Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware?


  • Please log in to reply
17 replies to this topic

#1 chronology

chronology

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 20 June 2016 - 03:20 AM

Hi,

​So my debit card number was somehow stolen about a week ago (without the actual card being stolen), and my bank account was completely wiped out with fradulent charges. This is the first time this has ever happened to me, and considering how careful I am in the real world with my banking card, I am wondering if my PC may be infected with some kind of malware or spyware that allowed a hacker/cracker to retrieve this information. I have noticed that occasionally (though not always), my PC will take longer than it seems like it should to load Windows after I turn it on (considering its very new). I have both AVG and Malwarebytes installed, and both scans come up clean. However I know there are some types of infections that these programs probably can't detect, and I would rather know with 100% certainty than my PC is clean, before I go back to using it for online banking and internet shopping. Any help would be appreciated. Thanks.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 20 June 2016 - 01:05 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 chronology

chronology
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 21 June 2016 - 11:22 AM

Hi. Below are the logs in the order that you requested.

# AdwCleaner v5.200 - Logfile created 21/06/2016 at 06:37:42
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-20.3 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : chronology - LAPTOP-E4CE7UKV
# Running from : C:\Users\chronology\Desktop\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 

***** [ Files ] *****
 

***** [ DLLs ] *****
 

***** [ WMI ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : HKU\S-1-5-21-2028930430-1805723755-2688980648-1002\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : HKU\S-1-5-21-2028930430-1805723755-2688980648-1002\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1f38ec4b-acee-4c43-b478-9d1e8e4c9944} [NameServer]
 
***** [ Web browsers ] *****
 

*************************


 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1354 bytes] - [21/06/2016 06:37:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [1526 bytes] - [21/06/2016 06:35:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1500 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by chronology (Administrator) on Tue 06/21/2016 at  6:42:36.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

File System: 0
 
 
 

Registry: 1
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BBFA1DD7-D23D-4862-917F-CB8825195DE4} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/21/2016 at  6:44:23.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(Adware Removal Tool log)

[-] Deleted ->> File ->> C:\Program Files\Lenovo\ImController\Service\Microsoft.Win32.TaskScheduler.dll
[-] Deleted ->> File ->> C:\Program Files (x86)\Lenovo\REACHit\Microsoft.Win32.TaskScheduler.dll

 

~ ZHPCleaner v2016.8.13.324 by Nicolas Coolman (2015/08/13)
~ Run by chronology (Administrator)  (21/06/2016 08:24:15)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : No network file
~ Type : Scan
~ Report : C:\Users\chronology\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\chronology\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)
 

---\\  Services (0)
~ No malicious or unnecessary items found.
 

---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 

---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 

---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.
 

---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.
 

---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 

---\\ Statistics
~ Items scanned : 82701
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0
 

~ End of search in 5 minutes
===================
ZHPCleaner-[S]-21062016-08_29_50.txt
 

 

Zemana AntiMalware 2.21.2.15 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/21
Operating System       : Windows 10 64-bit
Processor              : 4X AMD A8-7410 APU with AMD Radeon R5 Graphics
BIOS Mode              : UEFI
CUID                   : 122049214EB103D00F9875
Scan Type              : Deep Scan
Duration               : 16m 46s
Scanned Objects        : 208138
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
There are no detected objects

 

 



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 21 June 2016 - 03:02 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#5 chronology

chronology
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 23 June 2016 - 11:35 AM

Okay, these scans are rather lengthy and will likely take me a day or two. Don't close the thread in the mean time. :)



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 23 June 2016 - 12:06 PM

:thumbup2:



#7 chronology

chronology
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 27 June 2016 - 10:36 AM

Alright, sorry for the delayed response. Below are the logs. Note that there is no log for the ESET online scanner because it didn't find anything malicious.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/23/2016
Scan Time: 9:53 AM
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.23.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: chronology

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328402
Time Elapsed: 45 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


MiniToolBox by Farbar  Version: 17-06-2016
Ran by chronology (administrator) on 24-06-2016 at 13:34:30
Running from "C:\Users\chronology\Downloads"
Microsoft Windows 10 Home  (X64)
Model: 80M8 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

