Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes detected pups in scan.


  • Please log in to reply
16 replies to this topic

#1 hippiesue

hippiesue

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 July 2015 - 02:17 PM

Hello, running windows vista and my system is very slow to shutdown and sometimes a strange message will popup about trying to close a program and it goes away before I can see what it is. I ran malwarebytes and it found a bunch of pups. What should I do? Here is a text file of what it found.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/14/2015
Scan Time: 1:28:49 PM
Logfile: mwb.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.14.05
Rootkit Database: v2015.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: laura
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292257
Time Elapsed: 14 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 26
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, , [b9f46081dbaf3afc8686ac27669cb848], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, , [b9f46081dbaf3afc8686ac27669cb848], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\weather, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
 
Files: 41
PUP.Optional.SearchProtect, C:\Windows\System32\drivers\SPPD.sys, , [4b62f6ebacdea98db7d16ba9867ff10f], 
PUP.Optional.OpenCandy, C:\Users\laura\Downloads\InternationalPrimoPDF.exe, , [b4f9459cc8c248ee298b96bfa164f808], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, , [b9f46081dbaf3afc8686ac27669cb848], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\ient.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\WebDataJs, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\data.html, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE.html, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE8.html, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\main.css, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\ver.txt, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\arrow.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_add_logo.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_add_logo_hover.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_logo.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\googlelogo.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\googlelogo2.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\google_trends.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon128.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon16.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon48.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\loading.gif, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\weather\0.png, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW\messages.json, , [0f9e538ed4b64fe70bc9d2132bd7a25e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


BC AdBot (Login to Remove)

 


#2 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 14 July 2015 - 02:23 PM

Hello,

 

please download AdwCleaner by Xplode and save it to your desktop.

 

Run tool as Administrator, accept the terms and wait while it's updating database.

 

Click on Scan button to start scanning, when it finishes any detected items remove with Cleaning button.

 

It will ask you for restart, allow it to do so.

 

Attach log here .

 

 

Download JRT by Malwarebytes and save it to your desktop.

 

Run tool as Administrator, accept dislaimer and click Y to continue scanning.

 

If tool need restart, allow it to do so.

 

Attach log here.



#3 hippiesue

hippiesue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 July 2015 - 02:56 PM

# AdwCleaner v4.208 - Logfile created 14/07/2015 at 14:39:56
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (x86)
# Username : laura - LAURA-PC
# Running from : C:\Users\laura\Downloads\pc tools\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Users\laura\AppData\Roaming\v9
File Deleted : C:\Users\Public\Desktop\eBay.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\APN PIP
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16659
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M24DD803A-447D-4456-B156-EF49897D0071&SearchSource=55&CUI=&UM=6&UP=SP641C0EFB-1123-4747-B70E-48DA681D8E29&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [1633 bytes] - [14/07/2015 14:37:59]
AdwCleaner[S0].txt - [1576 bytes] - [14/07/2015 14:39:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1635  bytes] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.8 (07.14.2015:1)
OS: Windows Vista ™ Home Basic x86
Ran by laura on Tue 07/14/2015 at 14:46:27.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Program Files\GUT7178.tmp
Successfully deleted: [File] C:\Users\laura\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\laura\appdata\local\google\chrome\user data\default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\laura\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\laura\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\laura\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\laura\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  booedmolknjekdopkepjjeckmjkdpfgl,
  fgboogeaaklojbicocbcepgdjjfbmgli,
  flpcjncodpafbgdpnkljologafpionhb
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/14/2015 at 14:50:01.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

for some reason, the JRT tool said it couldn't ping and didn't update, but it did run.



#4 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 14 July 2015 - 02:59 PM

Excellent.

 

Download MiniToolbox by Farbar and save it to your desktop.

 

Run tool as Administrator and make sure that these are checked:

 

  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs

Attach log here.

 

Scan with TFC

 

Download TFC by OldTimer and save it to your desktop.

 

Run tool as Administrator and click Start to start cleaning process.

 

If tool requires restart, allow it to do so.



