Jump to content

Outlook 2016 and Malwarebytes


Recommended Posts

  • Root Admin

Hi @Nicole_C,

Let's go ahead and have you do some scans to see if we can find any further issues.

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02
Let's clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed.
  • Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look at the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up, click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore.

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

Hi! Here is the information you asked for:

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Nicol (Administrator) on Wed 09/07/2016 at 20:16:36.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 1 

Successfully deleted: C:\Users\Nicol\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 

Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20A95DA8-D686-4C2C-A764-17ED0B377CB9} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/07/2016 at 20:22:34.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner Results

# AdwCleaner v6.010 - Logfile created 07/09/2016 at 20:27:55
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-07.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Nicol - LAPTOP-GE19S0A4
# Running from : C:\Users\Nicol\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[!] Data not deleted: HKU\S-1-5-21-1480757456-3423216108-4246743865-1002\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[!] Data not deleted: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1106 Bytes] - [07/09/2016 20:27:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [1493 Bytes] - [07/09/2016 20:26:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1252 Bytes] ##########
 

Sophos Result

Nothing was found.

 

Farbar logs have been attached to this post

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

As you can see from the Event Log entries the computer is having issues and programs are crashing. You need to address these errors in order for the computer to function properly. I can potentially help you with some of them, but you may need to follow-up from a Microsoft Support forum if it gets too involved.

Quote

==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2016 08:16:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/07/2016 04:38:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7167.2040, time stamp: 0x57ad490b
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000005
Fault offset: 0x00026d79
Faulting process id: 0xac0
Faulting application start time: 0x01d209247f056dc8
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 029fa5a9-753b-11e6-9c0d-507b9d72c923
Faulting package full name:
Faulting package-relative application ID:

Error: (09/07/2016 12:25:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7167.2040, time stamp: 0x57ad490b
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000005
Fault offset: 0x00026d79
Faulting process id: 0xdd8
Faulting application start time: 0x01d208fd49a51102
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: b89c8216-7517-11e6-9c0d-507b9d72c923
Faulting package full name:
Faulting package-relative application ID:

Error: (09/07/2016 08:04:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/07/2016 07:45:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7167.2040, time stamp: 0x57ad490b
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000005
Fault offset: 0x000336e0
Faulting process id: 0xc80
Faulting application start time: 0x01d208f9d43d3a05
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 83605898-74f0-11e6-9c0d-507b9d72c923
Faulting package full name:
Faulting package-relative application ID:

Error: (09/06/2016 02:01:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/06/2016 01:46:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7167.2040, time stamp: 0x57ad490b
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000005
Fault offset: 0x00026d79
Faulting process id: 0x2164
Faulting application start time: 0x01d20833cb79e874
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ca2f96ee-7459-11e6-9c0d-507b9d72c923
Faulting package full name:
Faulting package-relative application ID:

Error: (09/06/2016 09:37:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCSDK.exe, version: 1.2.0.13, time stamp: 0x55b832e6
Faulting module name: CCSDK.exe, version: 1.2.0.13, time stamp: 0x55b832e6
Exception code: 0xc0000005
Fault offset: 0x00013809
Faulting process id: 0x14e0
Faulting application start time: 0x01d208300ee69abc
Faulting application path: C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
Faulting module path: C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
Report Id: ae3f59f0-2edf-4138-aa1e-8fc90ad98351
Faulting package full name:
Faulting package-relative application ID:

Error: (09/06/2016 07:42:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 16.0.7167.2040, time stamp: 0x57ad490b
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000005
Fault offset: 0x00026d79
Faulting process id: 0x2218
Faulting application start time: 0x01d20830538beec8
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0525d911-7427-11e6-9c0d-507b9d72c923
Faulting package full name:
Faulting package-relative application ID:

Error: (09/05/2016 01:17:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-GE19S0A4)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_61587 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_61587 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_61587 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_61587 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 20 milliseconds: Restart the service.

Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/07/2016 08:28:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-09-07 20:49:47.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-06 07:27:15.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-05 09:28:50.742
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 04:13:14.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 07:33:17.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 00:13:50.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 20:44:38.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-31 10:25:58.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-30 14:40:54.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-30 09:03:25.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

2

 

Not sure if this is directly related or not but if performance monitor is having issues reading the DLL file then it's possible that MBAM is as well.

Error: (09/06/2016 02:01:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

You should also add these file to your Firewall to allow them access to the Internet.

mbam.exe
mbamresearch.exe
mbamscheduler.exe

Please look at the Event Logs above and try to correct those issues if you can. I realize you may not know how, if so let me know and I'll research some of the possible fixes for you and we can work on getting the computer to run better.

Thanks

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.