Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Pc Cleaner Pro, Help Meeeeee !


  • Please log in to reply
39 replies to this topic

#1 Vocals4me

Vocals4me

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 21 June 2015 - 05:10 AM

Hi folks,  :hello: I'm a newbie here.... really hoping someone can help me out with my badly infected laptop.  It is a Dell D531,(Windows XP ) worked great until it got infested with this nasty thing called PC Cleaner Pro, now I can hardly use it at all, it is slow , malfunctioning, pop ups, the lot ....

Tried, really hard, to clear the nasties myself, but just aint happening ...   I did,however, manage to find out my comp has 111  PC Cleaner  Pro chunks of do do on it.... :angry:

If it wasn't for the sake of another Dell I still got, (  really old machine with the lid coming off..... )

  I wouldn't be able to get online at all.....

 

I am so darn pissed over this ... Help me, somebody, Please !   :(  

 


Edited by Orange Blossom, 21 June 2015 - 06:36 AM.
Moved to AII from XP. ~ OB


BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:02 AM

Posted 22 June 2015 - 03:58 AM

Hello  :hello: ,

 

we will try to help.

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

------

 

Download AdwCleaner by "Xplode", and save it on Desktop. 

 

* Double click to run program. 

* Click on [Scan] button and wait for program to finish. 

* Click on button [Cleaning].

Program will close all active windows. Click Ok to confirm. 

* After restart log will appear (C:\AdwCleaner[S0].txt). Copy log into this topic.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Vocals4me

Vocals4me
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 23 June 2015 - 02:32 PM

Thank you, so much, Severac, for taking the time to respond to my plea for help 

I will,most certainly, do as you advise and download ~ Mini tool box and Adw Cleaner to my infected machine.  However, I have to  admit  that I will have trouble saving the logs to my computer, I have not done that kind of thing before. 

 

Could you describe, in untech speech,please,  " baby steps " ( like you're talking to a five year old   :blush:

 exactly how I am to save these logs  ?  :huh:    Without more precise detail I am sure to make a mistake ....

 



#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:02 AM

Posted 23 June 2015 - 05:35 PM

Hi Vocals4me,

 

it will be easy to post logs, because they will appear on your screen by themselves after you run programs as I said.

First run MiniToolBox, after the log appears, you can select the whole log with mouse, right click->copy and after that, click here to Reply, do a right click here and press past. Log should appear here.

Same procedure is for AdwCleaner.

 

It is simple, you will se.  :thumbup2:


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 Vocals4me

Vocals4me
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 24 June 2015 - 01:59 PM

Thank you ! back soon ...  :)         ...........   ( runs off to follow advice ....)  .... :busy:



#6 Vocals4me

Vocals4me
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 June 2015 - 09:46 AM

MiniToolBox by Farbar  Version: 22-06-2015
Ran by Dell D531 (administrator) on 25-06-2015 at 15:37:34
Running from "C:\Users\Dell D531\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: Latitude D531 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DellD531-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-1C-26-26-BD-68
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-1A-6B-3E-91-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
   Physical Address. . . . . . . . . : 00-1C-26-26-BD-68
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::15b0:b873:541b:2776%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 25 June 2015 15:04:13
   Lease Expires . . . . . . . . . . : 28 June 2015 15:04:13
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 218111014
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-B8-34-7E-00-1C-23-84-8C-03
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Physical Address. . . . . . . . . : 00-1C-23-84-8C-03
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{CF4B4AE7-E790-4898-BA64-F38EED5A3E66}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  2a00:1450:4009:800::200e
      216.58.208.78


Pinging google.com [216.58.208.78] with 32 bytes of data:
Reply from 216.58.208.78: bytes=32 time=38ms TTL=54
Reply from 216.58.208.78: bytes=32 time=38ms TTL=54

Ping statistics for 216.58.208.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 38ms, Average = 38ms
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=211ms TTL=47
Reply from 206.190.36.45: bytes=32 time=213ms TTL=47

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 211ms, Maximum = 213ms, Average = 212ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...00 1c 26 26 bd 68 ......Microsoft Virtual WiFi Miniport Adapter
 13...00 1a 6b 3e 91 f0 ......Bluetooth Device (Personal Area Network)
 11...00 1c 26 26 bd 68 ......Dell Wireless 1390 WLAN Mini-Card
 10...00 1c 23 84 8c 03 ......Broadcom NetXtreme 57xx Gigabit Controller
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 27...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    281
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::15b0:b873:541b:2776/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/10/2015 10:16:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/10/2015 10:16:13 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/22/2015 08:56:08 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/22/2015 08:56:08 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/22/2015 08:50:09 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/22/2015 08:50:09 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/18/2015 10:45:39 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0xc80
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/14/2015 08:44:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8bfa
Exception code: 0xc000000d
Fault offset: 0x000000000006ec12
Faulting process id: 0x774
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (05/14/2015 11:52:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8bfa
Exception code: 0xc000000d
Fault offset: 0x000000000006ec12
Faulting process id: 0x5f8
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (05/14/2015 11:25:07 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 37.0.2.5583 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ff0

Start Time: 01d08e2fc8aa1808

Termination Time: 312

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 4b232f77-fa23-11e4-a238-001a6b3e91f0


System errors:
=============
Error: (06/25/2015 03:04:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswSnx

Error: (06/25/2015 03:04:14 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.

Error: (06/25/2015 03:01:29 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056

Error: (06/25/2015 02:59:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/25/2015 02:59:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/25/2015 02:59:41 PM) (Source: DCOM) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (06/25/2015 02:59:39 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/25/2015 02:59:39 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%1053

Error: (06/25/2015 02:59:39 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

Error: (06/25/2015 02:59:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/10/2015 10:16:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (06/10/2015 10:16:13 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/22/2015 08:56:08 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/22/2015 08:56:08 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/22/2015 08:50:09 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/22/2015 08:50:09 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/18/2015 10:45:39 AM) (Source: Application Error)(User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1c8001d0914e4acf167eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla3ff164a-fd42-11e4-839b-001a6b3e91f0

Error: (05/14/2015 08:44:18 PM) (Source: Application Error)(User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec1277401d08e6e59186e9fC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll9bbf3436-fa71-11e4-b807-001a6b3e91f0

Error: (05/14/2015 11:52:06 AM) (Source: Application Error)(User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec125f801d08e2de3df573eC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll42a0abd2-fa27-11e4-a238-001a6b3e91f0

Error: (05/14/2015 11:25:07 AM) (Source: Application Hang)(User: )
Description: firefox.exe37.0.2.5583ff001d08e2fc8aa1808312C:\Program Files (x86)\Mozilla Firefox\firefox.exe4b232f77-fa23-11e4-a238-001a6b3e91f0


CodeIntegrity Errors:
===================================
  Date: 2013-05-21 18:03:26.231
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-21 18:03:26.060
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-26 13:22:09.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00180_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-23 23:16:52.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00180_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-23 23:00:17.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00180_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-23 22:51:21.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00180_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-23 22:46:06.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00180_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-23 22:38:26.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00180_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-23 22:27:54.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00180_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-23 21:44:54.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00180_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Free YouTube Downloader 4.0.365 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Inbox.com Desktop Notes (HKLM-x32\...\{035E680E-B668-472F-91F3-E850BCC5051F}_is1) (Version: 4.2.5.28 - Inbox.com, LLC)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.54 - NCH Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )

========================= Devices: ================================

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Device ID: ROOT\LEGACY_BAPIDRV\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Device ID: ROOT\IMAGE\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Device ID: ROOT\IMAGE\0001
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 1918.33 MB
Available physical RAM: 906.83 MB
Total Pagefile: 3836.66 MB
Available Pagefile: 2270.5 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.69 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.43 GB) (Free:19.33 GB) NTFS

========================= Users: ========================================

User accounts for \\DELLD531-PC

Administrator            Dell D531                Guest                    

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

16-06-2015 21:45:02 Windows Update
17-06-2015 08:32:20 Windows Update
17-06-2015 15:55:46 Windows Update
17-06-2015 21:04:11 Windows Update
18-06-2015 07:20:37 Windows Update
18-06-2015 22:13:53 Windows Update
19-06-2015 15:50:08 Windows Update
19-06-2015 22:34:07 Windows Update
23-06-2015 11:38:53 Checkpoint by HitmanPro
23-06-2015 11:42:37 Checkpoint by HitmanPro
23-06-2015 11:47:43 Windows Update
24-06-2015 09:48:27 Windows Update
24-06-2015 11:39:48 Windows Update

**** End of log ****
 



#7 Vocals4me

Vocals4me
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 June 2015 - 09:49 AM

I am still struggling to paste the ADW cleaner results on here... for some reason it won't Paste  ..... :mellow:



#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:02 AM

Posted 25 June 2015 - 09:52 AM

Can you open log file? In Notepad?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 Vocals4me

Vocals4me
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 June 2015 - 10:00 AM

# AdwCleaner v4.207 - Logfile created 25/06/2015 at 15:51:51
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Dell D531 - DELLD531-PC
# Running from : C:\Users\Dell D531\Downloads\adwcleaner_4.207(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [27457 bytes] - [17/02/2014 14:26:41]
AdwCleaner[R1].txt - [4958 bytes] - [21/04/2015 22:00:27]
AdwCleaner[R2].txt - [946 bytes] - [18/05/2015 13:31:30]
AdwCleaner[R3].txt - [1001 bytes] - [25/06/2015 14:54:37]
AdwCleaner[R4].txt - [1126 bytes] - [25/06/2015 15:49:18]
AdwCleaner[S0].txt - [4869 bytes] - [21/04/2015 22:02:45]
AdwCleaner[S1].txt - [1065 bytes] - [25/06/2015 14:59:25]
AdwCleaner[S2].txt - [1052 bytes] - [25/06/2015 15:51:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1111  bytes] ##########
 


 Did It    !      :clapping: :clapping:



#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:02 AM

Posted 25 June 2015 - 10:03 AM

Good, can you past me also another log, location is: C:\AdwCleaner\AdwCleaner[R3].txt 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 25 June 2015 - 10:18 AM

Pardon the interruption. Vocals4me, I noticed that you have SpyHunter 4 installed on your system. SpyHunter is known to be an ex-Rogueware and still have shady practices as of today. On top of being ranked very low compared to other Antimalware programs (like Malwarebytes), it also causes a lot of issues, like crippling a computer in a permanent boot-loop. There's tons of threads on BleepingComputer created by users asking how to get rid of it. I strongly suggest you to uninstall it and ask for a refund if you ever bought it.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Vocals4me

Vocals4me
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 June 2015 - 10:39 AM

Good, can you past me also another log, location is: C:\AdwCleaner\AdwCleaner[R3].txt 

 

Sorry, cannot find this download, tons of stuff comes up.... like

AdwCleaner False Positive Reporting Topic...

#13 Vocals4me

Vocals4me
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 25 June 2015 - 10:46 AM

Pardon the interruption. Vocals4me, I noticed that you have SpyHunter 4 installed on your system. SpyHunter is known to be an ex-Rogueware and still have shady practices as of today. On top of being ranked very low compared to other Antimalware programs (like Malwarebytes), it also causes a lot of issues, like crippling a computer in a permanent boot-loop. There's tons of threads on BleepingComputer created by users asking how to get rid of it. I strongly suggest you to uninstall it and ask for a refund if you ever bought it.

 

Thank you Aura for your input  !   :welcome:
I originally heard of Spyhunter 4 when I got a really terrible virus on my computer.... ( forget the name of it,but it was ~ Really, awful !    Spyhunter was the only thing out there that could tackle the infection.....

I have not purchased Spyhunter this year, but it has been  ~ Really, useful in detecting that I've got 111 Pro Cleaner nasty thngys on my comp ....   
I will delete Spyhunter from my comp, but only, IF I really have to..... I kinda keep it there.... just incase all else fails  !   .... :bananas:
 



#14 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:07:02 AM

Posted 25 June 2015 - 11:17 AM

I can agree with Aura. that you should uninstall SpyHunter.

 

------

 

If you already have MBAM 2.0 installed, run it:

 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

 

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

-------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 AM

Posted 25 June 2015 - 11:43 AM

Note :you have NO antivirus application on here.. after removing SpyHunter and rebooting install', either Avast Free or Bitdefender Free


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users