Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exe files, browers crashing after prolonged activity


  • Please log in to reply
10 replies to this topic

#1 Ratheyan

Ratheyan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 09 May 2014 - 03:50 PM

Hi, I use an Asus N56V laptop with Windows 8.1 that I bought last September and only recently in the last 2 weeks have I been having this problem. After having the laptop open for a while or after having played a large game such as Starcraft or Age of Empires my browsers are either unresponsive or simply don't open at all. I have no idea what to do so I simply restart the laptop and right before it does I notice that an error sign appears saying Google chrome exe was unable to open (I will get a proper screenshot next time it occurs). Also, many exe files fail to launch as well, coming up with a very similar error. 

However, as soon as I restart everthing works fine and I am able to operate everything without a hitch. It is only after about 1 hour of gaming or something that doesn't require the browser that it stops working. I noticed a very similar thread which I tried looking at but the person who made it never continued it on to a solution.

http://www.bleepingcomputer.com/forums/t/205620/internet-browsers-keep-crashing/

I was planning on downloading ComboFix to search for Malware but decided to see your opinion first. As for any further information, this did start to occur after downloading several games, and at first used to be only google chrome that stopped working while internet explorer still worked but now it seems to be both. I did preform a security scan with Windows Defender and found a Trojandownloader:/win32/clikug.B which I removed but the problem persisted and even occurred today. 

 

This has also made me wonder if the problem is due to malware or a BIOS problem (not updated maybe?).

Please try and help and I thank you for taking the time to do so!



BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,683 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 AM

Posted 09 May 2014 - 03:55 PM

Hi Ratheyan, and welcome to Bleeping Computer

 

You cannot post a Combofix log in this forum.  The only forum you can post one in is the Virus, Trojan, Spyware, and Malware Removal Logs forum.

 

 

Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.

  • Click the esetonlinebtn.png button.

  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.

    • Double click on the esetsmartinstaller_enu.png icon on your desktop.


  • Check "YES, I accept the Terms of Use."

  • Click the Start button.

  • Accept any security warnings from your browser.

  • Under scan settings, check "Scan Archives" and "Remove found threats"

  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications

    • Scan for potentially unsafe applications

    • Enable Anti-Stealth technology


  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes, click List Threats

  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  • Click the Back button.

  • Click the Finish button.

 

 
 
Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Ratheyan

Ratheyan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 09 May 2014 - 09:08 PM

Hi, and thanks for replying. Here are the results:

From ESETScan:
 

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Program Files (x86)\Microsoft Studios\Age2HD\steam_api.dll a variant of Win32/HackTool.Crack.BL potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe a variant of Win32/Toolbar.SearchSuite.O potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\Uninstall.exe a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted (after the next restart) - quarantined
C:\Users\Admin R\AppData\Local\Temp\uninstall824760718.exe probably a variant of Win32/YourFileDownloader.A potentially unwanted application deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
Operating memory a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application contained infected files
 

From Malwarebytes log:
 
Quarantined Items:
 
