1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Honestly Dont Know whats wrong Spyware/Virus/ Had WM32

Discussion in 'Virus & Other Malware Removal' started by Lindi1970, Mar 15, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Lindi1970

    Lindi1970 Thread Starter

    Joined:
    Mar 15, 2012
    Messages:
    21
    First Name:
    Lindi
    Hello Im new to this website and would llike to Thank Any and All in Advance as I've tried everything I can think of, and can't fix my pc. Here are some details of its current behavior.

    EXTREMELY SLOW ,
    Background Blinks at times showing me the Desktop (Especially if I try to click a link or open a program)
    IE freezes so bad its almost impossible to use. Literally Minutes in between clicking or opening a page or link when trying to download the download either disappears or Never appears at all. IF I'm lucky I can get something to download and run properly.
    Upon trying to restart pc NOT shut down it Requests a Force Restart or shutdown
    anything that is open or im trying to open , its almost like each pic and/or word loads one at a time
    I did have one error when AVG was running that said Internet Explorer was using alot of resource memory warning



    I have tried MANY virus scanners and havent found much, I did however at 1 point download Stopzilla and find Windows Defender Virus, however I couldn't pay for program so it would not fix or delete it. Ive tried AVG, Malwarebytes, Ad-Aware, amd a couple others. Upon using system restore all of those programs were deleted. I did download Ad-Aware again considering the first time it didn't work, so that remains on my system. I tried to follow the instructions requestion in the "Must Read" section some worked and others didn't.

    Here is the TSG Log

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz, Intel64 Family 6 Model 15 Stepping 6
    Processor Count: 2
    RAM: 2045 Mb
    Graphics Card: NVIDIA GeForce 7300 LE (Microsoft Corporation - WDDM), 128 Mb
    Hard Drives: C: Total - 305141 MB, Free - 273782 MB;
    Motherboard: Dell Inc., 0WG864
    Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated and Enabled

    Hijack Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:56:58 PM, on 3/15/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
    C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
    C:\Program Files (x86)\Common Files\AOL\1320814659\ee\aolsoftware.exe
    C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\Program Files (x86)\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 5164 bytes

    DDS LOG

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by user1 at 10:24:39 on 2012-03-15
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
    C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files (x86)\Common Files\AOL\1320814659\ee\aolsoftware.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
    C:\Users\user1\Desktop\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com
    mWinlogon: Userinit=userinit.exe
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    uRun: [Facebook Update] "C:\Users\user1\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
    mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1320814659\ee\AOLSoftware.exe
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{4491D798-4512-441E-BA5B-64DC65FDE6E0} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{4491D798-4512-441E-BA5B-64DC65FDE6E0}\2456C6B696E6F574B2D494D4F4F575962756C6563737F5133393647313 : DhcpNameServer = 192.168.2.1
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1320814659\ee\AOLSoftware.exe
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? TsUsbFlt;TsUsbFlt
    S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
    S? Lavasoft Kernexplorer;Lavasoft helper driver
    S? Lbd;Lbd
    S? Linksys_adapter_H;Linksys Adapter Network Driver
    S? VST64_DPV;VST64_DPV
    S? VST64HWBS2;VST64HWBS2
    S? vwififlt;Virtual WiFi Filter Driver
    .
    =============== Created Last 30 ================
    .
    2012-03-15 15:23:50 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2012-03-15 08:21:12 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2012-03-15 08:17:50 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2012-03-15 08:17:41 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2012-03-15 08:17:10 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E094B45-EBD0-4901-AB7C-C5E3725D3B0E}\mpengine.dll
    2012-03-14 16:30:39 -------- d-----w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    2012-03-13 23:30:46 -------- dc----w- C:\ProgramData\~0
    2012-03-13 23:29:01 -------- d-----w- C:\Users\user1\AppData\Local\PackageAware
    2012-03-06 09:49:35 -------- d-----w- C:\Program Files (x86)\BrowserCompanion
    2012-03-06 09:49:30 -------- d-----w- C:\Program Files (x86)\Funmoods
    2012-03-06 09:10:16 -------- d-----w- C:\Program Files (x86)\Yontoo
    2012-03-06 09:09:10 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-03-06 06:43:10 -------- d-----w- C:\Users\user1\AppData\Local\Google
    2012-03-06 06:39:28 -------- d-----w- C:\Users\user1\AppData\Local\Apps
    2012-03-06 06:39:22 -------- d-----w- C:\Users\user1\AppData\Local\Deployment
    2012-03-05 07:10:26 -------- d-----w- C:\Users\user1\AppData\Roaming\SUPERAntiSpyware.com
    2012-03-05 07:09:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-03-05 07:09:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-03-05 05:20:47 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
    2012-03-05 04:49:29 -------- d-----w- C:\Users\user1\AppData\Local\ElevatedDiagnostics
    2012-03-05 01:27:13 -------- d-----w- C:\Users\user1\AppData\Roaming\SpeedMaxPc
    2012-03-05 01:27:13 -------- d-----w- C:\Users\user1\AppData\Roaming\DriverCure
    2012-03-05 01:27:07 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc
    2012-03-05 01:27:06 -------- d-----w- C:\ProgramData\SpeedMaxPc
    2012-03-05 01:27:06 -------- d-----w- C:\Program Files (x86)\SpeedMaxPc
    2012-03-05 00:11:52 -------- d-----w- C:\Users\user1\AppData\Roaming\Malwarebytes
    2012-03-05 00:09:46 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-05 00:09:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-04 20:01:15 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-03-04 19:21:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-03-04 19:21:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-03-04 15:20:18 -------- d-----w- C:\ProgramData\Common Files
    2012-03-04 15:11:47 -------- d-----w- C:\ProgramData\AVG2012
    2012-03-04 15:08:57 -------- d-----w- C:\Program Files (x86)\AVG
    2012-03-04 14:57:34 -------- d-----w- C:\ProgramData\MFAData
    .
    ==================== Find3M ====================
    .
    2012-01-29 13:10:42 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
    2011-12-29 05:25:06 26004 ----a-w- C:\Windows\SysWow64\cpu.dll
    2011-12-29 05:24:57 219464 ----a-w- C:\Windows\SysWow64\richtx32.ocx
    2011-12-29 05:24:56 1070408 ----a-w- C:\Windows\SysWow64\mscomctl.ocx
    2011-12-29 05:24:53 225808 ----a-w- C:\Windows\SysWow64\dwshk80.ocx
    2011-12-29 05:24:52 191504 ----a-w- C:\Windows\SysWow64\dwsbc80.ocx
    2011-12-29 05:24:51 145944 ----a-w- C:\Windows\SysWow64\dwshengine80.dll
    .
    ============= FINISH: 10:30:36.57 ===============


    Thank You in advance for any help ~ Lindi ~
     
  2. Lindi1970

    Lindi1970 Thread Starter

    Joined:
    Mar 15, 2012
    Messages:
    21
    First Name:
    Lindi
    Hi All.....

    Just an Update to my original post.
    Since I originally posted, I read MANY of the posts here in the forum and tried a few things that people with similar problems had been suggested to try.

    I downloaded SuperAnti Scanner and it found 99 errors, upon cleaning those up my computer is acting better. It doesn't seem to be totally back to normal but at least I can surf through pages and click links etc.

    I would still appreciate ANY help or information getting my PC back to normal (BETTER) standards.

    ** One thing I thought I should have mentioned in previous posting but forgot was I've noticed something I don't recall seeing before... Anytime I download a program, or try to download something a YELLOW or BLUE box with a Shield LOGO appears asking me If I give my computer permission to make the changes requested, mind you I was asked this prior but not in the same fashion, hope that helps some.

    Thank You ~ Lindi ~
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,092
    First Name:
    Frank
    Start HiJackThis.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    -------------------------------------------------------------
     
  4. Lindi1970

    Lindi1970 Thread Starter

    Joined:
    Mar 15, 2012
    Messages:
    21
    First Name:
    Lindi
    Hi, Just FYI When running HIJACKTHIS
    I get an ERROR that reads the following upon starting a Scan using HijackThis:


    For some reason your system denied write access to the Hosts file.
    If any Hijack domains are in this file, HijackThis may NOT be able to fix this.

    If that happens, you need to edit the file yourself. To do this click Start, Run and type:

    notepad C:/Windows System32/drivers/etc/hosts

    and press enter find the line(s) Hijack thios reports and delete them.
    Save the file as 'hosts' (with quotes), and reboot.

