Jump to content

"mbam.exe - No Disk" and "g2mui.exe - No Disk"


Recommended Posts

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Can you post screen shots of the errors you quote. Just for reference mbam.exe is related to Malwarebytes and g2mui.exe is related to Gotomeeting.

 

One other point is this a personal PC or Company/Business PC.

 

Run the following and post the produced logs...

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.


 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

Post those logs to your reply...

 

Thank you,

 

Kevin

Link to post
Share on other sites

 Probably malware or infection is blocking .exe files from running....

 

Download FixExec by Bleeping computers, that tool will reset executable file associations for the .bat, .exe, and .com file extensions to windows default setting. Go to the following link:

 

http://www.bleepingcomputer.com/download/fixexec/

 

Do not use any of the three download buttons at the top of the page, scroll down until "Usage Instructions" shows at the top of the page, further down you will see 6 download renamed options, three for a 32 bit system and three for a 64 bit system.

 

Try the appropriate ones for your system. When FixExec has finished running it will create a log on your Windows desktop called FixExec.txt. This log will contain a list of the items that were repaired on your computer.

 

post that log, also see if Malwarebytes now runs

Link to post
Share on other sites

Do you have access to another PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive.  It can also be run from a CD, just change to that option in the instructions…
It can be created from the PC with issues, but a different clean PC is preferred!


Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.

You will have to select the correct version for your system, either 32 or 64 bit

Run the tool, Windows 7/8/10 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

WD2.png

In the new window accept the agreement:

WD2a.png

In the new window select your USB Flash Drive, then select "Next"

WD3.png

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

WD3a.png

In the new window accept the formatting alert by selecting "Next"

WD3b.png

Files will be Downloaded:

WD4.png

Files will be processed and created

WD5.png

Flash drive will be formatted and prepared

WD6.png

Files will be added to the Flash Drive and the tool will be created.

WD7.png

The procedure is finished and the Tool created, click on "Finish" to complete.

WD8.png

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required,  Use F2 or F12 as it boots, change options...

As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.

When complete do a full scan, deal with what it finds.

When finished, remove the USB stick then press the Esc key to boot into regular windows.

Navigate to the following file:

"C:\Windows\Microsoft Antimalware\Support\MPLog - mm/dd/yy - hh/mm/ss.Log"

Open with notepad and copy and paste it into a reply.
 

Link to post
Share on other sites

This is from FixExec. this is all it showed me. Now im going to try the windows defender.

 

FixExec by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about FixExec can be found at this link:
 
Program started at: 01/06/2016 02:51:11 PM in x64 mode.
Windows Version: Windows 8
 
Checking for processes to terminate before fixing executable associations.
 * No processes found to kill.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
 
Program finished at: 01/06/2016 02:51:32 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
Link to post
Share on other sites

My malwayre bytes working again. Here is my log file.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/7/2016
Scan Time: 10:10 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.07.03
Rootkit Database: v2016.01.05.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 469166
Time Elapsed: 11 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.

 

Let me see those logs ..

 

Thank you,

 

Kevin..

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015

Ran by User (2016-01-08 14:01:00)

Running from C:\Users\User\Downloads

Windows 10 Home (X64) (2015-12-16 09:49:29)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-162144670-2588058485-1568270811-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-162144670-2588058485-1568270811-503 - Limited - Disabled)

Guest (S-1-5-21-162144670-2588058485-1568270811-501 - Limited - Disabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-162144670-2588058485-1568270811-1002 - Limited - Enabled)

User (S-1-5-21-162144670-2588058485-1568270811-1000 - Administrator - Enabled) => C:\Users\User

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

AMD Catalyst Install Manager (HKLM\...\{B7908254-D208-7C46-8201-7EBC1BFF8D12}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AnyMeeting (HKLM-x32\...\{4DF71428-E2A8-4FED-8D67-B37D706D008F}) (Version: 3.1.0 - AnyMeeting, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.9.0 - Asmedia Technology)

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)

Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)

Forex Broker Inc MT4 Client Terminal (HKLM-x32\...\Forex Broker Inc MT4 Client Terminal) (Version: 4.00 - MetaQuotes Software Corp.)

FXCM Trading Station (HKLM-x32\...\FXCM Trading Station) (Version: 030615 - )

FXCM Trading Station (x32 Version: 030615 - FXCM) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

GoToMeeting 7.8.1.4190 (HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\GoToMeeting) (Version: 7.8.1.4190 - CitrixOnline)

Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)

HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden

iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)

iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)

LogMeIn (HKLM-x32\...\{A8E20B99-B1A2-4FC0-B38A-A255033D339A}) (Version: 4.1.5022 - LogMeIn, Inc.)

LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden

PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)

Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)

Screen Recorder Launcher (HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\ScreenRecorderLauncher) (Version: 1.7 - )

Screencast-O-Matic v2.0 (HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)

SteelSeries Engine 3.3.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.0 - SteelSeries ApS)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)

thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)

TP-LINK TL-WDN3800 Driver (HKLM-x32\...\{D2FAC054-7623-436B-9239-E4C8E752FA14}) (Version: 1.3.1 - TP-LINK)

TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)

Traders Way MetaTrader 4 (HKLM-x32\...\Traders Way MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)

VirtualDJ 8 (HKLM-x32\...\{F7A68F9D-BBF0-48FF-B138-2EFB5165638C}) (Version: 8.0.2048.0 - Atomix Productions)

WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-162144670-2588058485-1568270811-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-162144670-2588058485-1568270811-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\User\AppData\Local\Citrix\GoToMeeting\4190\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {01EF5829-6A5C-448A-9C12-90EBB4A0E144} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)

Task: {02FBCEA2-51C6-4014-9763-465CA800CB0F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {0585FD3F-85F4-4500-95B4-66E559D84E77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {05DBFB74-8577-4704-9C8B-CDD9E3B47083} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {0F46D3D7-6878-4830-BEE4-39371A58A16B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {122ACAB0-75B0-49D5-B14A-551FAC191197} - System32\Tasks\G2MUploadTask-S-1-5-21-162144670-2588058485-1568270811-1000 => C:\Users\User\AppData\Local\Citrix\GoToMeeting\4190\g2mupload.exe [2016-01-05] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {16A504E1-C9A2-40B8-8FB9-5A9EA9C924F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

Task: {177151F7-D80F-4756-9E83-CFF87D8A86E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

Task: {19F77EA4-8E69-493D-B2B6-DD8058CA2E33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {1EE6D5C5-C4F3-4496-AE96-6A051CDB6851} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {266C130D-84D7-481D-A7A9-80A80E3455ED} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {2B637725-33DC-4EE4-B321-3564E93A05D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)

Task: {2DE519D2-CD8F-40A9-906A-79A60375F435} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {2F9C9C25-DD28-4D5B-93BA-A3EE48CC02F1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {45AE8AA4-DCA6-4244-AD1F-8AE0D1F8DD39} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {50E99C6C-D31F-4D9F-AB6F-F7EA8D90DB93} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

Task: {51A00EF2-B082-4A8E-8254-E09CE7EFCF68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)

Task: {557522BF-21C8-43A4-AAE9-B8F683DF0020} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {5A64F481-3108-476D-9F77-36CD5948463D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {5CDCDBB3-072F-4BB4-857F-AD08EE30DC29} - System32\Tasks\ASUS UEFI => C:\Program Files (x86)\ASUS\UEFI\ASUS UEFI.exe

Task: {625A4CCD-F705-49F6-B744-B1093F7A59C4} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {68DFB54E-075E-4007-9E84-E95EE74EBBA7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {699F82AD-F055-48CC-A89C-3A4E05990020} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {6E0214EB-A744-42E5-884A-7F798A6C56E3} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)

Task: {71532917-6DCA-413C-95C0-5DB4838AF341} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {7300ADB3-B5AF-433D-8DDA-5EE477C8B72B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {76877072-F895-4EF2-B3BE-E3443C54E5EC} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)

Task: {769CDD80-D8DD-4E11-9A3C-44E1F306A27F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {7D769A54-F8D0-46AD-9845-DDFA2854A918} - System32\Tasks\G2MUpdateTask-S-1-5-21-162144670-2588058485-1568270811-1000 => C:\Users\User\AppData\Local\Citrix\GoToMeeting\4190\g2mupdate.exe [2016-01-05] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {80C38757-4D4B-46E7-9A99-910FED232D78} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {84F98A9B-487F-4826-8BE8-A7643451C8A0} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {85A9BEC5-6473-4FAE-A502-8F18A91D05C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {9829E736-A4A1-48A2-801F-DE66886A1613} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {9C2071DC-425D-4851-8C74-1E49BB21846D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {A1F2383F-255E-4813-B57E-739217518184} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {B5798F9F-C205-46A7-87FF-42F12305EE1A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {C0D4E163-6AF5-4268-9452-55A108B7565E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {C12B8B0D-238B-48ED-810B-C49BC21AE558} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {C79C5080-0073-4CFD-B367-835DA0E0BDCA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {CA78FB6C-D8D7-45C1-A641-8D2F70FBFF64} - System32\Tasks\{FE2C1352-A693-4347-B931-40938ED56C7B} => pcalua.exe -a "C:\Users\User\Downloads\chromeinstall-8u25 (1).exe" -d C:\Users\User\Downloads

Task: {CD09EB21-4522-4D0D-9224-89F89E427995} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {D57DBEFC-C7A3-4DF8-B707-F22D6661950E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {D700B2DF-38CE-4A65-BDFF-C8828765EF2E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {D87C2B8B-25EA-4BF7-8839-2A1E4FCB6372} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {EDA26DAF-379B-4463-AA53-355BA2EEB76E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {F0ADD373-D6B7-4BDF-90C1-972FBAFC7BC4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {F792BAA6-074D-42D8-BCF8-979521F233BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {FA72A218-59E6-4981-A6C3-BDA582B9492F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-162144670-2588058485-1568270811-1000.job => C:\Users\User\AppData\Local\Citrix\GoToMeeting\4190\g2mupdate.exe

Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-162144670-2588058485-1568270811-1000.job => C:\Users\User\AppData\Local\Citrix\GoToMeeting\4190\g2mupload.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2015-08-21 22:09 - 2015-08-21 22:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2015-08-21 22:09 - 2015-08-21 22:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-12-16 05:38 - 2015-12-16 05:38 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-12-16 05:38 - 2015-12-16 05:38 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-12-18 07:33 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2015-12-18 07:33 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2014-10-30 15:45 - 2014-10-30 15:45 - 17542656 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe

2015-12-17 04:14 - 2015-12-17 04:15 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe

2015-12-18 07:33 - 2015-12-06 21:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-12-18 07:33 - 2015-12-06 21:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-12-18 07:33 - 2015-12-06 21:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2015-12-18 07:33 - 2015-12-06 21:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2015-12-15 06:10 - 2015-12-15 06:11 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2015-12-15 06:10 - 2015-12-15 06:11 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2015-11-20 07:59 - 2015-11-20 08:00 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-11-06 17:12 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll

2015-12-16 15:19 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll

2015-12-16 15:19 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

2015-12-17 04:14 - 2015-12-17 04:15 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

2015-12-17 04:14 - 2015-12-17 04:15 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll

2015-12-24 12:24 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2015-04-12 09:08 - 00001028 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1                   activate.adobe.com

127.0.0.1                   practivate.adobe.com

127.0.0.1                   lmlicenses.wip4.adobe.com

127.0.0.1                   lm.licenses.adobe.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-162144670-2588058485-1568270811-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\hack wallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: lfsvc => 3

HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"

HKLM\...\StartupApproved\Run: => "LogMeIn GUI"

HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\StartupApproved\StartupFolder: => "AnyMeeting.lnk"

HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\StartupApproved\Run: => "iCloudDrive"

HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\StartupApproved\Run: => "ApplePhotoStreams"

HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\StartupApproved\Run: => "iCloudServices"

HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\StartupApproved\Run: => "Jing"

HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\StartupApproved\Run: => "Screencast-O-Matic Tray"

HKU\S-1-5-21-162144670-2588058485-1568270811-1000\...\StartupApproved\Run: => "GoToMeeting"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [{2318E79C-6382-4168-B7FB-CA6017F29C14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{75D42E66-3311-44B9-B4FC-DECEE3D39C6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{71A1FAE0-565E-490C-8E32-5D137AB69FD8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{B1368E8D-E7D1-4F66-BF77-543C8FC8AB1C}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{6986F691-AB7B-4693-AA39-9BFD40605FCE}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{26D32993-2A76-4A09-9A22-52E953289071}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{1610BFB8-409A-423D-9203-4C9D065CB1A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E65561AC-2481-4E89-9C91-EECA21B82CEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{32DB10C1-F9DC-4156-89F0-540B0CBC3109}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{2ECA3D8A-55B7-4E77-855A-AD4B3CE37FEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{C244891D-539B-4956-9C49-7A79C073BD4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{A51EDABA-79D0-4A9C-BBFE-B2A12020AC8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{E4CCBA40-D03D-46B9-9869-EBC99BC29A9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{4E6FF56F-1538-49A3-978E-2760BE2E9785}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{5FA6E094-43F1-4D29-BBEC-9FF34F9E55C9}] => (Allow) LPort=5353

FirewallRules: [{E1F5D728-5DCA-4E41-8B7C-0D829D117719}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe

FirewallRules: [{F897B794-7EFF-4669-8012-62B36EDB5EB4}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe

FirewallRules: [{25A377FF-ECE7-4721-964E-6FB7D9E51DBF}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{EDEA64A4-C0DF-48B7-BD2A-495AFA8CC873}] => (Allow) LPort=9322

FirewallRules: [{67BD3C90-BAB1-445A-890C-28ED8475FD3B}] => (Allow) LPort=5353

 

==================== Restore Points =========================

 

05-01-2016 17:23:07 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: Unknown USB Device (Device Descriptor Request Failed)

Description: Unknown USB Device (Device Descriptor Request Failed)

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: 

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/08/2016 12:36:39 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: utorrentie.exe, version: 1.0.0.41372, time stamp: 0x564b8ce9

Faulting module name: Flash.ocx, version: 20.0.0.272, time stamp: 0x56870c97

Exception code: 0xc0000005

Fault offset: 0x00356e7b

Faulting process id: 0x2198

Faulting application start time: 0xutorrentie.exe0

Faulting application path: utorrentie.exe1

Faulting module path: utorrentie.exe2

Report Id: utorrentie.exe3

Faulting package full name: utorrentie.exe4

Faulting package-relative application ID: utorrentie.exe5

 

Error: (01/07/2016 01:46:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6390

 

Error: (01/07/2016 01:46:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6390

 

Error: (01/07/2016 01:46:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/07/2016 01:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4765

 

Error: (01/07/2016 01:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4765

 

Error: (01/07/2016 01:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/07/2016 01:46:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3171

 

Error: (01/07/2016 01:46:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 3171

 

Error: (01/07/2016 01:46:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (01/07/2016 11:54:39 AM) (Source: DCOM) (EventID: 10016) (User: User-PC)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}User-PCUserS-1-5-21-162144670-2588058485-1568270811-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (01/07/2016 11:54:39 AM) (Source: DCOM) (EventID: 10016) (User: User-PC)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}User-PCUserS-1-5-21-162144670-2588058485-1568270811-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (01/07/2016 10:24:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 

%%1058

 

Error: (01/07/2016 10:23:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Sync Host_8ce24 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (01/07/2016 10:06:20 AM) (Source: DCOM) (EventID: 10016) (User: User-PC)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}User-PCUserS-1-5-21-162144670-2588058485-1568270811-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (01/07/2016 10:06:20 AM) (Source: DCOM) (EventID: 10016) (User: User-PC)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}User-PCUserS-1-5-21-162144670-2588058485-1568270811-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

 

Error: (01/07/2016 10:04:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 

%%1058

 

Error: (01/07/2016 10:04:16 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 9:50:03 AM on ‎1/‎7/‎2016 was unexpected.

 

Error: (01/07/2016 10:04:04 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)

Description: 32212256844621350451833504

 

Error: (01/07/2016 08:53:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

 

 

CodeIntegrity:

===================================

  Date: 2016-01-08 12:14:10.904

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-01-08 12:14:10.893

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-01-08 12:14:10.882

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-01-08 12:14:10.827

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-01-08 12:14:10.816

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-01-08 12:14:10.804

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-01-08 12:14:05.377

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-01-08 12:14:05.366

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-01-08 12:14:05.349

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-01-08 12:14:05.337

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD A10-6800K APU with Radeon HD Graphics 

Percentage of memory in use: 25%

Total physical RAM: 16328.81 MB

Available physical RAM: 12164.54 MB

Total Virtual: 32712.81 MB

Available Virtual: 27774.38 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.22 GB) (Free:238.39 GB) NTFS

Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1403.47 GB) NTFS

Drive g: (B NASH) (Removable) (Total:7.45 GB) (Free:0.32 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D4CF3A72)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2305F4C0)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

 

========================================================

Disk: 3 (Size: 7.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

You have only posted the secondary log from FRST, "Addition.txt" unfortunately that log clearly shows a "Hack" installed and active to avoid licence activation checks on software you have installed. That action is a direct breach of forum protocol, as such no further help can be offered. A moderator will close and lock your thread...

 

Thank you,

 

Kevin..

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.