===================
Vendor: PUP.Optional.MoviesToolBar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Users\Admin R\AppData\Local\ilividmoviestoolbar20\GC\IACNativeMsgHost.exe
Vendor: PUP.Optional.Bandoo.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A9119622
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:42:17, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll
Vendor: PUP.Optional.Datamngr.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\ProgramData\Datamngr\S-1-5-21-2681726800-1604365620-2467318462-1002.cfg
Vendor: PUP.Optional.InstallCore.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKU\S-1-5-21-2681726800-1604365620-2467318462-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE
Vendor: PUP.Optional.MoviesToolBar.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKU\S-1-5-21-2681726800-1604365620-2467318462-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ilividmoviestoolbar20
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:53:33, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll
Vendor: PUP.Optional.MoviesToolBar.A, Date: 2014/05/10 01:55:39, Type: Folder, Location: C:\Users\Admin R\AppData\Local\ilividmoviestoolbar20\GC
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: Registry Value, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAMNGRCOORDINATOR|ImagePath
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\GC\uninstall.exe
Vendor: PUP.Optional.MoviesToolBar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Users\Admin R\AppData\Local\ilividmoviestoolbar20\GC\toolbar.crx
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:54:52, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:48:00, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:48:00, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ilividmoviestoolbar20CR
Vendor: PUP.Optional.InstallCore.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKU\S-1-5-21-2681726800-1604365620-2467318462-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S
Vendor: PUP.Optional.MoviesToolBar.A, Date: 2014/05/10 01:55:39, Type: Folder, Location: C:\Users\Admin R\AppData\Local\ilividmoviestoolbar20
Vendor: PUP.Optional.Datamngr.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\ProgramData\Datamngr\coordinator.cfg
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll
Vendor: PUP.Optional.Wajam.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:54:52, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: Folder, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: Folder, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:44:47, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: Folder, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\GC
Vendor: PUP.Optional.InstallCore.A, Date: 2014/05/10 01:55:39, Type: Registry Value, Location: HKU\S-1-5-21-2681726800-1604365620-2467318462-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\GC\install.ico
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\setmgrc1.cfg
Vendor: PUP.Optional.Wajam.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\Uninstall.exe
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\Helper.dll
Vendor: PUP.Optional.Bandoo.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg
Vendor: PUP.Optional.Bandoo.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe
Vendor: PUP.Optional.Wajam.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Users\Admin R\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage
Vendor: PUP.Optional.Bandoo.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: Folder, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe
Vendor: PUP.Optional.Datamngr.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\ProgramData\Datamngr\general.cfg
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:56:33, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll
Vendor: PUP.Optional.Wajam.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKU\S-1-5-21-2681726800-1604365620-2467318462-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\favicon.ico
Vendor: PUP.Optional.Bandoo.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DatamngrCoordinator
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:42:17, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll
Vendor: PUP.Optional.MoviesToolBar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Users\Admin R\AppData\Local\ilividmoviestoolbar20\GC\com.apn.native_messaging_host_aaaaabcbmongicmdegkmmfgdickgnnob.json
Vendor: PUP.Optional.MoviesToolBar.A, Date: 2014/05/10 01:54:52, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\GC\uninstall.exe
Vendor: PUP.Optional.Wajam.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Users\Admin R\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal
Vendor: PUP.Optional.Bandoo.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
Vendor: PUP.Optional.MoviesToolbar.A, Date: 2014/05/10 01:55:39, Type: File, Location: C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrChrome.dll
Vendor: PUP.Optional.MoviesToolBar.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaabcbmongicmdegkmmfgdickgnnob
Vendor: PUP.Optional.DataMngr.A, Date: 2014/05/10 01:55:39, Type: Registry Key, Location: HKU\S-1-5-21-2681726800-1604365620-2467318462-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr
Vendor: PUP.Optional.Datamngr.A, Date: 2014/05/10 01:55:39, Type: Folder, Location: C:\ProgramData\Datamngr
===============================================================
END OF FILE


Hopefully you can help me from this information.



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,683 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 AM

Posted 10 May 2014 - 08:03 AM

There were no malicious items found, so it doesn't look like an infection.

 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 

Please download and install Speccy to provide us with information about your computer.  When  FileHippo opens, click on Download latest version in the upper right pane.
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.
 
 

Please download MiniToolBox  , save it to your desktop and run it.
 
 Checkmark the following checkboxes:
 
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
 Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 Ratheyan

Ratheyan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 10 May 2014 - 10:57 PM

Adwcleaner:

 

# AdwCleaner v3.207 - Report created 10/05/2014 at 23:25:28
# Updated 05/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Admin R - RATHEYAN
# Running from : C:\Users\Admin R\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Movies Toolbar
Folder Deleted : C:\WINDOWS\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Admin R\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Admin R\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Admin R\Documents\Mobogenie
Folder Deleted : C:\Users\Admin R\Documents\Optimizer Pro
File Deleted : C:\Users\Admin R\daemonprocess.txt
File Deleted : C:\WINDOWS\System32\Tasks\YourFile DownloaderUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\YourFileDownloader
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Admin R\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : aaaaabcbmongicmdegkmmfgdickgnnob
 
*************************
 
AdwCleaner[R0].txt - [4796 octets] - [10/05/2014 21:30:21]
AdwCleaner[S0].txt - [4513 octets] - [10/05/2014 23:25:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4573 octets] ##########
 

 

 

______________________________________________________________________________________________________________

 

 

Speccy:

 

http://speccy.piriform.com/results/suV5HJPBv1zLgYXjmMKl6JA

 