    Fpr Vista simply, exit HijackThis right click on the HijackThis Icon, choose run as administrator.


    However I was able to follow your requests here is the copy:

    Ad-Aware
    Adobe Flash Player 10 ActiveX
    AOL Uninstaller (Choose which Products to Remove)
    DVD Suite
    Facebook Video Calling 1.1.1.1
    HiJackThis
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Nero 7 Essentials
    PowerDVD
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    TPA Software: WavMan Professional
    Uniblue RegistryBooster
    Veetle TV
    Viewpoint Media Player
     
  5. Lindi1970

    Lindi1970 Thread Starter

    Joined:
    Mar 15, 2012
    Messages:
    21
    First Name:
    Lindi
    here is a recent run of HiJackThis, I got it to work finally. Log Below

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:47:52 AM, on 3/16/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Safe mode with network support
    Running processes:
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 5493 bytes

    Thank You for your help : )
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,092
    First Name:
    Frank
    Go to Control Panel - User Accounts.

    Select "Change UAC Settings".

    Move the slider down to "Never Notify", then click OK.

    Restart the computer.

    HiJackThis should work okay now without displaying that "host files" message.

    After that's done, follow these instructions again for submitting an "uninstall_list.txt" log.

    Start HiJackThis.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    ----------------------------------------------------------

    You need to get rid of Uniblue Registry Booster.

    These type of programs can damage Windows and break programs and generate error/warning messages and generally wreak havoc with a computer.

    I suspect this is why you're having the problems you're having.

    ----------------------------------------------------------
     
  7. Lindi1970

    Lindi1970 Thread Starter

    Joined:
    Mar 15, 2012
    Messages:
    21
    First Name:
    Lindi
    Hello flavallee,
    Sorry for the delay but I can no longer boot up on the pc in question, Im using a back up pc.

    I did the Uninstall UniBlue and followed your instructions for the HijackThis change, ran the log, copied it and before I could paste and complete my post my system went into the Fatal Death Blue Screen. I've tried to restart it , and I cant get back on at all now, not even Safe Mode. When I try to boot up it say
    Strike F1 key to continue, F2 to run the set up utility
    it wont let me continue so im totally lost now don't have a clue what to do.

    Thanks Lindi
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,092
    First Name:
    Frank
    It sounds like you have some hardware issues with that Dell.

    Some of the comments that you originally made seem to indicate that.

    What's the 7-character service tag number on the sticker?

    ---------------------------------------------------------
     
  9. Lindi1970

    Lindi1970 Thread Starter

    Joined:
    Mar 15, 2012
    Messages:
    21
    First Name:
    Lindi
    Hi Flavalle,

    Thank You so much for your help up until now, I wanted to update you about the PC , I had it fixed less than 6months ago and when I did so, they took WIN XP off *Which came installed on PC when I bought it and I do have Recovery Disks for* and installed WIN7. So I Called them to see about warranty on repairs and they said I didn't have one but asked me to bring PC in and they would see if it was a simple fix or not. Ugh ! So I dropped it off therefore I can't provide you with the tickett number. I don't know yet if I will be having them fix it as I cant afford another fix, but my complaint was I never asked for WIN7 they installed it and left me with no means of recovery so to speak. I'd like to ask that this thread remain open for a few days so that IF I don't get it fixed perhaps you (If possible) can continue helping me.

    Thank You again, for your time and interest in helping me.
    Have a Good Weekend ~ Lindi ~
     
  10. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,092
    First Name:
    Frank
    According to this information that you submitted at the beginning of your thread, your desktop computer is possibly a Dell Dimension E520 model and came with Windows XP Media Center Edition pre-installed.

    The 7-character service tag number on the sticker will confirm whether it is that model or a different model.

    I don't understand why a computer would take it on its own to install Windows 7(64-bit) in that desktop instead of reinstalling Windows XP if you have the recovery disc kit for it.

    If that's what was done, I seriously question the reliability and honesty of that computer shop.

    -----------------------------------------------
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Honestly Dont whats
  1. AjayHussey
    Replies:
    1
    Views:
    340
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1045301

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice