Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of virus


  • Please log in to reply
9 replies to this topic

#1 patty1213

patty1213

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:05:10 PM

Posted 17 February 2015 - 03:40 PM

I have reinstalled my software to factory settings, and it keeps windows defender and windows updates turned off. Please help to fix this, thanks Patty


Edited by hamluis, 17 February 2015 - 03:49 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 girlguru

girlguru

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 17 February 2015 - 04:05 PM

Did the factory restore install a trial version of Norton Internet Security or McAfee?  You must uninstall the trialware through Programs and Features, then download the removal tool to verify all files were removed.  Usually a non-windows antivirus will disable windows defender while it is installed.  Sometimes windows updates fail to work after a factory restore (especially for Windows 8).  Windows update fixit usually repairs the broken updates after the trialware is removed.



#3 patty1213

patty1213
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:05:10 PM

Posted 18 February 2015 - 01:52 PM

windows fix it says  dianostic error? Ive had 3 different techs, try to remove it? and this last tech said it was a catastrophic failure? I'm waiting for a call back from Gaterway to see if there is a problem with the recovery disk? But thanks for the reply



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 18 February 2015 - 08:19 PM

Can run these 2 items?
3Al62Pm.pngMiniToolBox
[list]
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • >>>

    Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by boopme, 18 February 2015 - 08:20 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 patty1213

patty1213
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:05:10 PM

Posted 18 February 2015 - 11:46 PM

 

Farbar Service Scanner Version: 17-01-2015
Ran by The Ritchie's (administrator) on 18-02-2015 at 23:44:56
Running from "C:\Users\The Ritchie's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3F7NDCY"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 19 February 2015 - 11:58 AM

Do you have the Minitool log?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 patty1213

patty1213
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:05:10 PM

Posted 19 February 2015 - 04:45 PM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by The Ritchie's (administrator) on 18-02-2015 at 23:03:43
Running from "C:\Users\The Ritchie's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3F7NDCY"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Intel® 82578DC Gigabit Network Connection = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TheRitchies-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : neo.rr.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : neo.rr.com
   Description . . . . . . . . . . . : Intel® 82578DC Gigabit Network Connection
   Physical Address. . . . . . . . . : 90-FB-A6-46-CB-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c440:ff8b:34ee:8d59%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 184.56.150.41(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Lease Obtained. . . . . . . . . . : Wednesday, February 18, 2015 1:27:07 PM
   Lease Expires . . . . . . . . . . : Thursday, February 19, 2015 9:25:46 AM
   Default Gateway . . . . . . . . . : 184.56.144.1
   DHCP Server . . . . . . . . . . . : 142.254.151.113
   DHCPv6 IAID . . . . . . . . . . . : 194050982
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-75-F0-76-90-FB-A6-46-CB-04
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.neo.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : neo.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . : neo.rr.com
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:b838:9629::b838:9629(Preferred)
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:20a9:1ed7:47c7:69d6(Preferred)
   Link-local IPv6 Address . . . . . : fe80::20a9:1ed7:47c7:69d6%14(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4009:807::100e
   173.194.46.67
   173.194.46.72
   173.194.46.78
   173.194.46.65
   173.194.46.73
   173.194.46.71
   173.194.46.64
   173.194.46.68
   173.194.46.66
   173.194.46.69
   173.194.46.70

Pinging google.com [216.58.216.238] with 32 bytes of data:
Reply from 216.58.216.238: bytes=32 time=36ms TTL=53
Reply from 216.58.216.238: bytes=32 time=33ms TTL=53

Ping statistics for 216.58.216.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 33ms, Maximum = 36ms, Average = 34ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=39ms TTL=48
Reply from 98.139.183.24: bytes=32 time=36ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 39ms, Average = 37ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...90 fb a6 46 cb 04 ......Intel® 82578DC Gigabit Network Connection
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     184.56.144.1    184.56.150.41     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     184.56.144.0    255.255.240.0         On-link     184.56.150.41    276
    184.56.150.41  255.255.255.255         On-link     184.56.150.41    276
   184.56.159.255  255.255.255.255         On-link     184.56.150.41    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     184.56.150.41    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     184.56.150.41    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13   1125 ::/0                     2002:c058:6301::c058:6301
  1    306 ::1/128                  On-link
 14     58 2001::/32                On-link
 14    306 2001:0:9d38:6ab8:20a9:1ed7:47c7:69d6/128
                                    On-link
 13   1025 2002::/16                On-link
 13    281 2002:b838:9629::b838:9629/128
                                    On-link
 11    276 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::20a9:1ed7:47c7:69d6/128
                                    On-link
 11    276 fe80::c440:ff8b:34ee:8d59/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/18/2015 11:00:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/18/2015 11:00:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/18/2015 10:57:06 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (02/18/2015 10:57:06 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))

Error: (02/18/2015 02:40:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/18/2015 02:40:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/18/2015 02:40:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/18/2015 02:40:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/18/2015 02:33:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/18/2015 02:33:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (02/18/2015 10:57:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 6 time(s).

Error: (02/18/2015 10:57:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (02/18/2015 01:45:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Error: (02/18/2015 01:45:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Error: (02/18/2015 01:45:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Error: (02/18/2015 01:45:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Error: (02/18/2015 01:45:40 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Error: (02/18/2015 01:45:37 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Error: (02/18/2015 01:45:34 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Error: (02/18/2015 01:45:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Gateway Incorporated)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.107 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Nero 9 Essentials (HKLM-x32\...\{f531dd03-45ef-45e9-ab97-2a0ab4f14907}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3008 - Gateway Incorporated)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 8119.09 MB
Available physical RAM: 6972.04 MB
Total Pagefile: 16236.34 MB
Available Pagefile: 15043.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.99 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:931.51 GB) (Free:899.78 GB) NTFS

========================= Users: ========================================

User accounts for \\THERITCHIES-PC

Administrator            Guest                    The Ritchie's           

**** End of log ****



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 19 February 2015 - 09:16 PM

Hello again, please do these..ESET may take a few hours.

cvMlKv6.pngESET Online Scanner
  • Hold down Control and click on this link to open ESET Online Scanner in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE: Sometimes if ESET finds no infections it will not create a log.
>>>
This is quick

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 patty1213

patty1213
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:05:10 PM

Posted 20 February 2015 - 10:25 PM

Thank you, for your time, but it didn't work. I think I have a clone virus, or something

 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:10 PM

Posted 20 February 2015 - 10:59 PM

Ok, let's get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users