Jump to content

Spkelly9807

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. After multiple attempts at cleaning a viscious infection I ended up completely wiping 2 PC's and getting a new router. I am now just starting to get my laptop back, up to date & online. I see no problems yet, but I am very reluctant to open a web browser just yet. I paid and registered MBAM Premium & Anti-Exploit Premium and opted to receive the disk as wwell, but during my previous nightmare I was trying to run MBAM from the disk and was unable to (I was able to just fine prior to becoming infected). Now that I'm up and running again I would like to intall MBAM from the disk, but before I do I wanted to know if a disk could be infected? Or am I in the clear and paranoid? THANK YOU!
  2. FARBAR SCAN SEEMED CORRUPTED! The program after like 20 seconds FARBAR started running some whitelisting of files it had JUST scanned. I found the previous post AFTER this following log, but I'm not sure the exact order they were created in. I noticed something about a CD DRIVE ERROR and I think that was when I decided to try my MBAM Premium CD that I had shipped to me when I purchased MBAM Premium. I knew something was wrong, but my current MBAM wasn't detecting anything so I thought the CD would be a clean install, but as soon as I put it in it sounded like something was being written to the CD and wouldn't let me eject for a good 30 seconds. UPDATE: My BRAND NEW Samsung Galaxy is being flooded with apps and updates I did not install! Called AT&T they directed me to Samsung, but I was talking on the infected device so I need to call back, however when speaking on the phone I heard lots of beeps and clicks. After I hung up the device started turning itself on and trying to back itself up? MBAM Mobile NOT detecting anything, multiple more issues with phone too many to list, took battery out! NOTE: I have a suspicion this is ALL related to my EPSON PRINTER. As I just remembered today trying to link my printer at dinner to print a coloring page for my son FROM MY PHONE, noticed my phone was affected only a few hours proceeding that. HERE IS THE OTHER LOG: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014Ran by AidanShay at 2014-12-05 23:54:17Running from C:\Users\AidanShay\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.)AMD Catalyst Install Manager (HKLM\...\{E3A51D8F-668B-4D7B-8CF5-99D00F89A4A5}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenCradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenCyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) HiddeneBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)EPSON NX230 Series Printer Uninstall (HKLM\...\EPSON NX230 Series) (Version: - SEIKO EPSON Corporation)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Gateway Incorporated)Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenHotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3004 - Gateway Incorporated)Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenLive Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3007 - Gateway Incorporated)Malwarebytes Anti-Exploit version 1.05.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1015 - Malwarebytes)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) HiddenNero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) HiddenPeggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPrerequisite installer (x32 Version: 12.0.0003 - Nero AG) HiddenRealtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) HiddenThe Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) HiddenUpdate Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 29-11-2014 14:29:14 Installed Epson Event Manager ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {45B3F896-B39D-4835-9413-9CB455F93D52} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)Task: {5A1750FF-10B1-4D67-9A8D-6C0589736E41} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] ()Task: {63ADF1BF-E874-481F-869F-F820BF446D77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)Task: {653D49F0-4B3A-46F4-9DEC-239620857C0A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {72CD519D-BC93-4265-B1A6-E2047EC7FDE6} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated)Task: {9354155D-C1C2-4929-A73B-69BF3DDCC128} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)Task: {A45666DE-DBAD-4955-9D58-40DFB899130B} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-01-22] ()Task: {B11C7EDB-684B-42E1-BB9E-6BC43BDF4D00} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)Task: {D0C81157-C88C-4D4A-98E3-70B6DA53412F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {FA38795D-3C4D-4AA2-8C04-61FEB10C9440} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-31] (Microsoft Corporation)Task: {FDC1295C-ECA0-4F44-846C-AE076C6EDCC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-21 21:51 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll2014-11-21 21:51 - 2012-05-30 01:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\wincfi39.dll2014-11-28 16:06 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll2014-11-28 16:06 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll2014-11-28 16:06 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll2014-11-28 16:06 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\AidanShay\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\spkel_000\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\spkel_000\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Acer Remote.lnk"HKLM\...\StartupApproved\Run: => "RTHDVCPL"HKLM\...\StartupApproved\Run32: => "StartCCC"HKLM\...\StartupApproved\Run32: => "Norton Online Backup" ========================= Accounts: ========================== Administrator (S-1-5-21-3300970216-1685074447-3049651628-500 - Administrator - Disabled) => C:\Users\AdministratorAidanShay (S-1-5-21-3300970216-1685074447-3049651628-1001 - Administrator - Enabled) => C:\Users\AidanShayGuest (S-1-5-21-3300970216-1685074447-3049651628-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3300970216-1685074447-3049651628-1003 - Limited - Enabled)spkel_000 (S-1-5-21-3300970216-1685074447-3049651628-1005 - Administrator - Enabled) => C:\Users\spkel_000 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (12/05/2014 06:40:38 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: spoolsv.exe, version: 6.3.9600.17415, time stamp: 0x54503ab3Faulting module name: wsdapi.dll, version: 6.3.9600.17415, time stamp: 0x54503db2Exception code: 0xc0000005Fault offset: 0x0000000000023d68Faulting process id: 0x4ccFaulting application start time: 0xspoolsv.exe0Faulting application path: spoolsv.exe1Faulting module path: spoolsv.exe2Report Id: spoolsv.exe3Faulting package full name: spoolsv.exe4Faulting package-relative application ID: spoolsv.exe5 Error: (12/05/2014 01:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9Faulting module name: ccSet.dll_unloaded, version: 12.3.3.2, time stamp: 0x519abdb0Exception code: 0xc0000005Fault offset: 0x0000b88eFaulting process id: 0x1ecFaulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Faulting package full name: IEXPLORE.EXE4Faulting package-relative application ID: IEXPLORE.EXE5 Error: (12/05/2014 01:50:44 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x5452fe91Faulting module name: mbae64.dll_unloaded, version: 1.4.1.1012, time stamp: 0x53fc7450Exception code: 0xc0000005Fault offset: 0x0000000000005bb6Faulting process id: 0x1bd4Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3Faulting package full name: iexplore.exe4Faulting package-relative application ID: iexplore.exe5 Error: (12/05/2014 01:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider database Error: (12/04/2014 11:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0dException code: 0xc0000374Fault offset: 0x000e5be4Faulting process id: 0x7ecFaulting application start time: 0xchrome.exe0Faulting application path: chrome.exe1Faulting module path: chrome.exe2Report Id: chrome.exe3Faulting package full name: chrome.exe4Faulting package-relative application ID: chrome.exe5 Error: (11/29/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0dException code: 0xc0000374Fault offset: 0x000e5be4Faulting process id: 0x1678Faulting application start time: 0xchrome.exe0Faulting application path: chrome.exe1Faulting module path: chrome.exe2Report Id: chrome.exe3Faulting package full name: chrome.exe4Faulting package-relative application ID: chrome.exe5 Error: (11/28/2014 11:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0dException code: 0xc0000374Fault offset: 0x000e5be4Faulting process id: 0xbe8Faulting application start time: 0xchrome.exe0Faulting application path: chrome.exe1Faulting module path: chrome.exe2Report Id: chrome.exe3Faulting package full name: chrome.exe4Faulting package-relative application ID: chrome.exe5 Error: (11/28/2014 05:09:54 PM) (Source: ESENT) (EventID: 215) (User: )Description: WinMail (3344) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (11/27/2014 10:24:36 AM) (Source: Application Error) (EventID: 1005) (User: )Description: Windows cannot access the file for one of the following reasons:there is a problem with the network connection, the disk that the file is stored on, or the storagedrivers installed on this computer; or the disk is missing.Windows closed the program setup.exe because of this error. Program: setup.exeFile: The error value is listed in the Additional Data section.User Action1. Open the file again.This situation might be a temporary problem that corrects itself when the program runs again.2.If the file still cannot be accessed and- It is on the network,your network administrator should verify that there is not a problem with the network and that the server can be contacted.- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.4. If the problem persists, restore the file from a backup copy.5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor forfurther assistance. Additional DataError value: C0000012Disk type: 0 Error: (11/27/2014 10:24:25 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x5345a487Faulting module name: setup.exe, version: 0.0.0.0, time stamp: 0x5345a487Exception code: 0xc0000006Fault offset: 0x00019380Faulting process id: 0x87cFaulting application start time: 0xsetup.exe_unknown0Faulting application path: setup.exe_unknown1Faulting module path: setup.exe_unknown2Report Id: setup.exe_unknown3Faulting package full name: setup.exe_unknown4Faulting package-relative application ID: setup.exe_unknown5 System errors:=============Error: (12/05/2014 07:12:38 PM) (Source: DCOM) (EventID: 10010) (User: kellys)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/05/2014 07:11:46 PM) (Source: DCOM) (EventID: 10010) (User: kellys)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/05/2014 06:47:19 AM) (Source: DCOM) (EventID: 10010) (User: kellys)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/05/2014 06:46:49 AM) (Source: DCOM) (EventID: 10010) (User: kellys)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/05/2014 06:40:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (12/04/2014 11:50:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105. Error: (12/04/2014 06:28:32 AM) (Source: DCOM) (EventID: 10010) (User: kellys)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/04/2014 06:28:00 AM) (Source: DCOM) (EventID: 10010) (User: kellys)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/04/2014 06:15:03 AM) (Source: DCOM) (EventID: 10010) (User: kellys)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/04/2014 06:14:32 AM) (Source: DCOM) (EventID: 10010) (User: kellys)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office Sessions:=========================Error: (12/05/2014 06:40:38 AM) (Source: Application Error) (EventID: 1000) (User: )Description: spoolsv.exe6.3.9600.1741554503ab3wsdapi.dll6.3.9600.1741554503db2c00000050000000000023d684cc01d00b57b2c20bdeC:\WINDOWS\System32\spoolsv.exeC:\WINDOWS\System32\wsdapi.dll87dfe21d-7c73-11e4-be79-7427ea5eccb3 Error: (12/05/2014 01:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.174165452eed9ccSet.dll_unloaded12.3.3.2519abdb0c00000050000b88e1ec01d01050214b6e78C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEccSet.dll394b424f-7c4b-11e4-be79-7427ea5eccb3 Error: (12/05/2014 01:50:44 AM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.174165452fe91mbae64.dll_unloaded1.4.1.101253fc7450c00000050000000000005bb61bd401d0104894b369f3C:\Program Files\Internet Explorer\iexplore.exembae64.dll083d50a6-7c4b-11e4-be79-7427ea5eccb3 Error: (12/05/2014 01:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: -2147024883 Error: (12/04/2014 11:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be47ec01d00fa4043eb8d4C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll0c519df0-7c39-11e4-be79-7427ea5eccb3 Error: (11/29/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be4167801d00bddc312dfa9C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll797484bd-781a-11e4-be79-7427ea5eccb3 Error: (11/28/2014 11:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be4be801d00b603bbf1019C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll068fa607-7780-11e4-be79-7427ea5eccb3 Error: (11/28/2014 05:09:54 PM) (Source: ESENT) (EventID: 215) (User: )Description: WinMail3344WindowsMail0: Error: (11/27/2014 10:24:36 AM) (Source: Application Error) (EventID: 1005) (User: )Description: setup.exeC00000120 Error: (11/27/2014 10:24:25 AM) (Source: Application Error) (EventID: 1000) (User: )Description: setup.exe_unknown0.0.0.05345a487setup.exe0.0.0.05345a487c00000060001938087c01d009e3ca2f9be5E:\setup.exeE:\setup.exe77b8fc83-7649-11e4-be78-7427ea5eccb3 ==================== Memory info =========================== Processor: AMD E1-1500 APU with Radeon HD GraphicsPercentage of memory in use: 37%Total physical RAM: 5849.82 MBAvailable physical RAM: 3649.91 MBTotal Pagefile: 11737.82 MBAvailable Pagefile: 7777.22 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:448.43 GB) (Free:398.28 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: E413E857) Partition: GPT Partition Type. ==================== End Of Log ============================
