Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected? Computer acting strangely please help


  • Please log in to reply
26 replies to this topic

#1 djkea

djkea

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:35 PM

Posted 19 June 2016 - 02:08 PM

Recently my Dell laptop runnuing Windows 10 has become laggy and I have seen a few strange behaviors.  I am unsure where to start diagnosis.  Your help would be most appreciated.

 

Thanks, David



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 19 June 2016 - 02:22 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#3 djkea

djkea
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:35 PM

Posted 19 June 2016 - 11:37 PM

ran MWBytes but the ES scan did not complete.  It hung at about 90% then popped up message saying EOS_v2 stoppedx working, Windows will close program and notify if solution is available.  It had detected one infected file prior to stopping.  

 

MW Log-

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 6/19/2016
Scan Time: 3:05 PM
Logfile: mwbytes.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.06.19.05
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: djkea
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360892
Time Elapsed: 1 hr, 7 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Komodia.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\tmp3033, , [00d189753e5bb97ddac345acae553fc1], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 20 June 2016 - 12:58 PM

Ok, continue on with the other logs please.



#5 djkea

djkea
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:35 PM

Posted 20 June 2016 - 07:31 PM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by djkea (administrator) on 20-06-2016 at 17:25:07
Running from "C:\Users\djkea\Documents\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Inspiron 3521 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
ProxyServer: 192.168.1.1:80
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Dell Wireless 1704 802.11b/g/n (2.4GHz) = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : inspirion3521
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.actdsltmp
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 74-86-7A-46-56-AA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : C2-18-85-E1-1A-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : domain.actdsltmp
   Description . . . . . . . . . . . : The Broadcom 802.11 Network Adapter provides wireless local area networking.
   Physical Address. . . . . . . . . : C0-18-85-E1-1A-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::463:94f4:b6e0:2426%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.12(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, June 18, 2016 4:37:25 PM
   Lease Expires . . . . . . . . . . : Saturday, June 25, 2016 4:37:25 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 364910725
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-AC-4E-47-74-86-7A-46-56-AA
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth PAN HelpText
   Physical Address. . . . . . . . . : C0-18-85-E1-1A-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.domain.actdsltmp:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.actdsltmp
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2cd6:3c0d:9f08:1d42(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2cd6:3c0d:9f08:1d42%2(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 603979776
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-AC-4E-47-74-86-7A-46-56-AA
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  verizon.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4007:804::200e
 216.58.219.14
 
 
Pinging google.com [216.58.193.206] with 32 bytes of data:
Reply from 216.58.193.206: bytes=32 time=39ms TTL=56
Reply from 216.58.193.206: bytes=32 time=39ms TTL=56
 
Ping statistics for 216.58.193.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 39ms, Average = 39ms
Server:  verizon.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=69ms TTL=51
Reply from 206.190.36.45: bytes=32 time=213ms TTL=51
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 69ms, Maximum = 213ms, Average = 141ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...74 86 7a 46 56 aa ......Realtek PCIe FE Family Controller
 19...c2 18 85 e1 1a 79 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...c0 18 85 e1 1a 79 ......The Broadcom 802.11 Network Adapter provides wireless local area networking.
 14...c0 18 85 e1 1a 7a ......Bluetooth PAN HelpText
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  2...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.12     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.12    281
     192.168.1.12  255.255.255.255         On-link      192.168.1.12    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.12    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.12    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.12    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  2    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  2    306 2001::/32                On-link
  2    306 2001:0:5ef5:79fd:2cd6:3c0d:9f08:1d42/128
                                    On-link
  5    281 fe80::/64                On-link
  2    306 fe80::/64                On-link
  5    281 fe80::463:94f4:b6e0:2426/128
                                    On-link
  2    306 fe80::2cd6:3c0d:9f08:1d42/128
                                    On-link
  1    306 ff00::/8                 On-link
  2    306 ff00::/8                 On-link
  5    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\wlidnsp.dll [66048] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\wlidnsp.dll [66048] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/19/2016 08:06:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: esetonlinescanner_enu.exe, version: 2.0.8.0, time stamp: 0x573dab40
Faulting module name: esetonlinescanner_enu.exe, version: 2.0.8.0, time stamp: 0x573dab40
Exception code: 0xc0000005
Fault offset: 0x00036471
Faulting process id: 0x210c
Faulting application start time: 0xesetonlinescanner_enu.exe0
Faulting application path: esetonlinescanner_enu.exe1
Faulting module path: esetonlinescanner_enu.exe2
Report Id: esetonlinescanner_enu.exe3
Faulting package full name: esetonlinescanner_enu.exe4
Faulting package-relative application ID: esetonlinescanner_enu.exe5
 
