Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my computer is in trouble :/ [Closed]

Started by xLink , Apr 30 2015 07:35 AM

  • This topic is locked This topic is locked

#1
xLink
Posted 30 April 2015 - 07:35 AM

xLink

    New Member

  • Member
  • Pip
  • 3 posts

I logged into my computer after my kids and noticed weird text is highlighted as clickable and can only imagine it is adware

 

start****

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Terrance at 2015-04-30 23:32:59
Running from C:\Users\Terrance\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1518741026-1457341062-3545489784-500 - Administrator - Disabled)
Guest (S-1-5-21-1518741026-1457341062-3545489784-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1518741026-1457341062-3545489784-1003 - Limited - Enabled)
Terrance (S-1-5-21-1518741026-1457341062-3545489784-1001 - Administrator - Enabled) => C:\Users\Terrance
UpdatusUser (S-1-5-21-1518741026-1457341062-3545489784-1004 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\uTorrent) (Version: 3.4.2.38429 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1518741026-1457341062-3545489784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.38429 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1518741026-1457341062-3545489784-1004\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1518741026-1457341062-3545489784-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iFunbox (v2.95.2610.819), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.95.2610.819 - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4711.1002 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version:  - Microsoft)
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
19-04-2015 05:54:03 Scheduled Checkpoint
20-04-2015 22:22:33 Installed DirectX
29-04-2015 00:56:48 Scheduled Checkpoint
30-04-2015 22:51:10 Windows Modules Installer
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14316DC2-D683-4EFF-9CF5-CD224B6EA7CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)
Task: {143C8D4E-8313-43AF-8680-4DB05B0AEBDE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {1DF8C247-AE21-4CE5-B02B-181B0CFE0409} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-15] (Microsoft Corporation)
Task: {3307BAE5-6876-48CC-A142-B73BEC23A156} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3C284817-DDE1-42B4-913E-E9BDADBF8AB9} - System32\Tasks\Uninstaller_SkipUac_Terrance => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {3E34FCCB-AA66-42D6-98C2-1B7FD717FC26} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-15] (Microsoft Corporation)
Task: {462010C7-11F1-4445-BB82-57C81C5AD7B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)
Task: {54C2EDBA-4C87-4339-80EE-8617109563D2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {6EFB7A5F-50EC-483D-93C7-A5800E8EB053} - System32\Tasks\ASC8_SkipUac_Terrance => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-26] (IObit)
Task: {72EF503F-95A0-4F53-9698-335851494F4C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {74994390-AC86-44B3-8BB6-0D633A3EECFE} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {93425247-B989-439B-BAFE-3C9CBD78198A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {A30A68F1-CCC4-47FF-97AC-29F297C15DF8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {AA521CE9-35C9-4A83-A28F-6EE95A99E296} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AD812852-57BC-43ED-95B0-D60F1524C0BB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-15] (Microsoft Corporation)
Task: {C7DF3EA8-2F33-4C5C-B769-1466566CE34F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {CCDB5588-6F05-4F13-BE07-1FD9DBEF62C6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DCC3F599-2815-4B18-94AE-3C36B1CBCD4F} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{093e52e3-0ccc-dfc9-093e-e52e30cc4b8c}\IObit_Advanced_SystemCare_PRO_8.1.0.651_Final_Incl._Crack__5BATOM_5D-advanced-systemcare-setup_0.exe [2014-04-24] ()
Task: {E0C017F2-DEB5-454D-84F3-75D33330004D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F7E9D07A-2D12-4910-AE0E-7269CE132CEE} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Terrance.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{093e52e3-0ccc-dfc9-093e-e52e30cc4b8c}\IObit_Advanced_SystemCare_PRO_8.1.0.651_Final_Incl._Crack__5BATOM_5D-advanced-systemcare-setup_0.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Terrance.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-05 01:36 - 2013-09-05 01:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-15 17:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-15 17:39 - 2015-04-15 17:39 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-24 10:57 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-04-30 07:20 - 2015-04-28 12:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 07:20 - 2015-04-28 12:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 07:20 - 2015-04-28 12:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
2015-04-15 17:37 - 2015-04-15 17:40 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Terrance\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1518741026-1457341062-3545489784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.1.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF4DE9F5D40D95590DFD48945D0FA08D"
HKU\S-1-5-21-1518741026-1457341062-3545489784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF4DE9F5D40D95590DFD48945D0FA08D"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{32115D85-ABED-4290-8EB0-CA12B9EAC8C5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7F49E437-D0CB-4B28-870F-45FF8F44DD63}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B75BFEFF-8223-45FD-B74D-82574524256E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{75FD095D-3CEC-4D45-9CEA-34AF7A8E7C67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C1CB30F9-B36F-4A6E-A17C-6DADC08C16E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3EBF2578-F129-45DD-A6FE-93D67E5ACDC9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{00672066-F822-49A8-A68E-9B991AD223AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{96B7293C-A926-4442-9C9F-49C7A1DD7F83}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E523D43C-08AF-4AC4-AA9B-C0F45AC94C7B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9CDC2F44-3CFD-4466-9A56-EC0B7109C3D8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{59720D31-DBB6-4004-A231-1AD0A1E517B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{1F7FBADE-EA1D-4CDC-9EF7-444A9B7CE432}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3CC23EA0-A14C-47F8-86DE-F7688705191F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{9B79DDD6-67AD-467F-A20C-576D06D7AD56}C:\program files (x86)\r.g. mechanics\sid meier's civilization 5\civilizationv.exe] => (Allow) C:\program files (x86)\r.g. mechanics\sid meier's civilization 5\civilizationv.exe
FirewallRules: [UDP Query User{B380DD7C-7B76-4F72-ABD9-1E97D807F08B}C:\program files (x86)\r.g. mechanics\sid meier's civilization 5\civilizationv.exe] => (Allow) C:\program files (x86)\r.g. mechanics\sid meier's civilization 5\civilizationv.exe
FirewallRules: [{279925B0-3909-48E3-A797-0B0E5E55F1C6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{7782EB72-5781-4A1F-B14D-68DDF6E19B72}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{94A7AFEF-F186-4615-AA7D-7CDC039B8F64}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{9C084A5C-1C9D-42A9-9744-F2D3C2F40205}] => (Allow) C:\Users\Terrance\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B5CAA2A-5EEB-40F6-BE0B-27A98BE19F19}] => (Allow) C:\Users\Terrance\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{72310495-6649-405D-90BE-DC4895DAAB11}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/30/2015 09:53:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZELDA)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/30/2015 08:56:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/30/2015 07:57:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZELDA)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11500
 
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11500
 
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7422
 
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7422
 
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/30/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3875
 
 
System errors:
=============
Error: (04/26/2015 06:56:51 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (04/24/2015 01:28:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053
 
Error: (04/24/2015 01:28:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (04/24/2015 10:57:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Advanced SystemCare Service 8 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/24/2015 10:50:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
Error: (04/24/2015 10:34:39 AM) (Source: DCOM) (EventID: 10010) (User: ZELDA)
Description: Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1
 
Error: (04/21/2015 00:52:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
Error: (04/21/2015 00:48:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053
 
Error: (04/21/2015 00:48:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (04/18/2015 04:28:29 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
 
Microsoft Office Sessions:
=========================
Error: (04/30/2015 09:53:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZELDA)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927148
 
Error: (04/30/2015 08:56:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (04/30/2015 07:57:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZELDA)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927148
 
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11500
 
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11500
 
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7422
 
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7422
 
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/30/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3875
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-17 18:27:15.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-17 18:27:14.830
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-17 18:25:45.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-17 18:25:45.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-12 19:21:44.277
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-12 19:21:44.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-11 18:17:22.738
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 40%
Total physical RAM: 7987.59 MB
Available physical RAM: 4739.12 MB
Total Pagefile: 9267.59 MB
Available Pagefile: 5333.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.18 GB) (Free:778.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0009C4A8)
Partition 1: (Not Active) - (Size=243 MB) - (Type=83)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

Advertisements

#2
xLink
Posted 30 April 2015 - 07:37 AM

xLink

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

please and thankyou


  • 0

#3
emeraldnzl
Posted 01 May 2015 - 10:26 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello xLink,

Welcome to Geekstogo.

Firstly

It looks like the Avanced System Care program you have is the paid for version. The free version comes with adware and should be uninstalled. If I have got it wrong and it is the free version, please uninstall it.

After that

We need to see both the scans from FRST.

 

I see you are running FRST from the Downloads folder. Please transfer it to the Desktop. Our tools run more efficiently from there. You can just navigate to the Downloads folder, click on FRST64 and drag it to the desktop.

 

Once you have done that please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt. :)
 


Edited by emeraldnzl, 01 May 2015 - 10:29 PM.
to change instructions to request FRST be moved to the desktop

  • 0

#4
emeraldnzl
Posted 19 May 2015 - 10:48 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP