Jump to content

JordanR

Members
 View Profile  See their activity

  • Posts

    16

  • Joined

  • Last visited

 Content Type 

Posts posted by JordanR

    Urgent Help

    in Resolved Malware Removal Logs

    Posted

    Ok and i'm sorry if i'm wasting your time with this pirated stuff and not knowing all else I can do to get further help. I have tried multiple things but nothing and I have been trying to use skype so I could see my sick reletive before they pasted today but no prevail.

    Urgent Help

    in Resolved Malware Removal Logs

    Posted

    I have been listening to you this entire time. I don't know all the folders where .torrent is coming up so I mainly deleted the torrented downloads. I might need assistance with further removing P2P programs or anything affiliated with it. But with my knowledge all related content should be gone.  

    Urgent Help

    in Resolved Malware Removal Logs

    Posted

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02

    Ran by Jordan at 2014-09-01 15:54:30

    Running from C:\Users\Jordan\Downloads

    Boot Mode: Normal

    ==========================================================

     

     

    ==================== Security Center ========================

     

    (If an entry is included in the fixlist, it will be removed.)

     

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

     

    ==================== Installed Programs ======================

     

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

     

    µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32081 - BitTorrent Inc.)

    Abacus UAV Predator for FSX (HKLM-x32\...\{5F1B0E61-396D-4E09-AC6B-04BD33284D3E}) (Version: 1.00.0000 - Abacus Software)

    Aerosoft's - F-16 Fighting Falcon (HKLM-x32\...\{A663BED9-978C-4A04-82A3-3029245055BE}) (Version: 1.00 - Aerosoft)

    Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)

    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

    Captain Sim C-130 All-in-One (HKLM-x32\...\{D872B593-5F17-4507-92A6-5F3C9655AF2A}) (Version: 1.1 - The Silverwingz)

    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

    CF-105 for FSX/Accel (HKLM-x32\...\CF-105 for FSX/Accel) (Version:  - )

    Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)

    DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.2.0.0226 - Disc Soft Ltd)

    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)

    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)

    Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)

    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.2.1 - Synaptics Incorporated)

    Dell Update (HKLM-x32\...\{D9D0E75C-F791-402A-98E2-A2F43E7B0CE3}) (Version: 1.1.1054.0 - Dell Inc.)

    Diagnostics (HKLM-x32\...\Software Update11.041.44) (Version: 11.041.44 - Double Opt Media)

    DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden

    Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )

    Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

    iExplorer 3.3.2.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)

    iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.8.2414.748 - )

    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

    Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)

    Intel® Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden

    Intel® Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden

    iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)

    Just Flight Constellation Professional (HKLM-x32\...\{070B2AFF-E7F2-4085-83CD-5ED64A4C9CE5}) (Version: 1.00.000 - )

    JustFlight F-117 Nighthawk for FS9 and FSX (HKCU\...\JustFlight F-117 Nighthawk for FS9 and FSX) (Version:  - )

    Kasumi Rebirth [uNCEN], âåðñèÿ 3.2.5 (HKLM-x32\...\{CCBB5E45-88C1-4721-98B2-7866422B05F2}_is1) (Version: 3.2.5 - )

    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

    McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)

    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

    Microsoft Flight Simulator X (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden

    Microsoft Flight Simulator X Service Pack 1 (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden

    Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)

    Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden

    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

    My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)

    My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden

    PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)

    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.005 - Dell Inc.)

    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)

    Stardock DeskScapes 8 (HKLM-x32\...\Stardock DeskScapes 8) (Version: 8.00 - Stardock Software, Inc.)

