mech
New Helpee
Posts: 18
|
Post by mech on May 13, 2016 23:40:49 GMT -8
Here is that.
Part 1
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016 Ran by hp (2016-05-13 12:15:37) Running from C:\Users\hp\Desktop Windows 8.1 Single Language (X64) (2016-05-08 08:25:07) Boot Mode: Normal ==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1508925376-3250446775-450008754-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-1508925376-3250446775-450008754-501 - Limited - Disabled) hp (S-1-5-21-1508925376-3250446775-450008754-1002 - Administrator - Enabled) => C:\Users\hp
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5} AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Reader X (10.1.0) - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) AllDup 3.3.10 (HKLM-x32\...\AllDup_is1) (Version: 3.3.10 - Michael Thummerer Software Design) AMD Catalyst Install Manager (HKLM\...\{DEC772E6-D0C7-9964-5D30-DEC57EF1B26F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Anti-Twin (Installation 1.5.2016) (HKLM-x32\...\Anti-Twin 2016-05-01 21.26.36) (Version: - Joerg Rosenthal, Germany) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CloneMaster (HKLM-x32\...\{24B4EFCF-6220-4AAF-ACD8-8750D662BCE9}) (Version: 4.0.0.0 - SoftByte Labs) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.22+4.5 - DjVuZone) Dup Scout 2.4.38 (HKLM-x32\...\Dup Scout) (Version: 2.4.38 - Flexense Computing Systems Ltd.) Easy Duplicate Finder v. 3.1 (HKLM-x32\...\Easy Duplicate Finder_is1) (Version: - WebMinds, Inc.) Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.6 - Emsisoft Ltd.) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - ) Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Greenshot (HKLM-x32\...\Greenshot_is1) (Version: - ) Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Şirketinizin Adı) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard) HP Quick Start (HKLM-x32\...\{E3C7685A-2EAF-43B8-9DED-AF92325AD6C7}) (Version: 1.0.4660.30220 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - ) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) mirkes.de Tiny Hexer (HKLM-x32\...\{CC399A03-4695-432E-AE6E-BB450DDE5248}_is1) (Version: 1.8 - markus stephany) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Newbury House Dictionary (HKLM-x32\...\Newbury House Dictionary) (Version: - ) Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.6.0.142 - Symantec Corporation) OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Şirketinizin Adı) PolyLingua (HKLM-x32\...\PolyLingua) (Version: - ) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version: - IDM) Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29060 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6950 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.5.1 - Synaptics Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software) WordWise Dictionary (HKLM-x32\...\NSIS_wordwise) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
|
|
mech
New Helpee
Posts: 18
|
Post by mech on May 13, 2016 23:47:51 GMT -8
Part 2 (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2BB4F409-4848-4F20-B2A9-FAEC245D29F3} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink) Task: {37C1137A-25E0-40C3-B6A2-8D10B24D8513} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation) Task: {3BDDCC47-B2F5-48A1-B990-CE2E08C8B539} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.) Task: {65A73A05-7D48-4EB7-A9E7-4A13F7CFDD7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company) Task: {7FC38683-C820-4F9D-8F08-765F016AE42D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {A61B2DFA-FEF0-4DBF-92CF-868BA2758317} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation) Task: {BF3B6FCC-5C13-4D9F-9E32-0BA765272D9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company) Task: {C222AF19-DB15-4867-B9BA-2AF3935CC569} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation) Task: {C4E6CA50-95B3-4709-A5A9-81D38D187C88} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company) Task: {EA7FFD1A-C077-4A53-A41B-1DE50A966A54} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation) Task: {EAFEE6A5-7E72-4476-89CB-64586D0FFDE1} - System32\Tasks\{C9B575A6-54BD-42EE-9ECF-11376AFCACA3} => pcalua.exe -a C:\SWSetup\SP62594\Install.exe -d C:\SWSetup\SP62594 Task: {FB59CC84-E49B-483D-AB95-D35D8502C178} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-05] (Synaptics Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2016-04-28 12:38 - 2014-08-06 04:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-05-01 14:53 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2016-05-01 14:54 - 2010-07-12 07:52 - 00548864 _____ () C:\Program Files (x86)\Greenshot\Greenshot.exe 2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2016-05-01 14:54 - 2010-07-12 07:52 - 00028672 _____ () C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll 2016-05-01 14:54 - 2009-08-19 20:59 - 00022736 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll 2016-05-01 14:54 - 2009-08-19 20:59 - 00347856 ____N () C:\Program Files (x86)\WordWeb\wwextdb.dll 2013-08-08 14:48 - 2013-03-12 17:51 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-12 22:53 - 2013-03-12 22:53 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
|
|
mech
New Helpee
Posts: 18
|
Post by mech on May 13, 2016 23:54:04 GMT -8
part 3
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
|
|
mech
New Helpee
Posts: 18
|
Post by mech on May 13, 2016 23:59:21 GMT -8
Part 4
