Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 lags badly on Startup


  • Please log in to reply
17 replies to this topic

#1 KJRose

KJRose

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 PM

Posted 29 April 2014 - 05:24 PM

Hello,

It pauses for a long time on "Starting Windows"  I do not get the blue screen of death, but I have to hit enter a few times... it is so very slow loading and I do not have a conjested computer. This is an ASUS laptop, on wireless. It has changed so much lately and I did not even install anything for months..

 

I rans the startup repair built into windows but it did not work...it is the same terrible...

 

Any Ideas?


Edited by hamluis, 01 May 2014 - 01:26 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:35 AM

Posted 29 April 2014 - 07:46 PM

Hi -

We can have a look at a few items first -

Once you start the computer, can you connect to the Internet OK ??

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop to run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).

 

Next -

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only post the link)



#3 KJRose

KJRose
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 PM

Posted 29 April 2014 - 08:21 PM

Here are the results to the security check and now I will work on step 2 and post the results to that too...thank you for helping me out..

 

Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 AVG PC TuneUp 2014 (en-US)
 Java Launcher 3.201 (Standard edition)
 Java 7 Update 51  
 Java version out of Date!
 Adobe Flash Player 13.0.0.206  
 Adobe Reader XI  
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

 

 

I see that it says a couple things that bother me.. one is the AVG TuneUp that I uninstalled and yet still sees... My Java is out of date and there are 2 versions of Google Chrome?


Edited by KJRose, 29 April 2014 - 08:36 PM.


#4 KJRose

KJRose
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 PM

Posted 29 April 2014 - 08:46 PM

Mini Toolbox Results:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by user (administrator) on 29-04-2014 at 18:43:13
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer:

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Intel® Centrino® WiMAX 6250 = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
add address name="Wireless Network Connection 2" address=192.168.16.2 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Kathie-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : att.net

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 64-80-99-1A-07-61
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : att.net
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
   Physical Address. . . . . . . . . : 64-80-99-1A-07-60
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::659c:301e:1164:79a7%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, April 29, 2014 6:08:17 PM
   Lease Expires . . . . . . . . . . : Wednesday, April 30, 2014 6:08:17 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 224690329
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-5D-A5-A5-F4-6D-04-19-9E-28
   DNS Servers . . . . . . . . . . . : 208.69.150.250
                                       208.69.150.252
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
   Physical Address. . . . . . . . . : 64-D4-DA-27-19-F8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : F4-6D-04-19-9E-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.att.net:

   Connection-specific DNS Suffix  . : att.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.107%18(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 208.69.150.250
                                       208.69.150.252
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:28a3:8b5:3f57:fe94(Preferred)
   Link-local IPv6 Address . . . . . : fe80::28a3:8b5:3f57:fe94%17(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  208.69.150.250

Name:    google.com.att.net
Address:  54.208.19.28


Pinging google.com [173.194.43.38] with 32 bytes of data:
Reply from 173.194.43.38: bytes=32 time=90ms TTL=52
Reply from 173.194.43.38: bytes=32 time=90ms TTL=52

Ping statistics for 173.194.43.38:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 90ms, Maximum = 90ms, Average = 90ms
Server:  UnKnown
Address:  208.69.150.250

Name:    yahoo.com.att.net
Address:  54.208.19.28


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=47ms TTL=50
Reply from 206.190.36.45: bytes=32 time=81ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 81ms, Average = 64ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...64 80 99 1a 07 61 ......Microsoft Virtual WiFi Miniport Adapter #2
 13...64 80 99 1a 07 60 ......Intel® Centrino® Advanced-N 6250 AGN
 12...64 d4 da 27 19 f8 ......Intel® Centrino® WiMAX 6250
 11...f4 6d 04 19 9e 28 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.107     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.107    281
    192.168.1.107  255.255.255.255         On-link     192.168.1.107    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.107    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.107    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.107    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 17     58 2001::/32                On-link
 17    306 2001:0:5ef5:79fd:28a3:8b5:3f57:fe94/128
                                    On-link
 13    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 18    281 fe80::5efe:192.168.1.107/128
                                    On-link
 17    306 fe80::28a3:8b5:3f57:fe94/128
                                    On-link
 13    281 fe80::659c:301e:1164:79a7/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (04/29/2014 05:32:12 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


System errors:
=============
Error: (04/29/2014 03:54:07 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (04/29/2014 02:57:29 PM) (Source: Service Control Manager) (User: )
Description: The LPT System Updater Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/28/2014 09:52:01 AM) (Source: Service Control Manager) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%2

Error: (04/28/2014 09:28:27 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/28/2014 09:27:57 AM) (Source: Service Control Manager) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%2