#5 hippiesue

hippiesue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 July 2015 - 03:04 PM

From mini tool:

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by laura (administrator) on 14-07-2015 at 15:03:34
Running from "C:\Users\laura\Downloads\pc tools"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Model: eMachines E625 Manufacturer: eMachines
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
=========================== Installed Programs ============================
 
32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
5600 (HKLM\...\{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600_Help (HKLM\...\{7DCBC3D8-8954-491D-A1B9-8C61C563B004}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (HKLM\...\{2605461E-AB2E-49F5-8A16-64B7F3595030}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\{00203668-8170-44A0-BE44-B632FA4D780F}) (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM\...\{E09575B2-498D-4C8B-A9D2-623F78574F29}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM\...\{0D2E9DCB-9938-475E-B4DD-8851738852FF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.7 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{295C8DC2-953E-3C4C-BA8E-E0B12CB70587}) (Version: 3.0.704.0 - ATI Technologies, Inc.)
BufferChm (HKLM\...\{BE77A81F-B315-4666-9BF3-AE70C0ADB057}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Catalyst Control Center Core Implementation (HKLM\...\{E601DDC5-7374-4BAC-5ECA-625459D910C0}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (HKLM\...\{B1E58B81-B607-65B5-6F95-7839E996C7EA}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Graphics Full New (HKLM\...\{480C2AF6-928F-8D8F-890B-60F423B24958}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Graphics Light (HKLM\...\{08C30E6C-9E7C-19F8-923F-29881AC96968}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (HKLM\...\{B0B7B105-66E1-4C64-770D-6DAE8D7EBCDC}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center InstallProxy (HKLM\...\{6E434AAA-24B3-8550-5EAB-4D7BF4AC5563}) (Version: 2008.1210.1623.29379 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (HKLM\...\{1601F21D-245A-6CF1-E463-D531FA5E8DE3}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (HKLM\...\{2B463FAA-B1F6-B8DD-74FC-789F1855B26A}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Czech (HKLM\...\{AE9A833A-4AFD-28A8-0D34-73CC4A49F7BA}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Danish (HKLM\...\{477461BB-6439-E292-1A63-D2E75A0C988A}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Dutch (HKLM\...\{2244A1E7-C525-5D5C-064A-18BDF00E9E7D}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Finnish (HKLM\...\{6B958F51-EFCD-B548-A387-D70C91FDD743}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization French (HKLM\...\{374A2986-A483-94E9-281A-BB6262CF51B6}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization German (HKLM\...\{616185CB-4F3F-B469-E820-F39C18812134}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Greek (HKLM\...\{1192E4DD-2A20-73BC-64B8-55A0DEB7F7DF}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Hungarian (HKLM\...\{6D5ACB46-C2D4-A72A-9576-D890EB6601F8}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Italian (HKLM\...\{88731AD7-51B3-F878-F485-0D8FCBC55C23}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Japanese (HKLM\...\{9FB7069F-53BB-CC75-ED87-2D0FC706BE3C}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Korean (HKLM\...\{3E7D43D6-8596-8F83-8A23-BDD2D347DC53}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Norwegian (HKLM\...\{4BB7B60B-5BFE-E9BD-23A5-A59BEAC9CC9A}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Polish (HKLM\...\{955B0760-04FF-90B6-FB9C-689A2DAB5E0F}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Portuguese (HKLM\...\{FF960B70-DEF5-E739-A8FB-65E60509851B}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Russian (HKLM\...\{72FBCECF-1D9B-80EE-BDA9-6A1AE7BA1B67}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Spanish (HKLM\...\{AD3735F6-99ED-07CE-369D-C8CFA60E1B69}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Swedish (HKLM\...\{C0A1B7C2-8BA5-DF18-04BE-FBC7D51DA52E}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Thai (HKLM\...\{26C85DDE-38FA-8D58-5110-19B00F46FABB}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Catalyst Control Center Localization Turkish (HKLM\...\{173FF673-515B-F94A-1ED0-9710512095D5}) (Version: 2008.1210.1623.29379 - ATI) Hidden
CCC Help Chinese Standard (HKLM\...\{B11F6E12-2EBE-666A-1A46-B844B01E1C17}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Chinese Traditional (HKLM\...\{B547E931-7B8D-A6FA-153D-07BAA8A2362F}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Czech (HKLM\...\{5285AB31-5B13-11B0-30AA-8989371C3187}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Danish (HKLM\...\{A2351C4F-AB5C-7CE7-B902-A17AE3ABCD75}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Dutch (HKLM\...\{C3EB6CE4-02C1-3D6C-35BF-E680A6A2F699}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help English (HKLM\...\{0E24362B-2091-79D5-1BF5-B2D6ABF7FB5D}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Finnish (HKLM\...\{AA66BC5E-2D8F-0281-848F-50BBBB9AC0EE}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help French (HKLM\...\{3246B736-3993-EAC8-4349-0B89E278B94F}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help German (HKLM\...\{83C5B0BD-FD82-BC9F-1AB1-97861D0FC285}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Greek (HKLM\...\{8C63F89D-8F38-26FB-9B38-BCC35EBCDEB6}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Hungarian (HKLM\...\{7F6DCE52-E736-259E-66EE-993B037A2110}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Italian (HKLM\...\{CA4EE5B1-5158-87F5-FBD8-2FAB51DBC731}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Japanese (HKLM\...\{A77B00B0-3D6B-85AB-D0F3-BD54C7327A22}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Korean (HKLM\...\{7EC5E32C-AC18-E228-BBA2-D326D462129D}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Norwegian (HKLM\...\{EC154C5D-3295-F336-4E11-BA91705B1E8A}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Polish (HKLM\...\{F174496B-5C47-92F1-C074-8369443D2433}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Portuguese (HKLM\...\{CCFB344A-638B-4EA6-3561-642F50E21384}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Russian (HKLM\...\{E0248296-8F9F-B422-2E81-88E9A8C5235C}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Spanish (HKLM\...\{BE6BAF22-649B-F0B6-A293-95FD4BBC2AD8}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Swedish (HKLM\...\{6FD64B29-3743-4B9B-2A8E-09058D6D4084}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Thai (HKLM\...\{BF1E7FE0-CBF1-95DD-7D1B-78B95E7169E5}) (Version: 2008.1210.1622.29379 - ATI) Hidden
CCC Help Turkish (HKLM\...\{E1CE24C9-FC4F-D497-A222-A40EA93F4FDA}) (Version: 2008.1210.1622.29379 - ATI) Hidden
ccc-core-static (HKLM\...\{06A8FE5C-D836-FF51-0523-A2A625AAF6F8}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Choice Guard (HKLM\...\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}) (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (HKLM\...\{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Destinations (HKLM\...\{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
eMachines Games (HKLM\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.52 - WildTangent)
eMachines Power Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.00.3004 - eMachines)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3001 - Acer Incorporated)
eMachines ScreenSaver (HKLM\...\eMachines Screensaver) (Version: 1.0.0.0309 - eMachines)
Fax (HKLM\...\{7A7DC702-DEDE-42A8-8722-B3BA724D546F}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
InterVideo WinDVD 8 (HKLM\...\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.574 - InterVideo Inc.) Hidden
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.574 - InterVideo Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Junk Mail filter update (HKLM\...\{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}) (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 0.0.05 - eMachines)
LibreOffice 4.3.0.4 (HKLM\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NoteTab Light 7 (Remove only) (HKLM\...\NoteTab Light 7_is1) (Version: 7.1 - Fookes Holding Ltd)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (HKLM\...\{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6509 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6509 - NewTech Infosystems)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5776 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20118 - Realtek Semiconductor Corp.)
Scan (HKLM\...\{1746EA69-DCB6-4408-B5A5-E75F55439CDF}) (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Skins (HKLM\...\{AAC6B463-EFFB-1C27-7191-BE816018D61E}) (Version: 2008.1210.1623.29379 - ATI) Hidden
Software Updater (HKLM\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Status (HKLM\...\{978C25EE-5777-46e4-8988-732C297CBDBD}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.3.1 - Synaptics)
Toolbox (HKLM\...\{C716522C-3731-4667-8579-40B098294500}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{FF075778-6E50-47ed-991D-3B07FD4E3250}) (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
UnloadSupport (HKLM\...\{E06F04B9-45E6-4AC0-8083-85F7515F40F7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (HKLM\...\{179C56A4-F57F-4561-8BBF-F911D26EB435}) (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 
**** End of log ****


#6 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 14 July 2015 - 03:07 PM

Uninstall Google Toolbar.

 

Uninstallation procedure:

 

Press Win key + R on your keyboard at same time and type appwiz.cpl 

 

Find entry mentioned above, select it and then choose Uninstall.

 

Have you ran TFC ?



#7 hippiesue

hippiesue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 July 2015 - 03:09 PM

Yes, I ran TFC.

 

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: laura
->Temp folder emptied: 9885043 bytes
->Temporary Internet Files folder emptied: 1103999 bytes
->Google Chrome cache emptied: 562812533 bytes
->Flash cache emptied: 419 bytes
 
User: Public
 
Will uninstall the toolbar now.


#8 hippiesue

hippiesue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 July 2015 - 03:11 PM

toolbar has been uninstalled



#9 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 14 July 2015 - 03:13 PM

Good. How is your PC now ?



#10 hippiesue

hippiesue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 July 2015 - 03:18 PM

Seems to be better. Not doing that weird thing on shutdown. Thank you so much!

 

So is there a way to look at a shutdown log or something to see what the heck that thing was?



#11 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 14 July 2015 - 03:21 PM

Glad i could help :)

 

Now do this final thing and your PC is clean :)

 

Download Delfix by XPlode and save it to your desktop.

 

Run tool as Administrator and make sure that these are checked only :

 

  • Remove disinfection tools
  • Reset system settings
  • Purge system restore

Click Run and wait until program finishes, if requires restart allow it to do so.

