Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pro PC Cleaner and Who Knows What Else! Help remove please!


  • Please log in to reply
16 replies to this topic

#1 bisonmom2

bisonmom2

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 28 December 2014 - 09:59 PM

So my mom committed the ultimate sin and clicked on one of those pesky pop ups. :nono:    Everything went south from there.....she called the number on the screen and allowed remote access.  I am not sure what all has been installed on her computer, but do know that I am unable to remove Pro PC Cleaner.  I have searched the forums and tried what I can.  I will be ever so grateful for whatever help someone can provide.  

 

Windows Vista Basic on Compaq Presario



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 AM

Posted 29 December 2014 - 03:42 PM

Hi mom, Lets start here.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
>>>>
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


>>>>

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bisonmom2

bisonmom2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 30 December 2014 - 11:39 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/30/2014
Scan Time: 9:19:33 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.30.05
Rootkit Database: v2014.12.29.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Kay
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312602
Time Elapsed: 22 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by Kay (administrator) on 30-12-2014 at 09:49:56
Running from "C:\Users\Kay\Downloads"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
::1             localhost
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Kay-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
   Physical Address. . . . . . . . . : 00-22-69-63-CB-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3d28:bb56:1462:c030%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.11(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, December 30, 2014 8:48:52 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 31, 2014 8:23:00 AM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234889833
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-46-B2-D3-00-22-69-63-CB-AE
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-1D-72-73-30-53
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{37F59159-71A9-4BF2-96B6-837968DA59CB}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 14:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 15:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 16:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 17:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 18:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #9
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 19:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 20:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 21:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #11
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 22:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 23:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 24:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:280c:254f:f5ff:fff4(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::280c:254f:f5ff:fff4%25(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 25:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{A7D898A1-E72D-4220-B743-5E7E4CB2C068}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  10.0.0.1
 
Name:    google.com
Addresses:  173.194.115.110
 173.194.115.96
 
 
 
Pinging google.com [173.194.115.110] with 32 bytes of data:
 
Reply from 173.194.115.110: bytes=32 time=627ms TTL=51
 
Reply from 173.194.115.110: bytes=32 time=624ms TTL=51
 
 
 
Ping statistics for 173.194.115.110:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 624ms, Maximum = 627ms, Average = 625ms
 
Server:  UnKnown
Address:  10.0.0.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
 
General failure.
 
Reply from 98.138.253.109: bytes=32 time=695ms TTL=48
 
 
 
Ping statistics for 98.138.253.109:
 
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 695ms, Maximum = 695ms, Average = 695ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
 11 ...00 22 69 63 cb ae ...... Atheros AR5007 802.11b/g WiFi Adapter
 10 ...00 1d 72 73 30 53 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 27 ...00 00 00 00 00 00 00 e0  isatap.{37F59159-71A9-4BF2-96B6-837968DA59CB}
 13 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #3
 12 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 14 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #4
 15 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #5
 16 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #6
 17 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #7
 18 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #8
 20 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #9
 19 ...00 00 00 00 00 00 00 e0  Microsoft 6to4 Adapter #2
 21 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #10
 24 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #11
 22 ...00 00 00 00 00 00 00 e0  Microsoft 6to4 Adapter #3
 23 ...00 00 00 00 00 00 00 e0  Microsoft 6to4 Adapter #4
 25 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 26 ...00 00 00 00 00 00 00 e0  isatap.{A7D898A1-E72D-4220-B743-5E7E4CB2C068}
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.11     25
         10.0.0.0    255.255.255.0         On-link         10.0.0.11    281
        10.0.0.11  255.255.255.255         On-link         10.0.0.11    281
       10.0.0.255  255.255.255.255         On-link         10.0.0.11    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.11    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.11    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 25     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 25     18 2001::/32                On-link
 25    266 2001:0:5ef5:79fd:280c:254f:f5ff:fff4/128
                                    On-link
 11    281 fe80::/64                On-link
 25    266 fe80::/64                On-link
 25    266 fe80::280c:254f:f5ff:fff4/128
                                    On-link
 11    281 fe80::3d28:bb56:1462:c030/128
                                    On-link
  1    306 ff00::/8                 On-link
 25    266 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/30/2014 09:07:03 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 704
Start Time: 01d0243fb42084d2
Termination Time: 1073
 
Error: (12/30/2014 08:50:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 08:47:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (12/30/2014 08:33:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/30/2014 08:32:27 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/30/2014 08:21:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 08:33:17 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe took longer than 90000 ms to complete a request.
 
