Jump to content

Recommended Posts

Ran MBM several times, finding and quarantining PUP threats each time from: WindFind, SelectionTool, Nosibay, ContentProtector, ContentDefender, ConvertAd, WeatherChicken, EoReo, WindApp, WindFind. Now when I open Firefox browser I am getting message that MBAM has blocked a potentially malicious website, outgoing, zuh.fonicatorsembody.com.. It pops up repeatedly (many times in a minute. I ran Farbar with the following results. How do I permanently block this website or remove this/these malware? Thanks for your help

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016 02
Ran by Cin (administrator) on CRMINI (31-05-2016 09:21:48)
Running from C:\Users\Cin\Downloads
Loaded Profiles: Cin (Available Profiles: Cin & Administrator)
Platform: Microsoft Windows 8.1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
("Artex Management S. A.") C:\Program Files\ContentProtector\ContentProtector.exe
("Artex Management S. A.") C:\Program Files\ContentProtector\ContentProtectorUpdate.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\WeatherChickn\WeatherChickn.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Labour LLC) C:\Program Files\windfind\updservice.exe
(Labour LLC) C:\Program Files\windfind\WinFindSync.exe
(Labour LLC) C:\Program Files\windfind\WinFindSync_.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [3216032 2013-12-16] (ASUSTek Computer Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [73216 2013-11-02] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-2094678777-4143742173-427414782-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_21_0_0_213_Plugin.exe [1172672 2016-05-09] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7255B61B-0370-4886-B842-22A89C07F7EF}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{72EA8637-8F3B-40AC-A777-65E82C513D64}: [DhcpNameServer] 13.6.0.88
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-2094678777-4143742173-427414782-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.google.com/mail/u/0/#inbox
HKU\S-1-5-21-2094678777-4143742173-427414782-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2094678777-4143742173-427414782-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF ProfilePath: C:\Users\Cin\AppData\Roaming\Mozilla\Firefox\Profiles\oinbo5n1.default
FF Homepage: hxxps://mail.google.com/mail/u/0/#inbox
hxxp://games.aarp.org/games/match-merge/match-merge.aspx
hxxps://id.outdoorcentral.us/ID/License/Receipt
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-05-09] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Extension: Backward/Forward History Dropdown - C:\Users\Cin\AppData\Roaming\Mozilla\Firefox\Profiles\oinbo5n1.default\extensions\{c6fb3a99-0bf0-4ab3-9b5b-9fe631d6cde3}.xpi [2016-05-09]
FF Extension: ColorfulTabs - C:\Users\Cin\AppData\Roaming\Mozilla\Firefox\Profiles\oinbo5n1.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-05-27]
FF Extension: Adblock Plus - C:\Users\Cin\AppData\Roaming\Mozilla\Firefox\Profiles\oinbo5n1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-02-26] (Broadcom Corporation.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2013-11-13] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [75264 2013-11-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [89088 2013-11-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [82432 2013-11-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-02] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2013-08-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U0 abdu; C:\WINDOWS\System32\drivers\vvkln.sys [52440 2016-05-31] (Malwarebytes)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [64792 2013-12-12] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2013-10-02] (Broadcom Corp)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2014-02-26] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\system32\DRIVERS\BtwSerialBus.sys [130776 2014-02-26] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [17408 2013-11-02] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [19968 2013-11-02] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [28160 2013-11-02] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [72704 2013-11-02] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [176640 2013-11-02] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-11-03] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-11-03] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17720 2013-10-07] (ASUS)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-14] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-11-03] (Intel Corporation)
S0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [505192 2013-08-08] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [33176 2013-10-28] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [252416 2013-11-04] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2013-10-28] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-31] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-11-02] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\WINDOWS\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-11-02] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [149720 2013-12-05] (Realtek Semiconductor Corp.)
S3 RTLU3E8023-W8-32; C:\WINDOWS\system32\DRIVERS\rtu30x86w8.sys [57856 2013-06-18] (Realtek                                            )
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [76304 2013-11-02] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [29128 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [214368 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R1 MpKsl288daf6a; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C9D30477-03F0-40C0-899A-80FDC97DEC0A}\MpKsl288daf6a.sys [X]
U0 msahci; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 09:21 - 2016-05-31 09:22 - 00013314 _____ C:\Users\Cin\Downloads\FRST.txt
2016-05-31 09:20 - 2016-05-31 09:21 - 00000000 ____D C:\FRST
2016-05-31 09:17 - 2016-05-31 09:18 - 01734656 _____ (Farbar) C:\Users\Cin\Downloads\FRST.exe
2016-05-31 09:08 - 2016-05-31 09:08 - 00052440 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\vvkln.sys
2016-05-30 15:55 - 2016-05-31 08:59 - 00000000 ___RD C:\Users\Cin\SkyDrive
2016-05-28 15:52 - 2016-05-28 15:52 - 00001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-28 15:51 - 2016-05-28 15:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-28 09:03 - 2016-05-31 09:00 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-28 08:59 - 2016-05-28 08:59 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-28 08:59 - 2016-05-28 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-28 08:59 - 2016-05-28 08:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-28 08:59 - 2016-05-28 08:59 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-28 08:59 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-28 08:59 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-28 08:59 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-28 08:53 - 2016-05-28 08:55 - 22851472 _____ (Malwarebytes ) C:\Users\Cin\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-27 13:25 - 2016-05-27 13:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-27 13:25 - 2016-05-27 13:25 - 136686448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-27 13:17 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-05-27 07:43 - 2016-04-22 03:57 - 00374944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-05-27 07:38 - 2016-05-27 07:38 - 00000000 ____D C:\Users\Cin\AppData\Local\CEF
2016-05-26 22:03 - 2016-05-31 09:08 - 00000000 ____D C:\Users\Cin\AppData\Roaming\Store
2016-05-26 22:03 - 2016-05-28 14:44 - 00000000 ____D C:\Users\Cin\AppData\Local\app
2016-05-26 21:55 - 2016-05-30 15:53 - 00000000 ____D C:\Program Files\0006BFE7-1464314136-1C07-FFFF-40167E387FE8
2016-05-26 21:47 - 2016-05-30 15:55 - 00000000 ____D C:\Program Files\ContentProtector
2016-05-26 21:47 - 2016-05-26 21:48 - 00000000 ____D C:\Users\Cin\Downloads\kwikee-level-best-manual(1)
2016-05-26 21:47 - 2016-04-19 15:05 - 00046400 ____N (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\ContentProtectorDrv.sys
2016-05-26 21:45 - 2016-05-31 09:08 - 00000000 ____D C:\Program Files\windfind
2016-05-26 21:44 - 2016-05-30 15:53 - 00000000 ____D C:\Program Files\WeatherChickn
2016-05-26 21:44 - 2016-05-26 21:44 - 00000000 ____D C:\Users\Cin\Downloads\kwikee-level-best-manual
2016-05-26 21:39 - 2016-05-26 21:42 - 04426808 _____ C:\Users\Cin\Downloads\kwikee-level-best-manual.exe
2016-05-25 20:05 - 2016-05-25 20:05 - 00003917 _____ C:\Users\Cin\Desktop\Purchase Contract KJB.txt
2016-05-19 09:35 - 2016-05-19 09:35 - 00000000 ____D C:\Users\Cin\AppData\Roaming\awsRun
2016-05-19 09:30 - 2016-05-19 09:30 - 13066672 _____ (ASUS Cloud Corporation) C:\Users\Cin\Downloads\WebStorageSyncAgent2.2.8.559.exe