TAP-Windows Adapter V9 = Ethernet 2 (Connected)
Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Wi-Fi" nexthop=10.0.0.10 metric=1 publish=Yes
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Wi-Fi" address=10.0.0.250 mask=255.0.0.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : LAPTOP-E4CE7UKV
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 50-7B-9D-31-59-03
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 42-B8-9A-48-14-57
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-2B-C8-BB-0F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c899:3c74:d965:f3bb%7(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.133.1.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : Friday, June 24, 2016 12:55:25 PM
   Lease Expires . . . . . . . . . . : Saturday, June 24, 2017 12:55:24 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.133.1.5
   DHCPv6 IAID . . . . . . . . . . . : 117505835
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-8B-00-2E-50-7B-9D-31-59-03
   DNS Servers . . . . . . . . . . . : 209.222.18.222
                                       209.222.18.218
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
   Physical Address. . . . . . . . . : 40-B8-9A-48-14-57
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cc10:372f:7b94:1bdd%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.250(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . : 10.0.0.10
   DHCPv6 IAID . . . . . . . . . . . : 71350426
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-8B-00-2E-50-7B-9D-31-59-03
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 40-B8-9A-48-14-58
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1F38EC4B-ACEE-4C43-B478-9D1E8E4C9944}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2BC8BB0F-2103-433B-97C0-EC97C718A2AC}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  resolver1.privateinternetaccess.com
Address:  209.222.18.222

Name:    google.com
Address:  216.58.217.142


Pinging google.com [216.58.217.142] with 32 bytes of data:
Reply from 216.58.217.142: bytes=32 time=42ms TTL=54
Reply from 216.58.217.142: bytes=32 time=46ms TTL=54

Ping statistics for 216.58.217.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 46ms, Average = 44ms
Server:  resolver1.privateinternetaccess.com
Address:  209.222.18.222

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=54ms TTL=53
Reply from 98.139.183.24: bytes=32 time=51ms TTL=53

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 51ms, Maximum = 54ms, Average = 52ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...50 7b 9d 31 59 03 ......Realtek PCIe GBE Family Controller
  4...42 b8 9a 48 14 57 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  7...00 ff 2b c8 bb 0f ......TAP-Windows Adapter V9
  5...40 b8 9a 48 14 57 ......Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
 13...40 b8 9a 48 14 58 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.0.0.10       10.0.0.250     26
          0.0.0.0        128.0.0.0       10.113.1.5       10.133.1.6     20
          0.0.0.0        128.0.0.0       10.133.1.5       10.133.1.6     20
         10.0.0.0        255.0.0.0         On-link        10.0.0.250    281
       10.0.0.250  255.255.255.255         On-link        10.0.0.250    281
       10.113.1.1  255.255.255.255       10.113.1.5       10.133.1.6     20
       10.133.1.1  255.255.255.255       10.133.1.5       10.133.1.6     20
       10.133.1.4  255.255.255.252         On-link        10.133.1.6    276
       10.133.1.6  255.255.255.255         On-link        10.133.1.6    276
       10.133.1.7  255.255.255.255         On-link        10.133.1.6    276
   10.255.255.255  255.255.255.255         On-link        10.0.0.250    281
    108.61.68.146  255.255.255.255        10.0.0.10       10.0.0.250     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0       10.113.1.5       10.133.1.6     20
        128.0.0.0        128.0.0.0       10.133.1.5       10.133.1.6     20
   208.167.254.54  255.255.255.255        10.0.0.10       10.0.0.250     25
   208.167.254.93  255.255.255.255        10.0.0.10       10.0.0.250     25
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.0.0.250    281
        224.0.0.0        240.0.0.0         On-link        10.133.1.6    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.0.0.250    281
  255.255.255.255  255.255.255.255         On-link        10.133.1.6    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0        10.0.0.10       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  5    281 fe80::/64                On-link
  7    276 fe80::/64                On-link
  7    276 fe80::c899:3c74:d965:f3bb/128
                                    On-link
  5    281 fe80::cc10:372f:7b94:1bdd/128
                                    On-link
  1    306 ff00::/8                 On-link
  5    281 ff00::/8                 On-link
  7    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/24/2016 01:30:26 PM) (Source: Application Hang) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.10586.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2c78

