Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Permanent MFC Application; Browsers won't connect


  • Please log in to reply
15 replies to this topic

#1 rexesq917

rexesq917

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 19 January 2016 - 09:38 PM

We did something and ended up with the Permanent MFC application pop-up.  Ran MBAM and were able to get the pop-up to go away, but still cannot access Internet through either wireless or wired connection.  On bootup, we get 2 rundll errors: uju.dll and buildercar.dll.  Both error messages say that the specified module could not be found.  I have installed MiniToolBox and the results are as follows:

 

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Andrew (administrator) on 19-01-2016 at 21:22:50
Running from "C:\Users\Andrew\Desktop"
Microsoft Windows 10 Home  (X64)
Model: 10120 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
========================= IP Configuration: ================================
 
1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.91 metric=1 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Andrew
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D4-3D-7E-AA-BB-26
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 24-FD-52-43-DF-5A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
   Physical Address. . . . . . . . . : 24-FD-52-43-DF-5A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:cc43:9a0:3409:5994:df43:86fa(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:306:cc43:9a0:b50b:a941:302e:b9bd(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3409:5994:df43:86fa%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 19, 2016 8:44:59 PM
   Lease Expires . . . . . . . . . . : Wednesday, January 20, 2016 9:22:29 PM
   Default Gateway . . . . . . . . . : fe80::3edf:a9ff:fe8b:bc70%13
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 354745682
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-36-D8-30-D4-3D-7E-AA-BB-26
   DNS Servers . . . . . . . . . . . : 208.87.151.16
                                       208.87.151.17
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  208.87.151.16
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  208.87.151.16
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging  with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for :
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...d4 3d 7e aa bb 26 ......Realtek PCIe GBE Family Controller
  6...24 fd 52 43 df 5a ......Microsoft Wi-Fi Direct Virtual Adapter
 13...24 fd 52 43 df 5a ......1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.69     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0     192.168.1.91     192.168.1.69     26
      192.168.1.0    255.255.255.0         On-link      192.168.1.69    281
     192.168.1.69  255.255.255.255         On-link      192.168.1.69    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.69    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.69    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.69    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0     192.168.1.91       1
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    281 ::/0                     fe80::3edf:a9ff:fe8b:bc70
  1    306 ::1/128                  On-link
 13    281 2602:306:cc43:9a0::/64   On-link
 13     41 2602:306:cc43:9a0::/64   fe80::3edf:a9ff:fe8b:bc70
 13    281 2602:306:cc43:9a0:3409:5994:df43:86fa/128
                                    On-link
 13    281 2602:306:cc43:9a0:b50b:a941:302e:b9bd/128
                                    On-link
 13    281 fe80::/64                On-link
 13    281 fe80::3409:5994:df43:86fa/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/19/2016 09:22:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x194c
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
Error: (01/19/2016 09:22:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1510
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
Error: (01/19/2016 09:22:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0xe88
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
Error: (01/19/2016 09:22:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x170c
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
Error: (01/19/2016 09:22:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1234
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
Error: (01/19/2016 09:22:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x904
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
Error: (01/19/2016 09:22:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x154c
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
Error: (01/19/2016 09:22:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0xb38
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
Error: (01/19/2016 09:22:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1e10
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
Error: (01/19/2016 09:22:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1228
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3
Faulting package full name: MotoHelperService.exe4
Faulting package-relative application ID: MotoHelperService.exe5
 
 
System errors:
=============
Error: (01/19/2016 09:22:50 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/19/2016 09:22:49 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/19/2016 09:22:48 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/19/2016 09:22:47 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/19/2016 09:22:46 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/19/2016 09:22:45 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/19/2016 09:22:43 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/19/2016 09:22:42 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/19/2016 09:22:41 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (01/19/2016 09:22:40 PM) (Source: Service Control Manager) (User: )
Description: The MotoHelper Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/19/2016 09:22:51 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df194c01d15329766856a6C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe774ed6e1-95be-4ffe-a1be-72cd73fd897a
 