2016-05-09 23:45 - 2014-04-19 02:49 - 18644072 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-09 23:45 - 2014-03-10 04:43 - 01673048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-05-09 23:45 - 2014-03-10 04:43 - 00283992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-05-09 23:45 - 2014-01-07 01:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-05-09 23:44 - 2013-11-10 20:50 - 00036696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2016-05-09 23:44 - 2013-11-09 01:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-05-09 23:44 - 2013-11-08 04:40 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-05-09 23:44 - 2013-11-08 00:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-09 23:44 - 2013-11-07 23:51 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2016-05-09 23:44 - 2013-11-07 23:30 - 01128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-09 23:44 - 2013-11-07 23:26 - 03422208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2016-05-09 23:44 - 2013-11-07 23:05 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-09 23:44 - 2013-11-05 10:08 - 00478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-05-09 23:44 - 2013-11-05 09:19 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2016-05-09 23:44 - 2013-11-01 06:17 - 00077144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-09 23:44 - 2013-11-01 01:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-05-09 23:44 - 2013-10-30 19:50 - 05753688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-09 23:44 - 2013-10-26 16:28 - 00120152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2016-05-09 23:44 - 2013-10-24 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2016-05-09 23:44 - 2013-10-17 06:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-05-09 23:42 - 2014-01-07 20:55 - 00261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-05-09 23:42 - 2014-01-07 20:35 - 01307992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-09 23:42 - 2014-01-07 20:35 - 00320856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-09 23:42 - 2014-01-04 11:08 - 00103936 _____ C:\WINDOWS\system32\OEMLicense.dll
2016-05-09 23:42 - 2014-01-04 09:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2016-05-09 23:42 - 2014-01-02 19:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2016-05-09 23:42 - 2013-12-31 20:56 - 01445720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-09 23:42 - 2013-12-31 20:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-05-09 23:42 - 2013-12-31 20:00 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-05-09 23:42 - 2013-12-31 19:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-09 23:42 - 2013-12-30 19:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2016-05-09 23:42 - 2013-12-30 19:33 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-05-09 23:42 - 2013-12-30 19:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-05-09 23:42 - 2013-12-27 08:05 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2016-05-09 23:42 - 2013-12-27 08:05 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-05-09 23:42 - 2013-12-27 04:21 - 00517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2016-05-09 23:42 - 2013-12-27 03:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-05-09 23:42 - 2013-12-27 03:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-09 23:42 - 2013-12-27 02:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-09 23:42 - 2013-12-21 03:04 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2016-05-09 23:42 - 2013-12-17 02:13 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-05-09 23:42 - 2013-12-14 02:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-09 23:42 - 2013-12-13 05:14 - 00077992 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-05-09 23:42 - 2013-12-13 01:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-05-09 23:42 - 2013-11-27 10:09 - 02872688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-05-09 23:42 - 2013-11-27 06:46 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2016-05-09 23:42 - 2013-11-27 04:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-05-09 23:42 - 2013-11-27 04:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2016-05-09 23:41 - 2014-10-30 18:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-05-09 23:41 - 2014-01-31 10:04 - 00265560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-09 23:41 - 2014-01-31 09:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-05-09 23:41 - 2014-01-31 05:02 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2016-05-09 23:41 - 2014-01-29 03:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-05-09 23:41 - 2014-01-29 03:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2016-05-09 23:41 - 2014-01-29 03:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2016-05-09 23:41 - 2014-01-29 03:43 - 01883480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-09 23:41 - 2014-01-29 02:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2016-05-09 23:41 - 2014-01-27 14:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-05-09 23:41 - 2014-01-27 14:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2016-05-09 23:41 - 2014-01-27 14:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2016-05-09 23:41 - 2014-01-27 13:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2016-05-09 23:41 - 2014-01-27 13:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2016-05-09 23:41 - 2014-01-27 11:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-05-09 23:41 - 2014-01-27 07:52 - 00386722 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-05-09 23:41 - 2014-01-17 17:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-05-09 23:41 - 2014-01-07 00:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-05-09 23:41 - 2013-12-21 08:06 - 05251224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-05-09 23:41 - 2013-12-21 04:08 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2016-05-09 23:41 - 2013-11-21 01:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-09 23:41 - 2013-10-19 03:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2016-05-09 23:40 - 2013-12-08 19:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-05-09 23:39 - 2014-03-06 03:32 - 01033368 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2016-05-09 23:39 - 2014-03-06 03:10 - 00861984 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-09 23:39 - 2014-02-10 23:32 - 03486208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-09 23:39 - 2014-02-10 22:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-05-09 23:39 - 2014-01-04 15:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-05-09 23:39 - 2014-01-04 10:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-09 23:39 - 2014-01-04 09:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-05-09 23:39 - 2014-01-04 09:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-05-09 23:39 - 2014-01-04 09:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-05-09 23:39 - 2013-12-20 22:10 - 00009701 _____ C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2016-05-09 23:39 - 2013-12-20 04:26 - 01382208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-09 23:39 - 2013-12-20 04:26 - 01271664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-09 23:39 - 2013-12-08 19:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2016-05-09 23:39 - 2013-12-08 19:43 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-05-09 23:39 - 2013-11-23 00:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2016-05-09 23:39 - 2013-11-09 01:52 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2016-05-09 23:39 - 2013-11-09 01:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-05-09 23:39 - 2013-10-30 19:39 - 01261320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-09 23:39 - 2013-10-30 19:39 - 01159080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-09 23:39 - 2013-10-15 04:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2016-05-09 21:21 - 2016-05-26 08:20 - 00000000 ____D C:\Windows.old
2016-05-09 21:20 - 2016-05-09 21:20 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2016-05-09 18:02 - 2016-05-09 18:02 - 00000000 ____D C:\Users\Cin\AppData\Roaming\Macromedia
2016-05-09 18:02 - 2016-05-09 18:02 - 00000000 ____D C:\Users\Cin\AppData\Local\Macromedia
2016-05-09 17:59 - 2016-05-09 18:00 - 00000000 ____D C:\Users\Cin\AppData\Local\Adobe
2016-05-09 17:49 - 2016-05-09 17:58 - 00000000 ____D C:\Users\Cin\AppData\Local\Mozilla
2016-05-09 17:49 - 2016-05-09 17:49 - 00000000 ____D C:\Users\Cin\AppData\Roaming\Mozilla
2016-05-09 17:37 - 2016-05-09 17:37 - 00000000 ____D C:\Users\Cin\AppData\Roaming\WebStorage
2016-05-09 17:34 - 2016-05-09 17:35 - 00000000 ____D C:\Users\Cin\AppData\Local\PackageStaging
2016-05-09 17:33 - 2016-05-09 17:33 - 00001444 _____ C:\Users\Cin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-09 17:33 - 2016-05-09 17:33 - 00000000 ____D C:\Users\Cin\AppData\Roaming\Adobe
2016-05-09 17:33 - 2016-05-09 17:33 - 00000000 ____D C:\Users\Cin\AppData\Local\VirtualStore
2016-05-09 17:32 - 2016-05-09 17:32 - 00000020 ___SH C:\Users\Cin\ntuser.ini
2016-05-09 17:23 - 2016-05-09 17:23 - 00001629 _____ C:\Users\Administrator\AppData\Local\Application.xml
2016-05-09 17:22 - 2016-05-30 15:55 - 00000000 ____D C:\Users\Cin
2016-05-09 17:22 - 2016-05-09 17:23 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2016-05-09 17:22 - 2016-05-09 17:23 - 00024768 _____ C:\WINDOWS\diagerr.xml
2016-05-09 17:22 - 2016-05-09 17:22 - 00000000 _SHDL C:\Users\Cin\My Documents
2016-05-09 17:22 - 2016-05-09 17:22 - 00000000 _SHDL C:\Users\Cin\Documents\My Videos
2016-05-09 17:22 - 2016-05-09 17:22 - 00000000 _SHDL C:\Users\Cin\Documents\My Pictures
2016-05-09 17:22 - 2016-05-09 17:22 - 00000000 _SHDL C:\Users\Cin\Documents\My Music
2016-05-09 14:06 - 2016-05-09 22:24 - 00000000 ___HD C:\$SysReset

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 08:59 - 2013-08-22 04:05 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-30 18:34 - 2014-06-14 05:40 - 00000000 ____D C:\Users\Cin\AppData\Local\Packages
2016-05-30 18:34 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-30 17:43 - 2013-12-16 19:05 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-30 17:43 - 2013-08-22 02:21 - 00000000 ____D C:\WINDOWS\inf
2016-05-30 15:55 - 2014-06-14 05:42 - 00000000 __RDO C:\Users\Cin\SkyDrive.old
2016-05-30 15:55 - 2013-08-22 03:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-30 15:54 - 2013-12-16 18:52 - 00000000 ____D C:\Users\Administrator
2016-05-30 15:50 - 2013-08-22 04:17 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-30 15:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\registration
2016-05-28 18:49 - 2013-08-22 03:22 - 00333376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-28 18:48 - 2013-08-22 02:13 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2016-05-28 18:47 - 2013-08-22 04:17 - 00000000 ___RD C:\WINDOWS\ToastData
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\WinStore
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-05-28 18:46 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\Camera
2016-05-28 18:46 - 2013-08-22 02:21 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-05-28 18:46 - 2013-08-22 02:21 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-28 18:46 - 2013-08-22 02:21 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-05-28 18:46 - 2013-08-22 02:21 - 00000000 ____D C:\WINDOWS\servicing
2016-05-28 18:45 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\FileManager
2016-05-28 18:45 - 2013-08-22 04:17 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-05-28 18:45 - 2013-08-22 04:17 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-05-28 14:46 - 2014-07-27 12:13 - 00000000 __SHD C:\aws
2016-05-28 14:46 - 2013-12-16 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-05-28 14:46 - 2013-12-16 18:57 - 00000000 ____D C:\Program Files\ASUS
2016-05-28 09:31 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-05-26 20:14 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\rescache
2016-05-26 20:10 - 2013-08-22 07:13 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-26 20:10 - 2013-08-22 07:11 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-05-26 20:10 - 2013-08-22 07:11 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-05-26 20:10 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\IME
2016-05-26 20:10 - 2013-08-22 04:17 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-05-26 20:10 - 2013-08-22 04:17 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-26 20:10 - 2013-08-22 04:17 - 00000000 ____D C:\Program Files\Common Files\System
2016-05-26 20:09 - 2013-08-22 07:11 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-05-26 20:09 - 2013-08-22 07:11 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-05-26 20:09 - 2013-08-22 04:17 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-05-26 20:09 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-05-26 20:09 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\Com
2016-05-26 20:09 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\Help
2016-05-22 13:52 - 2013-08-22 04:17 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-19 09:35 - 2013-12-16 18:57 - 00000000 ____D C:\Program Files\Common Files\AWS
2016-05-09 21:21 - 2013-08-22 04:17 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2016-05-09 17:33 - 2013-12-16 18:40 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-09 17:33 - 2013-12-16 17:45 - 00000000 ____D C:\WINDOWS\Log
2016-05-09 17:30 - 2013-08-22 02:13 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-09 17:23 - 2013-08-22 04:17 - 00000000 __RHD C:\Users\Public\Libraries
2016-05-01 14:36 - 2016-02-14 14:32 - 00000000 ____D C:\Users\Cin\.oracle_jre_usage