Start Time: 01d1ce3839deba63

Termination Time: 1235

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 4048bc01-3a31-11e6-9c00-40b89a481458

Faulting package full name: Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (06/23/2016 02:10:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-E4CE7UKV)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/22/2016 01:19:26 PM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {26618E9E-845C-43AF-9430-C37708CCD652}

Error: (06/22/2016 01:19:26 PM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {26618E9E-845C-43AF-9430-C37708CCD652}

Error: (06/22/2016 12:42:02 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/22/2016 12:35:05 PM) (Source: Office 2016 Licensing Service) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (06/22/2016 12:35:05 PM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {321ED348-A265-4424-85D5-720797779043}

Error: (06/22/2016 12:35:05 PM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {321ED348-A265-4424-85D5-720797779043}

Error: (06/21/2016 04:28:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-E4CE7UKV)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/21/2016 10:51:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-E4CE7UKV)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (06/23/2016 02:57:31 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Error: (06/23/2016 02:11:11 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Error: (06/23/2016 02:10:36 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/23/2016 02:10:14 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_ca60af service to connect.

Error: (06/23/2016 02:10:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_ca60af service to connect.

Error: (06/23/2016 02:10:06 PM) (Source: DCOM) (User: LAPTOP-E4CE7UKV)
Description: CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca

Error: (06/23/2016 02:10:03 PM) (Source: Service Control Manager) (User: )
Description: The User Data Access_ca60af service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/23/2016 02:10:03 PM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_ca60af service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/23/2016 02:10:03 PM) (Source: Service Control Manager) (User: )
Description: The Contact Data_ca60af service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/23/2016 02:10:03 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_ca60af service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/24/2016 01:30:26 PM) (Source: Application Hang)(User: )
Description: MicrosoftEdgeCP.exe11.0.10586.202c7801d1ce3839deba631235C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe4048bc01-3a31-11e6-9c00-40b89a481458Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweMicrosoftEdge

Error: (06/23/2016 02:10:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-E4CE7UKV)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141

Error: (06/22/2016 01:19:26 PM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {26618E9E-845C-43AF-9430-C37708CCD652}

Error: (06/22/2016 01:19:26 PM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {26618E9E-845C-43AF-9430-C37708CCD652}

Error: (06/22/2016 12:42:02 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/22/2016 12:35:05 PM) (Source: Office 2016 Licensing Service)(User: )
Description: Subscription licensing service failed: -2143485936

Error: (06/22/2016 12:35:05 PM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {321ED348-A265-4424-85D5-720797779043}

Error: (06/22/2016 12:35:05 PM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {321ED348-A265-4424-85D5-720797779043}

Error: (06/21/2016 04:28:55 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-E4CE7UKV)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141

Error: (06/21/2016 10:51:46 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-E4CE7UKV)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141


CodeIntegrity Errors:
===================================
  Date: 2016-06-24 12:58:26.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-24 12:56:59.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-24 12:56:59.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-24 12:56:58.840
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-24 12:56:58.797
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-24 12:56:58.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-24 12:56:58.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-23 08:49:45.776
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-23 08:49:45.752
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-23 08:42:31.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

AMD Catalyst Install Manager (HKLM\...\{60AA5051-1690-890B-954C-7E18398FCF32}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (HKLM\...\{436BDF74-49B8-4C84-9378-501316C8C470}) (Version: 16.81.7640 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.61.2.12974 - AVG Technologies)
AVG 2016 (HKLM\...\{E6A52E92-1AA2-4711-A4AE-7CA6BCC99C8B}) (Version: 16.0.4613 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7640 - AVG Technologies)
AVG Zen (HKLM\...\{96CBF71D-C368-4B02-88E3-BB5DD34E6873}) (Version: 1.61.9 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Components (HKLM-x32\...\{1720B0E0-C520-43A6-B677-97A1D80F3B99}) (Version: 1.0.023.00 - Lenovo) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.55 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
FMW 1 (HKLM\...\{69851B81-35BF-4B1B-AE90-3B1D67DD8857}) (Version: 1.102.4 - AVG Technologies) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo BatteryGauge (HKLM\...\{CBEDEC16-C4F5-4255-99E4-5884EFEDD1BC}) (Version: 1.0.045.00 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4210 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4210 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.3330.01 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5328.55 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5328.55 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35}) (Version: 3.0.002.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.054.00 - Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.865.867.060315 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.213.243 - REALTEK Semiconductor Corp.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.42 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.15 - Zemana Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 7074.6 MB
Available physical RAM: 3439.46 MB
Total Virtual: 7522.6 MB
Available Virtual: 4248.86 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:885.83 GB) (Free:788.58 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.12 GB) NTFS