Error: (06/18/2016 05:49:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: INSPIRION3521)
Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/18/2016 05:49:55 PM) (Source: Application Hang) (User: )
Description: The program WinUAPEntry.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 293c
 
Start Time: 01d1c9c46dcbbd61
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Facebook.Facebook_57.490.26348.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
 
Report Id: b5a1c323-35b7-11e6-bfc9-c01885e11a7a
 
Faulting package full name: Facebook.Facebook_57.490.26348.0_x86__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (06/18/2016 04:37:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: INSPIRION3521)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/18/2016 01:57:41 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/17/2016 08:19:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: INSPIRION3521)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/17/2016 04:16:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7e0
Faulting module name: windows.storage.dll, version: 10.0.10586.306, time stamp: 0x571af71d
Exception code: 0xc0000005
Fault offset: 0x0000000000059479
Faulting process id: 0x17c8
Faulting application start time: 0xRuntimeBroker.exe0
Faulting application path: RuntimeBroker.exe1
Faulting module path: RuntimeBroker.exe2
Report Id: RuntimeBroker.exe3
Faulting package full name: RuntimeBroker.exe4
Faulting package-relative application ID: RuntimeBroker.exe5
 
Error: (06/17/2016 03:59:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d899
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a84cbb
Exception code: 0xc000027b
Fault offset: 0x00166fb1
Faulting process id: 0x239c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (06/16/2016 11:27:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: INSPIRION3521)
Description: Activation of app 35314PoliceScannerRadio5-.Radio911PoliceScannerRad_rxqmmtqpnkae0!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2016 11:27:15 PM) (Source: Application Hang) (User: )
Description: The program PoliceRadioScannerLive.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 16dc
 
Start Time: 01d1c86133821f5b
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\35314PoliceScannerRadio5-.Radio911PoliceScannerRad_1.3.3.0_x64__rxqmmtqpnkae0\PoliceRadioScannerLive.exe
 
Report Id: 7af52a30-3454-11e6-bfc9-c01885e11a7a
 
Faulting package full name: 35314PoliceScannerRadio5-.Radio911PoliceScannerRad_1.3.3.0_x64__rxqmmtqpnkae0
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (06/19/2016 04:48:55 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/19/2016 04:48:55 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\djkea\AppData\Local\Temp\ehdrv.sys
 
Error: (06/19/2016 04:48:55 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/19/2016 04:48:55 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\djkea\AppData\Local\Temp\ehdrv.sys
 
Error: (06/19/2016 04:48:55 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/19/2016 04:48:55 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\djkea\AppData\Local\Temp\ehdrv.sys
 
Error: (06/19/2016 04:48:55 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/19/2016 04:48:55 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\djkea\AppData\Local\Temp\ehdrv.sys
 
Error: (06/19/2016 04:48:54 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/19/2016 04:48:54 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\djkea\AppData\Local\Temp\ehdrv.sys
 
 
Microsoft Office Sessions:
=========================
Error: (06/19/2016 08:06:58 PM) (Source: Application Error)(User: )
Description: esetonlinescanner_enu.exe2.0.8.0573dab40esetonlinescanner_enu.exe2.0.8.0573dab40c000000500036471210c01d1ca8341a14085C:\Users\djkea\Desktop\esetonlinescanner_enu.exeC:\Users\djkea\Desktop\esetonlinescanner_enu.exe6f52a87e-621c-4dd1-ac16-1f4e437bfe3d
 
Error: (06/18/2016 05:49:55 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: INSPIRION3521)
Description: Facebook.Facebook_8xx8rvfyw5nnt!App-2144927142
 
