Help with possible virus

View previous topic View next topic Go down

In Progress Help with possible virus

Post by pappy on 27th November 2016, 10:46 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Rick (27-11-2016 17:33:59)
Running from C:\Users\Rick\Downloads
Windows 8.1 (Update) (X64) (2014-01-13 04:26:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3431173695-69639140-411144729-500 - Administrator - Disabled)
Guest (S-1-5-21-3431173695-69639140-411144729-501 - Limited - Enabled) => C:\Users\Guest
Rick (S-1-5-21-3431173695-69639140-411144729-1002 - Administrator - Enabled) => C:\Users\Rick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Norton Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerateTab (HKLM-x32\...\AccelerateTab_is1) (Version: 2.6 - AccelerateTab)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adult Emoticons and Avatars (HKLM-x32\...\Adult Emoticons and Avatars) (Version:  - Sherv.NET)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.4.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{19CB64EB-ACFE-681D-B571-A8A3398F1943}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
IObit Apps Toolbar v9.1 (HKLM-x32\...\{BAADB485-50A5-4E37-AE32-04F35DCEC14B}) (Version: 9.1 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.3 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.3.0.142 - IObit)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Norton Security (HKLM-x32\...\NSBU) (Version: 22.8.0.50 - Symantec Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 3.1.0.2 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02FEF945-7458-4F7A-8E08-3412A2818F3A} - System32\Tasks\Uninstaller_SkipUac_Rick => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-05-12] (IObit)
Task: {045FA648-CAC6-4B8B-9F7C-8A69BB6B29E8} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {04CB1795-04AD-46BA-A86B-8D0D96BCA903} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0FA782CD-4A18-49D5-A0BA-4F66E518C2BA} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1C4757F5-CC5C-4D04-A584-ADEE7401AAC9} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {30A684AF-3445-4816-9CD6-EAC2D9ABC406} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-05-12] (IObit)
Task: {38320A16-69CF-4FB4-8132-212CC2BC19D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => C:\WINDOWS\system32\GWX\GWXConfigManager.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {48CF1E55-8C35-4806-8361-69AF4B249DF9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {4B0224BB-A1FD-417B-B68D-9DD36B3A3C55} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {4B305338-B260-4DC3-8386-3B20A442F2E9} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
Task: {4C8EA03D-ADF3-4D8D-99F1-3EF5E1823347} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {52F1803B-E997-47F1-9809-556C6F895176} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-03-20] ()
Task: {5F3932DA-63A4-4957-A8D6-8C52E3818DD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {74D4216A-2AF4-4993-955A-8FC7DF47528D} - System32\Tasks\ASC9_SkipUac_Rick => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-07-28] (IObit)
Task: {9E2CBA8F-D033-4C49-990D-603B947AA023} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-09-23] (Symantec Corporation)
Task: {9EE109CB-DE88-4556-B754-318F6444D61B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C273A462-4CFB-4AA0-8467-47FE55DF4155} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D814DFA0-0D39-4717-8588-C75BB62A16B1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {DB8B83BA-107E-46E0-A6A5-25E516880E85} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {E516DB0D-4C41-4AD7-9803-F6A00A573726} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {E77C213F-FF82-47FA-812F-3B8CFFF4F3E4} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {F33561DD-4E6F-43F4-9980-2508F40D6328} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-07-20] (IObit)
Task: {F5E57724-7FF5-4110-8300-2587F13DF56F} - System32\Tasks\Driver Booster SkipUAC (Rick) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-07-28] (IObit)
Task: {FF2B9F35-C569-4BF0-8431-350AEAEC9650} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-07-28] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Rick.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Rick.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Rick\Favorites\Gateway\Gateway.lnk -> [You must be registered and logged in to see this link.]

==================== Loaded Modules (Whitelisted) ==============

2016-10-24 23:07 - 2016-10-20 03:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-24 23:07 - 2016-10-20 03:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-11-08 15:14 - 2016-11-08 15:14 - 31067840 _____ () C:\Users\Rick\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3431173695-69639140-411144729-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\10924721_846524365397807_6267246092458262385_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "SearchSettings"
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\StartupApproved\Run: => "Advanced SystemCare 8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{88DC0B4A-8DAA-4E99-873E-86CC8CAEB68A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{74B44DF6-AA11-411A-BB22-2916A49541CE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{20C6A0BE-B768-43E3-9CE3-34667EC258A3}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9366FACF-BB72-4C31-99BA-7C5A1FBD72A9}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5B498646-29BA-4BAC-8561-4693EB1F74FB}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{BFE7A909-9F92-4024-BBB1-6E580E58B6F7}] => (Allow) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{CFA4E105-EA7C-467A-8B4C-C585732AC972}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C05799A-6948-43D4-BDA6-E5177D828E6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF64259A-7933-4C09-B486-40DF487ACFE6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4DF57E0-AD3D-41C1-B760-2426DF39A632}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8683892-3081-473C-8AF6-7763F65993E6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{56A5F014-4744-43D8-973C-4F861743EF9C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{F2337D0C-518A-4B93-A9B2-7DFE0A791775}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5BEC645E-8DB1-4295-9396-7DA7CFAC5514}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{BC9935E8-AC1A-4BF4-8DBD-539F79B3B6E3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{6E224C9C-B355-43C4-984B-3DAEDD2214F3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{91660A02-7643-4BF4-8AA2-D94B9255ECFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-11-2016 04:44:32 Scheduled Checkpoint
20-11-2016 12:12:28 Scheduled Checkpoint
27-11-2016 14:47:12 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2016 05:01:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\uistub.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2016 05:01:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IObit\Advanced SystemCare\IU5Setup.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2016 05:01:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IObit\Advanced SystemCare\PatchSetup_A9.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2016 05:01:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\IObit\Advanced SystemCare\Dashlane_Launcher.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2016 05:00:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1304) SRUJet: Database recovery/restore failed with unexpected error -539.

Error: (11/27/2016 04:00:01 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1420) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU0046A.log.

Error: (11/27/2016 02:45:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\uistub.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2016 02:45:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\uistub.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2016 02:45:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\uistub.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/27/2016 02:35:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.0.50\uistub.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (11/27/2016 05:20:31 PM) (Source: DCOM) (EventID: 10000) (User: HOME)
Description: Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error:
"14001"
Happened while starting this command:
C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (11/27/2016 05:02:42 PM) (Source: DCOM) (EventID: 10016) (User: HOME)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Home\Rick SID (S-1-5-21-3431173695-69639140-411144729-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.BingWeather_3.0.4.344_x64__8wekyb3d8bbwe SID (S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330). This security permission can be modified using the Component Services administrative tool.

Error: (11/27/2016 05:02:15 PM) (Source: DCOM) (EventID: 10000) (User: HOME)
Description: Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error:
"14001"
Happened while starting this command:
C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (11/27/2016 04:50:46 PM) (Source: DCOM) (EventID: 10000) (User: HOME)
Description: Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error:
"14001"
Happened while starting this command:
C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (11/27/2016 04:42:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

Error: (11/27/2016 04:39:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMService service failed to start due to the following error: 
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

Error: (11/27/2016 04:39:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Security with Backup service failed to start due to the following error: 
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

Error: (11/27/2016 04:39:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error: 
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

Error: (11/27/2016 04:39:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

Error: (11/27/2016 04:39:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error: 
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.


CodeIntegrity:
===================================
  Date: 2016-11-27 17:32:28.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-27 17:32:22.744
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-27 17:32:12.758
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-27 16:02:43.029
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-27 16:02:38.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-27 16:02:34.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-27 16:02:29.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-27 16:02:25.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-27 16:02:20.919
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-27 16:02:16.529
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 60%
Total physical RAM: 3800.02 MB
Available physical RAM: 1502.84 MB
Total Virtual: 4568.02 MB
Available Virtual: 1225.48 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:439.61 GB) (Free:387.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2AD815CD)

Partition: GPT.

==================== End of Addition.txt ============================

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 27th November 2016, 11:21 pm

Hello there,

I did not see anything odd in the log... at least not specific to a possible virus, but let's take a deeper look...

Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download [You must be registered and logged in to see this link.] to your desktop.

  • Double-click mbam-setup-2.0.0.****.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.


  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.





Please download [You must be registered and logged in to see this link.] onto your Desktop.

  • Double click on AdwCleaner_xxxx.exe to run the tool.
  • Click on Scan.
  • After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
  • You can find the logfile at C:\AdwCleaner[Sx].txt as well.





Fix with Junkware Removal Tool

Please download [You must be registered and logged in to see this link.] and save the file to your desktop.

  • Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.


Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.




Please download MySystem-Search from one of the following links:
  • Save the file to your Desktop.
  • Right-click on mss.exe and select Run as Administrator.
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply. Also, look for these files in the same location called systemintegrity.txt and HOSTS.txt. Please open them, and copy and paste that in to your next reply as well.
Note: the logs are long. Please use more than one post, if necessary.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 28th November 2016, 12:03 am

I can't open any downloads. I get a pop up saying the "side  by side configuration is incorrect. See application log or use command line sxstrace.exe tool for more detail"

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 28th November 2016, 12:14 am

I'd like to switch back and forth between Firefox and Chrome. I'm stuck in chrome now.

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 28th November 2016, 12:38 am

This is a Visual C++ Runtime error.

Go to Start, type in Control Panel. Open Control Panel, find Programs... uninstall any Visual C++ Runtime Libraries and reinstall from the following links (based on what you uninstalled for you may have to download and install more than one listed below or all of them):



After that, try to install and run the above programs according to directive, and let me know how it works.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 28th November 2016, 1:14 am

I can't uninstall anything either.

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 28th November 2016, 1:53 am

Please go to the Programs List, and check which ones are currently installed, and then per that information, install the packages linked to above.

By installing them over top of the original, it will attempt to remove the old files and install new files to ensure it operates well.

If that does not work, skip Malwarebytes' Anti-Malware, and try the last three tools in the list and see if they work, please.

Let me know the progress.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 28th November 2016, 9:23 pm

I can download everything but when I try to run it I get this 
The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 28th November 2016, 11:28 pm

Let's try this to see if it works... if it does not, then we will proceed to a different repair route... Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills any active infection or issue, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 29th November 2016, 12:29 am

No, That didn't help. I keep getting the same pop up.

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 29th November 2016, 1:33 am

Let's work with some Windows tools, then... We should be able to conquer it... I need more information...

Event Viewer Log Files
Please provide us with copies of these 2 logfiles:
- Go to Start and type in "eventvwr.msc" (without the quotes and press Enter
- Expand the Windows Logs category by clicking on the arrow/+ sign to it's left
- Right click on the Application log and select "Save all events as" and name it Application
- Then, right click on the System log and select "Save all events as" and name it System
- Zip up the log files and upload/attach them with your next post.




SFC.EXE /SCANNOW
Go to Start and type in "cmd.exe" (without the quotes)
At the top of the search box, right click on the cmd.exe and select "Run as adminstrator"
In the black window that opens, type "SFC.EXE /SCANNOW" (without the quotes) and press Enter.
Let the program run and post back what it says when it's done.

After that, run Dism /Online /Cleanup-Image /RestoreHealth


After that command, run the following, if the programs still do not work...

SxsTrace Trace -logfile:SxsTrace.etl

Now run the program which causes the SideBySide error.

Go back to the command prompt press ENTER to generate the SxsTrace.etl. Now type this:

sxstrace Parse -logfile:SxSTrace.etl -outfile:SxSTrace.txt


Now open the SxSTrace.txt trace and look which VC++ runtime is missing.

If you are unsure, please upload the complete SxSTrace.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 29th November 2016, 2:10 am

C:\Users\Rick\AppData\Local\Temp\Temp1_Applications.zip\Applications.evtx
C:\Users\Rick\Documents

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 29th November 2016, 2:47 am

Were you able to upload the files here?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 29th November 2016, 10:05 am

The zip files are to large

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 29th November 2016, 6:20 pm

Hello again, sorry that happened. Please upload them to mediafire.com and post the download link(s) here. Right On! If that fails, please upload to OneDrive (Microsoft), Google Drive, or Box and post download/sharing link here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 29th November 2016, 9:40 pm

[You must be registered and logged in to see this link.]

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 30th November 2016, 1:34 am

Have you completed these steps? If not, then proceed, please:

SFC.EXE /SCANNOW
Go to Start and type in "cmd.exe" (without the quotes)
At the top of the search box, right click on the cmd.exe and select "Run as adminstrator"
In the black window that opens, type "SFC.EXE /SCANNOW" (without the quotes) and press Enter.
Let the program run and post back what it says when it's done.

After that, run Dism /Online /Cleanup-Image /RestoreHealth


After that command, run the following, if the programs still do not work...

SxsTrace Trace -logfile:SxsTrace.etl

Now run the program which causes the SideBySide error.

Go back to the command prompt press ENTER to generate the SxsTrace.etl. Now type this:

sxstrace Parse -logfile:SxSTrace.etl -outfile:SxSTrace.txt


Now open the SxSTrace.txt trace and look which VC++ runtime is missing.

If you are unsure, please upload the complete SxSTrace.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 2nd December 2016, 7:41 am

Is everything going okay with this? Are there any issues with running these?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 2nd December 2016, 12:05 pm

Thank you for your patience. I haven't been able to work on the problem due to overtime. I will work on it this weekend. Thank you again.

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 2nd December 2016, 8:06 pm

No problem and no worries. Smile!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 5th December 2016, 9:25 pm

That seems to have corrected the problem, but. Firefox loads slow and Chrome takes forever to load.

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 5th December 2016, 9:30 pm

Which one worked? System File Checker or DISM?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by pappy on 5th December 2016, 10:52 pm

System File Checker

pappy
Novice
Novice

Posts Posts : 43
Joined Joined : 2010-01-16
Gender Gender : Male
OS OS : Windows XP
Protection Protection : AVG Free edition
Points Points : 25785
# Likes # Likes : 0

View user profile

Back to top Go down

In Progress Re: Help with possible virus

Post by Dr Jay on 6th December 2016, 1:18 am

Please attempt to follow instructions from this post: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302970
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum