vyruz Posted October 28, 2013 Posted October 28, 2013 Every few hours I get a system popup entitled "An Unauthourised Change Has Been Made To Windows", the description in the dialog box says "The Security Processor reported a system file mismatch error" "Use the link below to find out how to fix your system" "Error 0xC004D401" I then Have 2 options, "Learn more online" or close,l if i hit close it more often than not pops up another dialog box telling me that my version of windows is not genuine, if i click Learn more online it just takes me to microsoft who in turn try selling me a copy of windows... its not a major problem but frustrating as i bought the pc from a well known high street 2nd hand retailer in good faith with windows already installed and didnt get a copy of the windows disk with it.... is there any way around solving this problem without purchasing a copy of windows as it becomes annoying when screen casting Quote
KenB Posted October 28, 2013 Posted October 28, 2013 Hi vyruz another dialog box telling me that my version of windows is not genuine.......... i bought the pc from a well known high street 2nd hand retailer in good faith How long have you had this machine? It may not be that your installed OS is illegal - but if you bought this recently then it is a distinct possibility. Which AV do you have? If you disable the AV do you still get the error message ? ( Do Not use the internet ) Have you recently changed - updated your AntiVirus ? Download MBAM from here ( free version ) click here install > update > run it It will produce a log. Copy this and post it here please. You may need to do this in Safe Mode if you cannot get through the first scan. ( Do the quick scan ) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
vyruz Posted October 29, 2013 Author Posted October 29, 2013 I bought the PC Roughly 40 days ago, AV was ready installed, Avast, even when disabled the error shows... I actually had to run the MBAM in safe mode because I shut down earlier and it just hung on a black screen with the afore mentioned error after trying to reboot... would not reboot at all unless in safe mode... here are the scan results Malwarebytes Anti-Malware (Trial) 1.75.0.1300 http://www.malwarebytes.org Database version: v2013.10.29.01 Windows Vista x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.6000.16982 Admin :: ADMIN-PC [administrator] Protection: Disabled 29/10/2013 02:09:21 MBAM-log-2013-10-29 (02-18-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209341 Time elapsed: 8 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 53 HKLM\SYSTEM\CurrentControlSet\Services\Update lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken. HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> No action taken. HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> No action taken. HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam) -> No action taken. HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> No action taken. HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam) -> No action taken. HKCR\wajam.WajamBHO (PUP.Optional.Wajam) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> No action taken. HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> No action taken. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken. HKCR\CLSID\{11111111-1111-1111-1111-110311551186} (PUP.Optional.SockShare) -> No action taken. HKCR\TypeLib\{44444444-4444-4444-4444-440344554486} (PUP.Optional.SockShare) -> No action taken. HKCR\Interface\{55555555-5555-5555-5555-550355555586} (PUP.Optional.SockShare) -> No action taken. HKCR\CrossriderApp0035586.BHO.1 (PUP.Optional.SockShare) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551186} (PUP.Optional.SockShare) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551186} (PUP.Optional.SockShare) -> No action taken. HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken. HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> No action taken. HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> No action taken. HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken. HKCR\CrossriderApp0035586.BHO (PUP.Optional.SockShare) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken. HKCR\CrossriderApp0035586.Sandbox (PUP.Optional.CrossRider.A) -> No action taken. HKCR\CrossriderApp0035586.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken. HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> No action taken. HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken. HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken. HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> No action taken. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> No action taken. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken. HKCU\Software\InstalledBrowserExtensions\installdaddy (PUP.Optional.CrossRider.A) -> No action taken. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken. HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken. HKCU\SOFTWARE\LUCKY LEAP (PUP.Optional.LuckyLeap.A) -> No action taken. HKLM\SOFTWARE\lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken. HKLM\SOFTWARE\DATAMNGR (PUP.Optional.MoviesToolbar.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> No action taken. HKLM\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> No action taken. Registry Values Detected: 9 HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> No action taken. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0Z1N1J -> No action taken. HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 174795112924316866123553841418228279840 -> No action taken. HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 5927 -> No action taken. HKCU\Software\lucky leap|iid (PUP.Optional.LuckyLeap.A) -> Data: def_luckyleap -> No action taken. HKLM\SOFTWARE\Datamngr|uninstallstring (PUP.Optional.MoviesToolbar.A) -> Data: C:\Program Files\Movies Toolbar\SafetyNut\uninstall.exe -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data: http://www.searchgol.com/?babsrc=HP_ss&mntrId=F41E001485B12A20&affID=119357&tsp=5021 -> No action taken. HKLM\SOFTWARE\Wajam|red (PUP.Optional.Wajam.A) -> Data: 4 -> No action taken. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 174795112924316866123553841418228279840 -> No action taken. Registry Data Items Detected: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=5699f409-680e-eb05-19be-6f106941ae11&searchtype=ds&q={searchTerms}&installDate=17/09/2013) Good: (http://www.google.com) -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=5699f409-680e-eb05-19be-6f106941ae11&searchtype=ds&q={searchTerms}&installDate=17/09/2013) Good: (http://www.google.com) -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=5699f409-680e-eb05-19be-6f106941ae11&searchtype=ds&q={searchTerms}&installDate=17/09/2013) Good: (http://www.google.com) -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bad: (http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=5699f409-680e-eb05-19be-6f106941ae11&searchtype=ds&q={searchTerms}&installDate=17/09/2013) Good: (http://www.google.com) -> No action taken. Folders Detected: 19 C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> No action taken. C:\Users\Admin\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken. C:\Users\Admin\AppData\Local\TopArcadeHits (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Program Files\lucky leap (PUP.Optional.LuckyLeap.A) -> No action taken. C:\Users\Admin\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken. C:\Program Files\Wajam (PUP.Optional.Wajam.A) -> No action taken. C:\Program Files\Wajam\IE (PUP.Optional.Wajam.A) -> No action taken. C:\Program Files\Wajam\Updater (PUP.Optional.Wajam.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken. C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> No action taken. C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> No action taken. C:\Users\Admin\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken. C:\Users\Admin\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> No action taken. C:\Program Files\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> No action taken. C:\Program Files\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> No action taken. Files Detected: 35 C:\Program Files\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> No action taken. C:\Program Files\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam) -> No action taken. C:\Program Files\SockshareDownloader\Socksharedownloader-bho.dll (PUP.Optional.SockShare) -> No action taken. C:\ProgramData\UCA\UCA.01 (Trojan.Monder) -> No action taken. C:\ProgramData\UCA\UCA.02 (PUP.Ardamax) -> No action taken. C:\Users\Admin\Downloads\IObit_Uninstaller_downloader.exe (PUP.Optional.FreeNew.A) -> No action taken. C:\Users\Admin\Downloads\The Butterfly Effect DVDRip 2004 Eng BugBunny .avi.mp4__3515_i103959500_il5000587.exe (PUP.Optional.Amonetize.A) -> No action taken. C:\Users\Admin\AppData\Local\Bundled software uninstaller\biclient.exe (PUP.Optional.Somoto.A) -> No action taken. C:\Users\Admin\AppData\Local\TopArcadeHits\uninstaller.exe (Adware.GameVance) -> No action taken. C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe (Adware.GameVance) -> No action taken. C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\KFQFK5ME\Setup[1].exe (PUP.Optional.LuckyLeap.A) -> No action taken. C:\Users\Admin\Local Settings\Temporary Internet Files\Content.IE5\LE963W7C\wajam_install[1].exe (PUP.Optional.Wajam) -> No action taken. C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> No action taken. C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> No action taken. C:\Users\Admin\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. C:\Users\Admin\AppData\Local\TopArcadeHits\tah.config (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Local\TopArcadeHits\Toparcadehits.dll (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Local\TopArcadeHits\uninstaller.exe (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Local\TopArcadeHits\updater.exe (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Program Files\lucky leap\updateluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> No action taken. C:\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx (PUP.Optional.LuckyLeap.A) -> No action taken. C:\Program Files\lucky leap\luckyleap.ico (PUP.Optional.LuckyLeap.A) -> No action taken. C:\Program Files\lucky leap\luckyleapUninstall.exe (PUP.Optional.LuckyLeap.A) -> No action taken. C:\Program Files\lucky leap\sqlite3.exe (PUP.Optional.LuckyLeap.A) -> No action taken. C:\Users\Admin\Documents\Optimizer Pro\Cookie***ception.txt (PUP.Optional.OptimizerPro.A) -> No action taken. C:\Program Files\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> No action taken. C:\Program Files\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> No action taken. C:\Program Files\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> No action taken. C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> No action taken. (end) I thought it originally may have been to do with a driver i had installed for a midi controller as i have an asus laptop, same version of windows, that ive had for years with no problem but since installing the driver on the laptop that too has thrown up the afore mentioned errors and keeps telling me to put in the product and activation keys.... At the bottom right hand corner above the clock it now says "this is not a genuine copy of windows" despite it never coming up before installing said driver Quote
Armageddon Posted October 29, 2013 Posted October 29, 2013 Hi most of the stuff in the report is PUP or Potentially unwated Programs and browser add on's could you run the attached scans and post the logs then the security guys can advise further. Step 1 Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator. Click on the Scan button. AdwCleaner will begin to scan your computer. After the scan has finished... Click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Please post the JRT.txt and the AdwCleaner report in your next post. Both of these programs are optimized to run in normal mode, but can be run in safe mode if you have problems. Many Thanks Armageddon Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
KenB Posted October 29, 2013 Posted October 29, 2013 Hi You have a lot there that needs clearing up. As Armageddon says - most is basically harmless but does need looking at. You need to let MBAM deal with what it finds - "no action taken" indicates that you chose to leave the findings alone. I will ask one of our security experts to advise you further. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted October 29, 2013 Posted October 29, 2013 (edited) Hi vyruz Please post the 2 reports as asked for by Armageddon. I need to know what service pack for Vista you are running...... The AdwCleaner report will tell me that. This type of problem has happened where Avast is installed ( has also happened with BitDefender) normally when the service pack is not up to date. To make it easier to download JRT and AdwCleaner..... use Safe Mode with Networking. This way you will have an internet connection when running in Safe Mode. Those 2 programs will run in Safe Mode. Also as a double check: Download this tool. 1. Double click on MGADiag.exe to run it. 2. Click Continue. 3. The program will run. It takes a while to finish the diagnosis, please be patient. Please post the results as a reply to this thread. Thanks Edited October 29, 2013 by Starbuck Quote Member of:UNITE
vyruz Posted October 30, 2013 Author Posted October 30, 2013 I can only post the JRT report as the ADW tool rebooted after the scan and my system will now only start in safe mode...after ADW rebooted I had no option but to hard reset else it just leaves me with a black screen after the welcome screen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows Vista Home Basic x86 Ran by Admin on 30/10/2013 at 4:16:04.62 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] backupstack Successfully deleted: [service] backupstack ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\priam_bho.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3756913668-599850744-286887208-1000\Software\SweetIM Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mypc backup Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wajam Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035586.BHO Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035586.BHO.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035586.Sandbox Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035586.Sandbox.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311551186} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322552286} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355555586} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366556686} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344554486} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035586.BHO Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035586.BHO.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035586.Sandbox Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035586.Sandbox.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355555586} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366556686} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344554486} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551186} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411151137} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551186} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars" Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\ProgramData\visualbee" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\big fish games" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\blekko" Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\cool_mirage" Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\filetypeassistant" Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\toparcadehits" Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\visualbeeexe" Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\wajam" Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\delta" Successfully deleted: [Folder] "C:\Program Files\mypc backup" Successfully deleted: [Folder] "C:\Program Files\smarttweak" Successfully deleted: [Folder] "C:\Program Files\wajam" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\wajam" Successfully deleted: [Folder] "C:\Users\Admin\documents\optimizer pro" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Successfully deleted: [Folder] C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30/10/2013 at 4:19:20.00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quote
Starbuck Posted October 30, 2013 Posted October 30, 2013 (edited) AdwCleaner should have created a folder here: C:\AdwCleaner open that folder and see if there is a AdwCleaner[s0].txt file inside. This will be the report we want. also: I thought it originally may have been to do with a driver i had installed for a midi controller At the bottom right hand corner above the clock it now says "this is not a genuine copy of windows" despite it never coming up before installing said driver Please give us more details on this driver. Exactly what was it and where did you acquire it? This does seem more than a coincidence. Have you uninstalled it? Edited October 30, 2013 by Starbuck Quote Member of:UNITE
vyruz Posted October 31, 2013 Author Posted October 31, 2013 the ADW log # AdwCleaner v3.010 - Report created 30/10/2013 at 04:24:49 # Updated 20/10/2013 by Xplode # Operating System : Windows Vista Home Basic (32 bits) # Username : Admin - ADMIN-PC # Running from : C:\Users\Admin\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : Update lucky leap ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\BonanzaDealsLive [#] Folder Deleted : C:\ProgramData\Browser Manager Folder Deleted : C:\ProgramData\Uniblue\DriverScanner Folder Deleted : C:\Program Files\BonanzaDeals Folder Deleted : C:\Program Files\BonanzaDealsLive Folder Deleted : C:\Program Files\lucky leap Folder Deleted : C:\Program Files\Toolbar Cleaner Folder Deleted : C:\Program Files\SockshareDownloader Folder Deleted : C:\Users\Admin\AppData\Local\BonanzaDealsLive Folder Deleted : C:\Users\Admin\AppData\Local\Bundled software uninstaller Folder Deleted : C:\Users\Admin\Documents\PC Health Kit Folder Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj File Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk File Deleted : C:\Users\Admin\Desktop\MyPC Backup.lnk File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js File Deleted : C:\Windows\Tasks\SockshareDownloader-codedownloader.job File Deleted : C:\Windows\System32\Tasks\SockshareDownloader-codedownloader File Deleted : C:\Windows\Tasks\SockshareDownloader-updater.job File Deleted : C:\Windows\System32\Tasks\SockshareDownloader-updater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SockshareDownloader-codedownloader [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08155183-6F65-4C97-8C8D-1A2D136B4E8E} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{08155183-6F65-4C97-8C8D-1A2D136B4E8E} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SockshareDownloader-updater [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE1F4974-EDA8-4471-9502-10C0211EEA88} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE1F4974-EDA8-4471-9502-10C0211EEA88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Deleted : HKCU\Software\d2df8cb669e510 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKCU\Software\BonanzaDealsLive Key Deleted : HKCU\Software\InstalledThirdPartyPrograms Key Deleted : HKCU\Software\lucky leap Key Deleted : HKCU\Software\OCS Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\SockshareDownloader Key Deleted : HKLM\Software\InstalledThirdPartyPrograms Key Deleted : HKLM\Software\lucky leap Key Deleted : HKLM\Software\Toolbar Cleaner Key Deleted : HKLM\Software\WebConnect Key Deleted : HKLM\Software\SockshareDownloader Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BasicServe Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bonanza Deals Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Health Kit_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WebConnect Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SockshareDownloader Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 ***** [ Browsers ] ***** -\\ Internet Explorer v7.0.6000.16982 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v [ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Dj&Fl\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8690 octets] - [30/10/2013 04:22:54] AdwCleaner[s0].txt - [8564 octets] - [30/10/2013 04:24:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8624 octets] ########## The driver is for a Mixvibes Umix Control Pro (Dj Controller), i got the driver direct from the manufacturers website, i have uninstalled it on both the desktop and laptop bit still have nthe same problem Quote
Starbuck Posted October 31, 2013 Posted October 31, 2013 Thanks for that information. Please look back at post #6 and follow the instructions for running MGADiag.exe Thanks Quote Member of:UNITE
vyruz Posted October 31, 2013 Author Posted October 31, 2013 Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Status: Invalid License Validation Code: 50 Cached Online Validation Code: N/A, hr = 0xc004d401 Windows Product Key: *****-*****-KC7KG-4YR37-H8PHC Windows Product Key Hash: G5lQ2Di2pplJNVw7Il78e53cf0w= Windows Product ID: 89572-OEM-7332166-00185 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.0.6000.2.00010300.0.0.002 ID: {8E48EB84-1328-4169-86FB-3B9B9410302B}(1) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: Registered, 1.9.42.0 Signed By: Microsoft Product Name: Windows Vista Home Basic Architecture: 0x00000000 Build lab: 6000.vista_gdr.100218-0019 TTS Error: K:20131031204637861-M:20131030043558778- Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32) Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{8E48EB84-1328-4169-86FB-3B9B9410302B}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6000.2.00010300.0.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-H8PHC</PKey><PID>89572-OEM-7332166-00185</PID><PIDType>2</PIDType><SID>S-1-5-21-3756913668-599850744-286887208</SID><SYSTEM><Manufacturer>NEC COMPUTERS INTERNATIONAL</Manufacturer><Model>GA-8I915PM</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>20f</Version><SMBIOSVersion major="2" minor="3"/><Date>20050123000000.000000+000</Date></BIOS><HWID>9D313507018400F2</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: U1BMRwEAAAAAAQAABAAAALwMAAAAAAAAWmICANOQe5dudmmKusnOARhDs/4hWdo7Xkl9D+HKpngafDnwGdGE8f5jcBB4MgSDfsrB9bhfUH+Vh0Sy0upYkzxmIhnxJS6W2ohsCzadr0KXWTOVLE7tvUMvH6EBDt3pBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOE3ppKHhVqCwkvaDzBS7RRf801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4hHQaXolxsEN5+Z54MeZLCoHnH1s9v4pWD7UKO/DdTME8ZiIZ8SUultqIbAs2na9CcdMWmkJ6GZJF2eh7/lFZYwbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqQdvFFncxR62TzQo0j8c3rVB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhN6aSh4VagsJL2g8wUu0UX/NNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmeHfK/EZ5+9layt9O7ahhuzxa+UTgICDBBQ9oFeWmmNmw58O9fTMLJuYOKXJAu21UjCfXNuyUfeWLso27gxmoCUKwQaeZHRF4n0qVYImi7Gro8AjAfAdUx+81q5JsW+ZpMIM8q1BlAUhBwNcgDAUaXoP1L8ZQNh5x48VEoz+V5L3tvE5VWb18gJlSR8d0M1ujvapSphiYCVEk7Tn5ZXWvvTDY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhDs/4hWdo7Xkl9D+HKpng8AP+QwkV4ZNJQaEDyBQh8SVtgZ87dMWtZvdcqBciPPzxmIhnxJS6W2ohsCzadr0LY4YikevZGj0wsjWsdbR2gBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOE3ppKHhVqCwkvaDzBS7RRf801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4EGj8qqdwAEiNkOStJ+n3xMzeY/yCeWzxrsIu5VjIO1Y8ZiIZ8SUultqIbAs2na9CeSzJKWYHZXq1Yk1Zb4KbdwbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqQdvFFncxR62TzQo0j8c3rVB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhN6aSh4VagsJL2g8wUu0UX/NNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmeEx5+Epibs796twx4Xt51Zrs01K0jB8j6Aj4RsjX9zjvPGYiGfElLpbaiGwLNp2vQsofYWSy/Tb9iXuM8ZggPuAG1TrPLPe/1nYysgdr3Hdbdw0/pgklHNnewY9kx1q4KkHbxRZ3MUetk80KNI/HN61QfGFx/fxqQlaOtMWZ2Kjcbgxuxl0kUGXogPxno+DM4TemkoeFWoLCS9oPMFLtFF/zTX6H4yxMWRGUnZkCNECIM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhDs/4hWdo7Xkl9D+HKpniMaHWq8Xr59F5DcEvo8QCNdUKxSdoZTzfiWwOde1CmgOfDvX0zCybmDilyQLttVIw6Gy7mBbutKXKsi6RPZ08ksEGnmR0ReJ9KlWCJouxq6PAIwHwHVMfvNauSbFvmaTCDPKtQZQFIQcDXIAwFGl6D9S/GUDYecePFRKM/leS97bxOVVm9fICZUkfHdDNbo72qUqYYmAlRJO05+WV1r70w2O6Pl99gqTnSYR4j0FashTOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4UT6OpD6drijrDJPOMTnw4pOCWEV65qKC6Lh6E5pwpWo8ZiIZ8SUultqIbAs2na9Cy3wlycaeclkdOioo89qovQbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqQdvFFncxR62TzQo0j8c3rVB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhN6aSh4VagsJL2g8wUu0UX/NNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmeIw4EKfnYTYoxtO7OyeSBmu6DHaUh1boLdaecVGWAruB58O9fTMLJuYOKXJAu21UjI2HvSVhDqp/D4nlvSR3l0SwQaeZHRF4n0qVYImi7Gro8AjAfAdUx+81q5JsW+ZpMIM8q1BlAUhBwNcgDAUaXoP1L8ZQNh5x48VEoz+V5L3tvE5VWb18gJlSR8d0M1ujvapSphiYCVEk7Tn5ZXWvvTDY7o+X32CpOdJhHiPQVqyFM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhDs/4hWdo7Xkl9D+HKpngVsIhEpfK98UgoUWfqerT7hHBEuN/HJrKIqaV6JeopODxmIhnxJS6W2ohsCzadr0LQuJbOOFEpMsRDIv2HviCTBtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOE3ppKHhVqCwkvaDzBS7RRf801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4FbCIRKXyvfFIKFFn6nq0+8wYniyEqUuoyQNK2PqnHY48ZiIZ8SUultqIbAs2na9CcdMWmkJ6GZJF2eh7/lFZYwbVOs8s97/WdjKyB2vcd1t3DT+mCSUc2d7Bj2THWrgqQdvFFncxR62TzQo0j8c3rVB8YXH9/GpCVo60xZnYqNxuDG7GXSRQZeiA/Gej4MzhN6aSh4VagsJL2g8wUu0UX/NNfofjLExZEZSdmQI0QIgzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMGEOz/iFZ2jteSX0P4cqmeP953qJ+8REG1wAXLq+P5kByK4BClrcqwzxyEKsIdr4uPGYiGfElLpbaiGwLNp2vQoZ0x+Ul0RF2J+10h/8ikI4G1TrPLPe/1nYysgdr3Hdbdw0/pgklHNnewY9kx1q4KkHbxRZ3MUetk80KNI/HN61QfGFx/fxqQlaOtMWZ2Kjcbgxuxl0kUGXogPxno+DM4TemkoeFWoLCS9oPMFLtFF/zTX6H4yxMWRGUnZkCNECIM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDBhDs/4hWdo7Xkl9D+HKpngr3+D6ftIJU1qk0AZkcOht41W1EHEVvmTD2Hf9tb8OpDxmIhnxJS6W2ohsCzadr0JVElTmBz03UUpiwXhijrs5BtU6zyz3v9Z2MrIHa9x3W3cNP6YJJRzZ3sGPZMdauCpB28UWdzFHrZPNCjSPxzetUHxhcf38akJWjrTFmdio3G4MbsZdJFBl6ID8Z6PgzOE3ppKHhVqCwkvaDzBS7RRf801+h+MsTFkRlJ2ZAjRAiDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwYQ7P+IVnaO15JfQ/hyqZ4qBEzJYHN8Nf3mEpn2qavvO269iyx3IN4SD/TV7qfb03nw719Mwsm5g4pckC7bVSMHmaMlSEoGIUbMn4MDMxmh7BBp5kdEXifSpVgiaLsaujwCMB8B1TH7zWrkmxb5mkwgzyrUGUBSEHA1yAMBRpeg/UvxlA2HnHjxUSjP5Xkve28TlVZvXyAmVJHx3QzW6O9qlKmGJgJUSTtOfllda+9MNjuj5ffYKk50mEeI9BWrIUzkNYn29bLc66sfsN1jWgMM5DWJ9vWy3OurH7DdY1oDDOQ1ifb1stzrqx+w3WNaAwzkNYn29bLc66sfsN1jWgM Licensing Data--> C:\Windows\system32\slmgr.vbs(291, 5) (null): 0xC004D401 Windows Activation Technologies--> N/A HWID Data--> HWID Hash Current: NAAAAAIAAgABAAIAAQABAAAAAgABAAEA+l70rgBLfrbyVO6kEJxCrRjE8vTusiAbrFbIgA== OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20000 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC GBT AWRDACPI FACP GBT AWRDACPI MCFG GBT AWRDACPI SLIC _ASUS_ Notebook Quote
Starbuck Posted October 31, 2013 Posted October 31, 2013 Hi vyruz Windows Validation Data--> Validation Status: Invalid License Validation Code: 50 Ok, we expected to get this. These sections of the report: TTS Error: K:20131031204637861-M:20131030043558778- Licensing Data--> C:\Windows\system32\slmgr.vbs(291, 5) (null): 0xC004D401 Bare out the theory that Avast is the cause. The Kernel Tamper and the Mod-Auth Tamper: K:20131031204637861-M:20131030043558778- Are typical Avast problems. So is the Licensing Data error code. Only RTM and SP1 appear to be affected - builds 6000 and 6001 Your build is Product Name: Windows Vista Home Basic Architecture: 0x00000000 Build lab: 6000.vista_gdr.100218-0019 So it seems that you have no service packs installed. This is what Microsoft suggest: Uninstall AVAST. then download and run: Avast Removal Tool Use Windows Updates to install all updates, and get to SP2 level. or install SP1 and then SP2 from the standalone installers. http://windows-vista-service-pack-1-sp-1.en.softonic.com/ http://windows-vista-service-pack-2.en.softonic.com/ Then run another MGADiag report to see if everything is ok. Then install an Anti Virus program. Entirely up to you if you want to stick with Avast or change to something else. If you want a change, we can recommend some good 'Free' AV's. Hope all this makes sense. Quote Member of:UNITE
vyruz Posted November 1, 2013 Author Posted November 1, 2013 so do i need to run an anti virus whilst downloading the service packs? and will i lose any data when i install them? Quote
Starbuck Posted November 1, 2013 Posted November 1, 2013 do i need to run an anti virus whilst downloading the service packs? To be honest, if you follow the links i provided and leave it at that..... you'll be fine. But if it makes you feel better..... download the service packs to your Desktop and then remove Avast. and will i lose any data when i install them? No, all your documents, music etc will be untouched. The service packs will only alter things within your OS itself. Quote Member of:UNITE
vyruz Posted November 5, 2013 Author Posted November 5, 2013 I uninstalled avast and ran the avast cleaner, installed service pack 1 & 2, restarted pc and now its only starting in safe mode.... i installed panda cos avast wouldnt install again for some reason... tried system restore but it has no restore ponts before service pack 2, when things worked ok (ish) even tho i made a restore point several days ago... after restore it again only boots in safe mode Quote
Starbuck Posted November 5, 2013 Posted November 5, 2013 Ok, let's see if we can find out why this is happening: This program will run in safe mode. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. Double-click the downloaded icon to run the tool. http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/frst_zps6548371f.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. Thanks Quote Member of:UNITE
vyruz Posted November 6, 2013 Author Posted November 6, 2013 thanks for all the help and support provided so far... i havent run the program mentioned above yet, but will if i need to today i returned from work, my pc booted as normal, i installed avira antivirus (is it any good? i only installed it cos i liked the colour), my system now seems to be running just fine, no more popups saying windows is not genuine, etc.... however, there is a panel on the front of my pc that contains usb ports, memory card ports, a mic port and headphone port, none of them work now (not sure ubout the memory card ports cos i dont have any memory cards to test them), when i plug headphones in i get no sound at all... at a rough guess summat has gone wrong with the driver? is there a way i can find out the hardware to get the driver i need to make it work again cos my neighbours dont appreciate loud music at night :/ Quote
Starbuck Posted November 6, 2013 Posted November 6, 2013 i installed avira antivirus (is it any good? i only installed it cos i liked the colour), Yes Avira will do a good job for you. Only downside is that it does nag you bit to update to the paid version. But if you ignore these messages it will still do a good job. no more popups saying windows is not genuine, etc.... That's good to hear. :) I will ask the other guys to assist you with the possible driver problem as they are more knowledgeable than i am in this field. Quote Member of:UNITE
KenB Posted November 6, 2013 Posted November 6, 2013 Hi vyruz Good to hear that Starbuck has fixed your major problem for you :) Start > type in .....devmgmt.msc .....ENTER Click the > next to each of the entries. Are there any yellow exclamation marks or red Xs ? If so - let me know what is listed please. =========== Let me know the make and model number of your computer please =========== Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.