The process will be terminated.
Thread id : 4076 (0xfec)
 
Thread address : 0x772B5D14
 
Thread message : 
 
 Build VSCORE.13.3.2.125 / 5600.1067
 Object being scanned = \Device\HarddiskVolume1\ProgramData\AVAST Software\Avast\db1c8eedb7ec2569b-4cc3c3b6.dat
 by SYSTEM
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 
Error: (12/29/2014 08:04:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/28/2014 08:55:52 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe took longer than 90000 ms to complete a request.
 
The process will be terminated.
Thread id : 3432 (0xd68)
 
Thread address : 0x77415D14
 
Thread message : 
 
 Build VSCORE.13.3.2.125 / 5600.1067
 Object being scanned = \Device\HarddiskVolume1\ProgramData\AVAST Software\Avast\db1c8eedb7ec2569b-4cc3c3b6.dat
 by SYSTEM
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)
 
Error: (12/28/2014 08:26:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/30/2014 08:52:47 AM) (Source: DCOM) (User: )
Description: {57787927-8B56-4E73-A2BB-5FC76872CDA0}
 
Error: (12/30/2014 08:52:31 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (12/30/2014 08:52:26 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/30/2014 08:52:19 AM) (Source: Service Control Manager) (User: )
Description: 30000SysMain
 
Error: (12/30/2014 08:51:10 AM) (Source: Service Control Manager) (User: )
Description: Com4QLBEx%%1053
 
Error: (12/30/2014 08:51:10 AM) (Source: Service Control Manager) (User: )
Description: 30000Com4QLBEx
 
Error: (12/30/2014 08:51:09 AM) (Source: DCOM) (User: )
Description: 1053Com4QLBEx{DB536E5D-10F7-4B34-B443-140161048E2E}
 
Error: (12/30/2014 08:50:22 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (12/30/2014 08:35:09 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (12/30/2014 08:33:33 AM) (Source: Service Control Manager) (User: )
Description: aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
spldr
Wanarpv6
 
 
Microsoft Office Sessions:
=========================
Error: (01/04/2014 03:28:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-30 09:55:17.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 09:28:00.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 09:27:59.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 09:27:58.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 09:27:57.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 09:23:14.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 09:23:14.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 09:23:13.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 09:23:12.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-30 09:18:18.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
=========================== Installed Programs ============================
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FinePix Studio (HKLM\...\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}) (Version:  - )
FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.3 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.3 - FUJIFILM Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1500}) (Version: 12.21.0.114 - APN, LLC)
Shopping App by Ask (HKLM\...\{4F524A2D-5354-2D53-5045-A758B70C1200}) (Version: 12.18.0.81 - APN, LLC)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9913305E-D4AC-4D26-B30F-799D529FB282}) (Version:  - Microsoft)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7B9D2746-D03B-442B-A691-90B748E316B4}) (Version:  - Microsoft)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{7B9D2746-D03B-442B-A691-90B748E316B4}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 89%
Total physical RAM: 1978.45 MB
Available physical RAM: 212.39 MB
Total Pagefile: 4202.19 MB
Available Pagefile: 1347.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.52 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:139.71 GB) (Free:82.04 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:9.34 GB) (Free:1.69 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KAY-PC
 
Administrator            Guest                    Kay                      
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
20-11-2014 16:17:07 Windows Update
24-11-2014 15:58:53 Installed FinePixViewer
24-11-2014 16:00:10 Installed FinePixViewer
24-11-2014 16:01:46 Installed FinePixViewer Resource
24-11-2014 16:03:45 Installed FinePix Studio
26-11-2014 18:50:02 Windows Update
03-12-2014 17:42:44 Windows Update
09-12-2014 16:10:49 Windows Update
12-12-2014 14:20:47 Windows Update
12-12-2014 16:50:09 avast! antivirus system restore point
26-12-2014 01:58:42 Windows Update
26-12-2014 02:59:34 Removed Pro PC Cleaner
26-12-2014 03:02:19 Removed Pro PC Cleaner
26-12-2014 03:03:04 Removed Pro PC Cleaner
27-12-2014 19:30:42 Device Driver Package Install: ASUSTeK COMPUTER INC.
29-12-2014 14:20:09 Windows Update
30-12-2014 15:03:50 Removed Pro PC Cleaner
30-12-2014 15:19:18 Windows Update
 
**** End of log ****
 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 AM

Posted 30 December 2014 - 03:26 PM

Ok Good did you used to have McAfee installed?