Error: (06/18/2016 05:49:55 PM) (Source: Application Hang)(User: )
Description: WinUAPEntry.exe0.0.0.0293c01d1c9c46dcbbd614294967295C:\Program Files\WindowsApps\Facebook.Facebook_57.490.26348.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exeb5a1c323-35b7-11e6-bfc9-c01885e11a7aFacebook.Facebook_57.490.26348.0_x86__8xx8rvfyw5nntApp
 
Error: (06/18/2016 04:37:23 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: INSPIRION3521)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170
 
Error: (06/18/2016 01:57:41 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (06/17/2016 08:19:54 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: INSPIRION3521)
Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App-2147023170
 
Error: (06/17/2016 04:16:29 PM) (Source: Application Error)(User: )
Description: RuntimeBroker.exe10.0.10586.05632d7e0windows.storage.dll10.0.10586.306571af71dc0000005000000000005947917c801d1c858a68371b5C:\Windows\System32\RuntimeBroker.exeC:\WINDOWS\system32\windows.storage.dll1a529e7b-e639-41f6-9b98-f9a182136157
 
Error: (06/17/2016 03:59:47 PM) (Source: Application Error)(User: )
Description: backgroundTaskHost.exe10.0.10586.05632d899combase.dll10.0.10586.10356a84cbbc000027b00166fb1239c01d1c8ebede2bd65C:\WINDOWS\syswow64\backgroundTaskHost.exeC:\WINDOWS\SYSTEM32\combase.dlle243f082-49c0-48b0-a111-160e5858355eMicrosoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwex27e26f40ye031y48a6yb130yd1f20388991ax
 
Error: (06/16/2016 11:27:15 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: INSPIRION3521)
Description: 35314PoliceScannerRadio5-.Radio911PoliceScannerRad_rxqmmtqpnkae0!App-2144927142
 
Error: (06/16/2016 11:27:15 PM) (Source: Application Hang)(User: )
Description: PoliceRadioScannerLive.exe1.0.0.016dc01d1c86133821f5b4294967295C:\Program Files\WindowsApps\35314PoliceScannerRadio5-.Radio911PoliceScannerRad_1.3.3.0_x64__rxqmmtqpnkae0\PoliceRadioScannerLive.exe7af52a30-3454-11e6-bfc9-c01885e11a7a35314PoliceScannerRadio5-.Radio911PoliceScannerRad_1.3.3.0_x64__rxqmmtqpnkae0App
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-06-18 21:58:01.674
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 21:58:01.563
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 21:57:57.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 21:57:57.421
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 21:57:54.345
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 21:57:54.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 21:57:50.799
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 21:57:50.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 21:57:46.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-18 21:57:45.404
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell System Detect (HKCU\...\58d94f3ce2c27db0) (Version: 7.6.0.4 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Duplicate Cleaner Free 3.2.6 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.6 - DigitalVolcano Software Ltd)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.99 - Dell Inc.)
Facebook Games Arcade 0.6.0.1 (HKLM-x32\...\{F31484D6-A5E7-401E-B571-8B035E27AB56}) (Version: 0.6.0.1 - Facebook)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
GIGIT-Scanner (HKLM-x32\...\{150930C0-CA4C-287C-6729-9FE220920574}) (Version: 1.1.8 - GIGIT CORP.) Hidden
GIGIT-Scanner (HKLM-x32\...\com.playgigit.GigItScanner) (Version: 1.1.8 - GIGIT CORP.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Photos Backup (HKCU\...\Google Photos Backup) (Version: 1.1.1.259 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.2.131.1 - Intel Security)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Joystick Plug-in (HKLM-x32\...\JSJS) (Version:  - Numfum Ltd)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.3 - LG Electronics)
LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Message+ (HKLM-x32\...\{c828830f-53d4-4a2f-ad5a-0b86574bce11}) (Version: 1.0.17.0 - Verizon)
Message+ (HKLM-x32\...\{EBFB7F60-1DF5-47B5-BCF6-8182CB9350D8}) (Version: 1.0.17.0 - Verizon) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PasswordBox (HKLM-x32\...\PasswordBox) (Version: 1.38.11.4170 - PasswordBox, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)
Spotify (HKCU\...\Spotify) (Version: 1.0.29.90.g200ff544 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.9 - Verizon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.83.0 - Verizon)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
 
========================= Devices: ================================
 
Name: 
Description: 
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Creative Technology Ltd.
Service: 
Device ID: ROOT\IMAGE\0000
Problem: : Reinstall the drivers for this device. (Code 18)
Resolution: The drivers for this device must be reinstalled.
 Click "Update Driver", which starts the Hardware Update wizard.
Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 90%
Total physical RAM: 3977.27 MB
Available physical RAM: 358.59 MB
Total Virtual: 7784.91 MB
Available Virtual: 2288.39 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:457.84 GB) (Free:290.48 GB) NTFS
3 Drive z: (RECOVERY) (Fixed) (Total:0.88 GB) (Free:0.47 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\INSPIRION3521
 
805dj_000                Administrator            DefaultAccount           
djkea                    Guest                    
 
 
**** End of log ****
 
 
 
 
 
 
SECURITY CHECK LOG
 

SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 20.06.2016 17:27:06
Path starting: C:\Users\djkea\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: djkea
VersionXML: 3.09is-18.06.2016
___________________________________________________________________________
 
Windows 10(6.3.10586) (x64) Core Lang: English(0409)
Installation date OS: 19.12.2015 04:19:08
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [457.8 Gb] Used: [167.3 Gb] Free: [290.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.420.10586.0
User Account Control enabled
Automatic download and scheduled installation
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
SUPERAntiSpyware v.6.0.1168
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.41212.0
Picasa 3 v.3.9.141.259 Warning! This software is no longer supported.
VLC media player v.2.2.4
--------------------------- [ AppleProduction ] ---------------------------
QuickTime 7 v.7.76.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.4.0.0.1390 Warning! Download Update
Adobe Flash Player 22 NPAPI v.22.0.0.192
------------------------------- [ Browser ] -------------------------------
Google Chrome v.51.0.2704.103
Mozilla Firefox 43.0.1 (x86 en-US) v.43.0.1 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.51.0.2704.103
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
SAS Core Service (!SASCORE) - The service is running
C:\Program Files\SUPERAntiSpyware\SASCore64.exe v.6.0.0.1080
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE v.6.0.0.1220
C:\Program Files\Windows Defender\MsMpEng.exe v.4.9.10586.0
C:\Program Files\Windows Defender\NisSrv.exe v.4.9.10586.0
C:\Program Files\Windows Defender\MSASCui.exe v.4.9.10586.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
PasswordBox v.1.38.11.4170 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by Xplode). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
 


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 20 June 2016 - 07:41 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 20 June 2016 - 07:44 PM

Uninstall these programs with D-Uninstaller. If you have issues removing them, then use Geek Uninstaller with Force Removal.

 

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell System Detect (HKCU\...\58d94f3ce2c27db0) (Version: 7.6.0.4 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Facebook Games Arcade 0.6.0.1 (HKLM-x32\...\{F31484D6-A5E7-401E-B571-8B035E27AB56}) (Version: 0.6.0.1 - Facebook)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
 



#8 djkea

djkea
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:35 PM

Posted 20 June 2016 - 09:57 PM

Ready to proceed however just to verify, should defender be on or off during these next scans?  Does it matter?  Thx very much.



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 20 June 2016 - 10:08 PM

You can turn it off, just to be on the safe side. :)



#10 djkea

djkea
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:35 PM

Posted 21 June 2016 - 08:25 AM

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool 5.1
Time: 2016_06_20_20_42_06
OS: Windows 10 Home - x64 Bit
Account Name: djkea
Adware Definition: 06202016
Elapsed time: 18:11
Scan Status:- Automatic Done
 
\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\
 
File Found : PUP.SurfVox : C:\Program Files\FlightGear 3.2.0\data\Aircraft\Hurricane\Models\starter.xml
File Found : PUP.SurfVox : C:\Program Files\FlightGear 3.2.0\data\Aircraft\Spitfire\Models\starter.xml
Registry Key Found : Adware.Fox News : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ <RegKey:> SharedAccess
Registry Key Found : Adware.Fox News : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ <RegKey:> SharedAccess
Browser: Chrome Found : Adware.PriceSparrow : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Preferences
Browser: Chrome Found : Adware.Pconverter : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool 5.1
Time: 2016_06_20_20_42_06
OS: Windows 10 Home - x64 Bit
Account Name: djkea
Adware Definition: 06202016
Elapsed time: 18:11
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
[-] Deleted ->> File ->> C:\Program Files\FlightGear 3.2.0\data\Aircraft\Hurricane\Models\starter.xml
 
[-] Deleted ->> File ->> C:\Program Files\FlightGear 3.2.0\data\Aircraft\Spitfire\Models\starter.xml
 
[-] Repaired ->> File ->> C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[-] Repaired ->> File ->> C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
 
[x] Removal Failed ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
 
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by djkea (Administrator) on Mon 06/20/2016 at 20:28:54.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 12 
 
Successfully deleted: C:\Users\djkea\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdalhedleemkkdjddjgfjmcnbpejpapp_0.localstorage (File) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal (File) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage (File) 
Successfully deleted: C:\Users\djkea\AppData\Roaming\Mozilla\Firefox\Profiles\485nsg07.default-1430471493986\extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi (File) 
Successfully deleted: C:\Users\djkea\AppData\Roaming\Mozilla\Firefox\Profiles\485nsg07.default-1430471493986\extensions\shopearn@prodege.com.xpi (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
Deleted the following from C:\Users\djkea\AppData\Roaming\Mozilla\Firefox\Profiles\485nsg07.default-1430471493986\prefs.js
user_pref(browser.newtab.url, hxxp://search.swagbucks.com/?f=51);
 
 
 
Registry: 7 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3109200119D41D63CD9545A28D59DA9E (Registry Value) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0001101466040197mcinstcleanup (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/20/2016 at 20:32:29.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
After downloading and running as admin the ZHP scan, clicked update and IE opened and went to ZHP site in French language.  As I am not fluent in French I stopped at this point.
 
 
 


#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 21 June 2016 - 09:29 AM

Download from here.

 

Click on the pic below at the site, telecharger is download.

 

 

akl3HEj.png



#12 djkea

djkea
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:35 PM

Posted 21 June 2016 - 01:46 PM

ADWARE CLEANER-  I ran the cleaner then could not find the log so I ran it again.  And again...

 

# AdwCleaner v5.007 - Logfile created 14/09/2015 at 04:22:46

# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Local]
# Operating system : Windows 10 Home  (x64)
# Username : djkea - INSPIRION3521
# Running from : C:\Users\djkea\Documents\Downloads\adwcleaner_5.007.exe
# Option : Scan
# Support : hxxp://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
Folder Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Folder Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
 
***** [ Files ] *****
 
File Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\obciceimmggglbmelaidpjlmodcebijb
File Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl
File Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jmbmildjdmppofnohldicmnkojfhggmb
File Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
File Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dajedkncpodkggklbegccjpmnglmnflm
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ekpdpmpcgcmpaeokmclflfpadaklgpji
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ganlifbpkcplnldliibcbegplfmcfigp
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : gngocbkfmikdgphklgmmehbjjlfgdemm
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jmbmildjdmppofnohldicmnkojfhggmb
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : niloccemoadcdkdjlinkgdfekeahmflj
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : obciceimmggglbmelaidpjlmodcebijb
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2872 bytes] ##########
# AdwCleaner v5.200 - Logfile created 21/06/2016 at 11:27:18
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-21.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : djkea - INSPIRION3521
# Running from : C:\Users\djkea\Desktop\adwcleaner_5.200.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpdpmpcgcmpaeokmclflfpadaklgpji
Folder Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
 
***** [ Files ] *****
 
File Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
File Found : C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ekpdpmpcgcmpaeokmclflfpadaklgpji
[C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : gngocbkfmikdgphklgmmehbjjlfgdemm
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [3131 bytes] - [21/03/2016 23:49:32]
C:\AdwCleaner\AdwCleaner[C2].txt - [7185 bytes] - [14/09/2015 04:34:10]
C:\AdwCleaner\AdwCleaner[C3].txt - [2541 bytes] - [11/11/2015 20:25:40]
C:\AdwCleaner\AdwCleaner[C4].txt - [2382 bytes] - [30/12/2015 19:28:05]
C:\AdwCleaner\AdwCleaner[R0].txt - [4542 bytes] - [08/06/2015 11:26:42]
C:\AdwCleaner\AdwCleaner[R1].txt - [4601 bytes] - [08/06/2015 11:35:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [4382 bytes] - [08/06/2015 11:39:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [2915 bytes] - [21/03/2016 23:43:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [3853 bytes] - [20/06/2016 20:08:07]
C:\AdwCleaner\AdwCleaner[S3].txt - [5069 bytes] - [14/09/2015 04:22:46]
C:\AdwCleaner\AdwCleaner[S4].txt - [2371 bytes] - [11/11/2015 17:07:34]
C:\AdwCleaner\AdwCleaner[S5].txt - [2218 bytes] - [30/12/2015 18:33:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [5288 bytes] ##########
 