==================== Files in the root of some directories =======

2013-12-16 18:57 - 2012-07-30 02:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2013-12-16 18:57 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-16 18:57 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-26 08:19

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-05-2016 02
Ran by Cin (2016-05-31 09:22:37)
Running from C:\Users\Cin\Downloads
Microsoft Windows 8.1 (X86) (2016-05-09 21:23:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2094678777-4143742173-427414782-500 - Administrator - Disabled) => C:\Users\Administrator
Cin (S-1-5-21-2094678777-4143742173-427414782-1001 - Administrator - Enabled) => C:\Users\Cin
Guest (S-1-5-21-2094678777-4143742173-427414782-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2094678777-4143742173-427414782-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
ContentProtector (HKLM\...\ContentProtector) (Version: 2.0 - Artex Management S. A.)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1054 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
Windows Driver Package - ASUS (AsusHID) Mouse  (12/05/2013 3.0.0.20) (HKLM\...\6E04D9C0B5B96235DF3E4162EA67E311C14CACFF) (Version: 12/05/2013 3.0.0.20 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {32FC37CF-89AD-4778-9BDB-B375CD8C4811} - \Selection Tools Update -> No File <==== ATTENTION
Task: {5FAFB338-2F4B-41E5-9A85-A2C36F0A92E7} - \WindApp Update -> No File <==== ATTENTION
Task: {68BE261D-9B72-453D-A92E-223F94DD4B13} - System32\Tasks\{698BBEF4-2FF0-4681-AC10-E6807150FEDC} => pcalua.exe -a "C:\Users\Cin\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe" -c /cpanel=1
Task: {7C4A7F64-334B-4265-9F11-49419D4AC264} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {813614B5-D5BC-43B2-B036-ABCB0C0B2E6F} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {969BDCD6-6E22-4710-AED5-38AB03979A33} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {97D57A74-37D8-4E9E-AD1D-0FBFDBCC6C8F} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-15 08:27 - 2016-04-15 08:27 - 00238592 ____N () C:\Program Files\WeatherChickn\WeatherChickn.exe
2016-05-09 18:00 - 2016-05-09 18:00 - 19403968 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 02:13 - 2016-05-26 21:47 - 00001188 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2094678777-4143742173-427414782-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\27405aaf-3447-418f-b03f-e60c01a43087_11 (2).jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2094678777-4143742173-427414782-1001\...\StartupApproved\Run: => "Bubble Dock"
HKU\S-1-5-21-2094678777-4143742173-427414782-1001\...\StartupApproved\Run: => "Selection Tools"
HKU\S-1-5-21-2094678777-4143742173-427414782-1001\...\StartupApproved\Run: => "WindApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{01FB097D-7CF1-41B3-84FB-60F79F35A771}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{72316526-9338-4106-8B14-86C1E28741B8}] => (Allow) 㩃停潲牧浡䘠汩獥睜湩晤湩層楷摮楦摮攮數
FirewallRules: [{F2059041-C830-471E-A9D1-4412B4DE5F1D}] => (Allow) 㩃停潲牧浡䘠汩獥睜湩晤湩層楷摮楦摮⹟硥e

==================== Restore Points =========================

29-05-2016 20:59:34 Windows Update
30-05-2016 15:43:12 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2016 10:14:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NookClient.exe, version: 1.9.0.359, time stamp: 0x53975e68
Faulting module name: Nook.Cloud.NativeServices.dll, version: 0.0.0.0, time stamp: 0x53975e4f
Exception code: 0xc0000005
Fault offset: 0x00444a92
Faulting process id: 0x1234
Faulting application start time: 0xNookClient.exe0
Faulting application path: NookClient.exe1
Faulting module path: NookClient.exe2
Report Id: NookClient.exe3
Faulting package full name: NookClient.exe4
Faulting package-relative application ID: NookClient.exe5

Error: (05/30/2016 10:14:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NookClient.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 60A14A92

Error: (05/30/2016 05:59:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 46.0.1.5966, time stamp: 0x572818c9
Faulting module name: mozglue.dll, version: 46.0.1.5966, time stamp: 0x572808c3
Exception code: 0x80000003
Fault offset: 0x0000efdc
Faulting process id: 0xd84
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (05/30/2016 04:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1664) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU00065.log.

Error: (05/30/2016 03:56:06 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (05/30/2016 03:56:06 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  GetForegroundApplicationIndex() failed.

Error: (05/30/2016 03:39:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRMINI)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/30/2016 03:39:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRMINI)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/30/2016 03:39:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRMINI)
Description: Activation of app BarnesNoble.Nook_ahnzqzva31enc!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/30/2016 03:38:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRMINI)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (05/30/2016 03:38:58 PM) (Source: DCOM) (EventID: 10001) (User: CRMINI)
Description: "C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store2Windows.StoreUnavailableUnavailable

Error: (05/30/2016 03:37:39 PM) (Source: DCOM) (EventID: 10001) (User: CRMINI)
Description: "C:\Windows\System32\WWAHost.exe" -ServerName:Windows.Store2Windows.StoreUnavailableUnavailable

Error: (05/30/2016 08:11:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (05/29/2016 09:11:07 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (05/29/2016 09:01:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 8.1 Update (KB2919355).

Error: (05/29/2016 09:00:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8.1 (KB3063843).

Error: (05/29/2016 09:00:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8.1 (KB2990967).

Error: (05/29/2016 10:41:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/29/2016 10:41:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/29/2016 10:41:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 59%
Total physical RAM: 1933.22 MB
Available physical RAM: 779.34 MB
Total Virtual: 2957.22 MB
Available Virtual: 1397.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:49.15 GB) (Free:21.66 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58.3 GB) (Disk ID: 87952D5F)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello crshopping and welcome to Malwarebytes, continue as follows please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.

 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result....

Let me see those logs, also let me know if you have any remaining issues or concerns...

Thank you,

Kevin...

 

Link to post
Share on other sites

Hello, Kevin: Thank you for your reply. Your first instruction to me is to "Download attached fixlist.txt file (end of reply)..." I have looked for the attached file at the end of your post but do not see it. The only downloads I see are for AdwCleaner and Sophos. Where do I find the required file?

Regards, Cindy

Link to post
Share on other sites

Kevin: I opened FRST, hit Scan, and when it was done hit Fix. I recieved dialog box saying fixlog.txt had been created. (I am attaching it). But when I first tried to go to fixlog, my computer restarted. Don't know if that will impact what we are trying to do.

I then ran MBAM. It found zero threats, and did not offer a restart option. I went to History; there is no scan log for today's date, just individual PUP type files for May 31st scan, so I have nothing to attach.

I downloaded and ran AdwCleaner. I do not understand your instruction "where * is the number relative to list of scans is completed". Cut/paste of log below:

# AdwCleaner v5.119 - Logfile created 07/06/2016 at 21:33:42
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 8.1  (X86)
# Username : Cin - CRMINI
# Running from : C:\Users\Cin\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : WtuSystemSupport
[-] Service Deleted : vToolbarUpdater40.3.1

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\avg web tuneup
[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup
[-] Folder Deleted : C:\Program Files\avg web tuneup
[-] Folder Deleted : C:\Program Files\0006BFE7-1464314136-1C07-FFFF-40167E387FE8
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Users\Cin\AppData\Local\avg web tuneup
[-] Folder Deleted : C:\Users\Cin\AppData\Roaming\Store
[#] Folder Deleted : C:\Users\Cin\AppData\Roaming\store
[-] Folder Deleted : C:\Users\Cin\AppData\Local\app

***** [ Files ] *****

[-] File Deleted : C:\Users\Cin\AppData\Roaming\Mozilla\Firefox\Profiles\oinbo5n1.default\extensions\Avg@toolbar.xpi
[-] File Deleted : C:\Users\Cin\AppData\Roaming\Mozilla\Firefox\Profiles\oinbo5n1.default\searchplugins\avg-secure-search.xml

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35F4BB37-03C5-41DE-85AF-7C301390C7EC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7395C3-28B5-445E-AA7D-539B63514CAB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\WTools
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : HKLM\SOFTWARE\ContentProtector
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-2094678777-4143742173-427414782-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net
[-] Value Deleted : HKU\S-1-5-21-2094678777-4143742173-427414782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Bubble Dock]
[-] Value Deleted : HKU\S-1-5-21-2094678777-4143742173-427414782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Selection Tools]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Value Deleted : HKU\S-1-5-21-2094678777-4143742173-427414782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WindApp]

***** [ Web browsers ] *****

[-] [C:\Users\Cin\AppData\Roaming\Mozilla\Firefox\Profiles\oinbo5n1.default\prefs.js] Deleted : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{efbad08f-6e18-40be-b6fd-a856a28886ff}\",\"mid\":\"3b14eca11c7847ccb491915f38dc961a-[...]
[-] [C:\Users\Cin\AppData\Roaming\Mozilla\Firefox\Profiles\oinbo5n1.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5356 bytes] - [07/06/2016 21:33:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [5916 bytes] - [07/06/2016 21:30:17]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5502 bytes] ##########

 

SOPHOS LOG:

2016-06-08 01:51:38.319    Sophos Virus Removal Tool version 2.5.5
2016-06-08 01:51:38.319    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-08 01:51:38.319    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-08 01:51:38.319    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 Win32
2016-06-08 01:51:38.334    Checking for updates...
2016-06-08 01:51:38.366    Update progress: proxy server not available
2016-06-08 01:51:38.413    Update error: failed to read remote metadata (error 4)
Cannot locate server for http://dci.sophosupd.com/update/b/8e/b8e25724add90cdf5014b5c8900a9532.xml
2016-06-08 01:52:02.555    Option all = no
2016-06-08 01:52:02.555    Option recurse = yes
2016-06-08 01:52:02.555    Option archive = no
2016-06-08 01:52:02.555    Option service = yes
2016-06-08 01:52:02.555    Option confirm = yes
2016-06-08 01:52:02.555    Option sxl = yes
2016-06-08 01:52:02.555    Option max-data-age = 35
2016-06-08 01:52:02.555    Option EnableSafeClean = yes
2016-06-08 01:52:04.258    Option vdl-logging = yes
2016-06-08 01:52:04.274    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-08 01:52:04.274    Machine ID:    3ebeac4e164c47fea213b20c1845bb9f
2016-06-08 01:52:04.274    Component SVRTcli.exe version 2.5.5
2016-06-08 01:52:04.274    Component control.dll version 2.5.5
2016-06-08 01:52:04.274    Component SVRTservice.exe version 2.5.5
2016-06-08 01:52:04.274    Component engine\osdp.dll version 1.44.1.2250
2016-06-08 01:52:04.274    Component engine\veex.dll version 3.65.0.2250
2016-06-08 01:52:04.274    Component engine\savi.dll version 9.0.1.2250
2016-06-08 01:52:04.274    Component rkdisk.dll version 1.5.30.0
2016-06-08 01:52:04.274    Version info:    Product version    2.5.5
2016-06-08 01:52:04.274    Version info:    Detection engine    3.65.0
2016-06-08 01:52:04.274    Version info:    Detection data    5.26
2016-06-08 01:52:04.274    Version info:    Build date    4/5/2016
2016-06-08 01:52:04.274    Version info:    Data files added    435
2016-06-08 01:52:04.274    Version info:    Last successful update    (not yet updated)
2016-06-08 01:52:47.354    Error level 1

2016-06-08 01:52:47.354    Scan completed.
2016-06-08 01:52:47.354    

------------------------------------------------------------

2016-06-08 01:52:53.666    Sophos Virus Removal Tool version 2.5.5
2016-06-08 01:52:53.666    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-08 01:52:53.666    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-08 01:52:53.666    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 Win32
2016-06-08 01:52:53.666    Checking for updates...
2016-06-08 01:52:53.698    Update progress: proxy server not available
2016-06-08 01:53:16.496    Option all = no
2016-06-08 01:53:16.496    Option recurse = yes
2016-06-08 01:53:16.496    Option archive = no
2016-06-08 01:53:16.496    Option service = yes
2016-06-08 01:53:16.496    Option confirm = yes
2016-06-08 01:53:16.496    Option sxl = yes
2016-06-08 01:53:16.512    Option max-data-age = 35
2016-06-08 01:53:16.512    Option EnableSafeClean = yes
2016-06-08 01:53:17.215    Option vdl-logging = yes
2016-06-08 01:53:17.215    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-08 01:53:17.215    Machine ID:    3ebeac4e164c47fea213b20c1845bb9f
2016-06-08 01:53:17.215    Component SVRTcli.exe version 2.5.5
2016-06-08 01:53:17.215    Component control.dll version 2.5.5
2016-06-08 01:53:17.215    Component SVRTservice.exe version 2.5.5
2016-06-08 01:53:17.230    Component engine\osdp.dll version 1.44.1.2250
2016-06-08 01:53:17.230    Component engine\veex.dll version 3.65.0.2250
2016-06-08 01:53:17.230    Component engine\savi.dll version 9.0.1.2250
2016-06-08 01:53:17.230    Component rkdisk.dll version 1.5.30.0
2016-06-08 01:53:17.230    Version info:    Product version    2.5.5
2016-06-08 01:53:17.230    Version info:    Detection engine    3.65.0
2016-06-08 01:53:17.230    Version info:    Detection data    5.26
2016-06-08 01:53:17.230    Version info:    Build date    4/5/2016
2016-06-08 01:53:17.230    Version info:    Data files added    435
2016-06-08 01:53:17.230    Version info:    Last successful update    (not yet updated)
2016-06-08 01:53:38.288    Downloading updates...
2016-06-08 01:53:38.288    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-06-08 01:53:38.288    Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-06-08 01:53:38.288    Update progress: [I49502] Found supplement IDE527 LATEST
2016-06-08 01:53:38.288    Update progress: [I49502] Found supplement IDE528 LATEST
2016-06-08 01:53:38.288    Update progress: [I49502] Found supplement IDE529 LATEST
2016-06-08 01:53:38.288    Update progress: [I49502] Found supplement IDE530 LATEST
2016-06-08 01:53:38.288    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-08 01:53:38.288    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-08 01:53:57.852    Update progress: [I19463] Syncing product IDE527 142
2016-06-08 01:53:59.367    Installing updates...
2016-06-08 01:54:00.602    Error level 1
2016-06-08 01:54:00.680    Update progress: [I19463] Syncing product IDE528 127
2016-06-08 01:54:00.680    Update progress: [I19463] Syncing product IDE529 135
2016-06-08 01:54:00.680    Update progress: [I19463] Syncing product IDE530 37
2016-06-08 01:54:24.806    Update successful
2016-06-08 01:54:49.355    Option all = no
2016-06-08 01:54:49.355    Option recurse = yes
2016-06-08 01:54:49.355    Option archive = no
2016-06-08 01:54:49.355    Option service = yes
2016-06-08 01:54:49.355    Option confirm = yes
2016-06-08 01:54:49.355    Option sxl = yes
2016-06-08 01:54:49.355    Option max-data-age = 35
2016-06-08 01:54:49.355    Option EnableSafeClean = yes
2016-06-08 01:54:50.027    Option vdl-logging = yes
2016-06-08 01:54:50.027    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-08 01:54:50.027    Machine ID:    3ebeac4e164c47fea213b20c1845bb9f
2016-06-08 01:54:50.027    Component SVRTcli.exe version 2.5.5
2016-06-08 01:54:50.042    Component control.dll version 2.5.5
2016-06-08 01:54:50.042    Component SVRTservice.exe version 2.5.5
2016-06-08 01:54:50.042    Component engine\osdp.dll version 1.44.1.2250
2016-06-08 01:54:50.042    Component engine\veex.dll version 3.65.0.2250
2016-06-08 01:54:50.042    Component engine\savi.dll version 9.0.1.2250
2016-06-08 01:54:50.042    Component rkdisk.dll version 1.5.30.0
2016-06-08 01:54:50.042    Version info:    Product version    2.5.5
2016-06-08 01:54:50.042    Version info:    Detection engine    3.65.0
2016-06-08 01:54:50.042    Version info:    Detection data    5.26
2016-06-08 01:54:50.042    Version info:    Build date    4/5/2016
2016-06-08 01:54:50.042    Version info:    Data files added    435
2016-06-08 01:54:50.042    Version info:    Last successful update    6/7/2016 9:54:24 PM

2016-06-08 01:56:21.907    Warning: rootkit scan failed to open device "\\?\Volume{2d8fda50-1019-401a-821f-6782d07236e3}" (87)
2016-06-08 01:58:29.884    Could not open C:\hiberfil.sys
2016-06-08 01:58:29.884    Could not open C:\pagefile.sys
2016-06-08 02:05:20.060    Could not open C:\swapfile.sys
2016-06-08 02:05:21.498    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-08 02:05:21.498    Could not open C:\System Volume Information\{3a2e9c1c-2d19-11e6-9732-40167e387fe9}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-08 02:05:21.498    Could not open C:\System Volume Information\{ed0bde66-2c9a-11e6-9730-40167e387fe9}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-08 02:05:21.513    Could not open C:\System Volume Information\{ed0bdeb9-2c9a-11e6-9730-40167e387fe9}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-08 02:05:43.062    >>> Virus 'Mal/Generic-S' found in file C:\Users\Cin\AppData\Local\Microsoft\Windows\INetCache\IE\7PTCLJBN\Note-UP_Setup[1].exe
2016-06-08 02:05:43.062    >>> Virus 'Mal/Generic-S' found in file C:\Users\Cin\AppData\Local\Microsoft\Windows\INetCache\IE\7PTCLJBN\Note-UP_Setup[1].exe
2016-06-08 02:19:18.746    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-08 02:19:18.746    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-08 02:19:23.793    Could not open C:\Windows\System32\config\BBI
2016-06-08 02:19:23.871    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-08 02:19:23.871    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-08 02:19:23.871    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-08 02:19:23.871    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-08 02:19:23.887    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-08 06:04:52.973    The following items will be cleaned up:
2016-06-08 06:04:52.973    Mal/Generic-S

 

Kevin, please let me know if this is everything. Thanks, Cindy

 

 

 

Fixlog.txt

Link to post
Share on other sites

Hiya Cindy,

Thanks for the logs, what is the current status of your system, is it responding as expected, do you have any remaining issues or concerns?

One final scan....

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt  under "Optional scan" Select scan, when done post the new logs....


Thank you,

Kevin...

 

 

 

Link to post
Share on other sites

I have not seen the "malicious website" pop up the last couple start ups. Here is last scan log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-06-2016
Ran by Cin (2016-06-08 14:24:35)
Running from C:\Users\Cin\Downloads
Microsoft Windows 8.1 (Update) (X86) (2016-05-09 21:23:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2094678777-4143742173-427414782-500 - Administrator - Disabled) => C:\Users\Administrator
Cin (S-1-5-21-2094678777-4143742173-427414782-1001 - Administrator - Enabled) => C:\Users\Cin
Guest (S-1-5-21-2094678777-4143742173-427414782-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2094678777-4143742173-427414782-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
AVG (HKLM\...\AvgZen) (Version: 1.61.2.12974 - AVG Technologies)
AVG (Version: 16.81.7639 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4598 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7639 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)
AVG Zen (Version: 1.61.9 - AVG Technologies) Hidden
FMW 1 (Version: 1.92.4 - AVG Technologies) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1054 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - ASUS (AsusHID) Mouse  (12/05/2013 3.0.0.20) (HKLM\...\6E04D9C0B5B96235DF3E4162EA67E311C14CACFF) (Version: 12/05/2013 3.0.0.20 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {68BE261D-9B72-453D-A92E-223F94DD4B13} - System32\Tasks\{698BBEF4-2FF0-4681-AC10-E6807150FEDC} => pcalua.exe -a "C:\Users\Cin\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe" -c /cpanel=1
Task: {7C4A7F64-334B-4265-9F11-49419D4AC264} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {813614B5-D5BC-43B2-B036-ABCB0C0B2E6F} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {A96F23BF-0BF5-4883-A76A-B7EE2FAC1DE8} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {E848EF0A-5771-484B-AFCC-10F3F10CC2D6} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-04 11:36 - 2016-06-04 11:35 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 02:13 - 2016-06-07 20:52 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2094678777-4143742173-427414782-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\27405aaf-3447-418f-b03f-e60c01a43087_11 (2).jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{01FB097D-7CF1-41B3-84FB-60F79F35A771}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{92C7CA24-F30F-489C-AC91-D910B49FFE8A}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{34AEF285-2C48-47A5-993A-F59420349F71}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{9FBA437A-E543-43FD-8B96-604C01571669}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{BDDC7087-9CF6-4509-AD21-4A186EE5A995}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{BA7B44B2-1979-47C2-98FC-BA30752B9D71}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{FE1FD263-087F-4A14-9B11-0D87D45845ED}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{3F7CE487-EBC8-4AE9-96D3-3A54764F3F80}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{E6836D99-2111-4AE4-A3D1-167E99E73E7D}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe

==================== Restore Points =========================

07-06-2016 21:46:39 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

Name: InvenSense Sensor Collection
Description: InvenSense Sensor Collection
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: InvenSense
Service: INVN_MotionApps
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2016 10:25:51 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/07/2016 09:48:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54503c68
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e17
Exception code: 0xc0000008
Fault offset: 0x0006ca47
Faulting process id: 0x660
Faulting application start time: 0xsvchost.exe_PcaSvc0
Faulting application path: svchost.exe_PcaSvc1
Faulting module path: svchost.exe_PcaSvc2
Report Id: svchost.exe_PcaSvc3
Faulting package full name: svchost.exe_PcaSvc4
Faulting package-relative application ID: svchost.exe_PcaSvc5

Error: (06/07/2016 09:36:57 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (06/07/2016 09:13:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2016 09:13:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2016 09:13:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/07/2016 09:02:58 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.

Error: (06/07/2016 08:37:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {78b4d05a-0c64-4e8e-9f18-4f5c8520bc10}

Error: (06/07/2016 06:34:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 424

Start Time: 01d1c0a7f77a1ae3

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: 40d95dab-2c9b-11e6-9730-40167e387fe9

Faulting package full name: Microsoft.BingNews_3.0.4.336_x86__8wekyb3d8bbwe

Faulting package-relative application ID: AppexNews

Error: (06/07/2016 06:33:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRMINI)
Description: Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/08/2016 01:59:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Error: (06/08/2016 01:11:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
%%10022

Error: (06/08/2016 12:17:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
%%10022

Error: (06/08/2016 11:30:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
%%10022

Error: (06/08/2016 10:48:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
%%10022

Error: (06/08/2016 09:48:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
%%10022

Error: (06/08/2016 09:09:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
%%10022

Error: (06/08/2016 08:28:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
%%10022

Error: (06/08/2016 07:27:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
%%10022

Error: (06/08/2016 06:27:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
%%10022


CodeIntegrity:
===================================
  Date: 2016-06-08 14:12:37.909
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 13:51:23.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 13:51:15.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 13:51:14.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 13:51:13.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 13:51:12.974
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 13:51:12.599
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 13:51:09.974
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 12:12:53.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 11:51:19.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Percentage of memory in use: 66%
Total physical RAM: 1933.22 MB
Available physical RAM: 638.25 MB
Total Virtual: 3021.22 MB
Available Virtual: 1297.95 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:49.15 GB) (Free:13.65 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58.3 GB) (Disk ID: 87952D5F)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Logs look ok, do you have any remaining issues or concerns? if none run the following to clean up:

Use the following UNInstaller to remove Sophos, unless you prefer to keep it...

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.