Now run these and we should be OK.



.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 bisonmom2

bisonmom2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 31 December 2014 - 11:22 AM

WHEW!  That was exhausting!  Yes, she used to have McAfee installed.  I think it was probably a free trial with purchase???  I had to run the thing three times and finally in Safe Mode to get the online scanning tool to work.  The machine would completely freeze at 27%.   Somewhere in there I lost the log from Adware but have these two.  I will keep looking.
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Kay on Tue 12/30/2014 at 17:42:49.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SkinLauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SkinLauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SkinLauncherSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SkinLauncherSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Kay\documents\propccleaner"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/30/2014 at 17:52:17.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
C:\AdwCleaner\Quarantine\C\Program Files\Inbox Toolbar\Inbox.exe.vir Win32/Toolbar.Inbox.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir a variant of MSIL/MyPCBackup.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\references\VAFChecker.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\102_dealply_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\103_intext_5_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\104_jollywallet_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\105_corticas_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\108_icm_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\180_bpo_serp_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\184_noproblemppc_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\191_ciuvo_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\195_icm_convertmedia_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\15171.1726.7480_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26AAZWM0\pops_5_m[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\b32be9f8-a759-406b-955c-3a9e304c6b79\software\Cloud_Backup_Setup.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\b32be9f8-a759-406b-955c-3a9e304c6b79\software\OptimizerPro.exe Win32/SpeedingUpMyPC.I application cleaned by deleting - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\InstallerUtils.dll a variant of Win32/Packed.VMDetector.E potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\InstallerUtils2.dll Win32/Packed.VMDetector.E potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\102_dealply_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\103_intext_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\104_jollywallet_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\105_corticas_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\108_icm_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\178_revizer_ws_dynamic_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\179_revizer_p_dynamic_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\180_bpo_serp_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\184_noproblemppc_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\191_ciuvo_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\195_icm_convertmedia_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nsc2998.tmp\extensionData\plugins\93_superfish_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\nshDFD.tmp\WrapperUtils.dll Win32/Packed.ScrambleWrapper.J potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\Temp1_arcfree(1).zip\ARCFreeSetup.exe Win32/InstallMonetizer.AF potentially unwanted application deleted - quarantined
C:\Users\Kay\AppData\Local\Temp\{576A0DA5-2A1A-4564-9049-71520D3E2E5D}\setup.exe multiple threats cleaned by deleting - quarantined


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 AM

Posted 01 January 2015 - 07:44 PM

Just run it (ADW) again then.

Worth it though, we got a lot of those baddies.

Then.. >>>>
Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
How s it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 bisonmom2

bisonmom2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 02 January 2015 - 11:13 AM

Here is the Adware Scan.  
 
# AdwCleaner v4.106 - Report created 02/01/2015 at 09:39:48
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Kay - KAY-PC
# Running from : C:\Users\Kay\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16599
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [14133 octets] - [05/03/2014 16:24:09]
AdwCleaner[R1].txt - [12141 octets] - [05/03/2014 16:40:02]
AdwCleaner[R2].txt - [12202 octets] - [05/03/2014 16:48:29]
AdwCleaner[R3].txt - [1493 octets] - [15/12/2014 20:10:11]
AdwCleaner[R4].txt - [3359 octets] - [30/12/2014 17:15:14]
AdwCleaner[R5].txt - [1578 octets] - [02/01/2015 09:31:59]
AdwCleaner[S0].txt - [2082 octets] - [05/03/2014 16:30:14]
AdwCleaner[S1].txt - [12376 octets] - [05/03/2014 16:49:33]
AdwCleaner[S2].txt - [1582 octets] - [15/12/2014 20:15:49]
AdwCleaner[S3].txt - [3470 octets] - [30/12/2014 17:18:40]
AdwCleaner[S4].txt - [1503 octets] - [02/01/2015 09:39:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1563 octets] ##########


#8 bisonmom2

bisonmom2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 02 January 2015 - 01:13 PM

The popups are gone, but it is slower than dirt.  I can't seem to figure out what is bogging it down.  There are a bunch of items running at startup, but Windows Defender is preventing me from editing them.   :-(  



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 AM

Posted 02 January 2015 - 06:58 PM

Can you disable Windows Defender on Vista temporarily, try to fix those and re-enable it?

Edited by boopme, 02 January 2015 - 06:59 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 bisonmom2

bisonmom2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 03 January 2015 - 04:09 PM

Okay...worked on those.  All of the malware seems to be gone. THANK YOU!  I think what what we really need in this situation is a new computer! lol!  I appreciate all of your help!

Have a fantastic 2015



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 AM

Posted 03 January 2015 - 07:57 PM

LOL... lets check your files and system..

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.

1406373241-3-o.png


Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.

1406373250-4-o.png


Go to Step 5 and under"System Restore" click on Create button.

1406373259-5-o.png


Go to Start Repairs tab and click the Start button.

1406373267-start1-o.png


Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start Repairs button.

1406373275-start2-o.png


After the repair finished, you may be prompted to restart the computer. Please allow it to do so.

Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 bisonmom2

bisonmom2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 04 January 2015 - 09:02 AM

Here is the Tweaking log.  I am now getting a message that Malwarebytes cannot install the Rootkit driver and this may be caused by a rootkit??

 

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Basic
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: KAY-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\Kay
Current Profile SID: S-1-5-21-108536128-2216159124-968216829-1000
Current Profile Classes: S-1-5-21-108536128-2216159124-968216829-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Kay\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:23:25
 
Process Count: 86
Commit Total: 1.71 GB
Commit Limit: 4.10 GB
Commit Peak: 2.16 GB
Handle Count: 23284
Kernel Total: 166.59 MB
Kernel Paged: 121.00 MB
Kernel Non Paged: 45.59 MB
System Cache: 829.46 MB
Thread Count: 989
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.93 GB
Memory Used: 1.38 GB(71.6109%)
Memory Avail.: 561.66 MB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.93 GB
Memory Used: 984.84 MB(49.7784%)
Memory Avail.: 993.61 MB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (1/3/2015 10:29:49 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 181
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (1/3/2015 10:29:56 PM)
   Running Repair Under Current User Account
   Done (1/3/2015 10:30:24 PM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (1/3/2015 10:30:24 PM)
   Running Repair Under System Account
   Done (1/3/2015 10:47:49 PM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (1/3/2015 10:47:50 PM)
   Running Repair Under System Account
   Done (1/3/2015 10:51:08 PM)
 
03 - Reset Service Permissions
   Start (1/3/2015 10:51:08 PM)
   Running Repair Under System Account
   Done (1/3/2015 10:52:26 PM)
 
04 - Register System Files
   Start (1/3/2015 10:52:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 10:54:27 PM)
 
05 - Repair WMI
   Start (1/3/2015 10:54:27 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   avast! Antivirus Exported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
   avast! Antivirus Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (1/3/2015 11:02:20 PM)
 
06 - Repair Windows Firewall
   Start (1/3/2015 11:02:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:03:17 PM)
 
07 - Repair Internet Explorer
   Start (1/3/2015 11:03:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:04:59 PM)
 
08 - Repair MDAC/MS Jet
   Start (1/3/2015 11:04:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:06:05 PM)
 
09 - Repair Hosts File
   Start (1/3/2015 11:06:05 PM)
   Running Repair Under System Account
   Done (1/3/2015 11:06:07 PM)
 
10 - Remove Policies Set By Infections
   Start (1/3/2015 11:06:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:06:14 PM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (1/3/2015 11:06:14 PM)
   Running Repair Under System Account
   Done (1/3/2015 11:06:17 PM)
 
12 - Repair Icons
   Start (1/3/2015 11:06:17 PM)
   Running Repair Under Current User Account
   Done (1/3/2015 11:06:20 PM)
 
13 - Repair Winsock & DNS Cache
   Start (1/3/2015 11:06:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:06:59 PM)
 
15 - Repair Proxy Settings
   Start (1/3/2015 11:07:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:07:05 PM)
 
17 - Repair Windows Updates
   Start (1/3/2015 11:07:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/3/2015 11:09:12 PM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (1/3/2015 11:09:12 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (1/3/2015 11:09:12 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (1/3/2015 11:09:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:05 PM)
 
21 - Repair MSI (Windows Installer)
   Start (1/3/2015 11:10:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:24 PM)
 
23.01 - Repair bat Association
   Start (1/3/2015 11:10:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:28 PM)
 
23.02 - Repair cmd Association
   Start (1/3/2015 11:10:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:31 PM)
 
23.03 - Repair com Association
   Start (1/3/2015 11:10:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:35 PM)
 
23.04 - Repair Directory Association
   Start (1/3/2015 11:10:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:38 PM)
 
23.05 - Repair Drive Association
   Start (1/3/2015 11:10:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:42 PM)
 
23.06 - Repair exe Association
   Start (1/3/2015 11:10:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:45 PM)
 
23.07 - Repair Folder Association
   Start (1/3/2015 11:10:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:48 PM)
 
23.08 - Repair inf Association
   Start (1/3/2015 11:10:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:52 PM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (1/3/2015 11:10:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:56 PM)
 
23.10 - Repair msc Association
   Start (1/3/2015 11:10:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:10:59 PM)
 
23.11 - Repair reg Association
   Start (1/3/2015 11:10:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:11:02 PM)
 
23.12 - Repair scr Association
   Start (1/3/2015 11:11:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:11:07 PM)
 
24 - Repair Windows Safe Mode
   Start (1/3/2015 11:11:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:11:11 PM)
 
25 - Repair Print Spooler
   Start (1/3/2015 11:11:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:11:37 PM)
 
26 - Restore Important Windows Services
   Start (1/3/2015 11:11:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:12:02 PM)
 
27 - Set Windows Services To Default Startup
   Start (1/3/2015 11:12:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:12:19 PM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0
 
31 - Repair Windows 'New' Submenu
   Start (1/3/2015 11:12:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2015 11:12:23 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (1/3/2015 11:12:23 PM)
   Total Repair Time: 00:42:36
 
 
...YOU MUST RESTART YOUR SYSTEM...


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 AM

Posted 05 January 2015 - 02:50 PM

Sorry about the delay

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 bisonmom2

bisonmom2
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 January 2015 - 10:09 PM

No worries.  I appreciate the help so much!!

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-05 20:47:53
-----------------------------
20:47:53.855    OS Version: Windows 6.0.6002 Service Pack 2
20:47:53.855    Number of processors: 1 586 0xF0D
20:47:53.902    ComputerName: KAY-PC  UserName: Kay
20:48:03.269    Initialize success
20:48:03.316    VM: initialized successfully
20:48:03.316    VM: Intel CPU virtualization not supported 
20:48:07.216    AVAST engine defs: 15010501
20:48:49.968    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:48:49.968    Disk 0 Vendor: WDC_WD1600BEVT-60ZCT0 12.01A12 Size: 152627MB BusType: 3
20:48:50.093    Disk 0 MBR read successfully
20:48:50.124    Disk 0 MBR scan
20:48:50.436    Disk 0 unknown MBR code
20:48:50.436    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       143058 MB offset 63
20:48:50.545    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         9565 MB offset 292984832
20:48:50.623    Disk 0 scanning sectors +312573952
20:48:51.331    Disk 0 scanning C:\Windows\system32\drivers
20:49:23.006    Service scanning
20:49:56.579    Modules scanning
20:49:57.125    Disk 0 trace - called modules:
20:49:57.156    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
20:49:57.172    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85854968]
20:49:57.172    3 CLASSPNP.SYS[87c058b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x845ed398]
20:50:00.430    AVAST engine scan C:\Windows
20:50:06.783    AVAST engine scan C:\Windows\system32
20:57:52.404    AVAST engine scan C:\Windows\system32\drivers
20:58:13.361    AVAST engine scan C:\Users\Kay
21:01:43.700    AVAST engine scan C:\ProgramData
21:05:35.712    Disk 0 statistics 2142000/0/0 @ 2.09 MB/s
21:05:35.759    Scan finished successfully
21:08:48.035    Disk 0 MBR has been saved successfully to "C:\Users\Kay\Desktop\MBR.dat"
21:08:48.066    The log file has been saved successfully to "C:\Users\Kay\Desktop\aswMBR.txt"


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:33 AM

Posted 06 January 2015 - 11:15 PM

If you still see that MBAm rootkit message than we need to get a deeper look, by staring a new topic so we can use stronger tools.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users