 

 

______________________________________________________________________________________________________________

 

 

 

 

 

 

Minitoolbox:
 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Admin R (administrator) on 10-05-2014 at 23:51:41
Running from "C:\Users\Admin R\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/10/2014 11:40:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: wfcrun32.exe, version: 12.0.3.6, time stamp: 0x4beb17e9
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process id: 0x156c
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report Id: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
Error: (05/10/2014 07:44:29 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (05/10/2014 04:03:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: skydrive.exe, version: 6.3.9600.17055, time stamp: 0x53291a62
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0x46c
Faulting application start time: 0xskydrive.exe0
Faulting application path: skydrive.exe1
Faulting module path: skydrive.exe2
Report Id: skydrive.exe3
Faulting package full name: skydrive.exe4
Faulting package-relative application ID: skydrive.exe5
 
Error: (05/10/2014 11:19:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: wfcrun32.exe, version: 12.0.3.6, time stamp: 0x4beb17e9
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process id: 0xd00
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report Id: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
Error: (05/10/2014 00:53:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/09/2014 09:58:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: wfcrun32.exe, version: 12.0.3.6, time stamp: 0x4beb17e9
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process id: 0x1770
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report Id: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
Error: (05/09/2014 08:19:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/09/2014 06:21:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/09/2014 05:25:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (05/09/2014 05:25:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
 
System errors:
=============
Error: (05/10/2014 11:40:51 PM) (Source: DCOM) (User: RATHEYAN)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (05/10/2014 11:28:12 PM) (Source: DCOM) (User: RATHEYAN)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (05/10/2014 11:19:51 AM) (Source: DCOM) (User: RATHEYAN)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (05/09/2014 09:59:34 PM) (Source: DCOM) (User: RATHEYAN)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (05/09/2014 08:28:18 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/09/2014 04:10:54 PM) (Source: DCOM) (User: RATHEYAN)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (05/09/2014 04:09:47 PM) (Source: Service Control Manager) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
%%1
 
Error: (05/09/2014 04:08:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (05/09/2014 04:06:28 PM) (Source: DCOM) (User: RATHEYAN)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (05/09/2014 04:06:28 PM) (Source: DCOM) (User: RATHEYAN)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
 
Microsoft Office Sessions:
=========================
Error: (05/10/2014 11:40:16 PM) (Source: Application Error)(User: )
Description: wfcrun32.exe12.0.3.64beb17e9ntdll.dll6.3.9600.170315308893dc000000500018e17156c01cf6ccab7d5aae4C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\WINDOWS\SYSTEM32\ntdll.dllf6ffb43b-d8bd-11e3-bebf-60a44c6e2dab
 
Error: (05/10/2014 07:44:29 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (05/10/2014 04:03:15 PM) (Source: Application Error)(User: )
Description: skydrive.exe6.3.9600.1705553291a62unknown0.0.0.00000000000000000000000000000000046c01cf6c63198516d6C:\Windows\System32\skydrive.exeunknown1e8534da-d87e-11e3-bebe-60a44c6e2dab
 
Error: (05/10/2014 11:19:00 AM) (Source: Application Error)(User: )
Description: wfcrun32.exe12.0.3.64beb17e9ntdll.dll6.3.9600.170315308893dc000000500018e17d0001cf6c6329dfe882C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\WINDOWS\SYSTEM32\ntdll.dll696bb289-d856-11e3-bebe-60a44c6e2dab
 
Error: (05/10/2014 00:53:53 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (05/09/2014 09:58:57 PM) (Source: Application Error)(User: )
Description: wfcrun32.exe12.0.3.64beb17e9ntdll.dll6.3.9600.170315308893dc000000500018e17177001cf6bf365454e74C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\WINDOWS\SYSTEM32\ntdll.dlla5569dd0-d7e6-11e3-bebe-60a44c6e2dab
 
Error: (05/09/2014 08:19:12 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (05/09/2014 06:21:21 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (05/09/2014 05:25:10 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Admin R\Downloads\esetsmartinstaller_enu.exe
 
Error: (05/09/2014 05:25:08 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Admin R\Downloads\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-09 16:10:18.669
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-09 16:10:18.607
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-09 16:09:03.552
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-05-09 16:09:03.506
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-05-08 14:33:22.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-08 14:33:22.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-08 14:31:38.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-05-08 14:31:38.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-05-07 16:31:55.943
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-05-07 16:31:55.735
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
 
