Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible infection - laptop will not connect to wifi


  • Please log in to reply
9 replies to this topic

#1 sfg5007

sfg5007

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 29 December 2015 - 08:58 PM

Hi all,

 

My Dell laptop is running Windows 10.  A few days ago I noticed it was not connected to my home wifi. The wifi card detects all of the local networks including my home router, but when I click to get it to connect, I eventually get the error "Can't connect to this network".

 

Connection through an ethernet cable works.

 

The reason I suspect an infection is that my first instinct - to run Malwarebytes was blocked until I did a clean install of the program.  Two objects were detected and removed.

 

I then tried a system restore, which eventually told me was unsuccessful.  I booted to safemode with command prompt and did the system restore successfully.  However, the connectivity problem persists.

 

Here's the MWB log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/29/2015
Scan Time: 7:16 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.29.07
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369525
Time Elapsed: 51 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\

CLASSES\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}, , [6a7195158b00fa3c6444f77c0ff3ae52],
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}, , [6a7195158b00fa3c6444f77c0ff3ae52],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
 
Looking forward to your advice.


BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,712 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 29 December 2015 - 09:19 PM

G'day sfg5007, and Welcome to BC.

 

Please run these for me:   If you have any dificulties, please let me know.  You can download these scans to a thumb drive and then load them to your sick computer

 

Please download AdwCleaner by Xplode and save to your Desktop.

    Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
    Click on the Scan button.
    AdwCleaner will begin...be patient as the scan may take some time to complete.
    When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    Look over the log especially under Files/Folders for any program you want to save.
    If there's a program you may want to save, just uncheck it from AdwCleaners list
    If you're not sure, post the log for review. (all items found are usually  adware/spyware/foistware)
    If you're ready to clean it all up.....click the Clean button.
    After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    NOTE - To restore an item that has been deleted by accident:
    Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

To fully empty the Quarantine Manager, re-open Adwarecleaner and hit the Uninstall button, and reboot..
The program can be reinstalled later with the Updated Data base included


Edited by Condobloke, 29 December 2015 - 09:30 PM.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

 

 

 

 

 


#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,712 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 29 December 2015 - 09:25 PM

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.

    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. This gives a preliminary reading, and clears your Antivirus/Antimalware programs.
    You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
    Double-click on the Rkill desktop icon to run the tool.
    If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    A black DOS box will briefly flash for a minute or so, and then disappear. This is normal and indicates the tool ran successfully.
    If not, delete the file, then download and use the one provided in Link 2.
    Do not reboot until you run the next few tools.
    If the tool does not run from any of the links provided, please let me know.
    If normal mode still doesn't work, run the tool from safe mode.
    When the scan is done Notepad will open with Rkill log.
    Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

 

Please download  http://www.bleepingcomputer.com/download/minitoolbox/ to desktop to run it.
 Checkmark the following boxes:
[*] Flush DNS
[*] Report IE Proxy Settings
[*] Reset IE Proxy Settings
[*] Report FF Proxy Settings
[*] Reset FF Proxy Settings
[*] List last 10 Event Viewer log
[*] List Installed Programs
[*] List Users, Partitions and Memory size[/list]Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

 

 

 

 

 


#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,712 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 29 December 2015 - 09:28 PM

....and Finally.......Hitmanpro.

 

HitmanPro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.). HitmanPro is designed to work alongside existing security programs without any conflicts. It scans the computer quickly (less than 5 minutes) and does not slow down the computer.

  1. You can download HitmanPro from the below link:
    HITMANPRO DOWNLOAD LINK (This link will open a web page from where you can download HitmanPro)
  2. Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows). When the program starts you will be presented with the start screen as shown below.
    hitmanpro-install.jpg
    Click on the Next button, to install HitmanPro on your computer.
    hitmapro-start-scan.jpg
  3. HitmanPro will now begin to scan your computer for Iminent Toolbar malicious files.
    hitmanpro-scan.jpg
  4. When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Iminent Toolbar adware.
    hitmanpro-scan-results.jpg
  5. Click on the Activate free license button to begin the free 30 days trial, and remove all the malicious files from your computer.
    hitmanpro-activation.jpg

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

 

 

 

 

 


#5 sfg5007

sfg5007
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 29 December 2015 - 10:07 PM

# AdwCleaner v5.026 - Logfile created 29/12/2015 at 22:02:42
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Steve - RED-PC
# Running from : C:\Users\Steve\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0715tb
[-] Folder Deleted : C:\Users\Steve\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Steve\AppData\Local\AVG Secure Search
[-] Folder Deleted : C:\Users\Steve\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Steve\AppData\Roaming\Systweak

