Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus? Can't download/run any anti-virus software, or do much of anything else


  • This topic is locked This topic is locked
24 replies to this topic

#1 TheRealJustan

TheRealJustan

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 06 June 2015 - 10:48 AM

Hey guys,

 

This is really baffling me and getting me frustrated. I'm currently running Windows 8.1 64-bit and there's been a problem with my PC for the past few weeks, that only seems to have gotten worse recently...like just just recently. First off, we started to notice that we weren't able to save any files to the HDD, and would instead get an error message saying  "the file or directory is corrupted and unreadable". This wouldn't always happen, but more often than not, it would. It would happen whether we were trying to save something from the internet or save a simple picture under MS Paint. Now, just within the past 24 hours, there is a noticeable lag, as far as performance goes, and I can barely download and run any anti-virus software. Every single one that I tried to download, either wouldn't download at all (no error messages or anything), or once it finally did download, it would give me an error message and crash. I've only been able to run one or two instances of Malwarebytes Anti-Malware and then one Rogue Kill scan, and though they both found some things, I still came up short and the problem is still continuing. Unfortunately, I did not save these logs. I backed up a large chunk of the HD within the last 18 hours, just in case. 

 

So, the immediate situation goes like this: I'm currently running in Safe Mode, because otherwise, my activity as far as what applications that I can execute is severely limited. And just one other detail that I noticed is that I can't download anything with Chrome or Firefox, but occasionally I can with IE, and that's only if I try to "sneak around" whatever virus is blocking me. What's more, once it downloads, it doesn't save the file as ".exe" but rather "_exe". I have to either manually enter ".exe" after it has been downloaded, or I have to type in the filename as a ".exe" as I am saving it. However, once I try to access the file, I notice that there is some weird sequence of numbers and text, following the ".exe" , such as ".jx0jte" just as an example. I have no idea what is going on. I've never seen a computer do this before. Also, I'm not able to save anything in IE unless I do a "Save Target As". Simply hitting "Run" or "Save" on the yellow bar at the bottom of the browser screen will do nothing. 

 

I could really use some assistance with this one....

 

EDIT: Grammar and spelling, because I've literally been at this, since 9:30 pm last night....


Edited by TheRealJustan, 06 June 2015 - 10:51 AM.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 06 June 2015 - 11:24 AM

Hi there,

Do you by any chance have CryptoPrevent from Foolish IT installed?

Please run these tools to see what is going on.

MiniToolbox by Farbar

Avast users please disable your antivirus before downloading!
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 06 June 2015 - 08:26 PM

I'm still here, I just had to get some sleep. This wore me out. I'll get right on that, and be back soon!



#4 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 06 June 2015 - 09:48 PM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Justan (administrator) on 06-06-2015 at 22:47:40
Running from "H:\"
Microsoft Windows 8.1  (X64)
Model: 500-023w Manufacturer: Hewlett-Packard
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.backup.ftp", ""
"network.proxy.backup.ftp_port", 0
"network.proxy.backup.socks", ""
"network.proxy.backup.socks_port", 0
"network.proxy.backup.ssl", ""
"network.proxy.backup.ssl_port", 0
"network.proxy.ftp", "128.199.111.111"
"network.proxy.ftp_port", 8080
"network.proxy.http", "128.199.111.111"
"network.proxy.http_port", 8080
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "128.199.111.111"
"network.proxy.socks_port", 8080
"network.proxy.ssl", "128.199.111.111"
"network.proxy.ssl_port", 8080
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_7" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : GM0310
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.mi.comcast.net.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-FD-52-14-4F-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 24-FD-52-14-4F-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 88-51-FB-60-26-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:558:6007:87:78c0:da1:42e3:6ee6(Preferred) 
   Lease Obtained. . . . . . . . . . : Saturday, June 6, 2015 11:03:24 AM
   Lease Expires . . . . . . . . . . : Wednesday, June 10, 2015 6:59:40 AM
   Link-local IPv6 Address . . . . . : fe80::115a:a12b:f64:293e%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 68.48.194.198(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, June 6, 2015 11:03:23 AM
   Lease Expires . . . . . . . . . . : Wednesday, June 10, 2015 3:37:27 AM
   Default Gateway . . . . . . . . . : fe80::c671:feff:fe73:2ce2%3
                                       68.48.194.1
   DHCP Server . . . . . . . . . . . : 69.252.72.4
   DHCPv6 IAID . . . . . . . . . . . : 294146555
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-10-CB-15-88-51-FB-60-26-7A
   DNS Servers . . . . . . . . . . . : 2001:558:feed::2
                                       2001:558:feed::1
                                       75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  cdns02.comcast.net
Address:  2001:558:feed::2
 
