Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iTunesHelper.exe Bad Image - Virus/Malware??


  • Please log in to reply
15 replies to this topic

#1 Valhalla.lk

Valhalla.lk

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 26 June 2015 - 08:03 PM

Hi,

 

Recently I've been getting an error whenever I start up my PC that says I have a bad image for iTunesHelper.exe. My graphics card has crashed a few times since this started happening so I'm not sure if it's related or not. I've run both SAS and Avast Pro but both turned up nothing besides some tracking cookies which were removed.

 

Thinking I may need to get some advanced help through HJT or something similar.

 

Can someone please help me with this?

 

Thanks!



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 26 June 2015 - 09:07 PM

Hi Valhalla.lk :)

iTunesHelper.exe is a legitimate executable file that is part of the Apple iTunes installation. Chances are that your iTunes installation is damaged and needs to be reinstalled. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator;
  • Check the following options:
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      wNeKMCX.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Valhalla.lk

Valhalla.lk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 26 June 2015 - 11:28 PM

Hi Aura,

 

Thanks for the quick response! 

 

Here's the log from MiniToolBox:

 

MiniToolBox by Farbar  Version: 22-06-2015
Ran by James (administrator) on 26-06-2015 at 21:26:05
Running from "S:\Users\James\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/24/2015 11:03:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005
 
Error: (06/24/2015 11:03:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005
 
Error: (06/24/2015 11:03:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/24/2015 11:03:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error: (06/24/2015 11:03:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
Error: (06/24/2015 11:03:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/24/2015 11:03:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008
 
Error: (06/24/2015 11:03:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008
 
Error: (06/24/2015 11:03:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/24/2015 11:03:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009
 
 
System errors:
=============
Error: (06/26/2015 05:41:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.201.171.0).
 
Error: (06/26/2015 00:05:23 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/25/2015 10:29:56 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/25/2015 08:46:50 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/25/2015 08:26:28 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:24:37 PM on ‎6/‎25/‎2015 was unexpected.
 
Error: (06/24/2015 10:20:29 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/23/2015 11:33:10 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/23/2015 11:22:06 PM) (Source: Service Control Manager) (User: )
Description: The RosettaStoneDaemon service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/23/2015 06:33:09 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/23/2015 05:44:18 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (06/24/2015 11:03:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005
 
Error: (06/24/2015 11:03:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005
 
Error: (06/24/2015 11:03:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/24/2015 11:03:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error: (06/24/2015 11:03:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
Error: (06/24/2015 11:03:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/24/2015 11:03:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008
 
Error: (06/24/2015 11:03:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008
 
Error: (06/24/2015 11:03:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/24/2015 11:03:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Xonar D1 Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Deluge 1.3.11 (HKLM-x32\...\Deluge) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
GMATPrep (HKLM-x32\...\GMATPrep 2.2.317) (Version: 2.2.317 - Graduate Management Admission Council (GMAC))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoPro App (HKLM-x32\...\{CAF8EA09-7C5D-4E95-B487-2100E8C40A9F}) (Version: 0.1.443 - GoPro, Inc.) Hidden
GoPro Studio 2.5.5 (HKLM-x32\...\{5d43231e-c765-405a-a122-81de16acd8b4}) (Version: 2.5.5.443 - GoPro, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
ScottradeELITE 2013 (HKLM-x32\...\{33B2F0C4-FBCE-4CDB-B98D-6D945068A150}) (Version: 5.2.0.0 - Scottrader)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
thinkorswim (HKCU\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
VFW_Codec32 (HKLM-x32\...\{EC8C32B0-3AF0-4CEF-B9A1-2C133FFAB160}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{692E20FD-F1EC-415E-8591-8A9145174B41}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XIM4 Manager (HKLM-x32\...\XIM4Manager) (Version: 2014.11.14.0 - XIM Technologies Inc.)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 26 June 2015 - 11:31 PM

Uninstall the following programs:
  • Adobe Flash Player 17 ActiveX - Outdated;
  • Apple Application Support (32-bit);
  • Apple Application Support (64-bit);
  • Apple Mobile Device Support;
  • Apple Software Update;
  • Bonjour;
  • iTunes;
  • Pando Media Booster;
Uninstall iTunes and Bonjour before uninstalling any other Apple software, alright? Once done, restart your computer and follow these instructions.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Go on ge.tt and upload the Autoruns file you saved;
  • Once done, post the download URL of your uploaded file in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Valhalla.lk

Valhalla.lk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 27 June 2015 - 03:40 PM

Hi Aura,

 

Here is the URL of the uploaded file:

 

http://ge.tt/46eISIJ2/v/0?c

 

Thanks!



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 June 2015 - 03:43 PM

Alright :) Now can you proceed to download a fresh installer for iTunes, reinstall it then restart your computer and see if you still get the error message?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Valhalla.lk

Valhalla.lk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 27 June 2015 - 03:59 PM

Just reinstalled a fresh iTunes and restarted but still have the error!

 

Uploaded the image of the error here:

 

http://imgur.com/pCyvBCP

 

Thanks!



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 June 2015 - 04:01 PM

May I ask you something? How come your Windows is running from the S: drive and not the C: drive? Is that a computer on a corporate environment (domain)?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Valhalla.lk

Valhalla.lk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 27 June 2015 - 05:26 PM

Sure. The S: is my SSD where Windows and most of my programs are installed. C: is my HDD that I use mainly for storage. 

 

It's a personal PC at home. 


Edited by Valhalla.lk, 27 June 2015 - 05:26 PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 June 2015 - 05:31 PM

Hum ... I can't say it's a really good choice to have your system partition with Windows having another letter other than C: to be honest. When you uninstall iTunes, did the iTunesHelper.exe error go away?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Valhalla.lk

Valhalla.lk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 27 June 2015 - 05:37 PM

Yep. After I uninstall iTunes the error goes away. Not sure if it'll come back when I reinstall again though as that's what happened earlier.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 27 June 2015 - 09:08 PM

I would like to verify something. Follow the instructions below please.

EndqYRa.pngSystem File Checker (SFC)
Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply;
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Spcusrh.pngRun as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command below and press on Enter;
    sfc /scannow
    Note: There's a space between "sfc" and "/scannow";
  • Once the scan is complete, enter the command below and press on Enter
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • A file called cbs.txt will have appeared on your Desktop. Upload the file on Dropbox, Google Drive or OneDrive and post the download URL here;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Valhalla.lk

Valhalla.lk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 28 June 2015 - 03:18 AM

Hi,

 

The log is here:

 

https://drive.google.com/file/d/0B7qsjvNjhN3lTHRjNUlpeTJPN2c/view?usp=sharing

 

Thanks!



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 28 June 2015 - 07:33 PM

We'll replace the file that is throwing the iTunesHelper.exe error. Follow the instructions below please.

myjIXnC.pngSFCFix - Fix Time
Follow the instructions below to download and execute a SFCFix fix, and provide the log.
  • Download SFCFix and move the executable on your Desktop;
  • Download the attached SFCFix.zip and move the archive to your Desktop;
    Note: Make sure that the file is named SFCFix.zip, do not rename it.
  • Save any work you have open, and close every programs;
  • Drag the SFCFix.zip archive file over the SFCFix.exe executable and release it;
  • SFCFix will launch, let it complete;
  • Once done, a file will appear on your Desktop, called SFCFix.txt;
  • Open the file, then copy and paste its content in your next reply;
https://www.dropbox.com/s/nc2yt13ggp8778s/SFCFix.zip?dl=0

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Valhalla.lk

Valhalla.lk
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 28 June 2015 - 11:03 PM

Log contents posted below:

 

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-06-28 21:02:29.198
Microsoft Windows 7 Service Pack 1 - amd64
Using .zip script file at S:\Users\James\Desktop\SFCFix.zip [0]
 
 
 
 
PowerCopy::
Successfully took permissions for file or folder S:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
 
Successfully copied file S:\Users\James\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll to S:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll.
 
Successfully restored ownership for S:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
Successfully restored permissions on S:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
PowerCopy:: directive completed successfully.
 
 
 
 
Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 1 datablocks.
Finish time: 2015-06-28 21:02:29.467
Script hash: iY8i6jtbo1z1TfneMwj0uEr76eTALWTg0neco6XAi2Q=
----------------------EOF-----------------------





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users