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : AVG-Secure-Search-Update_0715tb_rel

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\WeatherAlerts
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [14826 bytes] ##########
 



#6 sfg5007

sfg5007
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 29 December 2015 - 10:13 PM

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/29/2015 10:09:55 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\Runservice.exe (PID: 2312) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
  127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
  127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
  127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
  127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
  127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

Program finished at: 12/29/2015 10:12:41 PM
Execution time: 0 hours(s), 2 minute(s), and 46 seconds(s)
 



#7 sfg5007

sfg5007
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 29 December 2015 - 10:17 PM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Steve (administrator) on 29-12-2015 at 22:16:31
Running from "C:\Users\Steve\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: Vostro 1520 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.


========================= Event log errors: ===============================

Application errors:
==================
Error: (12/29/2015 10:14:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.10240.16603, time stamp: 0x56553bcd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000007910fae
Faulting process id: 0x13a4
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (12/29/2015 10:09:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10240.16603, time stamp: 0x56553bcd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000007c50fae
Faulting process id: 0x1228
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (12/29/2015 10:05:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: AllShareFrameworkDMS.exe, version: 1.3.0.23, time stamp: 0x52b52bb2
Faulting module name: DMSManager.dll, version: 0.0.0.0, time stamp: 0x52a81842
Exception code: 0xc0000005
Fault offset: 0x0001d30e
Faulting process id: 0x1a6c
Faulting application start time: 0xAllShareFrameworkDMS.exe0
Faulting application path: AllShareFrameworkDMS.exe1
Faulting module path: AllShareFrameworkDMS.exe2
Report Id: AllShareFrameworkDMS.exe3
Faulting package full name: AllShareFrameworkDMS.exe4
Faulting package-relative application ID: AllShareFrameworkDMS.exe5

Error: (12/29/2015 10:05:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: AllShareFrameworkDMS.exe, version: 1.3.0.23, time stamp: 0x52b52bb2
Faulting module name: DMSManager.dll, version: 0.0.0.0, time stamp: 0x52a81842
Exception code: 0xc0000005
Fault offset: 0x0001d30e
Faulting process id: 0x7fc
Faulting application start time: 0xAllShareFrameworkDMS.exe0
Faulting application path: AllShareFrameworkDMS.exe1
Faulting module path: AllShareFrameworkDMS.exe2
Report Id: AllShareFrameworkDMS.exe3
Faulting package full name: AllShareFrameworkDMS.exe4
Faulting package-relative application ID: AllShareFrameworkDMS.exe5

Error: (12/29/2015 08:46:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: AllShareFrameworkDMS.exe, version: 1.3.0.23, time stamp: 0x52b52bb2
Faulting module name: DMSManager.dll, version: 0.0.0.0, time stamp: 0x52a81842
Exception code: 0xc0000005
Fault offset: 0x0001d30e
Faulting process id: 0xa88
Faulting application start time: 0xAllShareFrameworkDMS.exe0
Faulting application path: AllShareFrameworkDMS.exe1
Faulting module path: AllShareFrameworkDMS.exe2
Report Id: AllShareFrameworkDMS.exe3
Faulting package full name: AllShareFrameworkDMS.exe4
Faulting package-relative application ID: AllShareFrameworkDMS.exe5

Error: (12/29/2015 08:46:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: AllShareFrameworkDMS.exe, version: 1.3.0.23, time stamp: 0x52b52bb2
Faulting module name: DMSManager.dll, version: 0.0.0.0, time stamp: 0x52a81842
Exception code: 0xc0000005
Fault offset: 0x0001d30e
Faulting process id: 0xc14
Faulting application start time: 0xAllShareFrameworkDMS.exe0
Faulting application path: AllShareFrameworkDMS.exe1
Faulting module path: AllShareFrameworkDMS.exe2
Report Id: AllShareFrameworkDMS.exe3
Faulting package full name: AllShareFrameworkDMS.exe4
Faulting package-relative application ID: AllShareFrameworkDMS.exe5

Error: (12/29/2015 08:46:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: AllShareFrameworkDMS.exe, version: 1.3.0.23, time stamp: 0x52b52bb2
Faulting module name: DMSManager.dll, version: 0.0.0.0, time stamp: 0x52a81842
Exception code: 0xc0000005
Fault offset: 0x0001d30e
Faulting process id: 0x1ac8
Faulting application start time: 0xAllShareFrameworkDMS.exe0
Faulting application path: AllShareFrameworkDMS.exe1
Faulting module path: AllShareFrameworkDMS.exe2
Report Id: AllShareFrameworkDMS.exe3
Faulting package full name: AllShareFrameworkDMS.exe4
Faulting package-relative application ID: AllShareFrameworkDMS.exe5

Error: (12/29/2015 08:46:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: AllShareFrameworkDMS.exe, version: 1.3.0.23, time stamp: 0x52b52bb2
Faulting module name: DMSManager.dll, version: 0.0.0.0, time stamp: 0x52a81842
Exception code: 0xc0000005
Fault offset: 0x0001d30e
Faulting process id: 0x640
Faulting application start time: 0xAllShareFrameworkDMS.exe0
Faulting application path: AllShareFrameworkDMS.exe1
Faulting module path: AllShareFrameworkDMS.exe2
Report Id: AllShareFrameworkDMS.exe3
Faulting package full name: AllShareFrameworkDMS.exe4
Faulting package-relative application ID: AllShareFrameworkDMS.exe5

Error: (12/29/2015 07:15:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.10240.16384, time stamp: 0x559f39c2
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe06d7363
Fault offset: 0x000000000002a1c8
Faulting process id: 0x1cc8
Faulting application start time: 0xSystemSettingsBroker.exe0
Faulting application path: SystemSettingsBroker.exe1
Faulting module path: SystemSettingsBroker.exe2
Report Id: SystemSettingsBroker.exe3
Faulting package full name: SystemSettingsBroker.exe4
Faulting package-relative application ID: SystemSettingsBroker.exe5

Error: (12/29/2015 03:39:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19711141


System errors:
=============
Error: (12/29/2015 10:09:56 PM) (Source: Service Control Manager) (User: )
Description: The LicCtrl Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/29/2015 10:04:57 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (12/29/2015 10:03:19 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/29/2015 10:03:10 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/29/2015 10:02:41 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/29/2015 10:02:40 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/29/2015 10:02:39 PM) (Source: Service Control Manager) (User: )
Description: The Samsung Link Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/29/2015 10:02:39 PM) (Source: Service Control Manager) (User: )
Description: The Message Queuing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/29/2015 10:02:39 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/29/2015 10:02:39 PM) (Source: Service Control Manager) (User: )
Description: The LicCtrl Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (12/29/2015 10:14:59 PM) (Source: Application Error)(User: )
Description: explorer.exe10.0.10240.1660356553bcdunknown0.0.0.000000000c00000050000000007910fae13a401d142af6f63d420C:\WINDOWS\explorer.exeunknown153acefb-0db6-41ed-b3ff-7f5d4d517ce0

Error: (12/29/2015 10:09:01 PM) (Source: Application Error)(User: )
Description: Explorer.EXE10.0.10240.1660356553bcdunknown0.0.0.000000000c00000050000000007c50fae122801d142aee4370a15C:\WINDOWS\Explorer.EXEunknown3e8770c3-f565-4bb9-93ad-b72ec3da86de

Error: (12/29/2015 10:05:35 PM) (Source: Application Error)(User: )
Description: AllShareFrameworkDMS.exe1.3.0.2352b52bb2DMSManager.dll0.0.0.052a81842c00000050001d30e1a6c01d142aef38da749C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exeC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll71fe3a81-837f-4967-ba8d-b6e3a198e936

Error: (12/29/2015 10:05:26 PM) (Source: Application Error)(User: )
Description: AllShareFrameworkDMS.exe1.3.0.2352b52bb2DMSManager.dll0.0.0.052a81842c00000050001d30e7fc01d142aedc1e9e9aC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exeC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dllc1117e7a-3f74-4113-813a-b6013221222b

Error: (12/29/2015 08:46:40 PM) (Source: Application Error)(User: )
Description: AllShareFrameworkDMS.exe1.3.0.2352b52bb2DMSManager.dll0.0.0.052a81842c00000050001d30ea8801d142a3ec7ba6d8C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exeC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll61ef0588-d02a-4e2a-9eb0-365d305d2919

Error: (12/29/2015 08:46:37 PM) (Source: Application Error)(User: )
Description: AllShareFrameworkDMS.exe1.3.0.2352b52bb2DMSManager.dll0.0.0.052a81842c00000050001d30ec1401d142a3eb47c935C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exeC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dllabd9378d-6808-4707-90cd-5df2c8fa8697

Error: (12/29/2015 08:46:34 PM) (Source: Application Error)(User: )
Description: AllShareFrameworkDMS.exe1.3.0.2352b52bb2DMSManager.dll0.0.0.052a81842c00000050001d30e1ac801d142a3e8e244cdC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exeC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll0e890f04-348c-4665-a7bb-85347315e969

