Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

NSA/PRISM virus problem. Please Help. :( [Closed]

Started by pdr2902 , Jun 05 2014 04:42 PM
virus MiniToolBox NSA Removal Scareware Malware

  • This topic is locked This topic is locked

#1
pdr2902
Posted 05 June 2014 - 04:42 PM

pdr2902

    New Member

  • Member
  • Pip
  • 1 posts

I don't know if my computer actually has this virus or not, but I got a pop up claiming my connection was blocked and I must pay $300 to fix it. I ran MiniToolBox and it generated a report, but I have no idea what it means or what I should do. Can someone please help me figure this out? Below is a copy of the report. I am not very computer savvy and really have no idea what to do.

 

Thank you!

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Patrick (administrator) on 05-06-2014 at 18:23:32
Running from "C:\Users\Patrick\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Ralink RT5390R 802.11bgn Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : PatricksPC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 68-94-23-64-38-F5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Ralink RT5390R 802.11bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 68-94-23-64-38-F3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::884e:6f8d:f39c:49b7%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, June 3, 2014 2:40:06 PM
   Lease Expires . . . . . . . . . . : Friday, June 6, 2014 5:10:24 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 342397987
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-13-F1-02-84-34-97-7B-E3-0F
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 84-34-97-7B-E3-0F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 4:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2018:2e67:3f57:fefb(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2018:2e67:3f57:fefb%6(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 150994944
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-13-F1-02-84-34-97-7B-E3-0F
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4004:800::1001
 74.125.228.4
 74.125.228.9
 74.125.228.5
 74.125.228.0
 74.125.228.1
 74.125.228.2
 74.125.228.7
 74.125.228.8
 74.125.228.6
 74.125.228.14
 74.125.228.3
 
 
Pinging google.com [74.125.228.1] with 32 bytes of data:
Reply from 74.125.228.1: bytes=32 time=24ms TTL=55
Reply from 74.125.228.1: bytes=32 time=23ms TTL=55
 
Ping statistics for 74.125.228.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 24ms, Average = 23ms
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=41ms TTL=51
Reply from 98.139.183.24: bytes=32 time=37ms TTL=52
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 41ms, Average = 39ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...68 94 23 64 38 f5 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...68 94 23 64 38 f3 ......Ralink RT5390R 802.11bgn Wi-Fi Adapter
  3...84 34 97 7b e3 0f ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    281
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:6abd:2018:2e67:3f57:fefb/128
                                    On-link
  4    281 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::2018:2e67:3f57:fefb/128
                                    On-link
  4    281 fe80::884e:6f8d:f39c:49b7/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/05/2014 05:16:29 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 124c
 
Start Time: 01cf8102af4c1327
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: a4457393-ecf6-11e3-bea1-8434977be30f
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/05/2014 02:25:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15250
 
Error: (06/05/2014 02:25:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15250
 
Error: (06/05/2014 02:25:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/03/2014 06:17:21 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 146c
 
Start Time: 01cf7f1446671c9a
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 39c94570-eb08-11e3-bea0-8434977be30f
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/03/2014 03:44:21 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=35.0.1916.114;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\63ec082b-1206-4e41-82b7-a95f30b9a734.dmp
 
Error: (06/02/2014 11:19:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.3.9600.16473, time stamp: 0x528d9db8
Exception code: 0xc0000005
Fault offset: 0x0022b268
Faulting process id: 0x1a30
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5
 
Error: (06/02/2014 03:32:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 11.2.2.3, time stamp: 0x5383f31a
Faulting module name: QuickTime.qts, version: 7.75.80.95, time stamp: 0x52d49206
Exception code: 0xc0000005
Fault offset: 0x0088636a
Faulting process id: 0xf10
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3
Faulting package full name: iTunes.exe4
Faulting package-relative application ID: iTunes.exe5
 
Error: (06/02/2014 03:20:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 11.2.2.3, time stamp: 0x5383f31a
Faulting module name: QuickTime.qts, version: 7.75.80.95, time stamp: 0x52d49206
Exception code: 0xc0000005
Fault offset: 0x0088636a
Faulting process id: 0xa28
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3
Faulting package full name: iTunes.exe4
Faulting package-relative application ID: iTunes.exe5
 
Error: (06/02/2014 02:50:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 11.2.2.3, time stamp: 0x5383f31a
Faulting module name: QuickTime.qts, version: 7.75.80.95, time stamp: 0x52d49206
Exception code: 0xc0000005
Fault offset: 0x0088636a
Faulting process id: 0x1284
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3
Faulting package full name: iTunes.exe4
Faulting package-relative application ID: iTunes.exe5
 