========================= Users: ========================================

User accounts for \\LAPTOP-E4CE7UKV

Administrator            DefaultAccount           Guest                    
chronology         


**** End of log ****


SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 24.06.2016 13:41:42
Path starting: C:\Users\chronology\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: chronology
VersionXML: 3.13is-24.06.2016
___________________________________________________________________________

Windows 10(6.3.10586) (x64) Core Lang: English(0409)
Installation date OS: 04.04.2016 14:34:08
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Subscription4 edition Timebased activation will expire :66187 minutes
LicenseStatus: Office 16, Office16HomeStudentR_Retail edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: Internet Explorer (C:\Program Files\Internet Explorer\iexplore.exe)
SystemDrive: C: FS: [NTFS] Capacity: [885.8 Gb] Used: [97.2 Gb] Free: [788.6 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.420.10586.0
User Account Control enabled
Automatic download and scheduled installation
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled)
AVG Internet Security (enabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
AVG Internet Security (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled)
AVG Internet Security (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.21.15
Spybot - Search & Destroy v.2.4.40
--------------------------- [ OtherUtilities ] ----------------------------
OpenOffice 4.1.2 v.4.12.9782
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.3.3.17 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ RunningProcess ] ----------------------------
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe v.11.0.10586.420
------------------ [ AntivirusFirewallProcessServices ] -------------------
AvgAMPS (AvgAMPS) - The service has stopped
C:\Program Files (x86)\AVG\Av\avgrsa.exe v.16.81.0.7640
C:\Program Files (x86)\AVG\Av\avgcsrva.exe v.16.81.0.7640
AVGIDSAgent (AVGIDSAgent) - The service is running
AVG Service (avgsvc) - The service is running
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe v.1.102.2.23246
AVG Service (avgsvc) - The service is running
AVG Firewall (avgfws) - The service is running
C:\Program Files (x86)\AVG\Av\avgfwsa.exe v.16.81.0.7640
AVG WatchDog (avgwd) - The service is running
C:\Program Files (x86)\AVG\Av\avgwdsvca.exe v.16.81.0.7640
C:\Program Files (x86)\AVG\Av\avgnsa.exe v.16.81.0.7640
C:\Program Files (x86)\AVG\Av\avgemca.exe v.16.81.0.7640
C:\Program Files (x86)\AVG\Av\avgui.exe v.16.81.0.7640
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe v.1.102.2.23246
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
----------------------------- [ End of Log ] ------------------------------



 



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 27 June 2016 - 04:45 PM

What issues remain?



#9 chronology

chronology
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 29 June 2016 - 07:35 AM

No visible symptoms. I just wanted to be sure that my system was clean after the bank card fraud.



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 29 June 2016 - 05:37 PM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.


#11 chronology

chronology
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 01 July 2016 - 01:09 PM

I have a different problem now. I began the process per your instructions above. I downloaded Adfix, installed it, and followed the above instructions step by step. After about 3 hours into it, and being stuck on 59% progress for somewhere around 1.5 - 2 hours, I decided I was going to have to abort the scan and finish another time (the scan had automatically deleted 11 files thus far during the scan). I had to use the Task manager to manually terminate the process, as none of the buttons on the program were responding. Shortly after terminating the program, I noticed that both my Windows start button, as well as my search box right beside it, no longer respond. I rebooted my PC, but both are still not responding. I attempted to do a System Restore, but it seemed to get perpetually stuck on the "Please wait... System Restore is initializing. . ." screen. Both the Start button and Search box remain unresponsive. I'm using Windows 10. Help???



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 01 July 2016 - 06:13 PM

Install (use the direct download) the Tweaking.com - Windows all in one repair tool. Then boot Windows into Safe Mode, (Make Certain To Run This Program As Administrator) then run through the Prescan on step 2 tab. Then skip to step 5 and create  a system restore point. Then go to the repair tab...

Notice create a registry backup is ticked by default, so no need to do so in step 5...peQoqsq.png

Now run the program, with the  All Default boxes ticked!!

Important: Make certain to reboot twice after running this tool!!



#13 chronology

chronology
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 05 July 2016 - 05:38 PM

Sorry for the delayed response. With regard to the Start Button and Search problem, I attempted to run a System Restore again the other day. It managed to get all the way through the process this time (apparently the entire process just takes a lot longer than I thought). After it finished I logged onto Windows, and received a pop up that said that the System restore failed to complete, for whatever reason. In any case, the Search box and Start button both worked fine after that, so maybe it restored it enough to fix whatever the issue was. Since that problem is resolved, unless you suggest otherwise I’m going to skip running the Windows repair tool for right now.

Here are the logs. Note that there is no log included for the Adsfix program. After what happened upon running that the other day I am exceedingly cautious about running another scan with that program a second time. If there is no other alternative and you think it is absolutely necessary that I try it again I will, but would prefer not to if I can avoid it. Let me know. 

-|x| RstHosts v2.0 - Rapport créé le 05/07/2016 à 12:15:00
-|x| Système d'exploitation : Windows 10 Home  (64 bits)
-|x| Nom d'utilisateur : chronology - LAPTOP-E4CE7UKV (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 10/07/2015 - 07:04:34
Date de modification : 05/07/2016 - 12:14:55
Date de dernier accès : 05/07/2016 - 12:14:55

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1       localhost
::1             localhost


-|x|- E.O.F - C:\RstHosts.txt - 621 bytes -|x|-


System : Windows 10 Home (64 bits) Core
ProcessorNameString : AMD A8-7410 APU with AMD Radeon R5 Graphics    
Identifier : AMD64 Family 22 Model 48 Stepping 1
CoreTemp : -1 Celsius - Max :  Celsius

Memory RAM = Total (MB) : 7244 | Free (MB) : 5046
Pagefile = Total (MB) : 7703 | Free (MB) : 5537
Virtual = Total (MB) : 4194 | Free (MB) : 3950

¤¤¤¤¤¤¤¤¤¤ # Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ # Drives

D:\-> [Fixed] | [LENOVO] | Total : 25 Go | Free : 23.12 Go -> NTFS [SATA]
C:\-> [Fixed] | [Windows] | Total : 885.83 Go | Free : 741.46 Go -> NTFS [SATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates

No detected update !!!

Microsoft : +


¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\WINDOWS\system32\config\systemprofile
C:\WINDOWS\ServiceProfiles\LocalService
C:\WINDOWS\ServiceProfiles\NetworkService
C:\Users\chronology
C:\Users\MSSQL$SQLEXPRESS

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [05.07.2016 @ 14_20_44])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 11.0.10586.420     (© Microsoft Corporation.)
FF : 47.0.0.5999     (©Firefox and Mozilla Developers; available under the MPL 2 license.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 22.0.0.192

���������� # Security

AV : AVG Internet Security Enabled
AS : AVG Internet Security Enabled
AM : Malwarebytes Anti-Malware   (2.3.173.0)     []
FW : AVG Internet Security Enabled
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