Error: (12/29/2015 08:46:29 PM) (Source: Application Error)(User: )
Description: AllShareFrameworkDMS.exe1.3.0.2352b52bb2DMSManager.dll0.0.0.052a81842c00000050001d30e64001d142a3cb890518C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exeC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll006e37bb-fc6b-4224-ab01-870eb6fa66ae

Error: (12/29/2015 07:15:02 PM) (Source: Application Error)(User: )
Description: SystemSettingsBroker.exe10.0.10240.16384559f39c2KERNELBASE.dll10.0.10240.16384559f38c3e06d7363000000000002a1c81cc801d14296a6c30feeC:\Windows\System32\SystemSettingsBroker.exeC:\WINDOWS\system32\KERNELBASE.dll7495cd20-2e4c-4810-acb0-0f3f460633e2

Error: (12/29/2015 03:39:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19711141


CodeIntegrity Errors:
===================================
  Date: 2015-12-29 22:16:33.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-29 22:16:33.893
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-29 22:11:06.866
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-29 22:11:06.841
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-29 22:11:06.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-29 22:11:06.577
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-29 21:56:41.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-29 21:56:41.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-29 19:05:00.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-12-29 19:05:00.936
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
A Game of Thrones mod for CK2 version 0.4.2 (HKLM-x32\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 0.4.2 - AGOT TEAM)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (HKLM\...\{AB11E7BD-211E-4EBD-9EAE-0C11CE7B48AE}) (Version: 16.12.7294 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies)
AVG 2016 (HKLM\...\{2272D5BF-6158-4042-9E55-5D0E0793D32E}) (Version: 16.0.4489 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.12.7294 - AVG Technologies)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.9.0.231 - AVG Technologies)
AVG Zen (HKLM\...\{4BB3F53A-125D-4CD0-8448-620E9898CF96}) (Version: 1.22.1 - AVG Technologies) Hidden
BeerSmith 2 (HKLM-x32\...\BeerSmith 2) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CDisplayEx 1.9.16 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.29 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.29 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.102.104 - ALPS ELECTRIC CO., LTD.)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version:  - NCH Software)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.37.126 - OSToto Co., Ltd.)
Dropbox (HKCU\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
DVDFab 9.1.5.7 (11/07/2014) (HKLM-x32\...\DVDFab 9 US_is1) (Version:  - Fengtao Software Inc.)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 2.40 - NCH Software)
FMW 1 (HKLM\...\{BCA7CC8C-745B-4340-B3A8-BC79A8498107}) (Version: 1.32.2 - AVG Technologies) Hidden
Formatta Filler 7.0 (HKLM-x32\...\Formatta Filler 7.0) (Version: 7.0 - Access FSA LLC)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{9BB919AA-7F13-4003-BC37-AD2F8294DEBC}) (Version: 28.0.989.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Laptop Integrated Webcam Driver (1.01.01.0529)   (HKLM\...\Creative OEM013) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PdaNet for Android 3.25 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Samsung Link 1.8.1.1405191947 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.1.1405191947 - Copyright 2013 SAMSUNG)
SAMSUNG PC Share Manager (HKLM-x32\...\{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 4.0 - SAMSUNG) Hidden
SAMSUNG PC Share Manager (HKLM-x32\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 4.0 - SAMSUNG)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
TEW2013 (HKLM-x32\...\TEW2013) (Version:  - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
YNAB 4 version 4.3.729 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.729 - YouNeedABudget.com)

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 4056.95 MB
Available physical RAM: 2017.18 MB
Total Virtual: 8152.95 MB
Available Virtual: 6127.06 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:64.56 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.94 GB) NTFS

========================= Users: ========================================

User accounts for \\RED-PC

Administrator            DefaultAccount           Guest                    
Steve                    


**** End of log ****
 



#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,712 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 29 December 2015 - 10:22 PM

Do you have internet connection now ??

 

Has your PC updated with the november update....Threshold 2 ?


Edited by Condobloke, 29 December 2015 - 11:31 PM.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

 

 

 

 

 


#9 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,712 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 29 December 2015 - 10:26 PM

Also....THIS TOPIC may be on interest to you    

 

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3897161


Edited by Condobloke, 29 December 2015 - 11:41 PM.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

 

 

 

 

 


#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,712 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 30 December 2015 - 05:36 PM

Your Java install is out of date.

If you are not sure you need Java, try running your PC for a few weeks to see if you can do without it. You will get a notification from any website that needs a Java browser plug-in. However, you must install it from java.com, because some malware pretends to be Java

 

Latest Java Here

Version 8 Update 66

 

Be sure to uninstall the old version first


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

 

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users