Jump to content

Persistant re-direct


Recommended Posts

Hello and :welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Got it to run by-passing the warning.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by northernsport4 (08-12-2016 11:06:14)
Running from C:\Users\northernsport4\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-24 16:18:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3544647946-2255020053-3728947666-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3544647946-2255020053-3728947666-503 - Limited - Disabled)
Guest (S-1-5-21-3544647946-2255020053-3728947666-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3544647946-2255020053-3728947666-1003 - Limited - Enabled)
northernsport4 (S-1-5-21-3544647946-2255020053-3728947666-1001 - Administrator - Enabled) => C:\Users\northernsport4

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{42EC3153-24B0-FCAD-0F16-0904BCBAB179}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.131.7924 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4728 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.131.7924 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3544647946-2255020053-3728947666-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.36.50 - Conexant)
CPS (HKU\S-1-5-21-3544647946-2255020053-3728947666-1001\...\58e3891551fdf35e) (Version: 2.5.0.373 - Magic Software Enterprises Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{5B54DDC3-0ACC-4722-9C23-C3F07AF4825D}) (Version: 1.01.6700 - DTS, Inc.)
ELAN Touchpad 15.8.8.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.8.2 - ELAN Microelectronic Corp.)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GoToMeeting 7.27.0.5922 (HKU\S-1-5-21-3544647946-2255020053-3728947666-1001\...\GoToMeeting) (Version: 7.27.0.5922 - CitrixOnline)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4474 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{96C730E4-F055-4118-BDF3-6E071763853C}) (Version: 3.0.1342.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4875.1001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
OEM Application Profile (HKLM-x32\...\{8C7185EB-4165-040E-D581-EA62D922E8A2}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Outlook Conference Manager for FreeConference (HKLM-x32\...\{6F705184-67AC-4F32-BCCB-8A8AAD23D988}) (Version: 3.0.0 - Global Conference Partners)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.02.6402 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.3.0 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
Zoom (HKU\S-1-5-21-3544647946-2255020053-3728947666-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3544647946-2255020053-3728947666-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\northernsport4\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3544647946-2255020053-3728947666-1001_Classes\CLSID\{ABEA42FA-6965-4D05-B0FA-21917C7C1543}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3544647946-2255020053-3728947666-1001_Classes\CLSID\{B3EDB807-2899-3800-83E4-FDBBA38F6CD9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {028B093B-3EB2-4812-8A75-172A8FFAC38E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {10E171F7-9A66-4CEC-BEE0-67E52B93E548} - System32\Tasks\1114avtUpdateInfo => C:\ProgramData\Avg_Update_1114avt\1114avt_AVG-Secure-Search-Update.exe
Task: {13DA041D-4D0F-4DBA-A8A4-BCAF9827EA2B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1958BB71-3F14-4C11-ACD7-81A3FBF49292} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {250ED53C-9037-4704-9A53-84EB2A7BD611} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {251CE7E9-4591-4013-9F8F-54F523A90420} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {2604D3C3-136B-439C-97CB-F5C9D83682D6} - System32\Tasks\G2MUpdateTask-S-1-5-21-3544647946-2255020053-3728947666-1001 => C:\Users\northernsport4\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {2D823C39-2E78-496A-995B-017810183421} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3A0CDCAD-AED7-4DCF-9AE1-14EEDF9BCF3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {516076DE-83AF-46E9-9BEF-1844B6FEA606} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {559752CD-0E9D-4746-874C-65075DAD6308} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {66F726FE-9E78-4ECC-A6B0-CF702FA7A27C} - System32\Tasks\1215avUpdateInfo => C:\ProgramData\Avg_Update_1215av\1215av_AVG-Secure-Search-Update.exe
Task: {6BAF8371-8403-49F9-890A-D37FB6DAEDB2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {6D4087E8-0886-4F98-963D-CF006222F23C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {8802ED07-F8BA-4E41-A3AB-CB4325584B01} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8FE4DBAD-9C25-4EC0-8983-A87324CD0E28} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-15] (Dropbox, Inc.)
Task: {9360CAE6-A75F-4A25-A948-84DAACCA04A2} - \WPD\SqmUpload_S-1-5-21-3544647946-2255020053-3728947666-1001 -> No File <==== ATTENTION
Task: {A22318E8-A273-467F-8F7B-BC26219B66DB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-15] (Dropbox, Inc.)
Task: {B587A60A-4858-43A1-9A06-AF21350D4986} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {D628CE75-482E-4A0B-88D1-A5DDBBB67537} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E01DB881-4424-4154-8145-0F3E92118207} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-24] (Microsoft Corporation)
Task: {E57126BB-1A9B-469A-B733-84FF8A9B94F0} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {F45E668E-995B-421D-A20F-4373807E1B6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {F62FA13F-32D6-4238-A600-2A8CA5C0F3DB} - System32\Tasks\G2MUploadTask-S-1-5-21-3544647946-2255020053-3728947666-1001 => C:\Users\northernsport4\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FC0E4DF0-D273-4BD1-A792-542126A5672D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3544647946-2255020053-3728947666-1001.job => C:\Users\northernsport4\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3544647946-2255020053-3728947666-1001.job => C:\Users\northernsport4\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 15:15 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-01 19:46 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-21 16:09 - 2014-03-21 16:09 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-09-30 15:15 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-19 00:38 - 2016-08-19 00:38 - 00410600 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-24 14:28 - 2016-09-24 14:28 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 13:24 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 13:24 - 2016-11-02 05:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-11-10 13:24 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 13:24 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 13:24 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 13:24 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 13:24 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 13:24 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-08 08:42 - 2016-12-08 08:43 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\PeopleApp.exe
2016-12-08 08:42 - 2016-12-08 08:43 - 09403392 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\PeopleApp.dll
2016-12-08 08:42 - 2016-12-08 08:43 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2016-12-08 08:42 - 2016-12-08 08:43 - 00433152 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\PersonPicture.UAP.dll
2016-12-08 08:42 - 2016-12-08 08:43 - 03930112 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\PeopleShared.dll
2016-12-08 08:42 - 2016-12-08 08:43 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2016-12-08 08:42 - 2016-12-08 08:43 - 01859072 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\Microsoft.People.Relevance.dll
2016-07-16 09:30 - 2016-07-16 09:30 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-09-24 11:22 - 2016-09-24 11:22 - 01383616 _____ () C:\Users\northernsport4\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-24 11:22 - 2016-09-24 11:22 - 00118976 _____ () C:\Users\northernsport4\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-11-28 09:54 - 2016-11-28 09:54 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2014-06-06 13:59 - 2014-03-06 15:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-09-20 16:26 - 2016-09-20 16:26 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-01-11 09:12 - 2013-01-11 09:12 - 00499712 _____ () C:\Users\northernsport4\AppData\Roaming\Global Conference Partners\Outlook Conference Manager for FreeConference\adxloader.dll
2016-09-20 16:27 - 2016-09-20 09:29 - 01041600 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2016-09-26 12:45 - 2016-09-26 12:45 - 00286720 _____ () C:\Users\northernsport4\AppData\Local\assembly\dl3\XZJAQ691.1P3\HRV3C7NJ.2C1\efd2de19\004845b2_05f0cd01\Interop.Outlook.DLL
2016-09-26 17:50 - 2016-09-26 17:50 - 00151552 _____ () C:\Users\northernsport4\AppData\Local\assembly\dl3\XZJAQ691.1P3\HRV3C7NJ.2C1\50a29044\004845b2_05f0cd01\Interop.Office.DLL
2016-09-20 16:26 - 2016-09-20 16:26 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-05-06 12:47 - 2015-05-06 12:50 - 01286312 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\PPRESOURCES.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3544647946-2255020053-3728947666-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\TOSHIBA\TOSHIBA1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "RIM PeerManager"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKLM\...\StartupApproved\Run32: => "TSVU"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3544647946-2255020053-3728947666-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3544647946-2255020053-3728947666-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 1510 series.lnk"
HKU\S-1-5-21-3544647946-2255020053-3728947666-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3544647946-2255020053-3728947666-1001\...\StartupApproved\Run: => "GoToMeeting"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{F5AD68DA-0F1D-471D-8FE4-E0F5FB28B255}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{9474DD1F-CCA9-4894-BD9B-7F6E637FEFEC}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{DB939892-224F-45AD-9065-5D7494A5736E}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{42FE6C53-68BE-4C17-A8CB-781EEA1A2E23}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{AA06C81D-1C5E-4F8D-8037-BD426AE8E4CB}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{FA3E59E4-D3CA-47DE-9BBE-AD708FA86367}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [UDP Query User{6077FB1F-9FDC-4483-9944-7466B565F8BA}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe
FirewallRules: [TCP Query User{4DBB3691-0B2C-4770-B573-3E1CD70DF129}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe
FirewallRules: [{E7BBDEB6-428F-4D8A-8C17-84E348420935}] => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{110BC75D-4CE2-4858-9584-B5D8685F6206}] => C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{0A824E32-E49B-4834-A70B-B3ED66032ADE}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0EDEAB70-D5BA-406E-8FF4-E9215AEE3E89}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9515A0EE-1CF9-418E-BEDD-C9EF19B91B8F}] => C:\Users\northernsport4\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{50B7D805-5CE8-46BD-A4A3-E77551D35C12}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{82A6E015-72B3-4423-9B83-098125A4A133}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{451BF9A1-F1B9-4A15-88C3-007574BAA04F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADF9311B-F7E7-4C64-A06D-5279B1104615}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42374531-1825-4C61-9F68-4783BDC3C03F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{72293353-BB8A-4337-A44E-9DD3B0C97D30}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B28E1B6-7AAF-4F06-B3D4-C999F63AF13B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD368094-0683-425C-B83B-47F6862489D6}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80390ECE-CCAE-4ECE-991D-9DE281043344}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{497EA5A2-22EA-4CDC-9CCE-D658CF42F5C3}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{63ACA0DF-5602-4618-A3BB-DDA6B435FB07}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{70A0FDB7-2B2B-44DA-99D3-070E0F375852}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{99EC4D8C-839C-4DCE-B154-F8435DDF5444}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{AE885F37-6A55-45FA-B449-9B650545C793}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{322D11D6-3A09-4B00-917D-96AA2E44A93F}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{14793053-378C-48C7-BBC4-414F5CA5FEAC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3A2D658-24C7-4DAC-BAAC-B330286D278D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE1C8C81-D868-4726-B31C-F895B19A2648}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