Name:    google.com
Addresses:  2607:f8b0:4009:80a::200e
 216.58.216.78
 
 
Pinging google.com [2607:f8b0:4009:80b::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:80b::200e: time=24ms 
Reply from 2607:f8b0:4009:80b::200e: time=16ms 
 
Ping statistics for 2607:f8b0:4009:80b::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 24ms, Average = 20ms
Server:  cdns02.comcast.net
Address:  2001:558:feed::2
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=34ms TTL=52
Reply from 98.138.253.109: bytes=32 time=34ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 34ms, Average = 34ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...16 fd 52 14 4f 01 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...24 fd 52 14 4f 01 ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
  3...88 51 fb 60 26 7a ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      68.48.194.1    68.48.194.198     10
      68.48.194.0    255.255.255.0         On-link     68.48.194.198    266
    68.48.194.198  255.255.255.255         On-link     68.48.194.198    266
    68.48.194.255  255.255.255.255         On-link     68.48.194.198    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     68.48.194.198    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     68.48.194.198    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    266 ::/0                     fe80::c671:feff:fe73:2ce2
  1    306 ::1/128                  On-link
  3    266 2001:558:6007:87:78c0:da1:42e3:6ee6/128
                                    On-link
  3    266 fe80::/64                On-link
  3    266 fe80::115a:a12b:f64:293e/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/06/2015 11:54:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (06/06/2015 11:53:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (06/06/2015 11:52:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (06/06/2015 11:05:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (06/06/2015 10:54:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (06/06/2015 10:12:24 AM) (Source: ESENT) (User: )
Description: DllHost (1564) WebCacheLocal: The database engine stopped the instance (0) with error (-510).
 
 
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.063, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.015, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
 
Error: (06/06/2015 10:12:24 AM) (Source: ESENT) (User: )
Description: DllHost (1564) WebCacheLocal: The logfile sequence in "C:\Users\Justan\AppData\Local\Microsoft\Windows\WebCache\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.
 
Error: (06/06/2015 10:12:24 AM) (Source: ESENT) (User: )
Description: DllHost (1564) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1121.
 
Error: (06/06/2015 09:57:14 AM) (Source: ESENT) (User: )
Description: DllHost (1564) WebCacheLocal: An attempt to create the file "C:\Users\Justan\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The create file operation will fail with error -1121 (0xfffffb9f).
 
Error: (06/06/2015 09:56:55 AM) (Source: ESENT) (User: )
Description: DllHost (1564) WebCacheLocal: The database engine stopped the instance (0) with error (-510).
 
 
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.047, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
 
 
System errors:
=============
Error: (06/06/2015 10:47:43 PM) (Source: DCOM) (User: GM0310)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/06/2015 10:47:43 PM) (Source: DCOM) (User: GM0310)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/06/2015 10:47:41 PM) (Source: DCOM) (User: GM0310)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/06/2015 10:47:41 PM) (Source: DCOM) (User: GM0310)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/06/2015 10:47:41 PM) (Source: DCOM) (User: GM0310)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/06/2015 10:47:41 PM) (Source: DCOM) (User: GM0310)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/06/2015 10:47:41 PM) (Source: DCOM) (User: GM0310)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/06/2015 10:47:27 PM) (Source: DCOM) (User: GM0310)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/06/2015 10:46:14 PM) (Source: DCOM) (User: GM0310)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/06/2015 10:46:14 PM) (Source: DCOM) (User: GM0310)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office Sessions:
=========================
Error: (06/06/2015 11:54:11 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
 
