-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JordanR
-
-
Also would it be a good idea if i include my Event Viewer logs in here?
-
Ok well talk to you soon
-
Ok and i'm sorry if i'm wasting your time with this pirated stuff and not knowing all else I can do to get further help. I have tried multiple things but nothing and I have been trying to use skype so I could see my sick reletive before they pasted today but no prevail.
-
I have been listening to you this entire time. I don't know all the folders where .torrent is coming up so I mainly deleted the torrented downloads. I might need assistance with further removing P2P programs or anything affiliated with it. But with my knowledge all related content should be gone.
-
If I have to I will go deeper into this and delete any torrent related content.
-
I have removed utorrent from my laptop and when I did a search fr it in the files and it still shows uTorrent startup when I removed the program and then started the scan
-
Now once I removed uTorrent the taskbar now flcikers and I get a continues warning of explorer.exe application error
-
Ok the software is unstalled what now
-
Do I have to remove the software and re do a scan agian?
-
Here is the Scan
-
I kept getting a error when trying to post this log so i just attached it
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02Ran by Jordan at 2014-09-01 15:54:30Running from C:\Users\Jordan\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32081 - BitTorrent Inc.)Abacus UAV Predator for FSX (HKLM-x32\...\{5F1B0E61-396D-4E09-AC6B-04BD33284D3E}) (Version: 1.00.0000 - Abacus Software)Aerosoft's - F-16 Fighting Falcon (HKLM-x32\...\{A663BED9-978C-4A04-82A3-3029245055BE}) (Version: 1.00 - Aerosoft)Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Captain Sim C-130 All-in-One (HKLM-x32\...\{D872B593-5F17-4507-92A6-5F3C9655AF2A}) (Version: 1.1 - The Silverwingz)CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)CF-105 for FSX/Accel (HKLM-x32\...\CF-105 for FSX/Accel) (Version: - )Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.2.0.0226 - Disc Soft Ltd)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.2.1 - Synaptics Incorporated)Dell Update (HKLM-x32\...\{D9D0E75C-F791-402A-98E2-A2F43E7B0CE3}) (Version: 1.1.1054.0 - Dell Inc.)Diagnostics (HKLM-x32\...\Software Update11.041.44) (Version: 11.041.44 - Double Opt Media)DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) HiddenFlight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddeniCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)iExplorer 3.3.2.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.8.2414.748 - )Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)Intel® Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) HiddenIntel® Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) HiddeniTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)Just Flight Constellation Professional (HKLM-x32\...\{070B2AFF-E7F2-4085-83CD-5ED64A4C9CE5}) (Version: 1.00.000 - )JustFlight F-117 Nighthawk for FS9 and FSX (HKCU\...\JustFlight F-117 Nighthawk for FS9 and FSX) (Version: - )Kasumi Rebirth [uNCEN], âåðñèÿ 3.2.5 (HKLM-x32\...\{CCBB5E45-88C1-4721-98B2-7866422B05F2}_is1) (Version: 3.2.5 - )Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft Flight Simulator X (x32 Version: 10.0.61355.0 - Microsoft Game Studios) HiddenMicrosoft Flight Simulator X Service Pack 1 (x32 Version: 10.0.61355.0 - Microsoft Game Studios) HiddenMicrosoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) HiddenMicrosoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) HiddenMSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) HiddenPocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.005 - Dell Inc.)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)Stardock DeskScapes 8 (HKLM-x32\...\Stardock DeskScapes 8) (Version: 8.00 - Stardock Software, Inc.)There (HKLM-x32\...\There) (Version: - )TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) HiddenTuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) HiddenTurbo Booster for uTorrent (HKLM-x32\...\Turbo Booster for uTorrent) (Version: 4.7.0.0 - DownloadBoosters LLC)uTorrent Turbo Accelerator (HKLM-x32\...\uTorrent Turbo Accelerator) (Version: 3.8.0.0 - WebSpeeders LLC)Virtavia B-1B Lancer (HKLM-x32\...\{C82EB055-445B-47CF-B76B-2FED0D4A7329}) (Version: 1.0.0 - Virtavia Pty Ltd)Virtavia F-22A Raptor FSX & P3D (HKLM\...\{CBFE9686-0EA2-4887-B97E-767B8AD25136}) (Version: 1 - Virtavia)VRS F/A-18E Superbug X (HKLM-x32\...\{0F1F6144-F13A-433D-B66E-129C5E8D504B}_is1) (Version: 1.0.5.1 - Vertical Reality Simulations)Windows 8 Codec Pack 2.0.1 (HKLM-x32\...\Windows 8 - Codec Pack) (Version: 2.0.1 - Windows 8 Codec Pack)WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)Xtreme Prototypes X-15-2-3 VC for Flight Simulator (HKLM-x32\...\Xtreme Prototypes X-15-2-3 VC for Flight Simulator1.1) (Version: 1.1 - Xtreme Prototypes, Inc.)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-935466673-1756691942-2068257437-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)==================== Restore Points ============================================= Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B161361-13A5-40F1-A08F-0DF87E173947} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {0F6B994B-F36C-4AEE-977F-7A08E14655AB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {21199D4C-F9E7-4A63-8AFD-C469861365D8} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)Task: {379F4D38-B6FE-4D2C-89E2-795AF33111F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {3F1A154D-1834-4801-B395-1BF9D8DD8727} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-31] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {59E743E4-AA13-4140-B155-E2655E974068} - \AmiUpdXp No Task File <==== ATTENTIONTask: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6BDD40C1-B248-40AB-9AEA-BEF3C2FFE1DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {8FC4429E-91CC-47DA-9677-7562E780D5A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)Task: {94D1C73E-845E-4CB9-9FA1-170EEFDFC19C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)Task: {98292BAF-42C3-4FC1-9056-7EB1EE3B3C57} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A458EA11-E66F-40E7-812E-304AFE9BD64B} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()Task: {AA8010E3-2462-47B9-AB42-8CC9BBFD4BBC} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)Task: {B5D7E445-C4AD-4F8D-9E83-7D613AE6D6EA} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)Task: {BC85E1B7-52D5-4AF3-BBD2-B06349C715D9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-19] (Synaptics Incorporated)Task: {CBDA51B5-18F3-4C3F-BBAD-09E7E42FDD0E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D0BA805A-E7F2-4AFB-80E7-E17F98C33F14} - System32\Tasks\PocketCloudUpdater => C:\ProgramTask: {D352DA66-6B83-46D8-9915-8E7B856C5978} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {D828BC49-B57F-4951-9AF2-7C677582CC5E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {D91856EA-A2C7-48C5-81B5-B44C466C5B43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {DB6EFCBC-BE82-4EB2-A0F5-878DBAD8CB84} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()Task: {E41BF617-1199-4A17-B822-3B87322B25DA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {FDE1EBEC-EFDB-4FDE-A254-F1166DEBEC71} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2014-07-16 10:24 - 2014-07-16 10:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll2014-04-14 12:41 - 2014-04-14 12:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-08-12 14:34 - 2014-08-06 20:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll2014-08-12 14:34 - 2014-08-06 20:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll2014-08-12 14:34 - 2014-08-06 20:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll2014-08-12 14:34 - 2014-08-06 20:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll2014-08-12 14:34 - 2014-08-06 20:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll2014-08-12 14:34 - 2014-08-06 20:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\Users\Jordan\OneDrive:ms-properties==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33558019.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33558019.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\StartupFolder: => "TrayMenu.lnk"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "QuickTime Task"HKLM\...\StartupApproved\Run32: => "FAStartup"HKLM\...\StartupApproved\Run32: => "FATrayAlert"HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D35563CBE1D1A1436A67A5E5C259B9F5"HKCU\...\StartupApproved\Run: => "iCloudServices"HKCU\...\StartupApproved\Run: => "ApplePhotoStreams"HKCU\...\StartupApproved\Run: => "Diagnostics"HKCU\...\StartupApproved\Run: => "uTorrent"HKCU\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"HKCU\...\StartupApproved\Run: => "YfddPack"HKCU\...\StartupApproved\Run: => "UZDmedia"==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (09/01/2014 03:54:55 PM) (Source: VSS) (EventID: 12292) (User: )Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.].Operation:Obtain a callable interface for this providerList interfaces for all providers supporting this contextQuery Shadow CopiesContext:Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}Snapshot Context: 13Snapshot Context: 13Execution Context: CoordinatorError: (09/01/2014 03:54:55 PM) (Source: VSS) (EventID: 13) (User: )Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.]Operation:Obtain a callable interface for this providerList interfaces for all providers supporting this contextQuery Shadow CopiesContext:Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}Snapshot Context: 13Snapshot Context: 13Execution Context: CoordinatorError: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8727797Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8727797Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5438Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 5438Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (09/01/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4313Error: (09/01/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4313System errors:=============Error: (09/01/2014 02:48:40 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {209500FC-6B45-4693-8871-6296C4843751}Error: (09/01/2014 02:43:31 AM) (Source: DCOM) (EventID: 10010) (User: JORDANSPC)Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Error: (09/01/2014 02:43:31 AM) (Source: DCOM) (EventID: 10010) (User: JORDANSPC)Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Error: (09/01/2014 02:41:20 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 2:39:55 AM on 9/1/2014 was unexpected.Error: (08/31/2014 10:30:27 PM) (Source: DCOM) (EventID: 10010) (User: JORDANSPC)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaError: (08/31/2014 10:27:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Defender Network Inspection Service service failed to start due to the following error:%%577Error: (08/31/2014 10:27:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Defender Service service failed to start due to the following error:%%577Error: (08/31/2014 10:15:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:%%1056Error: (08/31/2014 10:15:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Defender Network Inspection Service service failed to start due to the following error:%%577Error: (08/31/2014 10:15:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Defender Service service failed to start due to the following error:%%577Microsoft Office Sessions:=========================Error: (09/01/2014 03:54:55 PM) (Source: VSS) (EventID: 12292) (User: )Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.Operation:Obtain a callable interface for this providerList interfaces for all providers supporting this contextQuery Shadow CopiesContext:Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}Snapshot Context: 13Snapshot Context: 13Execution Context: CoordinatorError: (09/01/2014 03:54:55 PM) (Source: VSS) (EventID: 13) (User: )Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.Operation:Obtain a callable interface for this providerList interfaces for all providers supporting this contextQuery Shadow CopiesContext:Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}Snapshot Context: 13Snapshot Context: 13Execution Context: CoordinatorError: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8727797Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8727797Error: (09/01/2014 03:21:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5438Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 5438Error: (09/01/2014 00:56:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (09/01/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4313Error: (09/01/2014 00:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4313CodeIntegrity Errors:===================================Date: 2014-08-31 22:27:41.283Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.Date: 2014-08-31 22:27:41.053Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2014-08-31 22:15:13.784Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.Date: 2014-08-31 22:15:12.871Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2014-08-31 18:52:45.345Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2014-08-31 18:52:44.943Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2014-08-31 18:52:44.754Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info ===========================Processor: Intel® Celeron® CPU N2830 @ 2.16GHzPercentage of memory in use: 61%Total physical RAM: 3979.2 MBAvailable physical RAM: 1522.04 MBTotal Pagefile: 4875.2 MBAvailable Pagefile: 2080.96 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.8 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:455.22 GB) (Free:263.56 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 917E9FD1)Partition: GPT Partition Type.==================== End Of Log ============================
-
I have downloaded countless virus and malware programs trying to solve my problem. Malwarebytes has helped massively it got rid of a werfault.exe and constant dllhost.exe error messages and removed so much infected files from my laptop but it hasn't fixed one problem and that's my taskbar keeps restarting. I have searched for hours trying to find a solution but no help. Also to add my system restore is affected and I get a error message when opening it. I am on windows 8 and I have no restore point or anything. sfc/scannow finds a error but can not fix it
I also keep receiving a notification from C:\Windows\explorer.exe from Malwarebytes
-
I also keep receiving a notification from C:\Windows\explorer.exe from Malwarebytes
-
I have downloaded countless virus and malware programs trying to solve my problem. Malwarebytes has helped massively it got rid of a werfault.exe and constant dllhost.exe error messages and removed so much infected files from my laptop but it hasn't fixed one problem and that's my taskbar keeps restarting. I have searched for hours trying to find a solution but no help. Also to add my system restore is affected and I get a error message when opening it. I am on windows 8 and I have no restore point or anything. sfc/scannow finds a error but can not fix it
Urgent Help
in Resolved Malware Removal Logs
Posted
OK there is the scan details. Oh and I mentioned the event viewer because it showed all the logs of the explorer.exe application error and where it was originating from. Oha and to add my task bar is no longer in working condition and I have to use task manager to do things and also since explorer.exe is effected anything that uses it won't stay opend
FRST_02-09-2014_10-27-55.txt
Addition_02-09-2014_10-41-12.txt