Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't access any Admin functions


  • This topic is locked This topic is locked
11 replies to this topic

#1 ihatemicrosoft57

ihatemicrosoft57

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 13 April 2014 - 05:53 PM

Fixing my daughter's computer running Windows 7. 

 

I can't access any admin functions like Add/Delete Programs (doesn't list any programs), Windows Firewall, User Accounts, can't empty Recycle Bin, Device Manager, etc.  When I try to, the message I get is Can't find the program for the function or program doesn't exist. 

 

I tried using Kaspersky Rescue Disk and did a scan but it did not find any viruses, only adware.  I updated AVG and did a scan in safe mode and it also found no viruses. 

 

Can't access internet using Internet Explorer.  I seem to be able to using Chrome but I get a message saying AVG Internet Security has crashed.  (I'm typing this on another computer)

 

This is a Toshiba laptop.   I'd tell you more about it but I can't seem to get to it!

 

Any help is appreciated.

 

Joe



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:49 PM

Posted 14 April 2014 - 12:09 AM

Hello Joe -

Please download these to desktop and Copy and Paste the logs.

 

Tell us if you are not able to run any of these programs.

I am on my Toshiba laptop also running Windows 7, and these all work for me.

 

First -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Please download MiniToolBox to desktop and run it.
Checkmark the following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Next -

Download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
Vista / Windows 7 / 8 users right-click and select Run As Administrator
• Click on the Scan button. (only once[/I])
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
• If you're ready to clean it all up.....click the Clean button.(only once)

Note you will be asked to click OK and confirm with OK to reboot.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.

• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

Next -

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.How To Temporarily Disable Your Anti-virus
*
Double-click on JRT.exe to run the tool.
* Vista / Windows 7 / 8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.

These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

 

Now -

* Download Malwarebytes Anti-Malware Free and save it to your desktop
* Double click the desktop icon, click Run, then OK
* Click Next
* Select I accept the agreement then continue to click Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>

----------

 

** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open.

* Follow those instructions until the Malwarebytes program starts the scan

 

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

 

** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer if requested
* Copy and past the contents of MBAM.txt in your reply



#3 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 14 April 2014 - 09:38 AM

Thanks for your response!

 

I'm in the process of following your directions.  Not sure about which items to delete from AdwCleaner[R0].txt. I don't want to lose any of my daughter's school work. Here's the file:

 

# AdwCleaner v3.023 - Report created 14/04/2014 at 10:25:40

# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Liz - LIZ-PC
# Running from : C:\Users\Liz\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found C:\ProgramData\Partner
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2053 octets] - [14/04/2014 10:25:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2113 octets] ##########
 

select from AdwCleaner[R0].txt.  I don't want to delete any of my daughter's school work.  Here's the file:



#4 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 14 April 2014 - 10:59 AM

Here's the rest of the logs:

 

Results of screen317's Security Check version 0.99.81 

 Windows 7 Service Pack 1 x64 (UAC is enabled) 

 Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

 WMI entry may not exist for antivirus; attempting automatic update.

 AVG2012 successfully updated!

`````````Anti-malware/Other Utilities Check:`````````

 MVPS Hosts File 

 Spybot - Search & Destroy

 Eusing Free Registry Cleaner 

 Java™ 6 Update 27 

 Java version out of Date!

 Adobe Flash Player 12.0.0.77 

 Adobe Reader 9 Adobe Reader out of Date!

 Google Chrome 33.0.1750.146 

 Google Chrome 33.0.1750.154 

````````Process Check: objlist.exe by Laurent```````` 

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 

````````````````````End of Log``````````````````````

 

Minitoolbox results:

 

 

 

MiniToolBox by Farbar  Version: 23-01-2014

Ran by Liz (administrator) on 14-04-2014 at 10:19:00

Running from "C:\Users\Liz\Downloads"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

 

 

127.0.0.1      www.007guard.com

127.0.0.1      007guard.com

127.0.0.1      008i.com

127.0.0.1      www.008k.com

127.0.0.1      008k.com

127.0.0.1      www.00hq.com

127.0.0.1      00hq.com

127.0.0.1      010402.com

127.0.0.1      www.032439.com

127.0.0.1      032439.com

127.0.0.1      www.0scan.com

127.0.0.1      0scan.com

127.0.0.1      1000gratisproben.com

127.0.0.1      www.1000gratisproben.com

127.0.0.1      1001namen.com

127.0.0.1      www.1001namen.com

127.0.0.1      100888290cs.com

127.0.0.1      www.100888290cs.com

127.0.0.1      www.100sexlinks.com

 

There are 15472 more lines starting with "127.0.0.1"

 

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (04/14/2014 10:21:20 AM) (Source: SDWinSec.exe) (User: )

Description: Class not registered

 

Error: (04/14/2014 10:20:20 AM) (Source: SDWinSec.exe) (User: )

Description: Class not registered

 

Error: (04/14/2014 10:19:20 AM) (Source: SDWinSec.exe) (User: )

Description: Class not registered

 

Error: (04/14/2014 10:18:20 AM) (Source: SDWinSec.exe) (User: )

Description: Class not registered

 

Error: (04/14/2014 10:17:20 AM) (Source: SDWinSec.exe) (User: )

Description: Class not registered

 

Error: (04/14/2014 10:16:29 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine IEventSystem::Remove.  hr = 0x80070057, The parameter is incorrect.

.

 

Error: (04/14/2014 10:16:29 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine IEventSystem::Remove.  hr = 0x80070057, The parameter is incorrect.

.

 

Error: (04/14/2014 10:16:20 AM) (Source: SDWinSec.exe) (User: )

Description: Class not registered

 

Error: (04/14/2014 10:15:39 AM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service has failed to create the new search index. Internal error <5, 0x80040154, Failed to add plugin: Search.MapPI>.

 

Error: (04/14/2014 10:15:20 AM) (Source: SDWinSec.exe) (User: )

Description: Class not registered

 

 

System errors:

=============

Error: (04/14/2014 10:16:29 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 9 time(s).

 

Error: (04/14/2014 10:16:29 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-2147221164.

 

Error: (04/14/2014 10:14:49 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 8 time(s).

 

Error: (04/14/2014 10:14:49 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-2147221164.

 

Error: (04/14/2014 10:07:13 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 7 time(s).

 

Error: (04/14/2014 10:07:13 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-2147221164.

 

Error: (04/14/2014 10:04:26 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 6 time(s).

 

Error: (04/14/2014 10:04:26 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-2147221164.

 

Error: (04/14/2014 10:01:48 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 5 time(s).

 

Error: (04/14/2014 10:01:48 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-2147221164.

 

 

Microsoft Office Sessions:

=========================

Error: (06/16/2013 06:40:33 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 330992 seconds with 480 seconds of active time.  This session ended with a crash.

 

Error: (04/23/2013 10:27:24 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 966826 seconds with 5340 seconds of active time.  This session ended with a crash.

 

Error: (10/09/2012 10:47:46 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 181759 seconds with 14220 seconds of active time.  This session ended with a crash.

 

 

=========================== Installed Programs ============================

 

 Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)

Adobe Flash Player 12 Plugin (Version: 12.0.0.77)

Adobe Reader 9.3 (Version: 9.3.0)

Apple Application Support (Version: 2.1.7)

Apple Mobile Device Support (Version: 5.1.1.4)

Apple Software Update (Version: 2.1.3.127)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.26)

AVG 2012 (Version: 12.0.3722)

AVG 2012 (Version: 12.1.2247)

AVG 2012 (Version: 2012.1.2247)

Best Buy pc app (Version: 3.0.0.0)

Best Buy pc app (Version: 3.1.2.0)

Bonjour (Version: 3.0.0.10)

Cisco EAP-FAST Module (Version: 2.2.14)

Cisco LEAP Module (Version: 1.0.19)

Cisco PEAP Module (Version: 1.1.6)

Comcast Desktop Software (v1.2.0.9) (Version: 23)

Conexant HD Audio (Version: 4.119.0.60)

Eusing Free Registry Cleaner

Google Chrome (Version: 33.0.1750.154)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Update Helper (Version: 1.3.23.9)

iCloud (Version: 1.1.0.40)

Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)

Intel® Management Engine Components (Version: 6.0.0.1179)

Intel® Rapid Storage Technology (Version: 9.6.1.1001)

iTunes (Version: 10.6.0.40)

Java Auto Updater (Version: 2.0.6.1)

Java™ 6 Update 27 (Version: 6.0.270)

Junk Mail filter update (Version: 14.0.8117.416)

Label@Once 1.0 (Version: 1.0)

McAfee Security Scan Plus (Version: 3.8.141.11)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.30214.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

MSVCRT (Version: 14.0.1468.721)

PlayReady PC Runtime amd64 (Version: 1.3.0)

QuickTime (Version: 7.71.80.42)

Realtek USB 2.0 Card Reader (Version: 6.1.7600.30113)

Realtek WLAN Driver (Version: 2.00.0011)

SerialTrunc (Version: 2014.02.26.045520)

Spybot - Search & Destroy (Version: 1.6.2)

Synaptics Pointing Device Driver (Version: 15.0.8.1)

TOSHIBA Application Installer (Version: 9.0.1.1)

TOSHIBA Assist (Version: 3.00.11)

Toshiba Book Place (Version: 2.0.3977.0)

TOSHIBA Bulletin Board (Version: 1.6.06.64)

TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)

TOSHIBA eco Utility (Version: 1.2.11.64)

TOSHIBA Face Recognition (Version: 3.1.3.64)

TOSHIBA Hardware Setup (Version: 4.03.02.00)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)

TOSHIBA Media Controller (Version: 1.0.80.3.64)

TOSHIBA Media Controller Plug-in (Version: 1.0.4.9)

TOSHIBA PC Health Monitor (Version: 1.6.0.64)

TOSHIBA Quality Application (Version: 1.0.3)

TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)

TOSHIBA ReelTime (Version: 1.6.05.64)

TOSHIBA Service Station (Version: 2.2.9)

TOSHIBA Supervisor Password (Version: 4.03.02.00)

TOSHIBA Value Added Package (Version: 1.3.2.64)

TOSHIBA Web Camera Application (Version: 1.1.1.15)

ToshibaRegistration (Version: 1.0.4)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)

VitalSource Bookshelf (Version: 6.01.0018)

Windows Live Call (Version: 14.0.8117.0416)

Windows Live Communications Platform (Version: 14.0.8117.416)

Windows Live Essentials (Version: 14.0.8117.0416)

Windows Live Essentials (Version: 14.0.8117.416)

Windows Live Mail (Version: 14.0.8117.0416)

Windows Live Messenger (Version: 14.0.8117.0416)

Windows Live Movie Maker (Version: 14.0.8117.0416)

Windows Live Photo Gallery (Version: 14.0.8117.416)

Windows Live Sign-in Assistant (Version: 5.000.818.5)

Windows Live Sync (Version: 14.0.8117.416)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Live Writer (Version: 14.0.8117.0416)

 

========================= Memory info: ===================================

 

Percentage of memory in use: 96%

Total physical RAM: 2933.86 MB

Available physical RAM: 101.45 MB

Total Pagefile: 6315.89 MB

Available Pagefile: 480.23 MB

Total Virtual: 4095.88 MB

Available Virtual: 3994.13 MB

 

========================= Partitions: =====================================

 

1 Drive c: (TI105927W0F) (Fixed) (Total:286.29 GB) (Free:243.39 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\LIZ-PC

 

Administrator            Guest                    Liz                     

 

 

**** End of log ****

 

 

Junkware Removal log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Liz on Mon 04/14/2014 at 10:49:03.57

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\ProgramData\partner"

Successfully deleted: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"

Successfully deleted: [Folder] "C:\Users\Liz\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 04/14/2014 at 10:55:23.39


End of JRT log

 

 

 

 

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/14/2014

Scan Time: 11:38:41 AM

Logfile: MBAM.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.14.05

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Liz

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 260379

Time Elapsed: 15 min, 45 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 7

PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}, , [cb72f93190ebd95d7b5db85bdf23ca36],

PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E76B4F24-4A2F-4E65-AD36-E2AA934E547C}, , [cb72f93190ebd95d7b5db85bdf23ca36],

PUP.Optional.SerialTrunc.A, HKU\S-1-5-21-792922752-1770347979-3772404051-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E76B4F24-4A2F-4E65-AD36-E2AA934E547C}, , [cb72f93190ebd95d7b5db85bdf23ca36],

PUP.Optional.SerialTrunc.A, HKU\S-1-5-21-792922752-1770347979-3772404051-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E76B4F24-4A2F-4E65-AD36-E2AA934E547C}, , [cb72f93190ebd95d7b5db85bdf23ca36],

PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SerialTrunc, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, HKLM\SOFTWARE\WOW6432NODE\SerialTrunc, , [96a7f931d0ab58de990097dff1110ff1],

PUP.Optional.SerialTrunc.A, HKU\S-1-5-21-792922752-1770347979-3772404051-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SerialTrunc, , [d16cfb2f0d6e6fc7b9dfd2a4a35fc23e],

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 4

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\plugins, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\TEMP, , [82bbd159ccaff541a3f41165e0229868],

 

Files: 7

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\SerialTrunc.ico, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\7za.exe, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\SerialTruncUninstall.exe, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\updateSerialTrunc.InstallState, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\7za.exe, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\BrowserAdapterS.7z, , [82bbd159ccaff541a3f41165e0229868],

PUP.Optional.SerialTrunc.A, C:\Program Files (x86)\SerialTrunc\bin\utilSerialTrunc.InstallState, , [82bbd159ccaff541a3f41165e0229868],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:49 PM

Posted 14 April 2014 - 05:07 PM

 Please uninstall these 2 programs =>
Spybot - Search & Destroy (Version: 1.6.2) This is old version, and should not run with AVG.
 Eusing Free Registry Cleaner - Any registry cleaner will cause more damage than good.

 

Please Update your AVG to a more current Free version ( AVG 2012 )

 

Java™ 6 Update 27 Java version out of Date!
Note : Java is now Version7 Update51 Untick any Free offers as they are not Java related

All old versions of Java should be removed from Programs and Features first.

 

Your main Error has no direction for me to follow and is too vague. "Description: Class not registered."
Some say it is due to the over-use of Registry Cleaners.

 

I would run "Clean" on AdwCleaner, as we can restore any items that seem to be missing.

Just do not delete the full AdwCleaner program yet ..............

See Below =>

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.

• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

The clean out by Malwarebytes Anti-Malware may help quite a bit -

 

 

Below seems to show overloading of the system, so we will add another scan at the end.

 

It shows 3GIG of RAM installed and only 4% available for working ................

Percentage of memory in use: 96% Note

Total physical RAM: 2933.86 MB Note

Available physical RAM: 101.45 MB Note

If this is correct, you need to uninstall quite a few of the "extra" programs or save them to CDs / DVDs / USB sticks.

 

The computer will not Defrag or perform many normal functions, and will always show "Cannot access xxxx programs"

 

EDIT - Compare it to mine - Physical Memory
 Memory Usage 35 % Note
 Total Physical 2.99 GB Note
 Available Physical 1.93 GB Note
 Total Virtual 5.98 GB
 Available Virtual 4.71 GB

 

 

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Direction (only post the Speccy link)


Edited by noknojon, 14 April 2014 - 05:14 PM.


#6 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 14 April 2014 - 06:24 PM

http://speccy.piriform.com/results/wnKQu7iKWsDp0tqVfgCr4DB

 

 

The only way I can delete a program is to go into C drive and delete the program folder.  Is this acceptable?

 

Here is the AdwCleaner file:

 

# AdwCleaner v3.023 - Report created 14/04/2014 at 13:49:11

# Updated 01/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Liz - LIZ-PC

# Running from : C:\Users\Liz\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16521

 

 

-\\ Google Chrome v33.0.1750.154

 

[ File : C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2201 octets] - [14/04/2014 10:25:40]

AdwCleaner[R1].txt - [1826 octets] - [14/04/2014 13:46:32]

AdwCleaner[S0].txt - [1710 octets] - [14/04/2014 13:49:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1770 octets] ##########



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:49 PM

Posted 15 April 2014 - 12:30 AM

Hi -

The only way I can delete a program is to go into C drive and delete the program folder.  Is this acceptable?

Yes any method of program removal is OK, as long as we get rid of a few ................

 

I am not sure if you got a bad download of Speccy, but please try to remove a few un-needed programs first.

 

Now try to remove / uninstall your copy of Speccy and download a fresh one.

 

Follow the directions again, and try to repost a new link. Just added the directions again.

Publish a Snapshot using Speccy << Follow These Directions

 

(sorry to be a pest)

Please update us on how the computer is after this -



#8 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 15 April 2014 - 03:51 AM

Before I attempt these steps (I'm typing this on another computer) one thing that really concerns me is: can the affected computer infect other computers on my home network?  It's a wireless connection.  I've been using computers for over 20 years and I've never seen one behave like this.

 

Also, the only way I can uninstall anything is to use a Kaspersky boot disk and delete manually.  I haven't tried it in safe mode yet.



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:49 PM

Posted 15 April 2014 - 05:15 AM

>> can the affected computer infect other computers on my home network? << Not generally as you have described.

From the results, it shows that you have now cleaned out the main infections so it only leaves overloading -

 

The main (only) problem that I can see, is simply that the laptop is overloaded.

 

This is all that you need to reduce for now. A computer with these details (below) will not work.

You can not lift 1,000 pounds with 1 hand. Your computer is trying to do the same thing, but with too many programs.


It shows 3GIG of RAM installed and only 4% available for working ................

Percentage of memory in use: 96% Note

Total physical RAM: 2933.86 MB Note

Available physical RAM: 101.45 MB Note

 

If you do not think that you have cleaned out the infections yet, then you can make a new topic in the Experts area.

 

This is an alternate method to follow if you wish for help from the Experts Malware Removal area.

 

Please Fully read and follow the instructions in the Preparation Guide starting at Step #6.

 

If you are unable to complete any step, please post the topic and leave a full description of your problems

 

When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

 

 Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

 

 If Help Bot responds to your topic, please follow his Step #1 so the team will be notified.

 

 After doing this, please reply back in this thread with a link to the new topic so we can close this one.



#10 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 15 April 2014 - 06:25 AM

Here's the new report from Speccy

 

http://speccy.piriform.com/results/eZWrDAvJQMecupdi7Ahc3KB:

 

The computer seems to be the same.  Still can't access any control functions including delete.

 

How do I know which programs to delete since I can't tell what's running and taking up all the memory?  I honestly don't know what to do.



#11 ihatemicrosoft57

ihatemicrosoft57
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 15 April 2014 - 02:42 PM

I posted my problem in the Malware removal forum as you asked.
 
This is the link:

http://www.bleepingcomputer.com/forums/t/531161/cannot-access-any-admin-functions-in-windows-7-computer/

#12 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:49 PM

Posted 15 April 2014 - 03:25 PM

Since you have now posted in MRL this topic is closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users