Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black screen with cursor after lending computer to someone


  • This topic is locked This topic is locked
19 replies to this topic

#1 janie01

janie01

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 13 June 2016 - 11:00 AM

Hello,

I need help as I believe that I have a virus. I lent my computer to the IT guy at work for 20 minutes so that he could install a work program onto it for me, but I suspect that something else was installed as well.

Upon receiving my computer back, there was a black screen and curser, and I couldn't get out of it. So I turned off my laptop by holding down the power button. Then I restarted the laptop. I experienced the black screen with cursor again, but it went away after a couple minutes and I was able to log in. I never experienced this problem before allowing someone to use my computer. I strongly suspect a virus/trojan horse/rootkit was installed. How do I get rid of it? I have Windows 10.

Any help is much appreciated!



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 16 June 2016 - 06:50 AM

Hi janie01 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Before we get started, I need to ask you: is this your personal laptop, or is it your work laptop provided by your company? If it's your work laptop, do you have the authorization from your company/IT departement to seek assistance online with your issue?

Also, what program did your IT guy at work install on your system?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 18 June 2016 - 11:24 PM

Hi janie :)

Are you still with me? Can you follow the instructions above please?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,057 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 21 June 2016 - 08:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,057 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:11 PM

Posted 21 June 2016 - 06:38 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 janie01

janie01
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 22 June 2016 - 03:28 PM

Hello,

 

I'm sorry for not responding sooner. I still require assistance with this issue.

 

To answer your questions, it is my personal laptop. He actually did not install anything onto my computer. I already had the program installed. He simply entered the code so that the program would be activated. Therefore, it is strange that I was experiencing issues, given that he told me he did not install anything.

 

Thank you,

 

Janie



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 22 June 2016 - 04:28 PM

All good, no worries :)

Honestly, this event is so random that pretty much anything could have caused it, even non-malware events. Though, we can give your laptop a check-up and see what we can find :) To get started, I'll need you to run FRST and provide me a fresh set of logs. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 25 June 2016 - 08:47 AM

Hi janie :)

Are you still with me? Can you follow the instructions in my post above?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 janie01

janie01
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 26 June 2016 - 12:16 PM

Hello. I will follow these instructions now. Thank you.

 

Janie



#10 janie01

janie01
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 26 June 2016 - 12:50 PM

Hello, I am trying to download Farbar recovery scan tool from techspot.com. It has only downloaded 1% in the last 35 minutes. It does not seem to be downloading. Could you please send me a link? Thank you.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 26 June 2016 - 12:53 PM

You can download FRST directly from BleepingComputer.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 janie01

janie01
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 26 June 2016 - 03:13 PM

Hello. Under "whitelist" the following are checked: registry, processes, services, internet, and drivers. Should I keep these checked?



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 26 June 2016 - 03:28 PM

Yes please. Follow the instructions exactly like I posted them above :)

http://www.bleepingcomputer.com/forums/t/617217/black-screen-with-cursor-after-lending-computer-to-someone/#entry4026532

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 janie01

janie01
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 26 June 2016 - 05:12 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2016 02
Ran by Monica (administrator) on MONICA (26-06-2016 17:19:56)
Running from C:\Users\Monica\Downloads
Loaded Profiles: Monica (Available Profiles: Monica)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [DocFetcher-Daemon] => C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe [563621 2016-02-11] ()
HKU\S-1-5-21-4059086883-3434797040-3219837055-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-02-29] (SUPERAntiSpyware)
HKU\S-1-5-21-4059086883-3434797040-3219837055-1001\...\MountPoints2: {21577b34-b867-11e5-80da-089e015f04cd} - "D:\start.exe"
HKU\S-1-5-21-4059086883-3434797040-3219837055-1001\...\MountPoints2: {dc874417-9cfd-11e5-80b5-089e015f04cd} - "E:\SISetup.exe"
HKU\S-1-5-21-4059086883-3434797040-3219837055-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46f88856-e321-4ba9-9dee-0916ed0b1503}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4059086883-3434797040-3219837055-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2016-04-03] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2016-04-03] (Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2016-04-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2016-04-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-14] (Google Inc.)
 
Chrome:
=======
CHR Profile: C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-28]
CHR Extension: (Google Drive) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-28]
CHR Extension: (YouTube) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-28]
CHR Extension: (Google Docs Offline) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [41160 2015-10-02] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1576712 2015-10-02] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [182984 2015-10-02] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dot4; C:\Windows\System32\drivers\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255272 2015-09-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186272 2015-07-24] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [169744 2015-07-24] (ESET)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-22] (Dritek System Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-14] ()
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-26 16:11 - 2016-06-26 16:11 - 00000000 ____D C:\Users\Monica\Downloads\FRST-OlderVersion
2016-06-13 11:15 - 2016-06-13 11:15 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-28 10:04 - 2016-05-28 10:06 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Monica\Downloads\esetonlinescanner_enu (4).exe
2016-05-28 10:03 - 2016-06-02 19:48 - 00000000 ____D C:\Users\Monica\AppData\Local\CrashDumps
2016-05-27 21:52 - 2016-05-27 21:56 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Monica\Downloads\esetonlinescanner_enu (3).exe
2016-05-27 19:25 - 2016-05-27 19:26 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Monica\Downloads\esetonlinescanner_enu (2).exe
2016-05-27 19:23 - 2016-05-27 19:23 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Monica\Downloads\esetonlinescanner_enu (1).exe
2016-05-27 17:28 - 2016-05-27 17:32 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Monica\Downloads\esetonlinescanner_enu.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-26 17:20 - 2016-03-26 17:44 - 00010205 _____ C:\Users\Monica\Downloads\FRST.txt
2016-06-26 17:19 - 2016-03-26 17:43 - 00000000 ____D C:\FRST
2016-06-26 16:52 - 2016-03-28 13:34 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-26 16:11 - 2016-03-26 17:42 - 02389504 _____ (Farbar) C:\Users\Monica\Downloads\FRST64.exe
2016-06-26 12:55 - 2016-03-28 13:36 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-26 12:55 - 2016-03-28 13:36 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-26 12:35 - 2016-03-23 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-26 12:27 - 2016-04-08 19:46 - 00814664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-26 12:27 - 2016-03-23 23:30 - 00000000 ____D C:\WINDOWS\INF
2016-06-14 03:40 - 2016-03-28 13:26 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{36248930-0E47-40A9-9526-252A6F0D79CD}
2016-06-13 12:04 - 2016-03-24 12:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-13 12:03 - 2016-03-23 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-13 11:29 - 2016-03-23 20:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-13 11:28 - 2016-03-23 22:39 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-06-13 11:15 - 2016-03-27 10:02 - 00237376 _____ C:\WINDOWS\ntbtlog.txt
2016-05-27 17:32 - 2016-04-06 20:09 - 00000000 ____D C:\Users\Monica\AppData\Local\ESET
2016-05-27 17:18 - 2016-03-23 21:04 - 00002374 _____ C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-27 17:18 - 2013-12-07 22:20 - 00000000 __RDO C:\Users\Monica\OneDrive
 
==================== Files in the root of some directories =======
 
2016-03-28 11:55 - 2016-03-28 11:55 - 0000017 _____ () C:\Users\Monica\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Monica\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Monica\AppData\Local\Temp\siinst.exe
C:\Users\Monica\AppData\Local\Temp\strings.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-06-12 12:42
 
==================== End of FRST.txt ============================


#15 janie01

janie01
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 26 June 2016 - 05:13 PM

Here is the additional scan. Thank you for your help.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02
Ran by Monica (2016-06-26 17:22:58)
Running from C:\Users\Monica\Downloads
Windows 10 Home Version 1511 (X64) (2016-03-24 00:43:46)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-4059086883-3434797040-3219837055-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4059086883-3434797040-3219837055-503 - Limited - Disabled)
Guest (S-1-5-21-4059086883-3434797040-3219837055-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4059086883-3434797040-3219837055-1006 - Limited - Enabled)
Monica (S-1-5-21-4059086883-3434797040-3219837055-1001 - Administrator - Enabled) => C:\Users\Monica
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Endpoint Antivirus 6.2.2033.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.2.2033.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
DocFetcher (HKLM-x32\...\DocFetcher) (Version: 1.1.17 - )
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ESET Endpoint Antivirus (HKLM\...\{13189425-6C52-490A-9E5A-3B66DB545629}) (Version: 6.2.2033.0 - ESET, spol. s r.o.)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.4 - Tweaking.com)
UltraSearch V2.0.3 (HKLM-x32\...\UltraSearch_is1) (Version: 2.0.3 - JAM Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4059086883-3434797040-3219837055-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Monica\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {30C9EF7E-F26E-4662-A9B7-8A7956A462CE} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {359360B9-4FC9-4707-8A9B-BFBCD64CF304} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-28] (Google Inc.)
Task: {4CB00298-B8DE-4B97-B2BB-123C309D1176} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-28] (Google Inc.)
Task: {DBC037FB-A225-4F67-81D8-75E2543740DF} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Monica\OneDrive\Documents\HP G60\Transfer to Online Storage\HP Comp\Old Documents\Old USB stuff\Old Laptop\Resume 2\Toshiba Offers.lnk -> hxxp://www.toshiba.ca/web/link?id=1140"6C:\ProgramData\Toshiba\TOSHIBAOffer\Toshiba Offers.ico (No File)
Shortcut: C:\Users\Monica\OneDrive\Documents\HP G60\Documents\Not online\Resumes '11\Older resumes\Resume 2\Toshiba Offers.lnk -> hxxp://www.toshiba.ca/web/link?id=1140"6C:\ProgramData\Toshiba\TOSHIBAOffer\Toshiba Offers.ico (No File)
Shortcut: C:\Users\Monica\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com/ (No File)
Shortcut: C:\Users\Monica\Desktop\HP G60\Transfer to Online Storage\HP Comp\Old Documents\Old USB stuff\Old Laptop\Resume 2\Toshiba Offers.lnk -> hxxp://www.toshiba.ca/web/link?id=1140"6C:\ProgramData\Toshiba\TOSHIBAOffer\Toshiba Offers.ico (No File)
Shortcut: C:\Users\Monica\Desktop\HP G60\Documents\Not online\Resumes '11\Older resumes\Resume 2\Toshiba Offers.lnk -> hxxp://www.toshiba.ca/web/link?id=1140"6C:\ProgramData\Toshiba\TOSHIBAOffer\Toshiba Offers.ico (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-18 09:16 - 2016-03-29 06:20 - 02656952 _____ () c:\windows\system32\CoreUIComponents.dll
2016-03-30 16:00 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2016-03-30 16:01 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-08-21 22:09 - 2015-08-21 22:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-18 09:16 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-18 09:16 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-27 17:17 - 2016-05-27 17:17 - 00959168 _____ () C:\Users\Monica\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-12-17 18:39 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-14 16:46 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-14 16:49 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-14 16:48 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-14 16:49 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-14 16:49 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-14 16:49 - 2016-04-22 23:58 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-02-11 19:00 - 2016-02-11 19:00 - 00563621 _____ () C:\Program Files (x86)\DocFetcher\docfetcher-daemon-windows.exe
2016-04-19 15:58 - 2016-04-19 15:59 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-02 20:07 - 2016-06-02 20:08 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-02 20:07 - 2016-06-02 20:08 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-02 20:07 - 2016-06-02 20:08 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-24 14:16 - 2016-03-24 14:17 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-05-14 16:46 - 2016-04-23 00:24 - 00064512 _____ () C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.dll
2016-04-19 15:58 - 2016-04-19 15:59 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 15:58 - 2016-04-19 15:59 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-03-23 23:36 - 2016-03-27 19:46 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4059086883-3434797040-3219837055-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 

==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{24372020-C94B-46B0-89EA-DCED791316C8}C:\windows.old\users\monica\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\windows.old\users\monica\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6BB50106-B4BA-49FA-B91C-BFDBA646428A}C:\windows.old\users\monica\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\windows.old\users\monica\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{CC6455CA-245B-4E85-A849-7837EE6C748E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
22-05-2016 20:36:09 Scheduled Checkpoint
12-06-2016 14:33:08 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2016 11:27:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MONICA)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/13/2016 11:21:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MONICA)
Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/13/2016 11:16:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MONICA)
Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/13/2016 11:16:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MONICA)
Description: Activation of app Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/11/2016 07:02:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CDPSvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ucrtbase.dll, version: 10.0.10586.0, time stamp: 0x5632d193
Exception code: 0xc0000409
Fault offset: 0x00000000000698fe
Faulting process id: 0x1c0
Faulting application start time: 0xsvchost.exe_CDPSvc0
Faulting application path: svchost.exe_CDPSvc1
Faulting module path: svchost.exe_CDPSvc2
Report Id: svchost.exe_CDPSvc3
Faulting package full name: svchost.exe_CDPSvc4
Faulting package-relative application ID: svchost.exe_CDPSvc5
 
Error: (06/02/2016 07:58:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MONICA)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/02/2016 07:48:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.306, time stamp: 0x571afaa5
Faulting module name: Windows.UI.ActionCenter.dll, version: 10.0.10586.306, time stamp: 0x571af4c7
Exception code: 0xc0000005
Fault offset: 0x000000000005c5d7
Faulting process id: 0x14c8
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (05/28/2016 03:37:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.306, time stamp: 0x571af85f
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.306, time stamp: 0x571af9f6
Exception code: 0xc0000005
Fault offset: 0x000000000030ca5e
Faulting process id: 0x1130
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5
 
Error: (05/28/2016 10:03:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esetonlinescanner_enu (3).exe, version: 2.0.8.0, time stamp: 0x573dab40
Faulting module name: esetonlinescanner_enu (3).exe, version: 2.0.8.0, time stamp: 0x573dab40
Exception code: 0xc000041d
Fault offset: 0x00036471
Faulting process id: 0x1234
Faulting application start time: 0xesetonlinescanner_enu (3).exe0
Faulting application path: esetonlinescanner_enu (3).exe1
Faulting module path: esetonlinescanner_enu (3).exe2
Report Id: esetonlinescanner_enu (3).exe3
Faulting package full name: esetonlinescanner_enu (3).exe4
Faulting package-relative application ID: esetonlinescanner_enu (3).exe5
 
Error: (05/28/2016 03:35:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esetonlinescanner_enu (3).exe, version: 2.0.8.0, time stamp: 0x573dab40
Faulting module name: esetonlinescanner_enu (3).exe, version: 2.0.8.0, time stamp: 0x573dab40
Exception code: 0xc0000005
Fault offset: 0x00036471
Faulting process id: 0x1234
Faulting application start time: 0xesetonlinescanner_enu (3).exe0
Faulting application path: esetonlinescanner_enu (3).exe1
Faulting module path: esetonlinescanner_enu (3).exe2
Report Id: esetonlinescanner_enu (3).exe3
Faulting package full name: esetonlinescanner_enu (3).exe4
Faulting package-relative application ID: esetonlinescanner_enu (3).exe5
 

System errors:
=============
Error: (06/14/2016 07:28:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_2dd9e service to connect.
 
Error: (06/14/2016 07:28:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_2dd9e service to connect.
 
Error: (06/14/2016 07:28:25 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_2dd9e service, but this action failed with the following error:
%%1056 = An instance of the service is already running.
 

Error: (06/14/2016 07:28:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2dd9e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/14/2016 07:28:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2dd9e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/14/2016 07:28:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2dd9e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/14/2016 07:28:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2dd9e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/14/2016 07:28:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/13/2016 01:42:35 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer IMAC-054497
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{46F88856-E321-4BA9-9DEE-0916ED0B1503}.
The master browser is stopping or an election is being forced.
 
Error: (06/13/2016 11:29:36 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 

CodeIntegrity:
===================================
  Date: 2016-05-21 19:38:27.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-15 03:05:16.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-15 01:47:30.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-22 20:43:16.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-20 18:28:11.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-18 14:48:35.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-25 00:08:40.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-24 14:07:03.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-23 20:23:28.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 

==================== Memory info ===========================
 
Processor: AMD C-70 APU with Radeon™ HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3786.26 MB
Available physical RAM: 1999.26 MB
Total Virtual: 4426.26 MB
Available Virtual: 2420.86 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:282.79 GB) (Free:77.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1DBD6C95)
 
Partition: GPT.
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users