 
System errors:
=============
Error: (06/02/2014 05:32:46 AM) (Source: DCOM) (User: PATRICKSPC)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 
Error: (06/01/2014 02:34:37 AM) (Source: DCOM) (User: PATRICKSPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (06/01/2014 02:34:37 AM) (Source: DCOM) (User: PATRICKSPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (05/29/2014 06:49:26 PM) (Source: DCOM) (User: PATRICKSPC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PatricksPCPatrickS-1-5-21-1306937043-190255047-296174008-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (05/29/2014 01:19:13 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
 
Error: (05/26/2014 03:45:30 AM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/26/2014 03:43:49 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/23/2014 01:00:57 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1115TrustedInstallerUnavailable{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (05/23/2014 01:00:57 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1115TrustedInstallerUnavailable{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (05/23/2014 01:00:57 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1115TrustedInstallerUnavailable{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
 
Microsoft Office Sessions:
=========================
Error: (06/05/2014 05:16:29 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20498124c01cf8102af4c13274294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exea4457393-ecf6-11e3-bea1-8434977be30fmicrosoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/05/2014 02:25:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15250
 
Error: (06/05/2014 02:25:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15250
 
Error: (06/05/2014 02:25:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/03/2014 06:17:21 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20498146c01cf7f1446671c9a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe39c94570-eb08-11e3-bea0-8434977be30fmicrosoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/03/2014 03:44:21 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=35.0.1916.114;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\63ec082b-1206-4e41-82b7-a95f30b9a734.dmp
 
Error: (06/02/2014 11:19:47 PM) (Source: Application Error)(User: )
Description: HPPU.exe1.0.0.050079e34d2d1.dll6.3.9600.16473528d9db8c00000050022b2681a3001cf7edaaa7ff308C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exeC:\WINDOWS\SYSTEM32\d2d1.dllea090d54-eacd-11e3-bea0-8434977be30f
 
Error: (06/02/2014 03:32:08 PM) (Source: Application Error)(User: )
Description: iTunes.exe11.2.2.35383f31aQuickTime.qts7.75.80.9552d49206c00000050088636af1001cf7e97ba99d614C:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts9553a0a4-ea8c-11e3-bea0-8434977be30f
 
Error: (06/02/2014 03:20:26 PM) (Source: Application Error)(User: )
Description: iTunes.exe11.2.2.35383f31aQuickTime.qts7.75.80.9552d49206c00000050088636aa2801cf7e938f372468C:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qtsf3238f88-ea8a-11e3-bea0-8434977be30f
 
