Another dllhost.exe victim

F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
I've had a good cry, some expletives, and head banging and am now ready to take this piece of crap on.

I'm posting with a different computer. I'm not sure if or how I'll be able to do anything with the infected computer with all the memory being used by the virus.
 
F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
I went through and ended all but one of the dllhost processes (it won't let me end the last one) and am currently running the FRST.
 
F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014
Ran by WelhamKids at 2014-10-26 15:22:38
Running from C:\Users\WelhamKids\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 3.9.0.26 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 1995332320.48.56.1707378 - Audible, Inc.)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.9.786 - AVG Technologies)
Big Brainz Home (HKLM\...\Big Brainz Home 2.0.1) (Version: 2.0.1 - Big Brainz)
Big Brainz Launcher (HKLM\...\Big Brainz Launcher O) (Version: O - Big Brainz)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Media Go (HKLM\...\{7A6C3344-5CF9-4B83-959C-6576C5B27D09}) (Version: 2.3.255 - Sony)
Media Go Video Playback Engine 1.96.119.08260 (HKLM\...\{065DBB54-6E55-A609-2E1E-F0617E827D53}) (Version: 1.96.119.08260 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Rosetta Stone Version 3 (HKLM\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
Stamps.com Web Postage Plug-in (HKLM\...\Stamps.com Web Postage Plug-in) (Version: - Stamps.com, Inc.)
Stamps.com Web Postage Plug-in (Version: 1.1.0.41 - Stamps.com) Hidden
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.43 - )
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
YNAB 4 version 4.3.656 (HKLM\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\gameux.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

21-10-2014 20:07:56 Windows Update
24-10-2014 20:47:13 Windows Update
26-10-2014 19:08:38 Removed BlueStacks Notification Center
26-10-2014 19:12:10 Removed NWZ-E460 WALKMAN Guide.
26-10-2014 19:14:23 Removed OverDrive Media Console
26-10-2014 21:05:40 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1662AD0F-65E7-4966-9CFF-E18980B3EA52} - System32\Tasks\{D5B0112F-CC45-4106-A5D8-DD3F84E989ED} => C:\Program Files\Aimersoft\Music Converter\MusicConverter.exe
Task: {1C9E1A0C-DEAF-4860-A7E7-4B4B00DFFC5D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-226362633-2050113004-1670365138-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1EA303D3-7603-41B3-B59B-693A64CA1F94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {40F8B53E-3DA3-4A2D-96AA-33DFD575D41D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {433A6C5B-F7BB-4069-9D24-D1F28D1B936B} - System32\Tasks\AV_PWB => C:\Program Files\AVG SafeGuard toolbar\BundleInstall.exe [2014-08-25] (AVG Secure Search)
Task: {508C4AF9-51FE-493E-9601-13571ABF6D65} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-226362633-2050113004-1670365138-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {6E2CBC2C-13CA-4E5E-84AB-0BE2ACE15CF0} - System32\Tasks\Dealply => C:\Users\WelhamKids\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-06-21] () <==== ATTENTION
Task: {79CD3F81-9118-41C2-ACCA-FCB9171C03AA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-226362633-2050113004-1670365138-1004
Task: {A0C64AF2-BB00-4725-BEA2-41AC99E45138} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {A5544981-10B6-4E47-9CC4-CAE9A5B079DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A98B3E59-A00F-4C14-A984-A5FAA7D56681} - System32\Tasks\{B181000C-4F89-4E5F-9DEC-283F8CCACF42} => C:\Program Files (x86)\BigBrainz\BigBrainz.exe [2012-01-30] ()
Task: {CE2F897A-B910-4F7E-ABC5-4BF8197FAC86} - System32\Tasks\{30D77DF2-257D-45EF-9F96-FB0E31FA5576} => C:\Program Files\Aimersoft\Music Converter\MusicConverter.exe
Task: {F4344DBD-588F-41BB-BBF9-D28EC8E4EC55} - System32\Tasks\{B8E0543B-4D00-4EF5-8CC4-6E5E8FEC5348} => C:\Program Files\Aimersoft\Music Converter\MusicConverter.exe
Task: {FFB651B9-07F3-44BC-BA01-CECF2AA5B39C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\WELHAM~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-29 19:03 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-08-13 12:50 - 2014-08-13 12:49 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-13 12:50 - 2014-08-13 12:49 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-09-27 12:53 - 2014-09-27 12:54 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-226362633-2050113004-1670365138-500 - Administrator - Disabled)
Guest (S-1-5-21-226362633-2050113004-1670365138-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-226362633-2050113004-1670365138-1002 - Limited - Enabled)
WelhamKids (S-1-5-21-226362633-2050113004-1670365138-1003 - Administrator - Enabled) => C:\Users\WelhamKids
zachary (S-1-5-21-226362633-2050113004-1670365138-1004 - Administrator - Enabled) => C:\Users\zachary

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2014 02:33:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2dd0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/26/2014 00:22:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WelhamKids-PC)
Description: Application or service 'PasswordBox' could not be restarted.

Error: (10/26/2014 00:22:38 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WelhamKids-PC)
Description: Application or service 'RealNetworks Downloader Resolver Service' could not be restarted.

Error: (10/26/2014 11:53:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a4a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x854304c6
Faulting process id: 0x888
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (10/26/2014 10:50:29 AM) (Source: ESENT) (EventID: 104) (User: )
Description: taskhost (2584) WebCacheLocal: The database engine stopped the instance (0) with error (-1090).

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71907974

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71907974

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2014 10:49:54 AM) (Source: ESENT) (EventID: 471) (User: )
Description: taskhost (2584) WebCacheLocal: Unable to rollback operation #14719 on database C:\Users\WelhamKids\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error: -510. All future database updates will be rejected.

Error: (10/26/2014 10:49:54 AM) (Source: ESENT) (EventID: 492) (User: )
Description: taskhost (2584) WebCacheLocal: The logfile sequence in "C:\Users\WelhamKids\AppData\Local\Microsoft\Windows\WebCache\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.


System errors:
=============
Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:25:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:25:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:25:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (10/26/2014 02:33:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947652dd001cff163a06f658fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllc2e5c981-5d57-11e4-a313-001fe21810ed

Error: (10/26/2014 00:22:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WelhamKids-PC)
Description: 0pbbtnService.exePasswordBox03026217820360

Error: (10/26/2014 00:22:38 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WelhamKids-PC)
Description: 0rndlresolversvc.exeRealNetworks Downloader Resolver Service0302621782840

Error: (10/26/2014 11:53:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnetwk.exe12.0.7601.175144ce7a4a7unknown0.0.0.000000000c0000005854304c688801cff078d02d858bC:\Program Files\Windows Media Player\wmpnetwk.exeunknown5361472b-5d41-11e4-a313-001fe21810ed

Error: (10/26/2014 10:50:29 AM) (Source: ESENT) (EventID: 104) (User: )
Description: taskhost2584WebCacheLocal: 0-1090

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71907974

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71907974

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2014 10:49:54 AM) (Source: ESENT) (EventID: 471) (User: )
Description: taskhost2584WebCacheLocal: 14719C:\Users\WelhamKids\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-510

Error: (10/26/2014 10:49:54 AM) (Source: ESENT) (EventID: 492) (User: )
Description: taskhost2584WebCacheLocal: C:\Users\WelhamKids\AppData\Local\Microsoft\Windows\WebCache\


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 2006.3 MB
Available physical RAM: 1080.03 MB
Total Pagefile: 4570.16 MB
Available Pagefile: 3220.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:23.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 2E995A7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014
Ran by WelhamKids at 2014-10-26 15:41:49
Running from C:\Users\WelhamKids\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 3.9.0.26 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 1995332320.48.56.1707378 - Audible, Inc.)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.9.786 - AVG Technologies)
Big Brainz Home (HKLM\...\Big Brainz Home 2.0.1) (Version: 2.0.1 - Big Brainz)
Big Brainz Launcher (HKLM\...\Big Brainz Launcher O) (Version: O - Big Brainz)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Media Go (HKLM\...\{7A6C3344-5CF9-4B83-959C-6576C5B27D09}) (Version: 2.3.255 - Sony)
Media Go Video Playback Engine 1.96.119.08260 (HKLM\...\{065DBB54-6E55-A609-2E1E-F0617E827D53}) (Version: 1.96.119.08260 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Rosetta Stone Version 3 (HKLM\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
Stamps.com Web Postage Plug-in (HKLM\...\Stamps.com Web Postage Plug-in) (Version: - Stamps.com, Inc.)
Stamps.com Web Postage Plug-in (Version: 1.1.0.41 - Stamps.com) Hidden
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.43 - )
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
YNAB 4 version 4.3.656 (HKLM\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\gameux.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-226362633-2050113004-1670365138-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\WelhamKids\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

21-10-2014 20:07:56 Windows Update
24-10-2014 20:47:13 Windows Update
26-10-2014 19:08:38 Removed BlueStacks Notification Center
26-10-2014 19:12:10 Removed NWZ-E460 WALKMAN Guide.
26-10-2014 19:14:23 Removed OverDrive Media Console
26-10-2014 21:05:40 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1662AD0F-65E7-4966-9CFF-E18980B3EA52} - System32\Tasks\{D5B0112F-CC45-4106-A5D8-DD3F84E989ED} => C:\Program Files\Aimersoft\Music Converter\MusicConverter.exe
Task: {1C9E1A0C-DEAF-4860-A7E7-4B4B00DFFC5D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-226362633-2050113004-1670365138-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1EA303D3-7603-41B3-B59B-693A64CA1F94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {40F8B53E-3DA3-4A2D-96AA-33DFD575D41D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {433A6C5B-F7BB-4069-9D24-D1F28D1B936B} - System32\Tasks\AV_PWB => C:\Program Files\AVG SafeGuard toolbar\BundleInstall.exe [2014-08-25] (AVG Secure Search)
Task: {508C4AF9-51FE-493E-9601-13571ABF6D65} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-226362633-2050113004-1670365138-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {6E2CBC2C-13CA-4E5E-84AB-0BE2ACE15CF0} - System32\Tasks\Dealply => C:\Users\WelhamKids\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-06-21] () <==== ATTENTION
Task: {79CD3F81-9118-41C2-ACCA-FCB9171C03AA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-226362633-2050113004-1670365138-1004
Task: {A0C64AF2-BB00-4725-BEA2-41AC99E45138} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {A5544981-10B6-4E47-9CC4-CAE9A5B079DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A98B3E59-A00F-4C14-A984-A5FAA7D56681} - System32\Tasks\{B181000C-4F89-4E5F-9DEC-283F8CCACF42} => C:\Program Files (x86)\BigBrainz\BigBrainz.exe [2012-01-30] ()
Task: {CE2F897A-B910-4F7E-ABC5-4BF8197FAC86} - System32\Tasks\{30D77DF2-257D-45EF-9F96-FB0E31FA5576} => C:\Program Files\Aimersoft\Music Converter\MusicConverter.exe
Task: {F4344DBD-588F-41BB-BBF9-D28EC8E4EC55} - System32\Tasks\{B8E0543B-4D00-4EF5-8CC4-6E5E8FEC5348} => C:\Program Files\Aimersoft\Music Converter\MusicConverter.exe
Task: {FFB651B9-07F3-44BC-BA01-CECF2AA5B39C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\WELHAM~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-29 19:03 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-08-13 12:50 - 2014-08-13 12:49 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-13 12:50 - 2014-08-13 12:49 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-09-27 12:53 - 2014-09-27 12:54 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-10 03:31 - 2014-09-10 03:31 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-226362633-2050113004-1670365138-500 - Administrator - Disabled)
Guest (S-1-5-21-226362633-2050113004-1670365138-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-226362633-2050113004-1670365138-1002 - Limited - Enabled)
WelhamKids (S-1-5-21-226362633-2050113004-1670365138-1003 - Administrator - Enabled) => C:\Users\WelhamKids
zachary (S-1-5-21-226362633-2050113004-1670365138-1004 - Administrator - Enabled) => C:\Users\zachary

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2014 02:33:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2dd0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/26/2014 00:22:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WelhamKids-PC)
Description: Application or service 'PasswordBox' could not be restarted.

Error: (10/26/2014 00:22:38 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WelhamKids-PC)
Description: Application or service 'RealNetworks Downloader Resolver Service' could not be restarted.

Error: (10/26/2014 11:53:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a4a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x854304c6
Faulting process id: 0x888
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (10/26/2014 10:50:29 AM) (Source: ESENT) (EventID: 104) (User: )
Description: taskhost (2584) WebCacheLocal: The database engine stopped the instance (0) with error (-1090).

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71907974

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71907974

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2014 10:49:54 AM) (Source: ESENT) (EventID: 471) (User: )
Description: taskhost (2584) WebCacheLocal: Unable to rollback operation #14719 on database C:\Users\WelhamKids\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error: -510. All future database updates will be rejected.

Error: (10/26/2014 10:49:54 AM) (Source: ESENT) (EventID: 492) (User: )
Description: taskhost (2584) WebCacheLocal: The logfile sequence in "C:\Users\WelhamKids\AppData\Local\Microsoft\Windows\WebCache\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.


System errors:
=============
Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:27:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:25:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:25:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/26/2014 02:25:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (10/26/2014 02:33:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947652dd001cff163a06f658fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllc2e5c981-5d57-11e4-a313-001fe21810ed

Error: (10/26/2014 00:22:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WelhamKids-PC)
Description: 0pbbtnService.exePasswordBox03026217820360

Error: (10/26/2014 00:22:38 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: WelhamKids-PC)
Description: 0rndlresolversvc.exeRealNetworks Downloader Resolver Service0302621782840

Error: (10/26/2014 11:53:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnetwk.exe12.0.7601.175144ce7a4a7unknown0.0.0.000000000c0000005854304c688801cff078d02d858bC:\Program Files\Windows Media Player\wmpnetwk.exeunknown5361472b-5d41-11e4-a313-001fe21810ed

Error: (10/26/2014 10:50:29 AM) (Source: ESENT) (EventID: 104) (User: )
Description: taskhost2584WebCacheLocal: 0-1090

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71907974

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71907974

Error: (10/26/2014 10:49:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/26/2014 10:49:54 AM) (Source: ESENT) (EventID: 471) (User: )
Description: taskhost2584WebCacheLocal: 14719C:\Users\WelhamKids\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-510

Error: (10/26/2014 10:49:54 AM) (Source: ESENT) (EventID: 492) (User: )
Description: taskhost2584WebCacheLocal: C:\Users\WelhamKids\AppData\Local\Microsoft\Windows\WebCache\


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 49%
Total physical RAM: 2006.3 MB
Available physical RAM: 1011.14 MB
Total Pagefile: 4570.16 MB
Available Pagefile: 3147.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:23.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 2E995A7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
Is it bad if I follow the advice on the other dllhost threads?? I'm wondering if I should wait for feedback or go ahead and try to fix it. Thanks in advance!!
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.



Do not follow advices from other topics, it could be bad for you PC.




FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
Here is the FRST report from this morning. Thank you so much for your help!
 

Attachments

  • FRST2.txt
    31.3 KB · Views: 57
F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
I posted it above, but here it is again. Thanks!

Edited to add: I ran this scan yesterday and posted a new scan I ran today below this post.
 

Attachments

  • Addition.txt
    21.3 KB · Views: 83
Last edited:
F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
Here is one from a scan I just did. Not sure if it matters when the scans are run.
 

Attachments

  • Addition2.txt
    20.7 KB · Views: 37
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.




adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.




51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 

Attachments

  • fixlist.txt
    3.2 KB · Views: 108
F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
The FRST fix has been running for over 6 hours. Do I just let it keep running? I have been manually ending the dllhost processes in hopes of speeding things up, but so far it's an exercise in futility. :/ Thanks for the help.
 
F

Fishmom

New Member
Thread author
Verified
Oct 26, 2014
23
I'm now getting this error message: "Farbar Recovery Scan Tool has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." Somehow I don't think Windows will be contacting me. :p

Thanks for any advice. This is so frustrating. :(
 

Similar threads

S
  • Locked
No Reply Malware on my chrome and redirect to bing and yahoo
Replies
3
Views
464
Windows Malware Removal Help & Support
icotonev
icotonev
lexikon
  • Locked
Brower Managed by Organization + Bing redirect
Replies
5
Views
590
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
    • Like
    • Sad
  • Locked
No Reply Persistent Virus Infestation: Can't Shake Them Off!
Replies
2
Views
763
Windows Malware Removal Help & Support
icotonev
icotonev

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top