23-11-2016 15:21:32 Removed Apple Software Update
01-12-2016 11:58:47 Scheduled Checkpoint
07-12-2016 13:55:55 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2016 08:37:11 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/07/2016 04:08:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NESG-LAPTOP4)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/07/2016 04:08:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.351, time stamp: 0x5801a795
Exception code: 0xc000027b
Fault offset: 0x00000000006d714b
Faulting process id: 0x1d88
Faulting application start time: 0x01d250ce092b5b1c
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: a60b3329-3e2d-4bd5-92c9-75e103c1241a
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (12/07/2016 04:08:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NESG-LAPTOP4)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/07/2016 04:08:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.351, time stamp: 0x5801a795
Exception code: 0xc000027b
Fault offset: 0x00000000006d714b
Faulting process id: 0x2454
Faulting application start time: 0x01d250ce070dafb5
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: f29535eb-c721-4d28-8cbd-1368e8188396
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (12/07/2016 04:05:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NESG-LAPTOP4)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/07/2016 04:05:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.351, time stamp: 0x5801a795
Exception code: 0xc000027b
Fault offset: 0x00000000006d714b
Faulting process id: 0x1bec
Faulting application start time: 0x01d250cdb370ccff
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 3ba7794e-ef4c-4613-83e3-34c3a74a3f2a
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (12/07/2016 04:05:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NESG-LAPTOP4)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/07/2016 04:05:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CHXSmartScreen.exe, version: 0.0.0.0, time stamp: 0x57899bb1
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.351, time stamp: 0x5801a795
Exception code: 0xc000027b
Fault offset: 0x00000000006d714b
Faulting process id: 0x1928
Faulting application start time: 0x01d250cdb057e949
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 9c5bde92-2e58-4878-9c20-72a3cff2ce4e
Faulting package full name: Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (12/07/2016 04:02:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NESG-LAPTOP4)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (12/08/2016 08:40:20 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/08/2016 08:39:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (12/08/2016 08:37:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2016 08:37:17 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (12/08/2016 08:37:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (12/08/2016 08:36:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (12/07/2016 03:19:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/07/2016 02:57:51 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (12/07/2016 02:56:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (12/07/2016 02:54:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.


CodeIntegrity:
===================================
  Date: 2016-12-08 11:05:09.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-08 11:05:09.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-08 11:04:56.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-08 11:04:56.678
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-08 11:04:20.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-08 11:04:20.317
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-08 08:39:39.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-08 08:39:25.387
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-08 08:39:25.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-08 08:39:25.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 40%
Total physical RAM: 8112.14 MB
Available physical RAM: 4825.64 MB
Total Virtual: 9392.14 MB
Available Virtual: 5703.1 MB

==================== Drives ================================

Drive c: (TI80167500B) (Fixed) (Total:684.77 GB) (Free:578.65 GB) NTFS
Drive d: () (Removable) (Total:1.87 GB) (Free:1.59 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 5ACDCF8F)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0B)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Let me know if this fixed the issue:

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Since there are no more problems, we can declare this PC clean thumbs_up_smiley.gif

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.


Step 1. - Creation of system restore point and tools removal.


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings

  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.


Tool deletes old system restore points and creates a fresh system restore point after cleaning.


Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.


Security tips - highly recommended reading:


Maintenance tips:


Additional software that I personally use and install on all my clients devices:

  • Malwarebytes' Anti-Malware(paid version highly recommended) - to scan your system from time to time in search for malware.
  • Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
  • McShield - to prevent infections spread by removable media.
  • Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
  • uBlock - to surf the web without annoying ads!
  • Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.


If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation: btn_donateCC_LG.gif
Thank you!

Stay safe,
TwinHeadedEagle :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.