Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

SERIOUSLY infected and desperate! 2 months, multiple devices and now broke.. I beg for ANY help, thank you!


Recommended Posts

I APOLOGIZE: THIS IS A LONG WINDED SYNOPSIS, but I need some kind of advice before I absolutely lose it! Everything I seem to do is somehow blocked, hidden, corrupted, etc (INCLUDING MBAM Premium and MBAE Premium & MBAR!) by this - virus? /malware? /identity theft?/ CYBER TERRORISM?? I don't know. THANK YOU to ANYONE who can steer me in the right direction.


I have always been careful online and never thought Cyber Terrorism could ever happen to me, but the past few months have been a living hell and the stress level in my family is absolutely overwhelming all due to this hidden digital horror and I NEED my life back!


Sorry for the introduction, but I am desperate here. Anyway, a little over two months ago I discovered some kind of virus on my computer, a very visible, lost administrative access, etc.  At that time I was only secured by my ISP "Comcasts Norton 360." I contacted them immediately and they remotely went into my computer and just deleted a bunch of files and God knows what else they did (apparently Symantec has a special "department" for Comcast Norton customers?!?). Not less than a day after I'm noticing all kinds of stuff again. So, I called the local "PC Repair Man" whom I've now come to believe is a joke, and he did his thing installing some Spyware Program from a USB stick, claimed everything was all fixed and left me with the $120 bill. I went on vacation for 2 weeks and came back to ALL KINDS of problems and on my Laptop AND my desktop!.. Programs I didn't install, updates from Microsoft that were years old, revoked administrative access, webpage redirecting, running in 32bit instead of my 8.1 64bit, EVERYTHING! So, in a panic I did the Windows 8.1 "Refresh" of both desktop and laptop. Called Comcast Norton again, they come on my Laptop this time and see I "wiped" (refreshed) everything, so they just run Norton Power Eraser for good measure, of course it comes up clean. BUT, just to be sure I was totally in the clear I had doofus "reapair" guy over again and there goes another $120 just to say I fixed it myself....


Things seemed fine for a  week or so and I started doing lots of research on the hacking culture. I bought MBAM Premium and MBAE Premium and decided to change my ISP to Verizon Fios. THE DAY AFTER Verizon internet was installed I again became locked out of key features and some even simple ones of my computer. I kept being redirected, kicked out of my accounts out of nowhere, my Microsoft account was stolen and I had to jump through hoops to recover it by phone. But what is REALLY weird, as well as beyond frustrating is that this thing starts spreading across EVERY device in my name. Two tablets, my two computers and MY PHONE! I had an LG and it was showing it connecting with other LG's and turning on and off, battery draining, and ALL my devices are constantly working their butt off at something! CPU and RAM usage so high, it was rendering them useless.


So, here I stand. I can no longer try to keep chasing this down and self diagnosing. My $3K Laptop lies without it's battery attached for 2 weeks, I broke down and got a brand new phone and my Nook HD tablets have been wiped twice and still CM Security continues to list virus after virus attached to them, so they're permanently off for now. So, all I have am using now is my desktop. I did a system restore on it (although I was only allowed to go a few weeks back), about a week ago - this then activated a free trial of Norton Antivirus, NOT the Comcast one. I run MBAM Premium and Norton scans daily. MBAE Premium is always on screen, yet my computer is STILL as slow as molasses and I get warnings and crash reports from Google Chrome and IE 11 every time I use them. I can't even run a few small computer games for my 5 year old, they just slow to a freeze. I am terrified to even put the battery back in my laptop. Before this whole nightmare, my desktop was running heavy photo software along with large 'Minecraft" worlds (all closed games, just my son and I) at lighting speed! So, I believe there are some serious lingering Rootkits and/or Backdoors somewhere deep in the system. And clearly all my attempts at wiping them with "refreshes" does nothing but leave them undetectable by antivirus and anti malware software so they are just patiently waiting again for that one accidental click to open the flood gates once again.


I'm sorry I wrote an essay and if you got this far you are awesome! I need some kind of sound advice, anything from anyone with true knowledge on how to see into the depths of my computer and clean it up and keep it that way. Thanks again. Everyone at Malwarebytes is a true hero. I will be checking for any responses continuously throughout the night and days. Sincerely, Stephen


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014

Ran by AidanShay at 2014-12-05 23:54:17

Running from C:\Users\AidanShay\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.)

AMD Catalyst Install Manager (HKLM\...\{E3A51D8F-668B-4D7B-8CF5-99D00F89A4A5}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)

Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)

EPSON NX230 Series Printer Uninstall (HKLM\...\EPSON NX230 Series) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Gateway Incorporated)

Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3004 - Gateway Incorporated)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3007 - Gateway Incorporated)

Malwarebytes Anti-Exploit version 1.05.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1015 - Malwarebytes)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)

Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)

Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

29-11-2014 14:29:14 Installed Epson Event Manager

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {45B3F896-B39D-4835-9413-9CB455F93D52} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)

Task: {5A1750FF-10B1-4D67-9A8D-6C0589736E41} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {63ADF1BF-E874-481F-869F-F820BF446D77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)

Task: {653D49F0-4B3A-46F4-9DEC-239620857C0A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {72CD519D-BC93-4265-B1A6-E2047EC7FDE6} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated)

Task: {9354155D-C1C2-4929-A73B-69BF3DDCC128} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)

Task: {A45666DE-DBAD-4955-9D58-40DFB899130B} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-01-22] ()

Task: {B11C7EDB-684B-42E1-BB9E-6BC43BDF4D00} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)

Task: {D0C81157-C88C-4D4A-98E3-70B6DA53412F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {FA38795D-3C4D-4AA2-8C04-61FEB10C9440} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-31] (Microsoft Corporation)

Task: {FDC1295C-ECA0-4F44-846C-AE076C6EDCC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-11-21 21:51 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll

2014-11-21 21:51 - 2012-05-30 01:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\wincfi39.dll

2014-11-28 16:06 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll

2014-11-28 16:06 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll

2014-11-28 16:06 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll

2014-11-28 16:06 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\AidanShay\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\spkel_000\OneDrive:ms-properties

AlternateDataStreams: C:\Users\spkel_000\SkyDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "Acer Remote.lnk"

HKLM\...\StartupApproved\Run: => "RTHDVCPL"

HKLM\...\StartupApproved\Run32: => "StartCCC"

HKLM\...\StartupApproved\Run32: => "Norton Online Backup"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3300970216-1685074447-3049651628-500 - Administrator - Disabled) => C:\Users\Administrator

AidanShay (S-1-5-21-3300970216-1685074447-3049651628-1001 - Administrator - Enabled) => C:\Users\AidanShay

Guest (S-1-5-21-3300970216-1685074447-3049651628-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3300970216-1685074447-3049651628-1003 - Limited - Enabled)

spkel_000 (S-1-5-21-3300970216-1685074447-3049651628-1005 - Administrator - Enabled) => C:\Users\spkel_000

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/05/2014 06:40:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: spoolsv.exe, version: 6.3.9600.17415, time stamp: 0x54503ab3

Faulting module name: wsdapi.dll, version: 6.3.9600.17415, time stamp: 0x54503db2

Exception code: 0xc0000005

Fault offset: 0x0000000000023d68

Faulting process id: 0x4cc

Faulting application start time: 0xspoolsv.exe0

Faulting application path: spoolsv.exe1

Faulting module path: spoolsv.exe2

Report Id: spoolsv.exe3

Faulting package full name: spoolsv.exe4

Faulting package-relative application ID: spoolsv.exe5

 

Error: (12/05/2014 01:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9

Faulting module name: ccSet.dll_unloaded, version: 12.3.3.2, time stamp: 0x519abdb0

Exception code: 0xc0000005

Fault offset: 0x0000b88e

Faulting process id: 0x1ec

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

 

Error: (12/05/2014 01:50:44 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x5452fe91

Faulting module name: mbae64.dll_unloaded, version: 1.4.1.1012, time stamp: 0x53fc7450

Exception code: 0xc0000005

Fault offset: 0x0000000000005bb6

Faulting process id: 0x1bd4

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Faulting package full name: iexplore.exe4

Faulting package-relative application ID: iexplore.exe5

 

Error: (12/05/2014 01:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: There was an error with the Windows Location Provider database

 

Error: (12/04/2014 11:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7

Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d

Exception code: 0xc0000374

Fault offset: 0x000e5be4

Faulting process id: 0x7ec

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

Faulting package full name: chrome.exe4

Faulting package-relative application ID: chrome.exe5

 

Error: (11/29/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7

Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d

Exception code: 0xc0000374

Fault offset: 0x000e5be4

Faulting process id: 0x1678

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

Faulting package full name: chrome.exe4

Faulting package-relative application ID: chrome.exe5

 

Error: (11/28/2014 11:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7

Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d

Exception code: 0xc0000374

Fault offset: 0x000e5be4

Faulting process id: 0xbe8

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

Faulting package full name: chrome.exe4

Faulting package-relative application ID: chrome.exe5

 

Error: (11/28/2014 05:09:54 PM) (Source: ESENT) (EventID: 215) (User: )

Description: WinMail (3344) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

 

Error: (11/27/2014 10:24:36 AM) (Source: Application Error) (EventID: 1005) (User: )

Description: Windows cannot access the file  for one of the following reasons:

there is a problem with the network connection, the disk that the file is stored on, or the storage

drivers installed on this computer; or the disk is missing.

Windows closed the program setup.exe because of this error.

 

Program: setup.exe

File: 

 

The error value is listed in the Additional Data section.

User Action

1. Open the file again.

This situation might be a temporary problem that corrects itself when the program runs again.

2.

If the file still cannot be accessed and

- It is on the network,

your network administrator should verify that there is not a problem with the network and that the server can be contacted.

- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.

4. If the problem persists, restore the file from a backup copy.

5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for

further assistance.

 

Additional Data

Error value: C0000012

Disk type: 0

 

Error: (11/27/2014 10:24:25 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x5345a487

Faulting module name: setup.exe, version: 0.0.0.0, time stamp: 0x5345a487

Exception code: 0xc0000006

Fault offset: 0x00019380

Faulting process id: 0x87c

Faulting application start time: 0xsetup.exe_unknown0

Faulting application path: setup.exe_unknown1

Faulting module path: setup.exe_unknown2

Report Id: setup.exe_unknown3

Faulting package full name: setup.exe_unknown4

Faulting package-relative application ID: setup.exe_unknown5

 

 

System errors:

=============

Error: (12/05/2014 07:12:38 PM) (Source: DCOM) (EventID: 10010) (User: kellys)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (12/05/2014 07:11:46 PM) (Source: DCOM) (EventID: 10010) (User: kellys)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (12/05/2014 06:47:19 AM) (Source: DCOM) (EventID: 10010) (User: kellys)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (12/05/2014 06:46:49 AM) (Source: DCOM) (EventID: 10010) (User: kellys)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (12/05/2014 06:40:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

 

Error: (12/04/2014 11:50:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

 

Error: (12/04/2014 06:28:32 AM) (Source: DCOM) (EventID: 10010) (User: kellys)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (12/04/2014 06:28:00 AM) (Source: DCOM) (EventID: 10010) (User: kellys)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (12/04/2014 06:15:03 AM) (Source: DCOM) (EventID: 10010) (User: kellys)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (12/04/2014 06:14:32 AM) (Source: DCOM) (EventID: 10010) (User: kellys)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

 

Microsoft Office Sessions:

=========================

Error: (12/05/2014 06:40:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: spoolsv.exe6.3.9600.1741554503ab3wsdapi.dll6.3.9600.1741554503db2c00000050000000000023d684cc01d00b57b2c20bdeC:\WINDOWS\System32\spoolsv.exeC:\WINDOWS\System32\wsdapi.dll87dfe21d-7c73-11e4-be79-7427ea5eccb3

 

Error: (12/05/2014 01:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: IEXPLORE.EXE11.0.9600.174165452eed9ccSet.dll_unloaded12.3.3.2519abdb0c00000050000b88e1ec01d01050214b6e78C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEccSet.dll394b424f-7c4b-11e4-be79-7427ea5eccb3

 

Error: (12/05/2014 01:50:44 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.174165452fe91mbae64.dll_unloaded1.4.1.101253fc7450c00000050000000000005bb61bd401d0104894b369f3C:\Program Files\Internet Explorer\iexplore.exembae64.dll083d50a6-7c4b-11e4-be79-7427ea5eccb3

 

Error: (12/05/2014 01:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: -2147024883

 

Error: (12/04/2014 11:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be47ec01d00fa4043eb8d4C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll0c519df0-7c39-11e4-be79-7427ea5eccb3

 

Error: (11/29/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be4167801d00bddc312dfa9C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll797484bd-781a-11e4-be79-7427ea5eccb3

 

Error: (11/28/2014 11:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be4be801d00b603bbf1019C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll068fa607-7780-11e4-be79-7427ea5eccb3

 

Error: (11/28/2014 05:09:54 PM) (Source: ESENT) (EventID: 215) (User: )

Description: WinMail3344WindowsMail0:

 

Error: (11/27/2014 10:24:36 AM) (Source: Application Error) (EventID: 1005) (User: )

Description: setup.exeC00000120

 

Error: (11/27/2014 10:24:25 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: setup.exe_unknown0.0.0.05345a487setup.exe0.0.0.05345a487c00000060001938087c01d009e3ca2f9be5E:\setup.exeE:\setup.exe77b8fc83-7649-11e4-be78-7427ea5eccb3

 

 

==================== Memory info =========================== 

 

Processor: AMD E1-1500 APU with Radeon HD Graphics

Percentage of memory in use: 37%

Total physical RAM: 5849.82 MB

Available physical RAM: 3649.91 MB

Total Pagefile: 11737.82 MB

Available Pagefile: 7777.22 MB

Total Virtual: 131072 MB

Available Virtual: 131071.78 MB

 

==================== Drives ================================

 

Drive c: (Gateway) (Fixed) (Total:448.43 GB) (Free:398.28 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: E413E857)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

FARBAR SCAN SEEMED CORRUPTED! The program after like 20 seconds FARBAR started running some whitelisting of files it had JUST scanned.

I found the previous post AFTER this following log, but I'm not sure the exact order they were created in. I noticed something about a CD DRIVE ERROR and I think that was when I decided to try my MBAM Premium CD that I had shipped to me when I purchased MBAM Premium. I knew something was wrong, but my current MBAM wasn't detecting anything so I thought the CD would be a clean install, but as soon as I put it in it sounded like something was being written to the CD and wouldn't let me eject for a good 30 seconds. UPDATE: My BRAND NEW Samsung Galaxy is being flooded with apps and updates I did not install! Called AT&T they directed me to Samsung, but I was talking on the infected device so I need to call back, however when speaking on the phone I heard lots of beeps and clicks. After I hung up the device started turning itself on and trying to back itself up? MBAM Mobile NOT detecting anything, multiple more issues with phone too many to list, took battery out! NOTE: I have a suspicion this is ALL related to my EPSON PRINTER. As I just remembered today trying to link my printer at dinner to print a coloring page for my son FROM MY PHONE, noticed my phone was affected only a few hours proceeding that. HERE IS THE OTHER LOG:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by AidanShay at 2014-12-05 23:54:17
Running from C:\Users\AidanShay\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.)
AMD Catalyst Install Manager (HKLM\...\{E3A51D8F-668B-4D7B-8CF5-99D00F89A4A5}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX230 Series Printer Uninstall (HKLM\...\EPSON NX230 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3004 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3007 - Gateway Incorporated)
Malwarebytes Anti-Exploit version 1.05.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
29-11-2014 14:29:14 Installed Epson Event Manager
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {45B3F896-B39D-4835-9413-9CB455F93D52} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {5A1750FF-10B1-4D67-9A8D-6C0589736E41} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {63ADF1BF-E874-481F-869F-F820BF446D77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: {653D49F0-4B3A-46F4-9DEC-239620857C0A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {72CD519D-BC93-4265-B1A6-E2047EC7FDE6} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-09-20] (Acer Incorporated)
Task: {9354155D-C1C2-4929-A73B-69BF3DDCC128} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {A45666DE-DBAD-4955-9D58-40DFB899130B} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2013-01-22] ()
Task: {B11C7EDB-684B-42E1-BB9E-6BC43BDF4D00} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {D0C81157-C88C-4D4A-98E3-70B6DA53412F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {FA38795D-3C4D-4AA2-8C04-61FEB10C9440} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {FDC1295C-ECA0-4F44-846C-AE076C6EDCC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-28] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-21 21:51 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2014-11-21 21:51 - 2012-05-30 01:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\wincfi39.dll
2014-11-28 16:06 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-28 16:06 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-28 16:06 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-28 16:06 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\AidanShay\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\spkel_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\spkel_000\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Acer Remote.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3300970216-1685074447-3049651628-500 - Administrator - Disabled) => C:\Users\Administrator
AidanShay (S-1-5-21-3300970216-1685074447-3049651628-1001 - Administrator - Enabled) => C:\Users\AidanShay
Guest (S-1-5-21-3300970216-1685074447-3049651628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3300970216-1685074447-3049651628-1003 - Limited - Enabled)
spkel_000 (S-1-5-21-3300970216-1685074447-3049651628-1005 - Administrator - Enabled) => C:\Users\spkel_000
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/05/2014 06:40:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.3.9600.17415, time stamp: 0x54503ab3
Faulting module name: wsdapi.dll, version: 6.3.9600.17415, time stamp: 0x54503db2
Exception code: 0xc0000005
Fault offset: 0x0000000000023d68
Faulting process id: 0x4cc
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3
Faulting package full name: spoolsv.exe4
Faulting package-relative application ID: spoolsv.exe5
 
Error: (12/05/2014 01:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: ccSet.dll_unloaded, version: 12.3.3.2, time stamp: 0x519abdb0
Exception code: 0xc0000005
Fault offset: 0x0000b88e
Faulting process id: 0x1ec
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (12/05/2014 01:50:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17416, time stamp: 0x5452fe91
Faulting module name: mbae64.dll_unloaded, version: 1.4.1.1012, time stamp: 0x53fc7450
Exception code: 0xc0000005
Fault offset: 0x0000000000005bb6
Faulting process id: 0x1bd4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (12/05/2014 01:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (12/04/2014 11:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc0000374
Fault offset: 0x000e5be4
Faulting process id: 0x7ec
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (11/29/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc0000374
Fault offset: 0x000e5be4
Faulting process id: 0x1678
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (11/28/2014 11:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 39.0.2171.71, time stamp: 0x547407a7
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc0000374
Fault offset: 0x000e5be4
Faulting process id: 0xbe8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (11/28/2014 05:09:54 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3344) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (11/27/2014 10:24:36 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program setup.exe because of this error.
 
Program: setup.exe
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000012
Disk type: 0
 
Error: (11/27/2014 10:24:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.exe_unknown, version: 0.0.0.0, time stamp: 0x5345a487
Faulting module name: setup.exe, version: 0.0.0.0, time stamp: 0x5345a487
Exception code: 0xc0000006
Fault offset: 0x00019380
Faulting process id: 0x87c
Faulting application start time: 0xsetup.exe_unknown0
Faulting application path: setup.exe_unknown1
Faulting module path: setup.exe_unknown2
Report Id: setup.exe_unknown3
Faulting package full name: setup.exe_unknown4
Faulting package-relative application ID: setup.exe_unknown5
 
 
System errors:
=============
Error: (12/05/2014 07:12:38 PM) (Source: DCOM) (EventID: 10010) (User: kellys)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/05/2014 07:11:46 PM) (Source: DCOM) (EventID: 10010) (User: kellys)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/05/2014 06:47:19 AM) (Source: DCOM) (EventID: 10010) (User: kellys)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/05/2014 06:46:49 AM) (Source: DCOM) (EventID: 10010) (User: kellys)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/05/2014 06:40:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (12/04/2014 11:50:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (12/04/2014 06:28:32 AM) (Source: DCOM) (EventID: 10010) (User: kellys)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/04/2014 06:28:00 AM) (Source: DCOM) (EventID: 10010) (User: kellys)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/04/2014 06:15:03 AM) (Source: DCOM) (EventID: 10010) (User: kellys)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/04/2014 06:14:32 AM) (Source: DCOM) (EventID: 10010) (User: kellys)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office Sessions:
=========================
Error: (12/05/2014 06:40:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: spoolsv.exe6.3.9600.1741554503ab3wsdapi.dll6.3.9600.1741554503db2c00000050000000000023d684cc01d00b57b2c20bdeC:\WINDOWS\System32\spoolsv.exeC:\WINDOWS\System32\wsdapi.dll87dfe21d-7c73-11e4-be79-7427ea5eccb3
 
Error: (12/05/2014 01:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ccSet.dll_unloaded12.3.3.2519abdb0c00000050000b88e1ec01d01050214b6e78C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEccSet.dll394b424f-7c4b-11e4-be79-7427ea5eccb3
 
Error: (12/05/2014 01:50:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174165452fe91mbae64.dll_unloaded1.4.1.101253fc7450c00000050000000000005bb61bd401d0104894b369f3C:\Program Files\Internet Explorer\iexplore.exembae64.dll083d50a6-7c4b-11e4-be79-7427ea5eccb3
 
Error: (12/05/2014 01:49:15 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (12/04/2014 11:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be47ec01d00fa4043eb8d4C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll0c519df0-7c39-11e4-be79-7427ea5eccb3
 
Error: (11/29/2014 05:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be4167801d00bddc312dfa9C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll797484bd-781a-11e4-be79-7427ea5eccb3
 
Error: (11/28/2014 11:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.3.9600.1741554504b0dc0000374000e5be4be801d00b603bbf1019C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SYSTEM32\ntdll.dll068fa607-7780-11e4-be79-7427ea5eccb3
 
Error: (11/28/2014 05:09:54 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3344WindowsMail0:
 
Error: (11/27/2014 10:24:36 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: setup.exeC00000120
 
Error: (11/27/2014 10:24:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_unknown0.0.0.05345a487setup.exe0.0.0.05345a487c00000060001938087c01d009e3ca2f9be5E:\setup.exeE:\setup.exe77b8fc83-7649-11e4-be78-7427ea5eccb3
 
 
==================== Memory info =========================== 
 
Processor: AMD E1-1500 APU with Radeon HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 5849.82 MB
Available physical RAM: 3649.91 MB
Total Pagefile: 11737.82 MB
Available Pagefile: 7777.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:448.43 GB) (Free:398.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E413E857)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.