=========================== Installed Programs ============================
 
??? (Version: 16.4.3505.0912)
???? (Version: 16.4.3505.0912)
«Age of Empers II HD Edition - The Forgotten» v.3.0.1560
µTorrent (Version: 3.4.1.30888)
64 Bit HP CIO Components Installer (Version: 8.2.4)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 13 Plugin (Version: 13.0.0.206)
Adobe Reader X (10.1.9) MUI (Version: 10.1.9)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000)
Age of Empires III - The WarChiefs (Version: 1.00.0000)
Age of Empires III (Version: 1.00.0000)
Alcor Micro USB Card Reader (Version: 3.9.142.62248)
ASUS Instant Key (Version: 1.0.5)
ASUS InstantOn (Version: 3.0.4)
ASUS LifeFrame3 (Version: 3.1.9)
ASUS Live Update (Version: 3.1.9)
ASUS Photo Designer (Version: 7.0.1.3)
ASUS Power4Gear Hybrid (Version: 2.0.4)
ASUS Smart Gesture (Version: 1.0.35)
ASUS Splendid Video Enhancement Technology (Version: 1.03.0004)
ASUS USB Charger Plus (Version: 2.1.5)
ASUS Video Magic (Version: 6.0.4712)
ASUSDVD (Version: 10.0.5022.52)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.1.0.7)
ATK Package (Version: 1.0.0023)
Battle.net
BlackBerry World Browser Plugin (Version: 10.2.168.12)
Citrix online plug-in - web (Version: 12.0.3.6)
Citrix online plug-in (DV) (Version: 12.0.3.6)
Citrix online plug-in (HDX) (Version: 12.0.3.6)
Citrix online plug-in (USB) (Version: 12.0.3.6)
Citrix online plug-in (Web) (Version: 12.0.3.6)
CyberLink PowerDirector (Version: 8.0.4905d)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.47.1.0337)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON WorkForce 435 Series Printer Uninstall
ESET Online Scanner v3
Galería de fotos (Version: 16.4.3505.0912)
Galerie de photos (Version: 16.4.3505.0912)
Google Chrome (Version: 34.0.1847.131)
Google Talk Plugin (Version: 5.3.1.18536)
Google Update Helper (Version: 1.3.24.7)
Hearthstone
HP LaserJet 200 color M251 (Version: 5.0.12200.1036)
HP Product FWUpdater (Version: 4.0.0.7242)
HP Unified IO (Version: 2.0.0.404)
HP Update (Version: 5.003.003.001)
hpbDSService (Version: 002.002.07399)
hpbM251DSService (Version: 001.001.05874)
HPDXP (Version: 3.0.26.12)
HPLaserJet200color-M251_HelpLearnCenter_SI (Version: 1.01.0000)
HPLJDXPHelper (Version: 020.021.004)
HPLJUTCore (Version: 004.005.0001)
HPLJUTM251 (Version: 3.00.0003)
hppLaserJetService (Version: 009.027.00856)
hppM251LaserJetService (Version: 001.019.00639)
hpStatusAlerts (Version: 050.037.00142)
hpStatusAlertsM251 (Version: 050.034.00131)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 10.18.10.3308)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 55 (Version: 7.0.550)
Java Auto Updater (Version: 2.1.9.8)
League of Legends (Version: 3.0.0)
Left 4 Dead 2
LJDXPHelperUI (Version: 020.021.004)
Logger Pro 3.8.6.1 (Version: 5.120.386)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
MATLAB R2013a (Version: 8.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft SkyDrive (Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyBitCast 2.0 (Version: 2.0)
NVIDIA Control Panel 311.44 (Version: 311.44)
NVIDIA Graphics Driver 311.44 (Version: 311.44)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (Version: 9.12.0613)
NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Photo Common (Version: 16.4.3505.0912)
Photo Gallery (Version: 16.4.3505.0912)
PunkBuster Services (Version: 0.992)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.212)
Qualcomm Atheros Client Installation Program (Version: 10.0)
Quincy 2005 v. 1.3
Realtek High Definition Audio Driver (Version: 6.0.1.6710)
Rising Storm/Red Orchestra 2 Multiplayer
Shared C Run-time for x64 (Version: 10.0.0)
Sid Meier's Civilization V
Skype Click to Call (Version: 7.2.15747.10003)
Skype™ 6.14 (Version: 6.14.104)
Soldat 1.6.7 (Version: 1.6.7)
Speccy (Version: 1.26)
StarCraft II
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.5.22.0)
Team Fortress 2
Unity Web Player (Version: )
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
VLC media player 2.1.2 (Version: 2.1.2)
WebStorage (Version: 2.0.1.213)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (Version: 06/11/2009 1.0.0.0)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (Version: 09/02/2009 1.0.0.1)
Windows Live (Version: 16.4.3505.0912)
Windows Live ??? (Version: 16.4.3505.0912)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
WinFlash (Version: 2.41.1)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 29%
Total physical RAM: 8077.5 MB
Available physical RAM: 5659.89 MB
Total Pagefile: 16269.5 MB
Available Pagefile: 13478.22 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.01 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:129.14 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:397.87 GB) (Free:397.65 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\RATHEYAN
 
Admin R                  Administrator            Guest                    
UpdatusUser              
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****
 
 
 
Thank you for looking at this and continuing to help.


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,683 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 AM

Posted 11 May 2014 - 09:29 AM

Please run sfc /scannow and post the log.

 

The sfc /scannow command scans all protected system files and replaces corrupted and incorrect versions with correct Microsoft versions.
 
To run sfc /scannow in Windows 8 you will need to open the Elevated Command Prompt.  The easiest way to do this is to press the Windows key and the X key at the same time.
 
You will see a window similar to the one below.
 
elevatedcommandpromptw7_zpseba8c499.png
 
When the Elevated Command Prompt opens type in sfc /scannow (please note the space between sfc and /scannow), then press Enter.
 
If the scan finds no integrity  problems in the first portion of the scan it should stop, to be sure that the scan has stopped wait five minutes, then type in exit and press Enter to stop the scan.
 
If it does find integrity problems the scan will continue.  This will take a while, please have patience and allow it finish.  
 
When the scan is finished please post the log of this scan.
 
To find sfc /scannow log, type cmd in the Search programs and files box, 
 
cmd will appear above the search box under Apps., right click on it and choose Run as administrator, this will open the Elevated Command Prompt.  This will look simlare to the image below.
 
elevatedcommandpromptw7_zpseba8c499.png
 
copy and paste the following, then press Enter.  
 
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
 
This will place a new icon on the desktop titled sfcdetails.  Click on this to open the log, copy it and paste it in your topic.
 
 
Update your copy of Citrix Receiver to the 12.1 version.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 Ratheyan

Ratheyan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 May 2014 - 04:34 PM

Hi, 

after running the scan I received this message and the scan failed to continue. Also, afterwards it stated that no log could be found.

http://i1240.photobucket.com/albums/gg489/ratheyan/Bleeding%20computer/admincmd_zpsd089a5d4.jpg

 

Thank you.



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,683 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 AM

Posted 11 May 2014 - 04:56 PM

Obviously the sfc /scannow ran to completion and found corrupt files it could not repair.

 

Did you copy and paste the command in the command prompt?

 

Did a new icon appear on the desktop titled sfcdetails?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 Ratheyan

Ratheyan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 May 2014 - 05:10 PM

Yes I copied and pasted and this message appeared:

http://i1240.photobucket.com/albums/gg489/ratheyan/Bleeding%20computer/adminlog_zps031fd582.jpg



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,683 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:32 AM

Posted 11 May 2014 - 05:17 PM

Try the following.

 

Click on the Strat orb, they type cmd in the Search programs and files box.
 
cmd will appear above the search box under Apps, right click on it and choose Run as administrator.  This will open the Elevated Command Prompt.
 
In the Elevated Command Prompt type in the following two commands one at a time followed by pressing the Enter key for each command.
 
dism /online /cleanup-image /checkhealth
 
 
dism /online /cleanup-image /restorehealth

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 Ratheyan

Ratheyan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 11 May 2014 - 05:40 PM

Here are the results:

http://i1240.photobucket.com/albums/gg489/ratheyan/Bleeding%20computer/checkhealth_zpse0c74258.jpg

 

Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users