1716 | [Owner :  |Parent : 1204] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
1728 | [Owner :  |Parent : 1204] - (.Advanced Micro Devices, Inc. - tbaseprovisioning.) - (1.0.0.0) = C:\Windows\SysWOW64\tbaseprovisioning.exe
2296 | [Owner :  |Parent : 1204] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.10586.122) = C:\Windows\System32\spoolsv.exe
2600 | [Owner : SYSTEM |Parent : 1204] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2608 | [Owner : SYSTEM |Parent : 1204] - (.AVG Technologies CZ, s.r.o. - AVG Service Process.) - (1.102.2.23246) = C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
2616 | [Owner : SYSTEM |Parent : 1204] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.84) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2624 | [Owner : SYSTEM |Parent : 1204] - (.Conexant Systems Inc. - Conexant Audio Message Service.) - (1.12.0.0) = C:\Windows\System32\CxAudMsg64.exe
2636 | [Owner : SYSTEM |Parent : 1204] - (. - Realtek Bluetooth BTDevManager Service Application.) - (1.0.50.1) = C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
2644 | [Owner : SYSTEM |Parent : 1204] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe
2652 | [Owner : SYSTEM |Parent : 1204] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.6925.1018) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
2660 | [Owner : SYSTEM |Parent : 1204] - (.Realtek Semiconductor Corporation - Realtek Bluetooth AVRCP Service.) - (1.0.21.1) = C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
2804 | [Owner : SYSTEM |Parent : 1204] - (.Conexant Systems, Inc. - SmartAudio Service Application.) - (1.0.5.0) = C:\Windows\SysWOW64\SASrv.exe
2820 | [Owner : SYSTEM |Parent : 1204] - (.Lenovo Group Limited - Lenovo.Modern.ImController.) - (1.0.77.1) = C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
2972 | [Owner : SYSTEM |Parent : 1204] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.0.17.42) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
4164 | [Owner : SYSTEM |Parent : 1600] - (.Microsoft Corporation - Windows Wireless LAN 802.11 Extensibility Framework.) - (10.0.10586.0) = C:\Windows\System32\wlanext.exe
1880 | [Owner : LogonSessionId_0_520012 |Parent : 1204] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.10586.0) = C:\Windows\System32\SearchIndexer.exe
7540 | [Owner : SYSTEM |Parent : 1204] - (.Apple Inc. - iPodService Module (64-bit).) - (12.4.1.6) = C:\Program Files\iPod\bin\iPodService.exe
6172 | [Owner : LogonSessionId_0_9119700 |Parent : 1204] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2014.120.2000.8) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
5696 | [Owner : LOCAL SERVICE |Parent : 1600] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe
7488 | [Owner : LogonSessionId_0_38330415 |Parent : 1204] - (.Microsoft Corporation - SQL Server Windows NT - 64 Bit.) - (2014.120.2269.0) = C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
7124 | [Owner : SYSTEM |Parent : 1716] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe
4576 | [Owner : chronology |Parent : 1584] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe
10132 | [Owner : chronology |Parent : 1584] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe
6080 | [Owner : chronology |Parent : 1312] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe
10024 | [Owner : chronology |Parent : 10184] - (.Microsoft Corporation - Windows Explorer.) - (10.0.10586.420) = C:\Windows\explorer.exe
8096 | [Owner : chronology |Parent : 2972] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.0.17.42) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
11196 | [Owner : chronology |Parent : 7356] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.0.17.42) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5812 | [Owner : chronology |Parent : 1312] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.306) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
7400 | [Owner : chronology |Parent : 2820] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) - (1.0.72.0) = C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
5924 | [Owner : chronology |Parent : 2820] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) - (1.0.72.0) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
3880 | [Owner : chronology |Parent : 2820] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) - (1.0.72.0) = C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
8308 | [Owner : chronology |Parent : 2820] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) - (1.0.72.0) = C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
2024 | [Owner : chronology |Parent : 2820] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) - (1.0.72.0) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
7568 | [Owner : chronology |Parent : 10024] - (. - Lenovo Utility.) - (3.0.0.3) = C:\Program Files\Lenovo\LenovoUtility\utility.exe
7840 | [Owner : chronology |Parent : 10024] - (. - FMAPP Application.) - (1.64.0.1) = C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
4900 | [Owner : chronology |Parent : 10024] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) - (1.7.79.0) = C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
4804 | [Owner : chronology |Parent : 10024] - (.Realtek Semiconductor Corporation - Realtek Bluetooth BTServer Application .) - (1.0.100.1) = C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