Error: (06/06/2015 11:53:43 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
 
Error: (06/06/2015 11:52:54 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
 
Error: (06/06/2015 11:05:17 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe
 
Error: (06/06/2015 10:54:41 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe
 
Error: (06/06/2015 10:12:24 AM) (Source: ESENT)(User: )
Description: DllHost1564WebCacheLocal: 0-510[1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.063, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.015, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
 
Error: (06/06/2015 10:12:24 AM) (Source: ESENT)(User: )
Description: DllHost1564WebCacheLocal: C:\Users\Justan\AppData\Local\Microsoft\Windows\WebCache\
 
Error: (06/06/2015 10:12:24 AM) (Source: ESENT)(User: )
Description: DllHost1564WebCacheLocal: -1121
 
Error: (06/06/2015 09:57:14 AM) (Source: ESENT)(User: )
Description: DllHost1564WebCacheLocal: C:\Users\Justan\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log-1121 (0xfffffb9f)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (06/06/2015 09:56:55 AM) (Source: ESENT)(User: )
Description: DllHost1564WebCacheLocal: 0-510[1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.047, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
 
 
=========================== Installed Programs ============================
 
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 42%
Total physical RAM: 8076.85 MB
Available physical RAM: 4641.77 MB
Total Pagefile: 12655.85 MB
Available Pagefile: 9272.07 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.64 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:911.67 GB) (Free:157.52 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:17.93 GB) (Free:2.21 GB) NTFS
4 Drive h: () (Removable) (Total:14.91 GB) (Free:7.06 GB) FAT32
 
========================= Users: ========================================
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
21-05-2015 11:36:18 Scheduled Checkpoint
01-06-2015 13:48:34 Scheduled Checkpoint
 
**** End of log ****


#5 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 06 June 2015 - 10:06 PM

SecurityCheck is a no go. I can't get it to run, no matter what I do. First it brought up this error:

 

"C:\Users\Justan\AppData\Local\Temp\RarSFX0  folder is not accessible"

 

So I cleared out the Temporary Files folder, and it started to work a little bit, but then told me that there was a series of installation files that it could not create, and to restart the computer and try again. I restarted and now I'm back to the same error message, as above. I also ran RKill to see if I could bypass whatever it was, and it is a no-go. 


Edited by TheRealJustan, 06 June 2015 - 10:19 PM.


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 07 June 2015 - 02:27 AM

Hi there,

This is probably an issue caused by running SecurityCheck in Safe Mode with Networking. I will check with the developer.

Your MiniToolbox log looks weird... please move the app to your Desktop and run it again with all checkboxes checked.

After that please run this.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Full Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#7 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 07 June 2015 - 02:39 AM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Justan (administrator) on 07-06-2015 at 03:38:04
Running from "C:\Users\Justan\Desktop"
Microsoft Windows 8.1  (X64)
Model: 500-023w Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.backup.ftp", ""
"network.proxy.backup.ftp_port", 0
"network.proxy.backup.socks", ""
"network.proxy.backup.socks_port", 0
"network.proxy.backup.ssl", ""
"network.proxy.backup.ssl_port", 0
"network.proxy.ftp", "128.199.111.111"
"network.proxy.ftp_port", 8080
"network.proxy.http", "128.199.111.111"
"network.proxy.http_port", 8080
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "128.199.111.111"
"network.proxy.socks_port", 8080
"network.proxy.ssl", "128.199.111.111"
"network.proxy.ssl_port", 8080
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_7" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : GM0310
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.mi.comcast.net.
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-FD-52-14-4F-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 24-FD-52-14-4F-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 88-51-FB-60-26-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:558:6007:87:78c0:da1:42e3:6ee6(Preferred) 
   Lease Obtained. . . . . . . . . . : Sunday, June 7, 2015 1:34:16 AM
   Lease Expires . . . . . . . . . . : Wednesday, June 10, 2015 6:59:40 AM
   Link-local IPv6 Address . . . . . : fe80::115a:a12b:f64:293e%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 68.48.194.198(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, June 7, 2015 1:34:15 AM
   Lease Expires . . . . . . . . . . : Wednesday, June 10, 2015 3:37:25 AM
   Default Gateway . . . . . . . . . : fe80::c671:feff:fe73:2ce2%3
                                       68.48.194.1
   DHCP Server . . . . . . . . . . . : 69.252.72.4
   DHCPv6 IAID . . . . . . . . . . . : 294146555
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-10-CB-15-88-51-FB-60-26-7A
   DNS Servers . . . . . . . . . . . : 2001:558:feed::2
                                       2001:558:feed::1
                                       75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 12:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:303b:7b4:bbcf:3d39(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::303b:7b4:bbcf:3d39%6(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 167772160
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-10-CB-15-88-51-FB-60-26-7A
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.hsd1.mi.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns02.comcast.net
Address:  2001:558:feed::2
 
Name:    google.com
Addresses:  2607:f8b0:4009:80a::200e
 74.125.201.102
 74.125.201.138
 74.125.201.101
 74.125.201.139
 74.125.201.113
 74.125.201.100
 
 
Pinging google.com [2607:f8b0:4009:808::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:808::200e: time=16ms 
Reply from 2607:f8b0:4009:808::200e: time=16ms 
 
Ping statistics for 2607:f8b0:4009:808::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server:  cdns02.comcast.net
Address:  2001:558:feed::2
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=69ms TTL=52
Reply from 206.190.36.45: bytes=32 time=71ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 69ms, Maximum = 71ms, Average = 70ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...16 fd 52 14 4f 01 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...24 fd 52 14 4f 01 ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
  3...88 51 fb 60 26 7a ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      68.48.194.1    68.48.194.198     10
      68.48.194.0    255.255.255.0         On-link     68.48.194.198    266
    68.48.194.198  255.255.255.255         On-link     68.48.194.198    266
    68.48.194.255  255.255.255.255         On-link     68.48.194.198    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     68.48.194.198    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     68.48.194.198    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    266 ::/0                     fe80::c671:feff:fe73:2ce2
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:6ab8:303b:7b4:bbcf:3d39/128
                                    On-link
  3    266 2001:558:6007:87:78c0:da1:42e3:6ee6/128
                                    On-link
  3    266 fe80::/64                On-link
  6    306 fe80::/64                On-link
  3    266 fe80::115a:a12b:f64:293e/128
                                    On-link
  6    306 fe80::303b:7b4:bbcf:3d39/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/07/2015 03:26:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (06/07/2015 03:25:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (06/07/2015 02:12:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (06/07/2015 02:11:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (06/07/2015 02:11:42 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{c65aed34-a652-47c6-b574-4dfccc10374c} - 000000000000017C,0x0053c008,000000BB71E60080,0,000000BB71E61090,4096,[0]).  hr = 0x80070570, The file or directory is corrupted and unreadable.
.
 
 
Operation:
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (06/07/2015 02:06:07 AM) (Source: ESENT) (User: )
Description: SearchIndexer (4216) Windows: An attempt to create the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.log" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The create file operation will fail with error -1121 (0xfffffb9f).
 
Error: (06/07/2015 02:01:00 AM) (Source: ESENT) (User: )
Description: svchost (1848) SRUJet: Database recovery/restore failed with unexpected error -510.
 
Error: (06/07/2015 02:01:00 AM) (Source: ESENT) (User: )
Description: svchost (1848) SRUJet: Unable to write a shadowed header for file C:\WINDOWS\system32\SRU\SRU.chk. Error -1121.
 
Error: (06/07/2015 02:01:00 AM) (Source: ESENT) (User: )
Description: svchost (1848) SRUJet: An attempt to create the file "C:\WINDOWS\system32\SRU\SRU.chk" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The create file operation will fail with error -1121 (0xfffffb9f).
 
Error: (06/07/2015 02:01:00 AM) (Source: ESENT) (User: )
Description: svchost (1848) SRUJet: Unable to write a shadowed header for file C:\WINDOWS\system32\SRU\SRU.chk. Error -1121.
 
 
System errors:
=============
Error: (06/07/2015 02:11:42 AM) (Source: Microsoft-Windows-Ntfs) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume43
 
Error: (06/07/2015 02:11:42 AM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: could not create shadow copy storage on volume C:.
 
Error: (06/07/2015 01:37:17 AM) (Source: DCOM) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/07/2015 01:37:17 AM) (Source: DCOM) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/07/2015 01:37:16 AM) (Source: DCOM) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/07/2015 01:37:16 AM) (Source: DCOM) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/07/2015 01:37:16 AM) (Source: DCOM) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/07/2015 01:37:16 AM) (Source: DCOM) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/07/2015 01:37:16 AM) (Source: DCOM) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/07/2015 01:37:16 AM) (Source: DCOM) (User: GM0310)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}GM0310JustanS-1-5-21-1878577048-805392268-2015328708-1001LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (06/07/2015 03:26:31 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
 
Error: (06/07/2015 03:25:58 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe
 
Error: (06/07/2015 02:12:27 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
 
Error: (06/07/2015 02:11:54 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe
 
Error: (06/07/2015 02:11:42 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{c65aed34-a652-47c6-b574-4dfccc10374c} - 000000000000017C,0x0053c008,000000BB71E60080,0,000000BB71E61090,4096,[0])0x80070570, The file or directory is corrupted and unreadable.
 
 
Operation:
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (06/07/2015 02:06:07 AM) (Source: ESENT)(User: )
Description: SearchIndexer4216Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.log-1121 (0xfffffb9f)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (06/07/2015 02:01:00 AM) (Source: ESENT)(User: )
Description: svchost1848SRUJet: -510
 
Error: (06/07/2015 02:01:00 AM) (Source: ESENT)(User: )
Description: svchost1848SRUJet: C:\WINDOWS\system32\SRU\SRU.chk-1121
 
Error: (06/07/2015 02:01:00 AM) (Source: ESENT)(User: )
Description: svchost1848SRUJet: C:\WINDOWS\system32\SRU\SRU.chk-1121 (0xfffffb9f)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (06/07/2015 02:01:00 AM) (Source: ESENT)(User: )
Description: svchost1848SRUJet: C:\WINDOWS\system32\SRU\SRU.chk-1121
 
 
=========================== Installed Programs ============================
 
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 67%
Total physical RAM: 8076.85 MB
Available physical RAM: 2640.4 MB
Total Pagefile: 12655.85 MB
Available Pagefile: 5923.66 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.43 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:911.67 GB) (Free:158.33 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:17.93 GB) (Free:2.21 GB) NTFS
4 Drive h: () (Removable) (Total:14.91 GB) (Free:7.06 GB) FAT32
 
========================= Users: ========================================
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
21-05-2015 11:36:18 Scheduled Checkpoint
01-06-2015 13:48:34 Scheduled Checkpoint
 
**** End of log ****


#8 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 07 June 2015 - 02:40 AM

For what it's worth, even though I'm no longer in Safe Mode, I still cannot get SecurityCheck to run. Gonna try my luck with Emsisoft, and post the results soon!



#9 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 07 June 2015 - 06:25 PM

Arrrgh! I have to run Emsisoft again. It crashed before I could grab the log, and it wouldn't let me Quarantine the 34 bugs that it found, after it finished, because "the program is being run from a Read Only drive, so some settings may not work" and it said to "please disable write protection and try again". 

 

 

EDIT: So... I just completed a new Scan, and it detected the same 34 bugs...HOWEVER, once again I can't Quarantine or View The Report. I keep getting an error message that says:

 

"Please note that the program is started from a read-only drive. To be able to update or change settings you must disable the protection."

 

Soo...I did everything as instructed. And though I had to save the program to an SD Card, initially (I wasn't able to save anything to my actual HD), I moved it over to the Desktop and installed and ran it from there, as instructed. Also note, that I had to run RKill to even be able to do that, because at first, when it tried to extract the files, none of the signatures were able to be created. It wasn't until I ran RKill that I was able to successfully extract, install and run Emsisoft. For the record, this is my second attempt at a scan. Both scans were successful, but I get the same end result every time: the above error message. Last time I checked, my HD did not have any write protection activated. I'm positive of it. This is driving me nuts........


Edited by TheRealJustan, 07 June 2015 - 09:26 PM.


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 08 June 2015 - 03:29 AM

Do you have a flash drive and another clean computer? We can try running EEK from a flash drive.

#11 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 08 June 2015 - 03:46 AM

I have plenty of flash drives. As for the second computer....that would be a Negative.  



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:36 AM

Posted 08 June 2015 - 03:52 AM

Can you download EEK to a flash drive and run it from there?

#13 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 08 June 2015 - 04:08 AM

Yeah, I actually have it downloaded to my SD Card right now, from when I downloaded it yesterday. I will give that a shot.

 

EDIT: Even better. I can run it from my External HD. Lots more space, there. Plus the computer isn't even acknowledging the SD Card right now. 


Edited by TheRealJustan, 08 June 2015 - 04:14 AM.


#14 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 08 June 2015 - 04:39 AM

So this will be my third scan. This will take awhile, as did the first two. 



#15 TheRealJustan

TheRealJustan
  • Topic Starter

  • Members
  • 164 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 08 June 2015 - 11:02 AM

Emsisoft Emergency Kit - Version 9.0
Last update: 6/8/2015 7:00:05 AM
User account: GM0310\Justan
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, F:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 6/8/2015 7:00:21 AM
Value: HKEY_USERS\S-1-5-21-1878577048-805392268-2015328708-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1878577048-805392268-2015328708-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTAINER.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.PROXYCHECKS detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.PROXYCHECKS.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG.1 detected: Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DRIVERUPDATE detected: Application.InstallDrive (A)
C:\Users\Justan\Documents\Old Logins\Bianca\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll detected: Application.WebToolbar (A)
C:\Users\Justan\Documents\Old Logins\Dumbo\D-Bass6.COM6\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll detected: Application.WebToolbar (A)
C:\Users\Justan\Downloads\cbsidlm-cbsi183-Pandora_Recovery-BP-10694796.exe detected: Application.Win32.InstallAd (A)
C:\Users\Justan\Downloads\cbsidlm-cbsi183-Riva_FLV_Player-SEO-10435953.exe detected: Application.Win32.InstallAd (A)
C:\Users\Justan\Downloads\FreeStudio (1).exe detected: Application.Win32.AdSweet (A)
C:\Users\Justan\Downloads\FreeStudio.exe detected: Application.Win32.AdSweet (A)
C:\Users\Justan\Downloads\guiminer-20121203.exe detected: Application.CoinMiner (A)
C:\Users\Justan\Pictures\Natalie Archives\Downloads\French (1).exe detected: Gen:Variant.Application.Bundler.InstallRex.2 (B)
C:\Users\Justan\Pictures\Natalie Archives\Downloads\French.exe detected: Gen:Variant.Application.Bundler.InstallRex.2 (B)
F:\GM0310\Documents\Old Logins\Bianca\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll detected: Application.WebToolbar (A)
F:\GM0310\Documents\Old Logins\Dumbo\D-Bass6.COM6\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll detected: Application.WebToolbar (A)
F:\GM0310\Downloads\cbsidlm-cbsi183-Pandora_Recovery-BP-10694796.exe detected: Application.Win32.InstallAd (A)
F:\GM0310\Downloads\cbsidlm-cbsi183-Riva_FLV_Player-SEO-10435953.exe detected: Application.Win32.InstallAd (A)
F:\GM0310\Downloads\FreeStudio (1).exe detected: Application.Win32.AdSweet (A)
F:\GM0310\Downloads\FreeStudio.exe detected: Application.Win32.AdSweet (A)
F:\GM0310\Downloads\guiminer-20121203.exe detected: Application.CoinMiner (A)
F:\GM0310\Downloads\Unconfirmed 81852.crdownload detected: Gen:Variant.Aware.MPlug.32 (B)
F:\GM0310\Pictures\Natalie Archives\Downloads\French (1).exe detected: Gen:Variant.Application.Bundler.InstallRex.2 (B)
F:\GM0310\Pictures\Natalie Archives\Downloads\French.exe detected: Gen:Variant.Application.Bundler.InstallRex.2 (B)
 
Scanned 945487
Found 44
 
Scan end: 6/8/2015 10:50:18 AM
Scan time: 3:49:57
 
F:\GM0310\Pictures\Natalie Archives\Downloads\French.exe Quarantined Gen:Variant.Application.Bundler.InstallRex.2 (B)
F:\GM0310\Pictures\Natalie Archives\Downloads\French (1).exe Quarantined Gen:Variant.Application.Bundler.InstallRex.2 (B)
F:\GM0310\Downloads\Unconfirmed 81852.crdownload Quarantined Gen:Variant.Aware.MPlug.32 (B)
F:\GM0310\Downloads\guiminer-20121203.exe Quarantined Application.CoinMiner (A)
F:\GM0310\Downloads\FreeStudio.exe Quarantined Application.Win32.AdSweet (A)
F:\GM0310\Downloads\FreeStudio (1).exe Quarantined Application.Win32.AdSweet (A)
F:\GM0310\Downloads\cbsidlm-cbsi183-Riva_FLV_Player-SEO-10435953.exe Quarantined Application.Win32.InstallAd (A)
F:\GM0310\Downloads\cbsidlm-cbsi183-Pandora_Recovery-BP-10694796.exe Quarantined Application.Win32.InstallAd (A)
F:\GM0310\Documents\Old Logins\Dumbo\D-Bass6.COM6\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll Quarantined Application.WebToolbar (A)
F:\GM0310\Documents\Old Logins\Bianca\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll Quarantined Application.WebToolbar (A)
C:\Users\Justan\Pictures\Natalie Archives\Downloads\French.exe Quarantined Gen:Variant.Application.Bundler.InstallRex.2 (B)
C:\Users\Justan\Pictures\Natalie Archives\Downloads\French (1).exe Quarantined Gen:Variant.Application.Bundler.InstallRex.2 (B)
C:\Users\Justan\Downloads\guiminer-20121203.exe Quarantined Application.CoinMiner (A)
C:\Users\Justan\Downloads\FreeStudio.exe Quarantined Application.Win32.AdSweet (A)
C:\Users\Justan\Downloads\FreeStudio (1).exe Quarantined Application.Win32.AdSweet (A)
C:\Users\Justan\Downloads\cbsidlm-cbsi183-Riva_FLV_Player-SEO-10435953.exe Quarantined Application.Win32.InstallAd (A)
C:\Users\Justan\Downloads\cbsidlm-cbsi183-Pandora_Recovery-BP-10694796.exe Quarantined Application.Win32.InstallAd (A)
C:\Users\Justan\Documents\Old Logins\Dumbo\D-Bass6.COM6\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll Quarantined Application.WebToolbar (A)
C:\Users\Justan\Documents\Old Logins\Bianca\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll Quarantined Application.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DRIVERUPDATE Quarantined Application.InstallDrive (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.WATCHDOG Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.PROXYCHECKS.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.PROXYCHECKS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEHOLDER Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATATABLE Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTROLLER Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PCPROXY.DATACONTAINER.1 Quarantined Application.AdSend (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D} Quarantined Application.AdReg (A)
Value: HKEY_USERS\S-1-5-21-1878577048-805392268-2015328708-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1878577048-805392268-2015328708-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
 
Quarantined 44





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users