Error: (04/28/2014 09:27:57 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/28/2014 09:27:57 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (04/28/2014 09:27:54 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/27/2014 08:59:00 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/27/2014 08:29:25 AM) (Source: Service Control Manager) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-31 13:43:14.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-31 13:43:14.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-31 13:43:14.734
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-31 13:43:14.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-29 11:19:33.785
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-29 11:19:33.723
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 19:21:12.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-28 19:21:11.975
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
4-elements
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AdblockIE (Version: 1.2)
Adobe AIR (Version: 3.9.0.1210)
Adobe Dreamweaver CS6 (Version: 12)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.206)
Adobe Flash Player 13 Plugin (Version: 13.0.0.206)
Adobe Help Manager (Version: 4.0.244)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Adobe Widget Browser (Version: 2.0 Build 348)
Advertising Center (Version: 0.0.0.1)
Alcor Micro USB Card Reader (Version: 1.5.17.25482)
Apple Application Support (Version: 3.0.1)
Apple Mobile Device Support (Version: 7.1.1.3)
Auslogics DiskDefrag (Version: 4.5.3.0)
AVG 2014 (Version: 14.0.3931)
AVG 2014 (Version: 14.0.4577)
AVG 2014 (Version: 2014.0.4577)
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.423)
BitTorrent (Version: 7.8.2.30332)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.12)
CuteFTP 9 (Version: 9.0.5)
Cyberfox Web Browser (Version: 28.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox (Version: 2.4.11)
EasyRotator Wizard (Version: 1.0.131)
eM Client (Version: 6.0.20154.0)
ETDWare PS/2-x64 7.0.5.11_WHQL (Version: 7.0.5.11)
Fast Boot (Version: 1.0.5)
FileZilla Client 3.7.4.1 (Version: 3.7.4.1)
Flash Player Pro V5.4
Google Chrome (Version: 34.0.1847.116)
Google Update Helper (Version: 1.3.23.9)
iCloud (Version: 3.1.0.40)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2125)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.0000)
Intel® PROSet/Wireless WiMAX Software (Version: 2.01.0014)
iTunes (Version: 11.1.5.5)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java Launcher 3.201 (Standard edition)
Junk Mail filter update (Version: 16.4.3522.0110)
JunkFilterPlus (Version: 6.0.0.1167)
LPT System Updater Service (Version: 1.0.0.0)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Expression Web MUI (English) (Version: 12.0.6612.1000)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Outlook Hotmail Connector 64-bit (Version: 14.0.5118.5000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Movie Maker (Version: 16.4.3522.0110)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.20.0)
Nero 9 Essentials
Nero Express Help (Version: 9.6.2.101)
Nero Online Upgrade (Version: 1.3.0.0)
neroxml (Version: 1.0.0)
Notepad++ (Version: 6.5.5)
NTREGOPT 1.1j
PDF Settings CS5 (Version: 10.0)
Photo Gallery (Version: 16.4.3522.0110)
QuickTime 7 (Version: 7.75.80.95)
Rainbow Web 2
Simple Adblock (Version: 1.1.5)
Startup Booster v2.0 (Version: 2.0)
swMSM (Version: 12.0.0.1)
The Snow 1.0 (Version: 1.0)
ToneSync for Windows (Version: 1.2.3.309)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
Windows Live Communications Platform (Version: 16.4.3522.0110)
Windows Live Essentials (Version: 16.4.3522.0110)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3522.0110)
Windows Live Mail (Version: 16.4.3522.0110)
Windows Live MIME IFilter (Version: 16.4.3522.0110)
Windows Live Photo Common (Version: 16.4.3522.0110)
Windows Live PIMT Platform (Version: 16.4.3522.0110)
Windows Live SOXE (Version: 16.4.3522.0110)
Windows Live SOXE Definitions (Version: 16.4.3522.0110)
Windows Live UX Platform (Version: 16.4.3522.0110)
Windows Live UX Platform Language Pack (Version: 16.4.3522.0110)
Windows Live Writer (Version: 16.4.3522.0110)
Windows Live Writer Resources (Version: 16.4.3522.0110)
WinRAR 5.01 (64-bit) (Version: 5.01.0)
Xmarks for IE (Version: 127.0.160)
Your Uninstaller! 7 (Version: 7.5.2013.2)

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 3884.55 MB
Available physical RAM: 2490.2 MB
Total Pagefile: 7767.27 MB
Available Pagefile: 6177.47 MB
Total Virtual: 4095.88 MB
Available Virtual: 3982.67 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:596.07 GB) (Free:504.98 GB) NTFS

========================= Users: ========================================

User accounts for \\KATHIE-PC

Administrator            Guest                    user                     


**** End of log ****
 



#5 KJRose

KJRose
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 PM

Posted 29 April 2014 - 08:57 PM

Here is the link for spaccy:

 

http://speccy.piriform.com/results/nZziLAZZzcIBmKelc2ZvxRr



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:35 AM

Posted 29 April 2014 - 09:08 PM

Just from a very quick look, I will go over it more soon -

 

Google Chrome 33.0.1750.154  < Older Version that can be removed

Go Here if you wish to update Java.
Uninstall all old versions, and do not accept any "Free offers" with the download.
Version 7 Update 55 is my latest -

 

BitTorrent (Version: 7.8.2.30332) <<< This is where you will pick up most infections (any P2P)
Be very sure not to download programs from here or any Torrent site .........

 

Startup Booster v2.0 << Must be Uninstalled Now - - - -
They claim => ""Your PC started loading slower? There is a simple and effective solution - Startup Booster! ""
Start Up Scam .... Your system now starts up slower ???



#7 KJRose

KJRose
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 PM

Posted 29 April 2014 - 09:45 PM

Done I have uninstalled BitTorrent ( since I do not use it anyhow) and then StartUP booster,  and I uninstalled Chrome... because java  will not work on it neither will so I am using Cyberfox 64  and I guess IE again.  Still the system hangs on the spash screen where it says "windows starting" but not for as long so we are getting there.


Edited by KJRose, 29 April 2014 - 09:53 PM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:35 AM

Posted 29 April 2014 - 10:00 PM

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please post the small log back here

 

 

Important: Do not reboot your computer until you complete the next step.

 

 

Now:  Download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button. (only once)
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
• If you're ready to clean it all up.....click the Clean button. (only once)

Click on OK to agree and then OK to Reboot the computer
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.

• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.



#9 KJRose

KJRose
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 PM

Posted 30 April 2014 - 11:20 AM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/30/2014 09:13:55 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/30/2014 09:16:29 AM
Execution time: 0 hours(s), 2 minute(s), and 33 seconds(s)

 

I delted LPT Services and have to find a strong anti-virus that is free, OMG I guess I will still have to work on this but all my site files are on this computer. I run a free gamesite and a freeware site.

 

Here are the AW-Cleaner results:

 

# AdwCleaner v3.205 - Report created 30/04/2014 at 09:31:20
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user - KATHIE-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : LPTSystemUpdater

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\users\user\AppData\Local\AppsHat Mobile Apps
Folder Deleted : C:\users\user\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\users\user\AppData\Local\Pokki
Folder Deleted : C:\users\user\AppData\Local\SwvUpdater
Folder Deleted : C:\users\user\AppData\Local\webplayer
Folder Deleted : C:\users\user\AppData\Roaming\DriverCure
Folder Deleted : C:\users\user\AppData\Roaming\goforfiles
Folder Deleted : C:\users\user\AppData\Roaming\UpdaterEX
Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iss4vvms.default\Extensions\speeddial@instair.net
File Deleted : C:\END
File Deleted : C:\Windows\Tasks\bench-sys.job
File Deleted : C:\Windows\System32\Tasks\bench-sys
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX
File Deleted : C:\Windows\System32\Tasks\Your File Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904474}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iss4vvms.default\prefs.js ]


[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jrw15hy1.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Line Deleted : user_pref("browser.search.selectedEngine", "MyStart Search");
Line Deleted : user_pref("extensions.crossrider.bic", "143b17c21d754a64fe726d201594a3ad");

*************************

AdwCleaner[R0].txt - [6590 octets] - [31/08/2013 11:38:11]
AdwCleaner[R1].txt - [988 octets] - [31/08/2013 11:42:14]
AdwCleaner[R2].txt - [7371 octets] - [30/04/2014 09:20:12]
AdwCleaner[S0].txt - [6420 octets] - [31/08/2013 11:39:23]
AdwCleaner[S1].txt - [6801 octets] - [30/04/2014 09:31:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6861 octets] ##########


 


Edited by KJRose, 30 April 2014 - 11:39 AM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:35 AM

Posted 30 April 2014 - 05:38 PM

Hi -

Please run these scans first -

 

Download TDSSKiller and save it to your desktop.

* Extract (unzip) its contents to your desktop.
* Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
* If an infected file is detected, the default action will be Cure, click on Continue.
* If a suspicious file is detected, the default action will be Skip, click on Continue.
* It may ask you to reboot the computer to complete the process. Click on Reboot Now.
* If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt.

Please copy and paste the contents of that file here.

 

Although the log may say "Nothing Found", the contents may show a hidden problem

 

 

Please run an Updated Full System Scan with Malwarebytes Anti-Malware.
Note that this is a link for the New Version, and it will not look the same as the last version.

* Download Malwarebytes Anti-Malware Free and save it to your desktop
* Double click the desktop icon, click Run, then OK
* Click Next
* Select I accept the agreement then continue to click Next then finally click Install
* A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
* Click Finish
* If you are notified the Database is out of date click Update Now
* Threat scan + Rootkit scan
* Click the Settings tab >> Detection and Protection >> Detection Options, tick the box 'Scan for rootkits'.
* Click on the Scan tab,

* Click on Scan Now
* A Threat and Rootkit Scan will begin.
* With some infections, you may see this message box.
'Could not load DDA driver'
* Click 'Yes' to this message, to allow the driver to load after a restart.
* Allow the computer to restart. Continue with the rest of these instructions.
* When the scan is complete, click Apply Actions.
* Wait for the prompt to restart the computer to appear, then click on Yes.
(Copy to clipboard for pasting into forum replies)
* After the restart once you are back at your desktop, open MBAM once more.
* Click on the History tab >> Application Logs.

* Double click on the scan log which shows the Date and time of the scan just performed.
* Click 'Copy to Clipboard'

* Paste the contents of the clipboard into your reply.

 

Keep this installed and Update / Scan at least once every week.

 

 

 

How much worse or better is the computer now ?



#11 KJRose

KJRose
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 PM

Posted 30 April 2014 - 07:12 PM

Here is the malwarebytes scan.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/30/2014
Scan Time: 5:02:21 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.30.12
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272224
Time Elapsed: 13 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.StartSavin.A, HKU\S-1-5-21-1681102245-784287499-51758667-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}, , [b1d3e749740737ff2e003de013ef46ba],
PUP.Optional.weDownload.A, HKLM\SOFTWARE\WOW6432NODE\The weDownload Manager, , [4044240ca0db3df9fafa71154fb3bc44],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, , [01830828215a6ec84ed54859d42f16ea],
PUP.Optional.weDownload.A, HKU\S-1-5-21-1681102245-784287499-51758667-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager, , [671d1f11473496a0196868150af8be42],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1681102245-784287499-51758667-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, , [4341b878413ad5614fb0c2bf946e32ce],

Registry Values: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 2052456342355378175, , [01830828215a6ec84ed54859d42f16ea]
PUP.Optional.LPT.A, HKU\S-1-5-21-1681102245-784287499-51758667-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, file://C:/Program%20Files%20(x86)/LPT/NewConfig.txt, , [3c482d03265591a5497110663ec402fe]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-Updater removing.job, , [9ee6ff31552661d544785c2fe919ee12],

Physical Sectors: 0
(No malicious items detected)


(end)

 

How do you remove a PUP ?



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:35 AM

Posted 30 April 2014 - 07:29 PM

You have "PUP: Enabled" in the MBAM scan, so try a Reboot and see if it has gone (Rescan)

 

Normally we find that AdwCleaner or Junkware Removal Tool removes most of these, but that is why I asked for the extra scans.

 

PUP = Potentially Unwanted Program - They may not all be bad, but I prefer to remove them.

The scope of this new "wording" in most programs is at times a bit too wide, and not defining enough at times.

 

After you finish, please clean up with this -

Please download Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:35 AM

Posted 30 April 2014 - 09:41 PM

I needed to go back and check over your logs for a consistant error, and found this =>

ERROR: handle_resolve_request bad interfaceIndex (Numbered for each error)

It resolves as (Source: Bonjour Service) (User: ) This is your iTunes setup, and the most common result was below.

 

Apparently, this is a common problem - lots of articles about iTunes/Bonjour and Win7 64bit not handshaking well...

 

For this to work you must set the Service to Manual and not Automatic.

Go - Start Orb > Control Panel > Administrative Tools > Services > Now find Bonjour Service if it is listed under Normal or Extended Services, and change the start up setting to Manual, so it will not take over on Start-up ! !
 

I remrmbered that I had Fully removed this from my computer quite a while back.



#14 KJRose

KJRose
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:35 PM

Posted 01 May 2014 - 11:28 AM

I saw that too and I disabled it and then this morning went back in and put it on manuel because I need it for my iphone.. Now I will reboot but it does appear that the computer works like a top now! Thank you so very much Noknojon for all your patience and help!

 

I also ran Junk removal tool after everything else and finially got rid of a couple laggers that hid.. here is the result of it:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by user on Wed 04/30/2014 at 17:42:58.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\bobylyrics
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\super_lyrics
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1681102245-784287499-51758667-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\getrighttogo"
Failed to delete: [Folder] "C:\Users\user\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/30/2014 at 17:49:57.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:35 AM

Posted 01 May 2014 - 06:01 PM

Hi KJRose -

It seems like we may have quietened things down for a while.

Still run TFC at least once a week and Update then run Malwarebytes every few days.

 

I will keep an eye on this for a few days till we are all happy -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users