Jump to content

Recommended Posts

I believe my computer has been infected, I scanned with malwarebytes and everything seemed normal, then towards the end of the scan the program said it found 7000+ potential threats and adware. I quarantined and deleted the files but scans after doing so any additional scans continue to show 6000-10000 threats towards the end of the scan. I've run the Farbar recovery tool and the related files are attached below. 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

There is probably a conflict going on and causing a False Positive. Please post back the scan log for me as an attachment.

You're having some errors in the Event Logs and the logs also show a very important file for the system is missing.

 

C:\WINDOWS\SysWOW64\svchost.exe IS MISSING <==== ATTENTION

Please look at running System File Checker from this article, and if needed DISM to restore that file and any others that maybe missing or corrupt.

http://www.windowscentral.com/how-use-dism-command-line-utility-repair-windows-10-image

 

 

==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2017 12:01:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15360

Error: (02/23/2017 12:01:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15360

Error: (02/23/2017 12:01:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/22/2017 10:16:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: QtCore_Ad_SyncNs_4.dll_unloaded, version: 4.8.2.0, time stamp: 0x50d3fca7
Exception code: 0xc0000005
Fault offset: 0x00000000000265fe
Faulting process id: 0xc3e0c
Faulting application start time: 0x01d28cfd2180bc37
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: QtCore_Ad_SyncNs_4.dll
Report Id: cb5ec540-1f79-4e71-8507-72a4404328d8
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/22/2017 09:16:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: QtCore_Ad_SyncNs_4.dll_unloaded, version: 4.8.2.0, time stamp: 0x50d3fca7
Exception code: 0xc0000005
Fault offset: 0x00000000000265fe
Faulting process id: 0xbe86c
Faulting application start time: 0x01d28cd8a1045c56
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: QtCore_Ad_SyncNs_4.dll
Report Id: 745ac88e-8504-4579-85c1-df0e2a82f928
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/22/2017 07:10:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.912, time stamp: 0x58811df5
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc0000005
Fault offset: 0x0004bdf9
Faulting process id: 0xc1310
Faulting application start time: 0x01d28ceb1ae5db2e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1d25f138-a7a7-4f57-9efa-402351d269f6
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/22/2017 07:09:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow-64.exe version 7.1.5.23420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: bf6e4

Start Time: 01d28cd9a8487df4

Termination Time: 480

Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe

Report Id: 8947f20f-f8de-11e6-a40c-10bf487867f6

Faulting package full name: 

Faulting package-relative application ID:

Error: (02/22/2017 05:56:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/22/2017 05:56:49 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/22/2017 05:56:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (02/23/2017 09:32:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/23/2017 12:01:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (02/22/2017 07:10:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/22/2017 04:55:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 09:26:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2017 09:57:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 09:30:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 12:36:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (02/19/2017 09:12:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2017 04:00:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.