Error: (01/19/2016 09:22:50 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df151001d1532975c5e797C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe44e8373c-b62a-49e4-ba6b-55074c07d62f
 
Error: (01/19/2016 09:22:49 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054dfe8801d15329751d3d59C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe32cdb0cd-2d6d-417e-8564-ecfae7afba6a
 
Error: (01/19/2016 09:22:48 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df170c01d153297470cf72C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe04a8bd7d-1a21-4689-9f43-dc5b7c9f814e
 
Error: (01/19/2016 09:22:47 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df123401d1532973c78afbC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe6b0a6881-d2b9-4b63-a9fe-e92a7f3eec3b
 
Error: (01/19/2016 09:22:46 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df90401d15329731be36bC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exead332d47-7cb1-4437-9396-7795bb340bb4
 
Error: (01/19/2016 09:22:44 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df154c01d1532972775c31C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe30467f3c-7ef1-4d27-9a04-446766143aaa
 
Error: (01/19/2016 09:22:43 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054dfb3801d1532971cbb2e6C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe6997a16e-40b3-412a-b153-32f64f06d5b1
 
Error: (01/19/2016 09:22:42 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df1e1001d153297124ce52C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exec42e7de1-f5a8-45b2-b692-c73d713e44b7
 
Error: (01/19/2016 09:22:41 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df122801d15329707807e5C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe6cefe73e-a140-446f-a7ca-a94a6a788f10
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-01-19 20:46:44.036
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-19 20:46:44.020
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-19 20:46:43.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-19 20:46:43.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-19 20:46:43.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-19 20:46:43.723
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-19 20:46:43.722
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-19 20:20:43.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-19 20:20:43.018
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-01-19 20:20:43.018
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.5.2.34169 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.6 - Activision)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
Dungeons & Dragons Online® (HKLM-x32\...\Steam App 206480) (Version:  - Turbine, Inc)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GigaClicks Crawler (HKLM-x32\...\GigaClicks Crawler) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper 2.0.51 Driver 5.1.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.51 - Motorola)
MotoHelper MergeModules (HKLM-x32\...\{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}) (Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.2060.2 - Motorola)
Motorola Mobile Drivers Installation 5.1.0 (HKLM\...\{581F6FB0-46E6-42DA-98CC-ABB001386520}) (Version: 5.1.0 - Motorola Inc.) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0924 - Lenovo)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0208 - REALTEK Semiconductor Corp.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{C5D14A1B-6E3E-491A-96C6-ABDEEEC4E97D}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1931508C-C004-4983-81E3-70BE6252904B}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E4F470B2-3601-4E1C-B291-D6B580F53136}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0117-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden
Spotify (HKCU\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
Window Host Manager (HKLM-x32\...\Window Host Manager) (Version: 1.44 - Grayscale LLC)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 13%
Total physical RAM: 12205.15 MB
Available physical RAM: 10594.57 MB
Total Virtual: 14061.15 MB
Available Virtual: 12450.61 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows8_OS) (Fixed) (Total:904.91 GB) (Free:576.82 GB) NTFS
2 Drive d: (ANDREW USB) (Removable) (Total:3.61 GB) (Free:3.6 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\ANDREW
 
Administrator            Andrew                   ASPNET                   
DefaultAccount           Guest                    rexes_000                
 
 
**** End of log ****
 
HELP!


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 20 January 2016 - 03:52 PM

Hi rexesq917 :)

My name is Aura and I'll be assisting you with your issue.

Start by uninstalling the programs below. If you cannot uninstall any of them, let me know.
  • Adobe AIR - Outdated;
  • Adobe Flash Player 12 Plugin - Outdated;
  • GigaClicks Crawler - Malware;
  • Java 8 Update 45 - Outdated
  • Window Host Manager;
Once done, run the scans below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • If you managed to uninstall all the programs listed above successfully or not;
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 rexesq917

rexesq917
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 20 January 2016 - 06:40 PM

All uninstalled EXCEPT the GigaClicks Crawler.  when I tried to uninstall, it just wouldn't do it.  I was able to get MBAM to update, so I guess I have internet access again. I'm still getting the rundll error messages on bootup [uju.dll and BuilderCar.dll modules could not be found]. Here are the logs:

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64 
Ran by Andrew (Administrator) on Wed 01/20/2016 at 16:26:40.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 13 
 
Failed to delete: C:\WINDOWS\Tasks\NNPSTMFRXEJJQMFY.job (Task) 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder) 
Successfully deleted: C:\Users\Andrew\AppData\Local\gcc (Folder) 
Successfully deleted: C:\Users\Andrew\AppData\Local\tvtime (Folder) 
Successfully deleted: C:\Users\Andrew\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\Andrew\Documents\probit software (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\Easy Driver Pro Schedule (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\GC_Informer (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\GC_Scheduler (Task)
Successfully deleted: C:\Program Files (x86)\predm (Folder) 
Successfully deleted: C:\Program Files (x86)\probit software (Folder) 
Successfully repaired: C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk (Shortcut)
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{449E0428-4B53-49F2-9BE5-96E3C6847677} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/20/2016 at 16:27:36.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ADWCleaner:
 
# AdwCleaner v5.030 - Logfile created 20/01/2016 at 16:30:49
# Updated 17/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 10 Home  (x64)
# Username : Andrew - ANDREW
# Running from : C:\Users\Andrew\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Andrew\AppData\Roaming\iPumper
[-] Folder Deleted : C:\WINDOWS\Update Pro
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\Genius
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\DhcpUpdater
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
[-] File Disinfected : C:\WINDOWS\SysNative\dnsapi.dll
[-] File Disinfected : C:\WINDOWS\SysWOW64\dnsapi.dll
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Escolade
[-] Task Deleted : Genius
[-] Task Deleted : Genius_Interval
[-] Task Deleted : IBUpd2
[-] Task Deleted : KAGQE1
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{009A0207-45DB-47A6-8BFD-C9291E0F89AF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{04413D64-6A6D-4AC2-8257-3BDD79171D1B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{317993C2-F834-4B52-8B39-CD67577BFE0C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A03DFF4-98FD-41B7-80C7-2709CDB6E140}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{439B5BA0-61B4-44B3-ADDE-415C45FC970C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4F7239DD-826A-4EB3-BD1A-887CD352D20C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{523D0DE2-2CBA-4927-8032-B5D55FE4D394}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5EA9A414-3AB0-48ED-AD6C-28259241643F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{71FDC31F-F4C3-41CA-B89C-C73993F3618C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BEA83E7-2FEC-43EB-8F89-490FF8C3E3E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1966AD6F-4724-4EC8-8E2C-E19C6625900F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{24003BDB-D997-4C92-89FE-61819C12BDFF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5D862FB3-17A2-4046-B24D-BC5881FD0B6B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EF2AC644-1570-45D5-B4B6-CE152C6D0B15}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FF130225-E946-498C-8A87-5F73C67CAFA2}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{009A0207-45DB-47A6-8BFD-C9291E0F89AF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{04413D64-6A6D-4AC2-8257-3BDD79171D1B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{317993C2-F834-4B52-8B39-CD67577BFE0C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A03DFF4-98FD-41B7-80C7-2709CDB6E140}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{439B5BA0-61B4-44B3-ADDE-415C45FC970C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4F7239DD-826A-4EB3-BD1A-887CD352D20C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{523D0DE2-2CBA-4927-8032-B5D55FE4D394}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5EA9A414-3AB0-48ED-AD6C-28259241643F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{71FDC31F-F4C3-41CA-B89C-C73993F3618C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BEA83E7-2FEC-43EB-8F89-490FF8C3E3E6}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Escolade
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\Probit Software
[-] Key Deleted : HKCU\Software\Red Sky
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\SmartDNS
[-] Key Deleted : HKLM\SOFTWARE\V9Software
[-] Key Deleted : HKLM\SOFTWARE\Wpm
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[!] Key Not Deleted : HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\Software\DAILYPCCLEAN
[!] Key Not Deleted : HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\Software\Escolade
[!] Key Not Deleted : HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\Software\Microsoft\Tinstalls
[!] Key Not Deleted : HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\Software\powerpack
[!] Key Not Deleted : HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\Software\Probit Software
[!] Key Not Deleted : HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\Software\Red Sky
[!] Key Not Deleted : HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\Software\tstamptoken
[!] Key Not Deleted : HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\Software\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6c9ae714-68f4-4ea1-8f4d-be0755e10567} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{91da8c66-0646-49c2-8c4a-33a51639690e} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c5d68859-18fc-4a59-82ae-0868223eba01} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6c9ae714-68f4-4ea1-8f4d-be0755e10567} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{91da8c66-0646-49c2-8c4a-33a51639690e} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{c5d68859-18fc-4a59-82ae-0868223eba01} [NameServer]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Update Pro]
[!] Value Not Deleted : HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\Software\Microsoft\Windows\CurrentVersion\Run [Update Pro]
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7403 bytes] ##########
 
MBAM:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/20/2016
Scan Time: 4:38 PM
Logfile: MBAM_1=2-=16.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.20.06
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Andrew
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425161
Time Elapsed: 45 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
Adware.PennyBee, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Biisvis, Quarantined, [25c1c576eaafdb5bddbca527f70a20e0], 
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtZoobam, Quarantined, [eafc102bc7d258de377c8da8fc08bd43], 
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Zoobam.exe, Quarantined, [d6100b302673c472b3ffca6b20e4dd23], 
PUP.Optional.Linkury, HKU\S-1-5-21-2805351510-3099549816-2817562285-1001\SOFTWARE\mtZoobam, Quarantined, [b6300e2d3f5a5cda2f81c66fa361738d], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Linkury, C:\ProgramData\Zoobam, Quarantined, [7f672b104059350106ce864a27db748c], 
 
Files: 22
Adware.PennyBee, C:\Users\Andrew\AppData\Roaming\PodoavXolbiy\Luoeggea.exe, Quarantined, [25c1c576eaafdb5bddbca527f70a20e0], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\221C.tmp.exe, Quarantined, [588ef6454950ff37bdd6805bd42d57a9], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\22B1.tmp.exe, Quarantined, [974f300bf0a9ad89c0d37c5f966b8e72], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\3D53.tmp.exe, Quarantined, [11d5f9426435f5412d66fbe0f60bb050], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\9163.tmp.exe, Quarantined, [ba2ccc6fb2e71125840f36a5cc354cb4], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\9514.tmp.exe, Quarantined, [9d493803f7a2181e474c03d8df220ef2], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\ICReinstall_9514.tmp.exe, Quarantined, [91556dcea8f14fe7eda6ba21f40d8b75], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\B7F7.tmp.exe, Quarantined, [0fd7310aaeeba096c1d248936e935ba5], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\C00E.tmp.exe, Quarantined, [717597a4c7d272c4eba84f8ce31ea25e], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\C071.tmp.exe, Quarantined, [53932a11bfdaba7cb5de9d3eb54c47b9], 
PUP.Optional.ConvertAd, C:\Users\Andrew\AppData\Local\Temp\nso365.tmp, Quarantined, [db0b2318abee5adcf50a97bc8d7548b8], 
Trojan.MalPack, C:\Users\Andrew\AppData\Local\Temp\netstream.exe, Quarantined, [12d44eedcacf3afccd4bd1f800016f91], 
PUP.Optional.ConvertAd, C:\Users\Andrew\AppData\Local\Temp\nsb5357.tmp, Quarantined, [c6206dcec5d487aff38c0da3d92b748c], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\47A6.tmp.exe, Quarantined, [eafc17249801c571e8ab1bc014ed0ff1], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\524D.tmp.exe, Quarantined, [be280833f0a978bec9ca6774936e6f91], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\5DEC.tmp.exe, Quarantined, [f7efe05bbddc2115692aab3047ba55ab], 
PUP.Optional.InstallCore, C:\Users\Andrew\AppData\Local\Temp\7346.tmp.exe, Quarantined, [608641fac5d47bbbbcd7b12a2ad79b65], 
PUP.Optional.LookSafe, C:\Users\Andrew\AppData\Local\Temp\Looksafe_Setup.exe, Quarantined, [27bf9d9e3e5b5dd96c55bff15ba9f20e], 
Adware.EoRezo.Gen, C:\Users\Andrew\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_214.exe, Quarantined, [dc0a3cff6d2cd462554c706333ce25db], 
PUP.Optional.EasyDriverPro, C:\Windows\System32\Tasks\Easy Driver Pro Schedule, Quarantined, [c3234af18e0b48ee6d9b6acbd62e9967], 
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\etej\iuno\zan.dat, Quarantined, [e7ff50eb851434028b5c36acc242a45c], 
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\paf\dufi\bowt.dat, Quarantined, [2cbabb80554458ded118875b8d77aa56], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 20 January 2016 - 07:05 PM

All good :) I'll help you take care of them. Follow the instructions below please.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 rexesq917

rexesq917
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 20 January 2016 - 08:12 PM

See this Dropbox link: https://www.dropbox.com/sh/357opwzy029kxha/AACtC7u0pIhy3GEVtqRwf8vGa?dl=0



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 20 January 2016 - 08:37 PM

Alright. Now, you'll open Autoruns again with Admin Rights, and you're going to delete the entries listed below in the screenshots (you can click on them to enlarge). To delete an entry, simply right-click on it and select Delete. They are shown in order (so from the top of the log to the bottom), and they're all highlighted in yellow or pink.
783AyWy.png
sVFK9Is.png
sRjJkVh.png
24F4AXw.png
dweqDMA.png
VWdtVvw.png
OxyLvnz.png
kDlCaza.png
JG0eIFi.png
If you can't delete an entry, let me know.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 rexesq917

rexesq917
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 20 January 2016 - 09:56 PM

OK.  I deleted all the files you specified in the previous post.  But be advised that there are several yellow and pink highlighted files still appearing.  Do I just leave them?



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 21 January 2016 - 06:21 AM

Yes, please leave them. These are legitimate entries. Next, we'll run a scan with Emsisoft Emergency Kit.

0Wrv6UC.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
    UNSds6D.png
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
    r1NTvJ5.png
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 rexesq917

rexesq917
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 21 January 2016 - 11:07 AM

I can't get the Emisoft log to paste into this reply, so I have uploaded the text to Dropbox: https://www.dropbox.com/sh/357opwzy029kxha/AACtC7u0pIhy3GEVtqRwf8vGa?dl=0



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 21 January 2016 - 11:11 AM

Good :) Since Emsisoft found malicious files in your Temp folder, we'll empty it completely using TFC. Follow the instructions below please.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 rexesq917

rexesq917
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 24 January 2016 - 12:05 AM

Sorry I've been off the grid the last couple of days.

 

I ran TFC.  Next?



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 24 January 2016 - 10:24 AM

All good, no worries :) How's your computer running now? Do you still get the Permanent MFC Application error, and are your browser still not able to connect to the Internet?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 rexesq917

rexesq917
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 24 January 2016 - 04:34 PM

All seems to be working well.  Thanks so much for your time and advice!!!



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 PM

Posted 24 January 2016 - 04:35 PM

Anything else that needs to be addressed, or is it good? :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 rexesq917

rexesq917
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 26 January 2016 - 06:49 PM

I think I'm good to go. Thanks again for all your help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users