubyw.exe)
2014/03/05 00:07:00 -0600 DELL-PC Dell IP-BLOCK 37.221.165.196 (Type: outgoing, Port: 53833, Process: rubyw.exe)
2014/03/05 00:07:57 -0600 DELL-PC Dell IP-BLOCK 37.221.165.196 (Type: outgoing, Port: 53852, Process: rubyw.exe)
2014/03/05 00:09:01 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 53872, Process: rubyw.exe)
2014/03/05 00:10:05 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 53891, Process: rubyw.exe)
2014/03/05 00:11:01 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 53910, Process: rubyw.exe)
2014/03/05 00:12:05 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 53929, Process: rubyw.exe)
2014/03/05 00:13:01 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 53948, Process: rubyw.exe)
2014/03/05 00:14:06 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 53967, Process: rubyw.exe)
2014/03/05 00:15:02 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 53986, Process: rubyw.exe)
2014/03/05 00:16:06 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 54005, Process: rubyw.exe)
2014/03/05 00:17:02 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 54024, Process: rubyw.exe)
2014/03/05 00:18:07 -0600 DELL-PC Dell IP-BLOCK 93.115.85.39 (Type: outgoing, Port: 54043, Process: rubyw.exe)
2014/03/05 00:29:13 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54222, Process: rubyw.exe)
2014/03/05 00:30:09 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54243, Process: rubyw.exe)
2014/03/05 00:31:13 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54254, Process: rubyw.exe)
2014/03/05 00:32:17 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54279, Process: rubyw.exe)
2014/03/05 00:33:13 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54301, Process: rubyw.exe)
2014/03/05 00:34:18 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54320, Process: rubyw.exe)
2014/03/05 00:35:14 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54331, Process: rubyw.exe)
2014/03/05 00:36:18 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54358, Process: rubyw.exe)
2014/03/05 00:37:14 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54377, Process: rubyw.exe)
2014/03/05 00:38:19 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54396, Process: rubyw.exe)
2014/03/05 00:39:15 -0600 DELL-PC Dell IP-BLOCK 93.115.85.34 (Type: outgoing, Port: 54420, Process: rubyw.exe)
 
Here's the Eset file:
 
C:\AdwCleaner\Quarantine\C\Program Files\Application Updater\ApplicationUpdater.exe.vir a variant of Win32/Toolbar.Widgi.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe.vir a variant of Win64/Toolbar.Widgi.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\wth178.dll.vir a variant of Win32/Toolbar.Widgi.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\wthx178.dll.vir a variant of Win64/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\spg.zip.vir probably a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vuze Remote toolbar\IE\8.8\vuzeToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vuze Remote toolbar\IE\8.8\vuzeToolbarIE64.dll.vir a variant of Win64/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Dell\AppData\Local\Temp\Spigot\VuzeToolbar-stub-1.exe.vir a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Program Files\Vuze\spg.zip a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNZJKP09\vuzeToolbar[1].msi a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
C:\Users\Dell\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\Dell\AppData\Local\Temp\NeroInstallFiles\NERO20120813151223929\ISSetupPrerequisites\neroAskToolbar\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\Dell\AppData\Local\Temp\NeroInstallFiles\NERO20120813151223929\ISSetupPrerequisites\neroAskToolbar\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Users\Dell\AppData\Local\Temp\NeroInstallFiles\NERO20120813151223929\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Users\Dell\AppData\Local\Temp\NeroInstallFiles\NERO20120813151223929\ISSetupPrerequisites\neroAskToolbar\AskToolbarNRO3.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Users\Dell\Documents\Vuze Downloads\Nero 12 Platinum 12.0.020 + Patch + Key [EC].zip a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted - quarantined
C:\Users\Dell\Documents\Vuze Downloads\Ashampoo Burning Studio 12 v12.0.1 with Key [h33t][iahq76]\ashampoo_burning_studio_12_e12.0.1_sm.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Windows\Installer\3f0d7f25.msi a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
C:\Windows\Temp\vuzeToolbar.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
 


#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:53 AM

Posted 06 March 2014 - 10:24 AM

Please done these thing first when I'm finding solution for you.

:step1:
Please empty adwcleaner quarantine by open adwcleaner and click uninstall.

:step2:
Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to update Adobe flash:
  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.
:step3:
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!

:step4:
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit). 64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u51-windows-i586.exe (or jre-7u51-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

:step5:
Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Vuze remote toolbar

Additional instructions can be found here if needed.

Edited by Sirawit, 06 March 2014 - 10:28 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:53 AM

Posted 06 March 2014 - 10:38 AM

Warnings
:step1:
Going over your logs I noticed that you have Vuze installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Vuze, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

:step2:
Going over your logs, I saw illegal software in your computer.
These crack or keygen are the big source of infection to your computer, so try not to use it since you will most likely got infected again.

:step3:
Why you have 3 AVG installed? What is the last one you installed?

AVG 2014 (Version: 14.0.3705)
AVG 2014 (Version: 14.0.4335)
AVG 2014 (Version: 2014.0.4335)

Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 karrun

karrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 06 March 2014 - 08:45 PM

Thanks for the help. I've followed your advice and updated Adobe and java. I uninstalled the Nero program, Vuze, and tried to uninstall the Vuze toolbar but the uninstaller told me the feature I was trying to use was on a network resource that was unavailable. So I am assuming Vuze toolbar uninstall was not successful.

 

I am not sure about the 3 versions of AVG. I downloaded the program initially and installed. I know it has updated a few times, but I have not knowingly reinstalled it.

 

Thanks once again for your help.



#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:53 AM

Posted 08 March 2014 - 04:41 AM

OK great! :)
 
Now I will gather some information about your services and fix other problems.
 
:step1: I will guide you to reinstall AVG again.
 
1. Please download AVG installer from here. (The download will start automatically.)
2. Uninstall all AVG by using control panel > Program and features.
3. Open the installer and then follow the installer. Please aware of any special offers, deny and uncheck all of them along the way.
 
:step2: Uninstall Vuze Toolbar
 
We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.
  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Vuze (Version: 5.3.0.0)
    Vuze Remote Toolbar v8.8 (Version: 8.8)
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
:step3:
 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
Thank you.

Edited by Sirawit, 08 March 2014 - 07:22 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 karrun

karrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 08 March 2014 - 03:45 PM

Okay. I did what you asked. Again, even with Revo Uninstaller, Vuze toolbar could not be uninstalled. I got the same error that I did before, the feature I was trying to use was on a network resource that was unavailable. Here's the Tweaking log:

 

 

 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 32-bit
OS Version: 6.1.7600
OS Service Pack: 
Computer Name: DELL-PC
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\Dell
Current Profile SID: S-1-5-21-1421331162-3277474791-1128851767-1000
Current Profile Classes: S-1-5-21-1421331162-3277474791-1128851767-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Dell\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:02:50
 
Process Count: 75
Commit Total: 1.41 GB
Commit Limit: 5.99 GB
Commit Peak: 1.45 GB
Handle Count: 18289
Kernel Total: 129.16 MB
Kernel Paged: 84.17 MB
Kernel Non Paged: 44.98 MB
System Cache: 953.10 MB
Thread Count: 962
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.00 GB
Memory Used: 1.22 GB(40.7939%)
Memory Avail.: 1.77 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.00 GB
Memory Used: 1.07 GB(35.8323%)
Memory Avail.: 1.92 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Start (3/8/2014 2:17:18 PM)
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (3/8/2014 2:17:19 PM)
   Running Repair Under Current User Account
   Done (3/8/2014 2:17:23 PM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/8/2014 2:17:23 PM)
   Running Repair Under System Account
   Done (3/8/2014 2:18:11 PM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (3/8/2014 2:18:11 PM)
   Running Repair Under System Account
   Done (3/8/2014 2:18:32 PM)
 
03 - Register System Files
   Start (3/8/2014 2:18:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:19:04 PM)
 
04 - Repair WMI
   Start (3/8/2014 2:19:04 PM)
   Running Repair Under Current User Account
   Done (3/8/2014 2:21:10 PM)
 
05 - Repair Windows Firewall
   Start (3/8/2014 2:21:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:21:48 PM)
 
06 - Repair Internet Explorer
   Start (3/8/2014 2:21:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:22:30 PM)
 
07 - Repair MDAC/MS Jet
   Start (3/8/2014 2:22:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:22:45 PM)
 
08 - Repair Hosts File
   Start (3/8/2014 2:22:45 PM)
   Running Repair Under System Account
   Done (3/8/2014 2:22:48 PM)
 
09 - Remove Policies Set By Infections
   Start (3/8/2014 2:22:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:22:52 PM)
 
11 - Repair Icons
   Start (3/8/2014 2:22:52 PM)
   Running Repair Under Current User Account
   Done (3/8/2014 2:22:55 PM)
 
12 - Repair Winsock & DNS Cache
   Start (3/8/2014 2:22:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:23:22 PM)
 
14 - Repair Proxy Settings
   Start (3/8/2014 2:23:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:23:27 PM)
 
16 - Repair Windows Updates
   Start (3/8/2014 2:23:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:23:52 PM)
 
17 - Repair CD/DVD Missing/Not Working
   Start (3/8/2014 2:23:52 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (3/8/2014 2:23:53 PM)
 
18 - Repair Volume Shadow Copy Service
   Start (3/8/2014 2:23:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:01 PM)
 
20 - Repair MSI (Windows Installer)
   Start (3/8/2014 2:24:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:14 PM)
 
22.01 - Repair bat Association
   Start (3/8/2014 2:24:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:19 PM)
 
22.02 - Repair cmd Association
   Start (3/8/2014 2:24:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:24 PM)
 
22.03 - Repair com Association
   Start (3/8/2014 2:24:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:28 PM)
 
22.04 - Repair Directory Association
   Start (3/8/2014 2:24:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:33 PM)
 
22.05 - Repair Drive Association
   Start (3/8/2014 2:24:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:38 PM)
 
22.06 - Repair exe Association
   Start (3/8/2014 2:24:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:43 PM)
 
22.07 - Repair Folder Association
   Start (3/8/2014 2:24:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:47 PM)
 
22.08 - Repair inf Association
   Start (3/8/2014 2:24:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:52 PM)
 
22.09 - Repair lnk (Shortcuts) Association
   Start (3/8/2014 2:24:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:24:57 PM)
 
22.10 - Repair msc Association
   Start (3/8/2014 2:24:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:25:01 PM)
 
22.11 - Repair reg Association
   Start (3/8/2014 2:25:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:25:06 PM)
 
22.12 - Repair scr Association
   Start (3/8/2014 2:25:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:25:11 PM)
 
23 - Repair Windows Safe Mode
   Start (3/8/2014 2:25:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:25:18 PM)
 
24 - Repair Print Spooler
   Start (3/8/2014 2:25:18 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:25:35 PM)
 
25 - Restore Important Windows Services
   Start (3/8/2014 2:25:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:26:07 PM)
 
26 - Set Windows Services To Default Startup
   Start (3/8/2014 2:26:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/8/2014 2:26:18 PM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (3/8/2014 2:26:18 PM)
   Total Repair Time: 00:09:01
 
 
...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account


#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:53 AM

Posted 13 March 2014 - 01:11 AM

Sorry for delay, I'm very busy right now.

 

So you stated that you got BSOD, what is the STOP code of the bluescreen? Or you can take a picture of the bluescreen?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users