11168 | [Owner : chronology |Parent : 4804] - (. - SkypePlugin.exe.) - (1.0.27.1) = C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe
7116 | [Owner : chronology |Parent : 10024] - (.Apple Inc. - iTunesHelper.) - (12.4.1.6) = C:\Program Files\iTunes\iTunesHelper.exe
5756 | [Owner : chronology |Parent : 10024] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6390.509) = C:\Users\chronology\AppData\Local\Microsoft\OneDrive\OneDrive.exe
3784 | [Owner : chronology |Parent : 10024] - (.Apple Inc. - iCloud Services.) - (45.0.0.20) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
2068 | [Owner : chronology |Parent : 10696] - (.CyberLink - CyberLink MediaLibrary Service.) - (8.0.0.2002) = C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
11052 | [Owner : chronology |Parent : 1204] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe
5056 | [Owner : SYSTEM |Parent : 2032] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10586.420) = C:\Windows\System32\fontdrvhost.exe
1784 | [Owner : chronology |Parent : 2008] - (.Microsoft Corporation - CTF Loader.) - (10.0.10586.0) = C:\Windows\System32\ctfmon.exe
5164 | [Owner : chronology |Parent : 4840] - (.Lenovo - Lenovo Solution Center Notifications.) - (1.1.0.0) = C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
11732 | [Owner : chronology |Parent : 1312] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10586.306) = C:\Windows\System32\SettingSyncHost.exe
12080 | [Owner : chronology |Parent : 2820] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) - (1.0.72.0) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
8840 | [Owner : chronology |Parent : 2820] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) - (1.0.72.0) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
4280 | [Owner : chronology |Parent : 2820] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) - (1.0.72.0) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
11716 | [Owner : SYSTEM |Parent : 2820] - (.Lenovo Group Limited - Lenovo.Modern.ImController.PluginHost.) - (1.0.72.0) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
3008 | [Owner : chronology |Parent : 1312] - (. - .) - (10.1.2123.36) = C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
10964 | [Owner : chronology |Parent : 1312] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe
9680 | [Owner : chronology |Parent : 1312] - (. - Microsoft Photos.) - (16.526.11240.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
10396 | [Owner : chronology |Parent : 1312] - (.Microsoft Corporation - Settings.) - (10.0.10586.11) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe
10472 | [Owner : chronology |Parent : 1312] - (. - .) - (10.1605.1606.14001) = C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1605.1661.0_x64__8wekyb3d8bbwe\CompanionApp.exe
6900 | [Owner : chronology |Parent : 1312] - (.Microsoft Corporation - Store.) - (11602.1.26.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
10784 | [Owner : chronology |Parent : 1312] - (.Microsoft Corporation - Video Application.) - (3.6.2144.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe\Video.UI.exe
7572 | [Owner : chronology |Parent : 10024] - (.Microsoft Corporation - Microsoft Word.) - (16.0.6965.2058) = C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
5664 | [Owner : chronology |Parent : 1312] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.420) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
8764 | [Owner : chronology |Parent : 11172] - (.Microsoft Corporation - Notepad.) - (10.0.10586.0) = C:\Windows\SysWOW64\notepad.exe
5980 | [Owner : chronology |Parent : 10024] - (. - .) - (0.0.0.0) = C:\Program Files\pia_manager\pia_manager.exe
10516 | [Owner : chronology |Parent : 5980] - (.http://www.ruby-lang.org/ - Ruby interpreter (GUI) 1.9.3p448 [i386-mingw32].) - (1.9.3.448) = C:\Users\CHRONO~1\AppData\Local\Temp\ocr47CC.tmp\bin\rubyw.exe
11024 | [Owner : chronology |Parent : 10516] - (. - .) - (0.0.0.0) = C:\Program Files\pia_manager\pia_manager.exe
11076 | [Owner : chronology |Parent : 11024] - (.http://www.ruby-lang.org/ - Ruby interpreter (GUI) 1.9.3p448 [i386-mingw32].) - (1.9.3.448) = C:\Users\CHRONO~1\AppData\Local\Temp\ocr5113.tmp\bin\rubyw.exe
11956 | [Owner : chronology |Parent : 11076] - (. - .) - (0.0.0.0) = C:\Program Files\pia_manager\pia_tray\pia_tray.exe
7040 | [Owner : SYSTEM |Parent : 1204] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - (16.81.0.7640) = C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
7616 | [Owner : SYSTEM |Parent : 7040] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) - (16.81.0.7640) = C:\Program Files (x86)\AVG\Av\avgnsa.exe
9672 | [Owner : SYSTEM |Parent : 7040] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) - (16.81.0.7640) = C:\Program Files (x86)\AVG\Av\avgrsa.exe
4844 | [Owner : SYSTEM |Parent : 9672] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) - (16.81.0.7640) = C:\Program Files (x86)\AVG\Av\avgcsrva.exe
9144 | [Owner : SYSTEM |Parent : 7040] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) - (16.81.0.7640) = C:\Program Files (x86)\AVG\Av\avgemca.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] :  -> C:\WINDOWS\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !




¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center




¤¤¤¤¤¤¤¤¤¤ # Services


Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] :  -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ # Internet Explorer


¤¤¤¤¤¤¤¤¤¤ # reparsepoint



¤¤¤¤¤¤¤¤¤¤ # Offsets


¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry


Deleted : HKU\S-1-5-21-2028930430-1805723755-2688980648-1002\Software\stevengould.org


¤¤¤¤¤¤¤¤¤¤ # ADS


Prefetch -> cleaned


D:\ : Vaccinated (Vaccin created by Pre_Scan)

���������� | Hidden files

~ [Drive C:] : Hidden : 3 | Restored : 3
~ [Program Files] : Hidden : 9 | Restored : 9
~ [Users] : Hidden : 2 | Restored : 2
~ [Music] : Hidden : 2 | Restored : 2
~ [Documents] : Hidden : 2 | Restored : 2
~ [Desktop] : Hidden : 7 | Restored : 7
~ [Searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 54 | Restored : 52
~ [AppData] : Hidden : 12 | Restored : 12


¤¤¤¤¤¤¤¤¤¤ # Drives

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    EE-UNKNWN  21.0T   No    No             1  294,967,295

¤¤¤¤¤¤¤¤¤¤

Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] :  -> 1

End : 16:56:39


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 245



9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 128.39590

Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.11.10586.0
chronology :: LAPTOP-E4CE7UKV

7/5/2016 5:30:37 PM
9lab-log-2016-07-05 (17-30-37).txt

Scan type: Full
Objects scanned: 48470
Time Elapsed: 35 m 10 s

Registry Values detected: 1
Risk.Path [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command (Default)]


Files detected: 13
[3688374325B992DEF12793500307566D] Trojan.FPL.Rotbrow.vb [c:\users\chronology\appdata\roaming\ZHP\Quarantine\hosts]
[97E733C59B418FED82DDDD16AAE85C63] Trojan.FPL.Rotbrow.vb [c:\users\chronology\appdata\roaming\ZHP\Tempo.txt]
[D792F601DDBF89CFDDCAD58F69926199] Trojan.FPL.Rotbrow.vb [c:\users\chronology\appdata\roaming\ZHP\Trace.txt]
[8823F044949E320B9BA8A6E83CA4C12E] Trojan.FPL.Rotbrow.vb [c:\users\chronology\appdata\roaming\ZHP\ZHPCleaner-[S]-21062016-08_29_50.txt]
[9684136407F197D8C709031A9273722E] Trojan.FPL.Rotbrow.vb [c:\users\chronology\appdata\roaming\ZHP\ZHPCleaner.exe]
[F1B9030D3A8F0F44CB67BA97C1B5021B] Trojan.FPL.Rotbrow.vb [c:\users\chronology\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\chronology\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[9684136407F197D8C709031A9273722E] Malware.MPL.Heur.vb [c:\users\chronology\ZHPCleaner.exe]
[9CEF63FDE7A3A91A747CEB26D00FCED3] Malware.Win32.Gen.sm [C:\Pre_Scan\smss.exe]
[055CF647FC2B95DE2A5B428682831330] PUP.SystemOptimizer.vb!c [C:\Users\chronology\Downloads\ReimageRepair.exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.486E.sm!ff [C:\Users\chronology\Downloads\rsthosts_2.0.exe]
[58F7AE008538E3867A327956390D0470] Malware.Win32.Gen.cc!s1 [C:\Users\chronology\Downloads\ZHPCleaner-2015.8.13.324 (1).exe]
[58F7AE008538E3867A327956390D0470] Malware.Win32.Gen.cc!s1 [C:\Users\chronology\Downloads\ZHPCleaner-2015.8.13.324.exe]







 



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 AM

Posted 11 July 2016 - 04:26 AM

Sorry for the delay, you still need help?



#15 chronology

chronology
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 13 July 2016 - 09:40 AM

No worries. I am experiencing no obvious symptoms. Does everything look clean as far as you can tell?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users