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{A5D089F0-34BE-4C09-8682-E811FA0C1C99}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{978FB2FD-6808-48EF-9F28-83C13B2A5A0D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{B28231CC-A31B-4FC8-BBEC-CFB2C2B00786}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{7F83DD09-E4F8-43CA-978F-BD45128D59DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{04E6B8BE-0414-45BC-A19F-D31C325223E7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{D45E39C5-5A29-4D7E-BEB2-9C571D0013EF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{BFF5A1DF-46E3-4D88-855B-FEF24DA6D669}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{3C70BD21-FA41-40C9-AA0B-8F60B8D4AFF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F60922C3-CE9B-48A8-AA17-64DF1E5D4A1B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1479B9A6-A91C-4A35-AF23-2961648BE3EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{639044E1-2475-46C6-99EB-5C4ABFAA9FB3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{45E2A601-2A5B-4DBC-A057-CE1EE5B72A44}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{10E63B66-188E-4A0A-B587-A308A3739AF2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{9A05F1D4-FA00-46DD-A1CB-75A09D2CDECD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{D1EE5535-E4DC-490B-9A14-751FB156AD3F}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{441DC816-2BAB-44DB-883E-B934B75C14C6}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [{FDA13146-3FD6-4712-BCC0-08730C7B6A6D}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [{3B30D84A-7E9E-47F4-87FA-3983C02E5AFD}] => (Allow) LPort=1900 FirewallRules: [{858A9811-A623-4506-B233-B26F8076256C}] => (Allow) LPort=2869 FirewallRules: [{ECE6787B-DA94-440F-B282-2DBBA2C0F130}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{324A8893-F68E-4965-9462-CE99C4518C55}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
==================== Restore Points =========================
08-05-2016 12:39:31 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
|
|
mech
New Helpee
Posts: 18
|
Post by mech on May 14, 2016 0:00:18 GMT -8
Part 5 [Last one]
Application errors: ================== Error: (05/13/2016 12:17:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: hp_) Description: App Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe+AppexSports did not launch within its allotted time.
Error: (05/13/2016 12:17:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 51b0
Start Time: 01d1ace34bb8d5ce
Termination Time: 71
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 68694607-18eb-11e6-be81-a0481c103368
Faulting package full name:
Faulting package-relative application ID:
Error: (05/13/2016 02:09:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15094
Error: (05/13/2016 02:09:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15094
Error: (05/13/2016 02:09:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/13/2016 02:03:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1a20
Start Time: 01d1ac7f431319db
Termination Time: 91
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 95f52d04-1895-11e6-be81-a0481c103368
Faulting package full name:
Faulting package-relative application ID:
Error: (05/12/2016 10:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1713859
Error: (05/12/2016 10:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1713859
Error: (05/12/2016 10:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/11/2016 11:33:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3493922
System errors: ============= Error: (05/13/2016 11:48:45 AM) (Source: DCOM) (EventID: 10010) (User: hp_) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/13/2016 11:48:15 AM) (Source: DCOM) (EventID: 10010) (User: hp_) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/13/2016 10:51:35 AM) (Source: DCOM) (EventID: 10010) (User: hp_) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/13/2016 10:51:04 AM) (Source: DCOM) (EventID: 10010) (User: hp_) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/13/2016 02:09:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 8 time(s).
Error: (05/13/2016 01:14:22 AM) (Source: DCOM) (EventID: 10010) (User: hp_) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/13/2016 01:13:52 AM) (Source: DCOM) (EventID: 10010) (User: hp_) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/12/2016 09:58:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 7 time(s).
Error: (05/12/2016 11:41:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 6 time(s).
Error: (05/12/2016 12:30:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 5 time(s).
==================== Memory info ===========================
Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics Percentage of memory in use: 41% Total physical RAM: 7366.27 MB Available physical RAM: 4281.49 MB Total Virtual: 9222.27 MB Available Virtual: 5357.42 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:350.35 GB) (Free:45.36 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (New Volume) (Fixed) (Total:162.87 GB) (Free:38.41 GB) NTFS Drive e: (New Volume) (Fixed) (Total:166.02 GB) (Free:95.64 GB) NTFS Drive f: (RECOVERY) (Fixed) (Total:18.19 GB) (Free:2.2 GB) NTFS ==>[system with boot components (obtained from drive)] Drive h: () (Removable) (Total:7.45 GB) (Free:2.71 GB) NTFS
==================== MBR & Partition Table ==================
======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 97A66C91)
Partition: GPT.
======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: 1AE81AE7) Partition 1: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 14, 2016 10:06:01 GMT -8
FIRST >>>>Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. SECOND >>>>Junkware Removal ToolPlease download JRT from here to your desktop. Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.Double click the JRT.exe file to run the application. The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed). When it is asked, press any key to allow the program to continue / run. This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post. Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.LAST >>>>AdwCleaner by XplodeDownload AdwCleaner from here or from here. Save the file to the desktop. NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete. Close all open windows and browsers.[/b][/font] Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner. You will see the following console: Click the Scan button and wait for the scan to finish. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.Click the Clean button. Everything checked will be deleted. When the program has finished cleaning a report appears. Once done it will ask to reboot, allow this On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt[/ul] Optional: NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
|
|
mech
New Helpee
Posts: 18
|
Post by mech on May 15, 2016 0:07:48 GMT -8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 8.1 Single Language x64 Ran by hp (Administrator) on Paz 15.05.2016 at 10:57:50,23 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Paz 15.05.2016 at 11:00:53,65 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
mech
New Helpee
Posts: 18
|
Post by mech on May 15, 2016 0:23:50 GMT -8
I have scanned with Adwcleaner but the program has found nothing and do not ask for reboot/restart.