    There (HKLM-x32\...\There) (Version:  - )

    TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden

    TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)

    TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden

    Turbo Booster for uTorrent (HKLM-x32\...\Turbo Booster for uTorrent) (Version: 4.7.0.0 - DownloadBoosters LLC)

    uTorrent Turbo Accelerator (HKLM-x32\...\uTorrent Turbo Accelerator) (Version: 3.8.0.0 - WebSpeeders LLC)

    Virtavia B-1B Lancer (HKLM-x32\...\{C82EB055-445B-47CF-B76B-2FED0D4A7329}) (Version: 1.0.0 - Virtavia Pty Ltd)

    Virtavia F-22A Raptor FSX & P3D (HKLM\...\{CBFE9686-0EA2-4887-B97E-767B8AD25136}) (Version: 1 - Virtavia)

    VRS F/A-18E Superbug X (HKLM-x32\...\{0F1F6144-F13A-433D-B66E-129C5E8D504B}_is1) (Version: 1.0.5.1 - Vertical Reality Simulations)

    Windows 8 Codec Pack 2.0.1 (HKLM-x32\...\Windows 8 - Codec Pack) (Version: 2.0.1 - Windows 8 Codec Pack)

    WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)

    Xtreme Prototypes X-15-2-3 VC for Flight Simulator (HKLM-x32\...\Xtreme Prototypes X-15-2-3 VC for Flight Simulator1.1) (Version: 1.1 - Xtreme Prototypes, Inc.)

     

    ==================== Custom CLSID (selected items): ==========================

     

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

     

    CustomCLSID: HKU\S-1-5-21-935466673-1756691942-2068257437-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

     

    ==================== Restore Points  =========================

     

     

    ==================== Hosts content: ==========================

     

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

     

    2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

     

    ==================== Scheduled Tasks (whitelisted) =============

     

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

     

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

    Task: {0B161361-13A5-40F1-A08F-0DF87E173947} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)

    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

    Task: {0F6B994B-F36C-4AEE-977F-7A08E14655AB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)

    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

    Task: {21199D4C-F9E7-4A63-8AFD-C469861365D8} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)

    Task: {379F4D38-B6FE-4D2C-89E2-795AF33111F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

    Task: {3F1A154D-1834-4801-B395-1BF9D8DD8727} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-31] (Microsoft Corporation)

    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

    Task: {59E743E4-AA13-4140-B155-E2655E974068} - \AmiUpdXp No Task File <==== ATTENTION

    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

    Task: {6BDD40C1-B248-40AB-9AEA-BEF3C2FFE1DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

    Task: {8FC4429E-91CC-47DA-9677-7562E780D5A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)

    Task: {94D1C73E-845E-4CB9-9FA1-170EEFDFC19C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)

    Task: {98292BAF-42C3-4FC1-9056-7EB1EE3B3C57} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

    Task: {A458EA11-E66F-40E7-812E-304AFE9BD64B} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()

    Task: {AA8010E3-2462-47B9-AB42-8CC9BBFD4BBC} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)

    Task: {B5D7E445-C4AD-4F8D-9E83-7D613AE6D6EA} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)

    Task: {BC85E1B7-52D5-4AF3-BBD2-B06349C715D9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-19] (Synaptics Incorporated)

    Task: {CBDA51B5-18F3-4C3F-BBAD-09E7E42FDD0E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)

    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

    Task: {D0BA805A-E7F2-4AFB-80E7-E17F98C33F14} - System32\Tasks\PocketCloudUpdater => C:\Program

    Task: {D352DA66-6B83-46D8-9915-8E7B856C5978} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

    Task: {D828BC49-B57F-4951-9AF2-7C677582CC5E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)

    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

    Task: {D91856EA-A2C7-48C5-81B5-B44C466C5B43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

    Task: {DB6EFCBC-BE82-4EB2-A0F5-878DBAD8CB84} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()

    Task: {E41BF617-1199-4A17-B822-3B87322B25DA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

    Task: {FDE1EBEC-EFDB-4FDE-A254-F1166DEBEC71} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

     

    ==================== Loaded Modules (whitelisted) =============

     

    2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll

    2014-04-14 12:41 - 2014-04-14 12:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll

    2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

    2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    2014-08-12 14:34 - 2014-08-06 20:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll

    2014-08-12 14:34 - 2014-08-06 20:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll

    2014-08-12 14:34 - 2014-08-06 20:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll

    2014-08-12 14:34 - 2014-08-06 20:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll

    2014-08-12 14:34 - 2014-08-06 20:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

    2014-08-12 14:34 - 2014-08-06 20:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

     

    ==================== Alternate Data Streams (whitelisted) =========

     

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

     

    AlternateDataStreams: C:\Users\Jordan\OneDrive:ms-properties

     

    ==================== Safe Mode (whitelisted) ===================

     

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

     

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33558019.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33558019.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

     

    ==================== EXE Association (whitelisted) =============

     

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

     

     

    ==================== MSCONFIG/TASK MANAGER disabled items =========

     

    (Currently there is no automatic fix for this section.)

     

    HKLM\...\StartupApproved\StartupFolder: => "TrayMenu.lnk"

    HKLM\...\StartupApproved\Run32: => "iTunesHelper"

    HKLM\...\StartupApproved\Run32: => "QuickTime Task"

    HKLM\...\StartupApproved\Run32: => "FAStartup"

    HKLM\...\StartupApproved\Run32: => "FATrayAlert"

    HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D35563CBE1D1A1436A67A5E5C259B9F5"

    HKCU\...\StartupApproved\Run: => "iCloudServices"

    HKCU\...\StartupApproved\Run: => "ApplePhotoStreams"

    HKCU\...\StartupApproved\Run: => "Diagnostics"

    HKCU\...\StartupApproved\Run: => "uTorrent"

    HKCU\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"

    HKCU\...\StartupApproved\Run: => "YfddPack"

    HKCU\...\StartupApproved\Run: => "UZDmedia"

     

    ==================== Faulty Device Manager Devices =============

     

     

    ==================== Event log errors: =========================

     

    Application errors:

    ==================

    Error: (09/01/2014 03:54:55 PM) (Source: VSS) (EventID: 12292) (User: )

    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    ].

     

     

    Operation:

       Obtain a callable interface for this provider

       List interfaces for all providers supporting this context

       Query Shadow Copies

     

    Context:

       Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

       Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

       Snapshot Context: 13

       Snapshot Context: 13

       Execution Context: Coordinator

     

    Error: (09/01/2014 03:54:55 PM) (Source: VSS) (EventID: 13) (User: )

    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    ]

     

     

    Operation:

       Obtain a callable interface for this provider

       List interfaces for all providers supporting this context

       Query Shadow Copies

     

    Context:

       Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

       Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

       Snapshot Context: 13

       Snapshot Context: 13

       Execution Context: Coordinator

     

    Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledSPRetry 8727797

     

    Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledEvent 8727797

     

    Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: Continuously busy for more than a second

     

    Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledSPRetry 5438

     

    Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledEvent 5438

     

    Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: Continuously busy for more than a second

     

    Error: (09/01/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledSPRetry 4313

     

    Error: (09/01/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledEvent 4313

     

     

    System errors:

    =============

    Error: (09/01/2014 02:48:40 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

    Description: {209500FC-6B45-4693-8871-6296C4843751}

     

    Error: (09/01/2014 02:43:31 AM) (Source: DCOM) (EventID: 10010) (User: JORDANSPC)

    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

     

    Error: (09/01/2014 02:43:31 AM) (Source: DCOM) (EventID: 10010) (User: JORDANSPC)

    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

     

    Error: (09/01/2014 02:41:20 AM) (Source: EventLog) (EventID: 6008) (User: )

    Description: The previous system shutdown at 2:39:55 AM on ‎9/‎1/‎2014 was unexpected.