  3. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014 Ran by AidanShay at 2014-12-05 23:54:17 Running from C:\Users\AidanShay\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.) AMD Catalyst Install Manager (HKLM\...\{E3A51D8F-668B-4D7B-8CF5-99D00F89A4A5}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.) Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - ) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION) EPSON NX230 Series Printer Uninstall (HKLM\...\EPSON NX230 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Gateway Incorporated) Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3004 - Gateway Incorporated) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3007 - Gateway Incorporated) Malwarebytes Anti-Exploit version 1.05.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1015 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 29-11-2014 14:29:14 Installed Epson Event Manager ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {45B3F896-B39D-4835-9413-9CB455F93D52} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated) Task: {5A1750FF-10B1-4D67-9A8D-6C0589736E41} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {63ADF1BF-E874-481F-869F-F820BF446D77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.) Task: {653D49F0-4B3A-46F4-9DEC-239620857C0A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {72CD519D-BC93-4265-B1A6-E2047EC7FDE6} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated) Task: {9354155D-C1C2-4929-A73B-69BF3DDCC128} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation) Task: {A45666DE-DBAD-4955-9D58-40DFB899130B} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-01-22] () Task: {B11C7EDB-684B-42E1-BB9E-6BC43BDF4D00} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink) Task: {D0C81157-C88C-4D4A-98E3-70B6DA53412F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {FA38795D-3C4D-4AA2-8C04-61FEB10C9440} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-31] (Microsoft Corporation) Task: {FDC1295C-ECA0-4F44-846C-AE076C6EDCC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-21 21:51 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll 2014-11-21 21:51 - 2012-05-30 01:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\wincfi39.dll 2014-11-28 16:06 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll 2014-11-28 16:06 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll 2014-11-28 16:06 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll 2014-11-28 16:06 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\AidanShay\SkyDrive:ms-properties AlternateDataStreams: C:\Users\spkel_000\OneDrive:ms-properties AlternateDataStreams: C:\Users\spkel_000\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Acer Remote.lnk" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "Norton Online Backup" ========================= Accounts: ========================== Administrator (S-1-5-21-3300970216-1685074447-3049651628-500 - Administrator - Disabled) => C:\Users\Administrator AidanShay (S-1-5-21-3300970216-1685074447-3049651628-1001 - Administrator - Enabled) => C:\Users\AidanShay Guest (S-1-5-21-3300970216-1685074447-3049651628-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3300970216-1685074447-3049651628-1003 - Limited - Enabled) spkel_000 (S-1-5-21-3300970216-1685074447-3049651628-1005 - Administrator - Enabled) => C:\Users\spkel_000 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/05/2014 06:40:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: spoolsv.exe, version: 6.3.9600.17415, time stamp: 0x54503ab3 Faulting module name: wsdapi.dll, version: 6.3.9600.17415, time stamp: 0x54503db2 Exception code: 0xc0000005 Fault offset: 0x0000000000023d68 Faulting process id: 0x4cc Faulting application start time: 0xspoolsv.exe0 Faulting application path: spoolsv.exe1 Faulting module path: spoolsv.exe2 Report Id: spoolsv.exe3 Faulting package full name: spoolsv.exe4 Faulting package-relative application ID: spoolsv.exe5 Error: (12/05/2014 01:52:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9 Faulting module name: ccSet.dll_unloaded, version: 12.3.3.2, time stamp: 0x519abdb0 Exception code: 0xc0000005 Fault offset: 0x0000b88e Faulting process id: 0x1ec Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Faulting package full name: IEXPLORE.EXE4 Faulting package-relative application ID: IEXPLORE.EXE5 Error: (12/05/2014 01:50:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x5452fe91 Faulting module name: mbae64.dll_unloaded, version: 1.4.1.1012, time stamp: 0x53fc7450 Exception code: 0xc0000005 Fault offset: 0x0000000000005bb6 Faulting process id: 0x1bd4 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (12/05/2014 01:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (12/04/2014 11:41:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7 Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d Exception code: 0xc0000374 Fault offset: 0x000e5be4 Faulting process id: 0x7ec Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Faulting package full name: chrome.exe4 Faulting package-relative application ID: chrome.exe5 Error: (11/29/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7 Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d Exception code: 0xc0000374 Fault offset: 0x000e5be4 Faulting process id: 0x1678 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Faulting package full name: chrome.exe4 Faulting package-relative application ID: chrome.exe5 Error: (11/28/2014 11:27:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7 Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d Exception code: 0xc0000374 Fault offset: 0x000e5be4 Faulting process id: 0xbe8 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Faulting package full name: chrome.exe4 Faulting package-relative application ID: chrome.exe5 Error: (11/28/2014 05:09:54 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (3344) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (11/27/2014 10:24:36 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program setup.exe because of this error. Program: setup.exe File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000012 Disk type: 0 Error: (11/27/2014 10:24:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x5345a487 Faulting module name: setup.exe, version: 0.0.0.0, time stamp: 0x5345a487 Exception code: 0xc0000006 Fault offset: 0x00019380 Faulting process id: 0x87c Faulting application start time: 0xsetup.exe_unknown0 Faulting application path: setup.exe_unknown1 Faulting module path: setup.exe_unknown2 Report Id: setup.exe_unknown3 Faulting package full name: setup.exe_unknown4 Faulting package-relative application ID: setup.exe_unknown5 System errors: ============= Error: (12/05/2014 07:12:38 PM) (Source: DCOM) (EventID: 10010) (User: kellys) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/05/2014 07:11:46 PM) (Source: DCOM) (EventID: 10010) (User: kellys) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/05/2014 06:47:19 AM) (Source: DCOM) (EventID: 10010) (User: kellys) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/05/2014 06:46:49 AM) (Source: DCOM) (EventID: 10010) (User: kellys) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/05/2014 06:40:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (12/04/2014 11:50:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105. Error: (12/04/2014 06:28:32 AM) (Source: DCOM) (EventID: 10010) (User: kellys) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/04/2014 06:28:00 AM) (Source: DCOM) (EventID: 10010) (User: kellys) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/04/2014 06:15:03 AM) (Source: DCOM) (EventID: 10010) (User: kellys) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/04/2014 06:14:32 AM) (Source: DCOM) (EventID: 10010) (User: kellys) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office Sessions: ========================= Error: (12/05/2014 06:40:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: spoolsv.exe6.3.9600.1741554503ab3wsdapi.dll6.3.9600.1741554503db2c00000050000000000023d684cc01d00b57b2c20bdeC:\WINDOWS\System32\spoolsv.exeC:\WINDOWS\System32\wsdapi.dll87dfe21d-7c73-11e4-be79-7427ea5eccb3 Error: (12/05/2014 01:52:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.174165452eed9ccSet.dll_unloaded12.3.3.2519abdb0c00000050000b88e1ec01d01050214b6e78C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEccSet.dll394b424f-7c4b-11e4-be79-7427ea5eccb3 Error: (12/05/2014 01:50:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.174165452fe91mbae64.dll_unloaded1.4.1.101253fc7450c00000050000000000005bb61bd401d0104894b369f3C:\Program Files\Internet Explorer\iexplore.exembae64.dll083d50a6-7c4b-11e4-be79-7427ea5eccb3 Error: (12/05/2014 01:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 Error: (12/04/2014 11:41:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be47ec01d00fa4043eb8d4C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll0c519df0-7c39-11e4-be79-7427ea5eccb3 Error: (11/29/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be4167801d00bddc312dfa9C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll797484bd-781a-11e4-be79-7427ea5eccb3 Error: (11/28/2014 11:27:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be4be801d00b603bbf1019C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll068fa607-7780-11e4-be79-7427ea5eccb3 Error: (11/28/2014 05:09:54 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail3344WindowsMail0: Error: (11/27/2014 10:24:36 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: setup.exeC00000120 Error: (11/27/2014 10:24:25 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: setup.exe_unknown0.0.0.05345a487setup.exe0.0.0.05345a487c00000060001938087c01d009e3ca2f9be5E:\setup.exeE:\setup.exe77b8fc83-7649-11e4-be78-7427ea5eccb3 ==================== Memory info =========================== Processor: AMD E1-1500 APU with Radeon HD Graphics Percentage of memory in use: 37% Total physical RAM: 5849.82 MB Available physical RAM: 3649.91 MB Total Pagefile: 11737.82 MB Available Pagefile: 7777.22 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:448.43 GB) (Free:398.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: E413E857) Partition: GPT Partition Type. ==================== End Of Log ============================
  4. I APOLOGIZE: THIS IS A LONG WINDED SYNOPSIS, but I need some kind of advice before I absolutely lose it! Everything I seem to do is somehow blocked, hidden, corrupted, etc (INCLUDING MBAM Premium and MBAE Premium & MBAR!) by this - virus? /malware? /identity theft?/ CYBER TERRORISM?? I don't know. THANK YOU to ANYONE who can steer me in the right direction. I have always been careful online and never thought Cyber Terrorism could ever happen to me, but the past few months have been a living hell and the stress level in my family is absolutely overwhelming all due to this hidden digital horror and I NEED my life back! Sorry for the introduction, but I am desperate here. Anyway, a little over two months ago I discovered some kind of virus on my computer, a very visible, lost administrative access, etc. At that time I was only secured by my ISP "Comcasts Norton 360." I contacted them immediately and they remotely went into my computer and just deleted a bunch of files and God knows what else they did (apparently Symantec has a special "department" for Comcast Norton customers?!?). Not less than a day after I'm noticing all kinds of stuff again. So, I called the local "PC Repair Man" whom I've now come to believe is a joke, and he did his thing installing some Spyware Program from a USB stick, claimed everything was all fixed and left me with the $120 bill. I went on vacation for 2 weeks and came back to ALL KINDS of problems and on my Laptop AND my desktop!.. Programs I didn't install, updates from Microsoft that were years old, revoked administrative access, webpage redirecting, running in 32bit instead of my 8.1 64bit, EVERYTHING! So, in a panic I did the Windows 8.1 "Refresh" of both desktop and laptop. Called Comcast Norton again, they come on my Laptop this time and see I "wiped" (refreshed) everything, so they just run Norton Power Eraser for good measure, of course it comes up clean. BUT, just to be sure I was totally in the clear I had doofus "reapair" guy over again and there goes another $120 just to say I fixed it myself.... Things seemed fine for a week or so and I started doing lots of research on the hacking culture. I bought MBAM Premium and MBAE Premium and decided to change my ISP to Verizon Fios. THE DAY AFTER Verizon internet was installed I again became locked out of key features and some even simple ones of my computer. I kept being redirected, kicked out of my accounts out of nowhere, my Microsoft account was stolen and I had to jump through hoops to recover it by phone. But what is REALLY weird, as well as beyond frustrating is that this thing starts spreading across EVERY device in my name. Two tablets, my two computers and MY PHONE! I had an LG and it was showing it connecting with other LG's and turning on and off, battery draining, and ALL my devices are constantly working their butt off at something! CPU and RAM usage so high, it was rendering them useless. So, here I stand. I can no longer try to keep chasing this down and self diagnosing. My $3K Laptop lies without it's battery attached for 2 weeks, I broke down and got a brand new phone and my Nook HD tablets have been wiped twice and still CM Security continues to list virus after virus attached to them, so they're permanently off for now. So, all I have am using now is my desktop. I did a system restore on it (although I was only allowed to go a few weeks back), about a week ago - this then activated a free trial of Norton Antivirus, NOT the Comcast one. I run MBAM Premium and Norton scans daily. MBAE Premium is always on screen, yet my computer is STILL as slow as molasses and I get warnings and crash reports from Google Chrome and IE 11 every time I use them. I can't even run a few small computer games for my 5 year old, they just slow to a freeze. I am terrified to even put the battery back in my laptop. Before this whole nightmare, my desktop was running heavy photo software along with large 'Minecraft" worlds (all closed games, just my son and I) at lighting speed! So, I believe there are some serious lingering Rootkits and/or Backdoors somewhere deep in the system. And clearly all my attempts at wiping them with "refreshes" does nothing but leave them undetectable by antivirus and anti malware software so they are just patiently waiting again for that one accidental click to open the flood gates once again. I'm sorry I wrote an essay and if you got this far you are awesome! I need some kind of sound advice, anything from anyone with true knowledge on how to see into the depths of my computer and clean it up and keep it that way. Thanks again. Everyone at Malwarebytes is a true hero. I will be checking for any responses continuously throughout the night and days. Sincerely, Stephen
  5. I have always been careful online and never thought Cyber Terrorism could ever happen to me, but the past few months have been a living hell and the stress level in my family is absolutely overwhelming all due to this hidden digital horror and I NEED my life back! Sorry for the introduction, but I am desperate here. Anyway, a little over two months ago I had some kind of virus on my computer, a very visible, lost administrative access, etc. At that time I was only secured by my ISP "Comcasts Norton 360." I contacted them immediately and they remotely went into my computer and just deleted a bunch of files and God knows what else they did (apparently Symantec has a special "department" for Comcast Norton customers?!?). Not less than a day after I'm noticing all kinds of stuff again. So, I called the local "PC Repair Man" whom I've now come to believe is a joke, and he did his thing installing some Spyware Program from a USB stick, claimed everything was all fixed and left me with the $120 bill. I went on vacation for 2 weeks and came back to ALL KINDS of problems and on my Laptop AND my desktop!.. Programs I didn't install, updates from Microsoft that were years old, revoked administrative access, webpage redirecting, running in 32bit instead of my 8.1 64bit, EVERYTHING! So, in a panic I did the Windows 8.1 "Refresh" of both desktop and laptop. Called Comcast Norton again, they come on my Laptop this time and see I "wiped" (refreshed) everything, so they just run Norton Power Eraser for good measure, of course it comes up clean. BUT, just to be sure I was totally in the clear I had doofus "reapair" guy out and there goes another $120 to say I fixed it myself.... Things seemed fine for a week or so and I started doing lots of research on the hacking culture. I bought MBAM Premium and MBAE Premium and decided to change my ISP to Verizon Fios. THE DAY AFTER Verizon internet was installed I again became locked out of key features and some even simple ones of my computer. I kept being redirected, kicked out of my accounts out of nowhere, my Microsoft account was stolen and I had to jump through hoops to recover it by phone. But what is REALLY weird, as well as beyond frustrating is that this thing starts spreading across EVERY device in my name. Two tablets, my two computers and MY PHONE! I had an LG and it was showing it connecting with other LG's and turning on and off, battery draining, and ALL my devices are constantly working their butt off at something! CPU and RAM usage so high, it was rendering them useless. So, here I stand. I can no longer try to keep chasing this down and self diagnosing. My $3K Laptop lies without it's battery attached for 2 weeks, I broke down and got a brand new phone and my Nook HD tablets have been wiped twice and still CM Security continues to list virus after virus attached to them, so they're permanently off for now. So, all I have am usingnow is my desktop. I did a system restore (and was only allowed a few weeks back), about a week ago, this then activated a free trial of Norton Antivirus, NOT the Comcast one. I run MBAM Premium and Norton scans daily. MBAE Premium is always on screen, yet my computer is STILL as slow as molasses and I get warnings and crash reports from Google Chrome and IE 11 every time I use them. I can't even run a few small computer games for my 5 year old, they just slow to a freeze. Before this whole nightmare I was running heavy photo software along with large 'Minecraft" worlds (all closed games, just my son and I) at lighting speed! So, I believe there are some serious lingering Rootkits and/or Backdoors somewhere deep in the system. And clearly all my attempts at wiping them with "refreshes" does nothing but leave them undetectable by antivirus and anti malware software so they're just waiting again for that one accidental click to open the flood gates once again. I'm sorry I wrote an essay and if you got this far you are awesome! I need some kind of sound advice, anything from anyone with true knowledge on how to see into the depths of my computer and clean it up and keep it that way. Thanks again. Everyone at Malwarebytes is a true hero. I am off to bed, but will be checking for responses around 7-8am Eastern Standard Time and throughout the day. Sincerely, Stephen Kelly (Spkelly9807)
  6. Has there been an update to MBAE Premium as well? I was taken to a link to download on top of my software and am a bit hesitant....???
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.