Here is logs but it is as AdwCleaner[S1]
# AdwCleaner v5.116 - Logfile created 15/05/2016 at 11:15:45 # Updated 09/05/2016 by Xplode # Database : 2016-05-13.1 [Server] # Operating system : Windows 8.1 Single Language (X64) # Username : hp - HP_ # Running from : C:\Users\hp\Desktop\adwcleaner_5.exe.exe # Option : Scan # Support : toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [624 bytes] - [15/05/2016 11:15:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [696 bytes] ##########
Thank you.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on May 15, 2016 21:42:34 GMT -8
Thanks for the JRT and AdwCleaner logs. I need to see the Fixlog.txt log that FRST produced during the Fixlist script run. If that is no longer on the desktop, you can find it in the C:\FRST\logs directory.
|
|
mech
New Helpee
Posts: 18
|
Post by mech on May 19, 2016 0:46:26 GMT -8
This is the fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:14-05-2016 Ran by hp (2016-05-14 22:40:11) Run:1 Running from C:\Users\hp\Desktop Loaded Profiles: hp (Available Profiles: hp & Administrator) Boot Mode: Normal ==============================================
fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File SearchScopes: HKLM -> {46FE6CF5-1C1C-460D-B435-502BA857D956} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {46FE6CF5-1C1C-460D-B435-502BA857D956} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1508925376-3250446775-450008754-1002 -> {46FE6CF5-1C1C-460D-B435-502BA857D956} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File 2016-05-08 11:47 - 2016-05-08 11:47 - 00000000 __SHD C:\Users\hp\AppData\LocalLow\EmieUserList 2016-05-08 11:47 - 2016-05-08 11:47 - 00000000 __SHD C:\Users\hp\AppData\LocalLow\EmieBrowserModeList 2016-05-08 11:46 - 2016-05-08 11:47 - 00000000 __SHD C:\Users\hp\AppData\LocalLow\EmieSiteList 2016-05-08 11:46 - 2016-05-08 11:46 - 00000000 __SHD C:\Users\hp\AppData\Local\EmieUserList 2016-05-08 11:46 - 2016-05-08 11:46 - 00000000 __SHD C:\Users\hp\AppData\Local\EmieSiteList 2016-05-08 11:46 - 2016-05-08 11:46 - 00000000 __SHD C:\Users\hp\AppData\Local\EmieBrowserModeList 2016-05-08 11:46 - 2016-05-13 09:50 - 00003894 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{27436C2C-5D18-41D7-917C-F01D6E05C581} Task: {EAFEE6A5-7E72-4476-89CB-64586D0FFDE1} - System32\Tasks\{C9B575A6-54BD-42EE-9ECF-11376AFCACA3} => pcalua.exe -a C:\SWSetup\SP62594\Install.exe -d C:\SWSetup\SP62594 cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: bitsadmin /reset /allusers RemoveProxy: EmptyTemp: Reboot: end *****************
Restore point was successfully created. Processes closed successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46FE6CF5-1C1C-460D-B435-502BA857D956}" => key removed successfully HKCR\CLSID\{46FE6CF5-1C1C-460D-B435-502BA857D956} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{46FE6CF5-1C1C-460D-B435-502BA857D956}" => key removed successfully HKCR\Wow6432Node\CLSID\{46FE6CF5-1C1C-460D-B435-502BA857D956} => key not found. "HKU\S-1-5-21-1508925376-3250446775-450008754-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46FE6CF5-1C1C-460D-B435-502BA857D956}" => key removed successfully HKCR\CLSID\{46FE6CF5-1C1C-460D-B435-502BA857D956} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully "HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully C:\Users\hp\AppData\LocalLow\EmieUserList => moved successfully C:\Users\hp\AppData\LocalLow\EmieBrowserModeList => moved successfully C:\Users\hp\AppData\LocalLow\EmieSiteList => moved successfully C:\Users\hp\AppData\Local\EmieUserList => moved successfully C:\Users\hp\AppData\Local\EmieSiteList => moved successfully C:\Users\hp\AppData\Local\EmieBrowserModeList => moved successfully C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{27436C2C-5D18-41D7-917C-F01D6E05C581} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAFEE6A5-7E72-4476-89CB-64586D0FFDE1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAFEE6A5-7E72-4476-89CB-64586D0FFDE1}" => key removed successfully C:\WINDOWS\System32\Tasks\{C9B575A6-54BD-42EE-9ECF-11376AFCACA3} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9B575A6-54BD-42EE-9ECF-11376AFCACA3}" => key removed successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state on =========
Ok.
========= End of CMD: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1508925376-3250446775-450008754-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1508925376-3250446775-450008754-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => 340.1 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 22:43:08 ====
|
|