     

    Error: (08/31/2014 10:30:27 PM) (Source: DCOM) (EventID: 10010) (User: JORDANSPC)

    Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

     

    Error: (08/31/2014 10:27:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

    Description: The Windows Defender Network Inspection Service service failed to start due to the following error: 

    %%577

     

    Error: (08/31/2014 10:27:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

    Description: The Windows Defender Service service failed to start due to the following error: 

    %%577

     

    Error: (08/31/2014 10:15:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 

    %%1056

     

    Error: (08/31/2014 10:15:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

    Description: The Windows Defender Network Inspection Service service failed to start due to the following error: 

    %%577

     

    Error: (08/31/2014 10:15:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

    Description: The Windows Defender Service service failed to start due to the following error: 

    %%577

     

     

    Microsoft Office Sessions:

    =========================

    Error: (09/01/2014 03:54:55 PM) (Source: VSS) (EventID: 12292) (User: )

    Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

     

     

    Operation:

       Obtain a callable interface for this provider

       List interfaces for all providers supporting this context

       Query Shadow Copies

     

    Context:

       Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

       Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

       Snapshot Context: 13

       Snapshot Context: 13

       Execution Context: Coordinator

     

    Error: (09/01/2014 03:54:55 PM) (Source: VSS) (EventID: 13) (User: )

    Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

     

     

    Operation:

       Obtain a callable interface for this provider

       List interfaces for all providers supporting this context

       Query Shadow Copies

     

    Context:

       Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

       Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}

       Snapshot Context: 13

       Snapshot Context: 13

       Execution Context: Coordinator

     

    Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledSPRetry 8727797

     

    Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledEvent 8727797

     

    Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: Continuously busy for more than a second

     

    Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledSPRetry 5438

     

    Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledEvent 5438

     

    Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: Continuously busy for more than a second

     

    Error: (09/01/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledSPRetry 4313

     

    Error: (09/01/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledEvent 4313

     

     

    CodeIntegrity Errors:

    ===================================

      Date: 2014-08-31 22:27:41.283

      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

     

      Date: 2014-08-31 22:27:41.053

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2014-08-31 22:15:13.784

      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

     

      Date: 2014-08-31 22:15:12.871

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2014-08-31 18:52:45.345

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2014-08-31 18:52:44.943

      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

     

      Date: 2014-08-31 18:52:44.754

      Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

     

     

    ==================== Memory info =========================== 

     

    Processor: Intel® Celeron® CPU N2830 @ 2.16GHz

    Percentage of memory in use: 61%

    Total physical RAM: 3979.2 MB

    Available physical RAM: 1522.04 MB

    Total Pagefile: 4875.2 MB

    Available Pagefile: 2080.96 MB

    Total Virtual: 131072 MB

    Available Virtual: 131071.8 MB

     

    ==================== Drives ================================

     

    Drive c: (OS) (Fixed) (Total:455.22 GB) (Free:263.56 GB) NTFS

     

    ==================== MBR & Partition Table ==================

     

    ========================================================

    Disk: 0 (Size: 465.8 GB) (Disk ID: 917E9FD1)

     

    Partition: GPT Partition Type.

     

    ==================== End Of Log ============================

    Urgent Help

    in Resolved Malware Removal Logs

    Posted

    I have downloaded countless virus and malware programs trying to solve my problem. Malwarebytes has helped massively it got rid of a werfault.exe and constant dllhost.exe error messages and removed so much infected files from my laptop but it hasn't fixed one problem and that's my taskbar keeps restarting. I have searched for hours trying to find a solution but no help. Also to add my system restore is affected and I get a error message when opening it. I am on windows 8 and I have no restore point or anything. sfc/scannow finds a error but can not fix it

    I also keep receiving a notification from C:\Windows\explorer.exe from Malwarebytes

    Urgent Help

    in Malwarebytes for Windows Support Forum

    Posted

    I have downloaded countless virus and malware programs trying to solve my problem. Malwarebytes has helped massively it got rid of a werfault.exe and constant dllhost.exe error messages and removed so much infected files from my laptop but it hasn't fixed one problem and that's my taskbar keeps restarting. I have searched for hours trying to find a solution but no help. Also to add my system restore is affected and I get a error message when opening it. I am on windows 8 and I have no restore point or anything. sfc/scannow finds a error but can not fix it

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.