Error: (06/02/2014 02:50:26 PM) (Source: Application Error)(User: )
Description: iTunes.exe11.2.2.35383f31aQuickTime.qts7.75.80.9552d49206c00000050088636a128401cf7e8fe371f5b0C:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qtsc23b251a-ea86-11e3-bea0-8434977be30f
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-27 14:18:38.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-27 14:11:03.480
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-27 03:33:30.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-27 03:33:24.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-27 03:32:50.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-27 03:32:41.663
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-27 03:32:28.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-27 03:32:22.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-27 03:31:52.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-27 03:31:16.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
4 Elements II (Version: 2.2.0.98)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Apple Application Support (Version: 3.0.3)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Bejeweled 3 (Version: 2.2.0.98)
Bitdefender Total Security (Version: 17.21.0.925)
BitTorrent (Version: 7.9.2.31516)
Bonjour (Version: 3.0.0.10)
Build-a-lot 4 - Power Source (Version: 2.2.0.98)
Chuzzle Deluxe (Version: 2.2.0.95)
Cradle Of Egypt Collector's Edition (Version: 2.2.0.98)
Cradle of Rome 2 (Version: 2.2.0.98)
CyberLink LabelPrint (Version: 2.5.4.6515)
CyberLink Media Suite 10 (Version: 10.0.4.2928)
CyberLink PhotoDirector (Version: 2.0.1.3119)
CyberLink Power2Go 8 (Version: 8.0.1.1926)
CyberLink PowerDirector 10 (Version: 10.0.5.3304)
CyberLink PowerDVD (Version: 10.0.6.4319)
CyberLink YouCam (Version: 3.5.4.5527)
D3DX10 (Version: 15.4.2368.0902)
Energy Star (Version: 1.0.8)
Farm Frenzy (Version: 2.2.0.98)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive Fury (Version: 2.2.0.95)
FlatOut 2 (Version: 2.2.0.98)
Google Chrome (Version: 35.0.1916.114)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.24.7)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000)
Hoyle Card Games (Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.2.5.1)
HP Connected Music (Meridian - installer) (Version: v1.0)
HP CoolSense (Version: 2.10.62)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Deskjet 1000 J110 series Basic Device Software (Version: 28.0.1313.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.3.0)
HP MyRoom (Version: 9.0.0.0)
HP Postscript Converter (Version: 3.1.3554)
HP Quick Launch (Version: 3.0.3)
HP Recovery Manager (Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (Version: 4.6.8.1)
HP Support Assistant (Version: 7.4.45.4)
HP Update (Version: 5.003.003.001)
HP Utility Center (Version: 1.0.7)
HP Wireless Button Driver (Version: 1.1.2.1)
iCloud (Version: 3.1.0.40)
IDT Audio (Version: 1.0.6425.0)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.3347)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.2.2.3)
Jewel Match 3 (Version: 2.2.0.98)
John Deere Drive Green (Version: 2.2.0.95)
Lexmark Printable Web (Version: 1.0.0.0)
Luxor Evolved (Version: 2.2.0.98)
Mahjongg Dimensions Deluxe: Tiles in Time (Version: 2.2.0.98)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 - en-us (Version: 15.0.4615.1002)
Microsoft Office 365 ProPlus - en-us (Version: 15.0.4615.1002)
Microsoft OneDrive (Version: 17.0.4041.0512)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mortimer Beckett and the Crimson Thief Premium Edition (Version: 2.2.0.98)
MSVCRT (Version: 15.4.2862.0708)
Mystery P.I. - Curious Case of Counterfeit Cove (Version: 2.2.0.98)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4615.1002)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002)
Office 15 Click-to-Run Localization Component (Version: 15.0.4615.1002)
OpenAL
Peggle Nights (Version: 2.2.0.98)
Penguins! (Version: 2.2.0.98)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.98)
QuickTime 7 (Version: 7.75.80.95)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (Version: 5.0.37.0)
Realtek Ethernet Controller Driver (Version: 8.3.730.2012)
Realtek PCIE Card Reader (Version: 6.2.8400.29029)
Roads of Rome 3 (Version: 2.2.0.98)
Spotify (Version: 0.9.7.16.g4b197456)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.5.3.3)
Tales of Lagoona (Version: 2.2.0.110)
TheSkyX First Light Edition version 10.2.0 Build 6408 (Version: 10.2.0 Build 6408)
Update Installer for WildTangent Games App
Vacation Quest™ - Australia (Version: 2.2.0.98)
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App (Version: 4.0.9.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma's Revenge (Version: 2.2.0.98)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 64%
Total physical RAM: 3986.28 MB
Available physical RAM: 1414.89 MB
Total Pagefile: 4690.28 MB
Available Pagefile: 2203.34 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.3 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:435.96 GB) (Free:328.57 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:28.69 GB) (Free:3.3 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\PATRICKSPC
 
Administrator            Guest                    Patrick                  
 
 
**** End of log ****
 

  • 0

Advertisements

#2
pystryker
Posted 05 June 2014 - 06:21 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


 

I don't know if my computer actually has this virus or not, but I got a pop up claiming my connection was blocked and I must pay $300 to fix it. I ran MiniToolBox and it generated a report, but I have no idea what it means or what I should do. Can someone please help me figure this out? Below is a copy of the report. I am not very computer savvy and really have no idea what to do.


Hi :)

I would like to caution you as stated above to not run any more tools, except for the ones that I request, when I request them. That way we don't get any unexpected results. :thumbsup:

Now, according to the MiniToolbox report, your connection was tested and Google was pinged successfully. So it would appear your connection is intact.

Are you having any trouble connecting to the internet or any sites?

Also, don't worry about being computer savvy. We'll do this in a step by step manner, and if you have any questions at all, please don't hesitate to ask. ;)

Now, let's get a look at your machine.



Step 1: Scan with Farbar's Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. In your case, download the 64-Bit Version
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:

FRST.txt Log

Addition.txt Log

aswMBR Log
  • 0

#3
pystryker
Posted 08 June 2014 - 05:26 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: virus, MiniToolBox, NSA, Removal, Scareware, Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP