IE10 (Program stopped responding) + SF Diagnostic Tool Doesn't work!

[Nasroo7]

Hi!
I'm having a problem with a laptop (DELL Vostro 1510 - Windows 7 Professional 32bit)
The computer was infected by a Rogue like a year ago, I took it to a computer repair shop, and fixed it.
Few months later I started having issues with IE, works fine for an hour or two, and then (The program stopped responding)... until it was doing it all the time.

Took it back to the computer repair shop, and did a clean up, and uninstalled IE, and reinstalled it.
It was working fine for two weeks... and then it started to do it again.
I use IE for a few hours, or minutes (Random) and then IE Stopped responding!

I downloaded SF Diagnostic Tool
But after I run it (From desktop) as an administrator, and click on GRAB ALL, I have that error message:
(I disabled Norton antivirus) so I can't even post the log...
Can you please help me find out about that issue? or what do I have to do from now?

Unhandled exception has occured in your application
Could not complete operation on some files and directories


See the end of this message for details on invoking 
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.IO.IOException: Could not complete operation on some files and directories. See the Data property of the exception for more details.
at Microsoft.VisualBasic.FileIO.FileSystem.FxCopyOrMoveDirectory(CopyOrMove operation, String sourceDirectoryPath, String targetDirectoryPath, Boolean overwrite)
at Microsoft.VisualBasic.FileIO.FileSystem.CopyOrMoveDirectory(CopyOrMove operation, String sourceDirectoryName, String destinationDirectoryName, Boolean overwrite, UIOptionInternal showUI, UICancelOption onUserCancel)
at Microsoft.VisualBasic.MyServices.FileSystemProxy.CopyDirectory(String sourceDirectoryName, String destinationDirectoryName, Boolean overwrite)
at SF_Diagnostic_Tool.Form1.Button1_Click(Object sender, EventArgs e)
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5472 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
SF Diagnostic Tool
Assembly Version: 5.0.0.6
Win32 Version: 5.0.0.6
CodeBase: file:///C:/Users/Joe/Desktop/SF_Diagnostic_Tool.exe
----------------------------------------
Microsoft.VisualBasic
Assembly Version: 8.0.0.0
Win32 Version: 8.0.50727.5420 (Win7SP1.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5468 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

Thank you for all your help!

 

[Nasroo7]

Hi again!
I tried to run the different operations from SF Diagnostic Tool separately, one by one.
All worked, except for MINIDUMP
So I joined the event viewer logs inside a folder... And there is all logs, except for the Minidump
I don't know if that will help
I hope that someone will help me a little
Have a good night!

 

[gregrocker]

Part of the problem could be inferior Factory Preinstalled Win7 with all of the bloatware and duplicate utiltiies which interfere with better versions built into Win7. These throttle Win7 from its native performance and can cause problems. It's really the worst install you can have, so repairs like this are fixing the deck chairs on the Titanic.

That's why most tech enthusiasts will not run such an install but instead Clean Reinstall - Factory OEM Windows 7. Everything is provided in the blue link tutorial.

At the minimum I'd Clean Up Factory Bloatware. Note that Norton is the worst bloatware and interferes with everything, whereas free lightweight MSE doesn't interfere with performance.

If this doesn't resolve performance problems, work through these Troubleshooting Steps for Windows 7.

 

[d00p98uy]

well, try running ADWCleaner, don't delete anything please, just scan and post the logs, and we'll take a look at 'em
AdwCleaner Download

 

[Nasroo7]

Thank you all for your interest!

Actually a friend of mine installed Windows 7 Professional on my laptop. I had Home Premium originally... So I don't know if he did a clean install or an upgrade install.
The computer repair shop where I went to, suggested that we do a clean install of windows 7
But I have many data in there... I would like to see if we can fix IE first... But if it's too much work, I don't wanna take up too much of your time. Thank you for your help!