 
JRT LOG-
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by djkea (Administrator) on Mon 06/20/2016 at 20:28:54.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 12 
 
Successfully deleted: C:\Users\djkea\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb (Folder) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdalhedleemkkdjddjgfjmcnbpejpapp_0.localstorage (File) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal (File) 
Successfully deleted: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage (File) 
Successfully deleted: C:\Users\djkea\AppData\Roaming\Mozilla\Firefox\Profiles\485nsg07.default-1430471493986\extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi (File) 
Successfully deleted: C:\Users\djkea\AppData\Roaming\Mozilla\Firefox\Profiles\485nsg07.default-1430471493986\extensions\shopearn@prodege.com.xpi (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
Deleted the following from C:\Users\djkea\AppData\Roaming\Mozilla\Firefox\Profiles\485nsg07.default-1430471493986\prefs.js
user_pref(browser.newtab.url, hxxp://search.swagbucks.com/?f=51);
 
 
 
Registry: 7 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3109200119D41D63CD9545A28D59DA9E (Registry Value) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0001101466040197mcinstcleanup (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/20/2016 at 20:32:29.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
ADWARE REMOVAL LOG- NOT FOUND
 
ZHP SCAN LOG-
 

~ ZHPCleaner v2016.6.18.75 by Nicolas Coolman (2016/06/18)
~ Run by djkea (Administrator)  (21/06/2016 09:08:51)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\djkea\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\djkea\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (0)
~ No malicious or unnecessary items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (8)
MOVED file: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpkhmmacbjndakceaikggpnnnddijeen_0.localstorage    =>PUP.Optional.MyWebSearch
MOVED file: C:\Windows\Prefetch\NETWORKSPEEDTEST.EXE-AA529608.pf    =>PUP.Optional.ScriptHost
MOVED folder: C:\Users\djkea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpkhmmacbjndakceaikggpnnnddijeen  =>PUP.Optional.MyWebSearch
MOVED folder: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
MOVED folder: C:\WINDOWS\Installer\MSI5C66.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI971A.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBCC5.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC203.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (5)
DELETED key*: HKEY_USERS\S-1-5-21-3786128022-3222371476-2473358639-1001\SOFTWARE\Classes\.7z [PepperZip]  =>PUP.Optional.PepperZip
DELETED key*: HKEY_USERS\S-1-5-21-3786128022-3222371476-2473358639-1001\SOFTWARE\Classes\.rar [PepperZip]  =>PUP.Optional.PepperZip
DELETED key*: HKEY_USERS\S-1-5-21-3786128022-3222371476-2473358639-1001\SOFTWARE\Classes\.zip [PepperZip]  =>PUP.Optional.PepperZip
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect
DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime]  =>Riskware.QuickTime
 
 
---\\  Summary of the elements found (5)
http://www.nicolascoolman.fr/?p=220  =>PUP.Optional.MyWebSearch
http://www.nicolascoolman.fr/?p=1120  =>PUP.Optional.ScriptHost
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.PepperZip
 
 
---\\  Other deletions. (37)
~ Registry Keys Tracing deleted (37)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 1003
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 13
 
 
~ End of clean in 00h27mn57s
~====================
ZHPCleaner-[R]-21062016-09_36_48.txt
ZHPCleaner-[S]-21062016-09_06_38.txt
 
 
ZEMENA SCAN LOG-
 
Zemana AntiMalware 2.21.2.15 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/21
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i3-3217U CPU @ 1.80GHz
BIOS Mode              : UEFI
CUID                   : 00DA2C1A4B86D74615D838
Scan Type              : Deep Scan
Duration               : 37m 27s
Scanned Objects        : 438657
Detected Objects       : 23
Excluded Objects       : 1
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Firefox Homepage
Status             : Scanned
Object             : place:sort=8&maxResults=10
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Homepage
 
Chrome Shortcut
Status             : Scanned
Object             : --profile-directory="Profile 4"
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
Object             : --enable-audible-notifications
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
Object             : --app-id=dmnddeddcgdllibmaodanoonljfdmooc
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
Object             : --app-id=ghgabhipcejejjmhhchfonmamedcbeod
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
Object             : --app-id=gngocbkfmikdgphklgmmehbjjlfgdemm
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
Object             : --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
Object             : --app-id=pjkljhegncpnkpknbcohdijeoejaedia
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
Object             : --profile-directory="Profile 4"
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
Object             : --profile-directory="Profile 3"
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Shortcut
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Chrome Startup Url
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Startup Url
 
Chrome Startup Url
Status             : Scanned
Object             : https://www.stumbleupon.com/login
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Startup Url
 
Chrome Startup Url
Status             : Scanned
Object             : http://www.swagbucks.com/account/summary
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Startup Url
 
Chrome Startup Url
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Startup Url
 
Swagbucks Search
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\nnegnghjbbaaojdkcdgmdehpakckeekb
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Swagbucks Search
 
ArcadeYum
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\jmbmildjdmppofnohldicmnkojfhggmb
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.ChromeExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - ArcadeYum
 
Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : F666B6456726DB927939D86012073291
Publisher          : -
Size               : 89
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - Hosts file is hidden
                File - %systemroot%\system32\drivers\etc\hosts
 
Setup FlightGear 3.2.0.exe
Status             : Scanned
Object             : %public%\from toshiba on dec 5 2015\libraries\pictures\setup flightgear 3.2.0.exe
MD5                : 694F9CC4CBF2A560350083B6E930E1AA
Publisher          : -
Size               : 153600
Version            : 3.2.0.0
Detection          : Malware:Win32/Tyron.A!Aeka
Cleaning Action    : Quarantine
Related Objects    :
                File - %public%\from toshiba on dec 5 2015\libraries\pictures\setup flightgear 3.2.0.exe
 
Setup FlightGear 3.2.0.exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\filehistory\data\8059\c\users\djkea\documents\downloads\setup flightgear 3.2.0.exe
MD5                : 694F9CC4CBF2A560350083B6E930E1AA
Publisher          : -
Size               : 153600
Version            : 3.2.0.0
Detection          : Malware:Win32/Tyron.A!Aeka
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\filehistory\data\8059\c\users\djkea\documents\downloads\setup flightgear 3.2.0.exe
 
Setup FlightGear 3.4.0.exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\filehistory\data\8059\c\users\djkea\documents\downloads\setup flightgear 3.4.0.exe
MD5                : 7D259FAA710281EE828F233AFBA5C1DD
Publisher          : -
Size               : 153600
Version            : 3.4.0.0
Detection          : Malware:Win32/Tyron.A!Aeka
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\filehistory\data\8059\c\users\djkea\documents\downloads\setup flightgear 3.4.0.exe
 
Setup FlightGear 3.0.0.exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\filehistory\data\8059\c\users\djkea\documents\downloads\setup flightgear 3.0.0.exe
MD5                : FAEAB362B3C3BBDB4190B461C489D92E
Publisher          : -
Size               : 153600
Version            : 3.0.0.0
Detection          : Malware:Win32/Tyron.A!Aeka
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\filehistory\data\8059\c\users\djkea\documents\downloads\setup flightgear 3.0.0.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 23
Reported as safe      : 0
Failed                : 0
 


#13 djkea

djkea
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:35 PM

Posted 21 June 2016 - 02:24 PM

Currently working on program removal with D Installler.  Attempted removal once and had success with most of the programs, (it appeared.)  Performed reboot then started D Installer again and all the programs still appear in the list of programs available to remove.  Unsure how to proceed.  Thanks.



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 21 June 2016 - 02:50 PM

Use geek uninstaller to remove the programs.



#15 djkea

djkea
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:35 PM

Posted 21 June 2016 - 05:16 PM

OK I believe the offensive programs are gone, what's next kind sir?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users