 

Attach log here.

 

Those logs can be found in Event Viewer.



#12 hippiesue

hippiesue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 July 2015 - 03:30 PM

# DelFix v10.8 - Logfile created 14/07/2015 at 15:23:35
# Updated 29/07/2014 by Xplode
# Username : laura - LAURA-PC
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\AdwCleaner
Deleted : C:\Users\laura\Desktop\JRT.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #395 [Windows Update | 06/25/2015 13:37:07]
Deleted : RP #396 [Scheduled Checkpoint | 06/26/2015 18:23:18]
Deleted : RP #397 [Scheduled Checkpoint | 06/28/2015 00:40:00]
Deleted : RP #398 [Windows Update | 06/28/2015 17:55:12]
Deleted : RP #399 [Scheduled Checkpoint | 06/29/2015 16:24:18]
Deleted : RP #400 [Scheduled Checkpoint | 06/30/2015 13:24:33]
Deleted : RP #401 [Scheduled Checkpoint | 07/02/2015 00:22:56]
Deleted : RP #402 [Scheduled Checkpoint | 07/02/2015 17:04:18]
Deleted : RP #403 [Windows Update | 07/03/2015 15:20:56]
Deleted : RP #404 [Scheduled Checkpoint | 07/04/2015 12:11:59]
Deleted : RP #405 [Scheduled Checkpoint | 07/05/2015 05:00:03]
Deleted : RP #406 [Scheduled Checkpoint | 07/05/2015 17:11:03]
Deleted : RP #407 [Scheduled Checkpoint | 07/06/2015 14:34:57]
Deleted : RP #408 [Windows Update | 07/07/2015 13:06:44]
Deleted : RP #409 [Scheduled Checkpoint | 07/08/2015 15:54:52]
Deleted : RP #410 [Scheduled Checkpoint | 07/09/2015 13:24:36]
Deleted : RP #411 [Scheduled Checkpoint | 07/10/2015 02:49:14]
Deleted : RP #412 [Windows Update | 07/11/2015 15:12:36]
Deleted : RP #413 [Scheduled Checkpoint | 07/13/2015 00:29:54]
Deleted : RP #414 [Scheduled Checkpoint | 07/13/2015 16:47:58]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########


#13 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 14 July 2015 - 03:32 PM

Very good. If you're curious about those logs you can check them out :

 

Run MiniToolBox as Administrator.

 

Check this setting only :

 

  • List last 10 Event Viewer Errors

Attach log here.



#14 hippiesue

hippiesue
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 July 2015 - 03:35 PM

MiniToolBox by Farbar  Version: 01-07-2015
Ran by laura (administrator) on 14-07-2015 at 15:34:41
Running from "C:\Users\laura\Downloads\pc tools"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Model: eMachines E625 Manufacturer: eMachines
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/14/2015 03:25:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {aa5e1c40-3e49-49db-9bb9-4885aa0ff4e6}
 
Error: (07/14/2015 03:16:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/14/2015 02:43:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/14/2015 03:17:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (07/14/2015 03:17:00 PM) (Source: Service Control Manager) (User: )
Description: SRTSP
SRTSPX
 
Error: (07/14/2015 03:17:00 PM) (Source: Service Control Manager) (User: )
Description: Norton Internet Security%%3
 
Error: (07/14/2015 03:16:59 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (07/14/2015 03:16:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/14/2015 03:14:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll
 
Error: (07/14/2015 03:14:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll
 
Error: (07/14/2015 03:14:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll
 
Error: (07/14/2015 02:47:20 PM) (Source: Service Control Manager) (User: )
Description: Windows Modules Installer11200001Restart the service
 
Error: (07/14/2015 02:47:19 PM) (Source: Service Control Manager) (User: )
Description: NTI Backup Now 5 Scheduler Service1
 
 
Microsoft Office Sessions:
=========================
Error: (07/14/2015 03:25:16 PM) (Source: VSS)(User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {aa5e1c40-3e49-49db-9bb9-4885aa0ff4e6}
 
Error: (07/14/2015 03:16:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe
 
Error: (07/14/2015 03:06:25 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe
 
Error: (07/14/2015 02:43:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-14 13:30:37.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-14 13:30:36.648
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-14 13:30:36.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-14 13:30:35.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-14 13:30:35.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-14 13:30:35.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-14 13:30:34.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-14 13:30:34.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-14 13:30:33.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-14 13:30:33.294
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
**** End of log ****


#15 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 14 July 2015 - 03:38 PM

Nothing serious :) That's it, no further cleaning or help required :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users