Here is a log of AdwCleaner (I didn't remove anything)

# AdwCleaner v3.004 - Report created 16/09/2013 at 17:57:01
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Joe - JOE-PC
# Running from : F:\work\446\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : IB Updater

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\3k0ry2lj.default\user.js
Folder Found : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\IB Updater
Folder Found C:\Program Files\iMesh Applications
Folder Found C:\Program Files\Perion
Folder Found C:\Program Files\SearchCore for Browsers
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\Joe\AppData\Local\Conduit
Folder Found C:\Users\Joe\AppData\Local\Ilivid Player
Folder Found C:\Users\Joe\AppData\Local\iMesh
Folder Found C:\Users\Joe\AppData\Local\PackageAware
Folder Found C:\Users\Joe\AppData\Local\SeeqDoSA
Folder Found C:\Users\Joe\AppData\Local\Zoom_Downloader
Folder Found C:\Users\Joe\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Joe\AppData\LocalLow\Conduit
Folder Found C:\Users\Joe\AppData\LocalLow\FunWebProducts
Folder Found C:\Users\Joe\AppData\LocalLow\imeshbandmltbpi
Folder Found C:\Users\Joe\AppData\LocalLow\incredibar.com
Folder Found C:\Users\Joe\AppData\LocalLow\MyWebSearch
Folder Found C:\Users\Joe\AppData\LocalLow\searchquband

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\AppDataLow\Software\mediabarim
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v19.0 (en-US)

[ File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\3k0ry2lj.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb185?a=6PQN9Jeu1X&i=26");
Line Found : user_pref("extensions.incredibar.admin", false);
Line Found : user_pref("extensions.incredibar.aflt", "orgnl");
Line Found : user_pref("extensions.incredibar.cntry", "US");
Line Found : user_pref("extensions.incredibar.dfltLng", "");
Line Found : user_pref("extensions.incredibar.dfltSrch", false);
Line Found : user_pref("extensions.incredibar.did", "10678");
Line Found : user_pref("extensions.incredibar.envrmnt", "production");
Line Found : user_pref("extensions.incredibar.excTlbr", false);
Line Found : user_pref("extensions.incredibar.hdrMd5", "3A02DF16FC402E580E3C2C0E3B4529BB");
Line Found : user_pref("extensions.incredibar.hmpg", false);
Line Found : user_pref("extensions.incredibar.id", "e44e4a8600000000000000225f6f8c8f");
Line Found : user_pref("extensions.incredibar.installerproductid", "26");
Line Found : user_pref("extensions.incredibar.instlDay", "15633");
Line Found : user_pref("extensions.incredibar.instlRef", "");
Line Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Line Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1420:59:17");
Line Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Found : user_pref("extensions.incredibar.newTab", false);
Line Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Found : user_pref("extensions.incredibar.ppd", "111");
Line Found : user_pref("extensions.incredibar.prdct", "incredibar");
Line Found : user_pref("extensions.incredibar.productid", "26");
Line Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Found : user_pref("extensions.incredibar.sg", "none");
Line Found : user_pref("extensions.incredibar.smplGrp", "none");
Line Found : user_pref("extensions.incredibar.tlbrId", "base");
Line Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQN9Jeu1X&loc=IB_TB&i=26&search=");
Line Found : user_pref("extensions.incredibar.upn2", "6PQN9Jeu1X");
Line Found : user_pref("extensions.incredibar.upn2n", "92543780747060081");
Line Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1420:59:17");
Line Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Found : user_pref("extensions.incredibar_i.dfltLng", "");
Line Found : user_pref("extensions.incredibar_i.did", "10678");
Line Found : user_pref("extensions.incredibar_i.excTlbr", false);
Line Found : user_pref("extensions.incredibar_i.id", "e44e4a8600000000000000225f6f8c8f");
Line Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Found : user_pref("extensions.incredibar_i.instlDay", "15633");
Line Found : user_pref("extensions.incredibar_i.instlRef", "");
Line Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Found : user_pref("extensions.incredibar_i.newTab", false);
Line Found : user_pref("extensions.incredibar_i.ppd", "111");
Line Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Found : user_pref("extensions.incredibar_i.productid", "26");
Line Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQN9Jeu1X&loc=IB_TB&i=26&search=");
Line Found : user_pref("extensions.incredibar_i.upn2", "6PQN9Jeu1X");
Line Found : user_pref("extensions.incredibar_i.upn2n", "92543780747060081");
Line Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:59:17");
Line Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6PQN9Jeu1X&&i=26&search=");
Line Found : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Found : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://mystart.incredibar.com/mb131?a=6pqn9jeu1x");
Line Found : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword
Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [11207 octets] - [16/09/2013 17:57:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11268 octets] ##########

 

[gregrocker]

What OS and version came with your laptop? Look on the COA sticker on bottom. Is the Product Key readable (dont' type it out)?

It's unusual to have a $100+ OS you already own replaced with an expensive version that is only needed in the rarest cases for a few extra expensive features. What were you charged for it?

Please download and run this program, copy and paste results back here: http://go.microsoft.com/fwlink/?linkid=52012

 

[d00p98uy]

well, well, there IS a LOT we gotta get rid of... One sec while I gather correct info on removing some of these programs

--oh, sorry, answer gregs question

 

[Layback Bear]

Found this in the logs. It very well could be a major problem.

Folder Found C:\Program Files\Conduit

I'm not sure how one gets that big of list of bad things.

If it was my computer I would run another scan with AdwCleaner and remove all it has found. Then run it again and see if all was removed.

As per Greg's post #6
This could be very helpful also.

Please download and run this program, copy and paste results back here: http://go.microsoft.com/fwlink/?linkid=52012

 

[d00p98uy]

If it was my computer I would run another scan with AdwCleaner and remove all it has found. Then run it

I saw Conduit, and If Internet Explorer doesn't work, then it's probably best to remove it in the safest manner, not just go deleting things, that's why I just had him do a scan

 

[ThrashZone]

What exactly have you willingly downloaded on this system/ Toolbars/ Search engines..... ?
Your full of potential browser high-jackers.

 

[gregrocker]

Those are typical sneak invaders in freeware Downloads when you don't pay attention to what you're letting in. Besides cleaning them up with AdwCleaner and/or SuperAntiSpyware, I'd also run a full Malwarebytes scan to see if anything more serious came in.

Then in your browsers, disable all Add-on's except Flash and all Search services except Google in the stable search box (which won't even let Google spy on you) then prohibit any other Search services.

Go through your Programs in Control Panel to uninstall all search, toolbars, anything else you didn't deliberately install and use. If in doubt google it or ask back, open the Program in All Programs to see if you want it.

Other tips here for checking for damage from spy and bloatware: Clean Up Factory Bloatware

 

[Nasroo7]

What OS and version came with your laptop?

Windows 7 Home Basic OEMAct (I just looked at the sticker)

Please download and run this program, copy and paste results back here: http://go.microsoft.com/fwlink/?linkid=52012

I already put that log in the zip file when I first posted.
Here is a copy:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-B3XKW-VMBDG-9PYGT
Windows Product Key Hash: bE+EkujYKb5Xp/u3sf/UKh2cYyk=
Windows Product ID: 00371-169-2617694-85406
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {4BD77706-63AF-4363-B213-1472C2BEA345}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.130708-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4BD77706-63AF-4363-B213-1472C2BEA345}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9PYGT</PKey><PID>00371-169-2617694-85406</PID><PIDType>5</PIDType><SID>S-1-5-21-1022662716-1893266959-2806292164</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro1510</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A15</Version><SMBIOSVersion major="2" minor="4"/><Date>20090318000000.000000+000</Date></BIOS><HWID>79CA3407018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57198</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults> 

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-169-261769-01-1033-7600.0000-0052010
Installation ID: 021406145503694310693091185151474056695734030696133313
Processor Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88338[/URL]
Machine Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88339[/URL]
Use License URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88341[/URL]
Product Key Certificate URL: [URL]http://go.microsoft.com/fwlink/?LinkID=88340[/URL]
Partial Product Key: 9PYGT
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 9/16/2013 4:54:07 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:29:2013 08:31
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070424
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: PAAAAAEABAABAAMAAgABAAAAAwABAAEAeqiOIJyLRoMGDFBiNNQknM5woh48SYjK8kVuLo890nisASqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL CRESTLNE
FACP TOSCPL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
TCPA Intel CRESTLNE
TMOR PTLTD 
OSFR TOSHIB A+2nd ID
APIC INTEL CRESTLNE
SLIC DELL M08 
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci

What exactly have you willingly downloaded on this system/ Toolbars/ Search engines..... ?

Nothing actually... I installed Norton of course... But all other toolbars etc maybe I just didn't know what I was doing...

 

[NoelDP]

Your installation of Office is counterfeit.
As far as I can see the installation of Windows is genuine.
You should uninstall the Office, and install a genuine version.

 

[Nasroo7]

Your installation of Office is counterfeit.
As far as I can see the installation of Windows is genuine.
You should uninstall the Office, and install a genuine version.

Ok, would you allow me to ask you how were you able to tell that Office was a counterfeit? I would like to learn that =P
THank you for your help.

 

[Nasroo7]

Those are typical sneak invaders in freeware Downloads when you don't pay attention to what you're letting in. Besides cleaning them up with AdwCleaner and/or SuperAntiSpyware, I'd also run a full Malwarebytes scan to see if anything more serious came in.

Then in your browsers, disable all Add-on's except Flash and all Search services except Google in the stable search box (which won't even let Google spy on you) then prohibit any other Search services.

Go through your Programs in Control Panel to uninstall all search, toolbars, anything else you didn't deliberately install and use. If in doubt google it or ask back, open the Program in All Programs to see if you want it.

Other tips here for checking for damage from spy and bloatware: Clean Up Factory Bloatware

I'm doing all of that.
I already did full scans of SuperAntispyware, Malwarebytes, and AdwCleaner (Do I have to put the logs here? or no need?)
Disabled all Add-ons, ans search services.
Also uninstalled all toolbars.

By the way, a friend of mine told me about RevoUninstaller Portable few months ago... He told me that it uninstalls all left over files and registry keys...
Also he told me about CCLeaner, and TFC By OldTimer. to clean temp files and all.
Are those any good?
Thank you

 

[gregrocker]

I wouldn't use Revo as I've seen it mess up the registry, but CCleaner is fine for both Disk and Registry cleanup.

 

[NoelDP]

Ok, would you allow me to ask you how were you able to tell that Office was a counterfeit? I would like to learn that =P
THank you for your help.

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2

 

[andrew129260]

@Nasroo7

I have asked a few of our malware experts to take a look at your thread so we can make sure the system is clean. After getting it cleaned up and making sure your files are clean, it might be wise to do a full format and reinstall of the OS.

For now, please answer these questions:

1.) Did you uninstall office?
2.) When you scanned for threats, did you run full scans?
3.) Have you tried scanning with an antivirus such as avast or eset online?


Jacee or cottenball see this post from him on the first page as well as the logs provided in the beginning:

http://www.sevenforums.com/general-...-diagnostic-tool-doesnt-work.html#post2534245

All I can say is wow. :shock: Lots of browser hijackers and probably other hidden malware.

 

[Nasroo7]

@Nasroo7
All I can say is wow.

Why would you say wow? =P

ok I saw your edit, thanks

1.) Did you uninstall office?
2.) When you scanned for threats, did you run full scans?
3.) Have you tried scanning with an antivirus such as avast or eset online?

1- Yes
2-Full scans (And also did it a second time in safe mode with networking for Mbam and SPAS)
3-Microsoft Security Essentials ( I will run ESET Online now )

I have Kaspersky Rescue disc 10, Do I run it?



I can scan and post a log of the diagnostic report again after cleaning up the computer?

ALso... What do you think of "Complete Internet Repair" and "UVK - Ultra Virus Killer"?
I also have SpybotSearchAndDestroy. Do I use it?

 

[Jacee]

Rescan with AdwCleaner ...

• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After rebooting, Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. It will appear that CKS isn't doing anything...it is, so just be patient!
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.