Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Malware on Windows Laptop and iPhone 6s


  • Please log in to reply
23 replies to this topic

#1 CrunchMaster

CrunchMaster

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 04 August 2016 - 06:19 PM

Hi everyone. I am new here and have a question about suspected malware on my Windows-based laptop and on my iPhone 6s too.  My lapop has been performing horribly lately-- my browsers have been unresponsive; when I type, nothing appears until a few seconds later;and the system itself is slow/lagging in general.  I noticed a DNS issue in my logs, saying "Name resolution for the name imrk.net timed out after none of the configured DNS servers responded."  I don't even know what that site is.  My iphone 6s is also acting strangely now, unable to access the server at times and RAM disappearing (despite not adding anything to the device).  Any assistance is much needed and would be much appreciated.  I am concerned that I may have something in the router itself.  Thanks!


Edited by hamluis, 04 August 2016 - 06:51 PM.
Moved from Crashes/BSODs to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:01:13 AM

Posted 04 August 2016 - 06:53 PM

RAM means Random Access Memory, i dont understand how it can "disappear"  and your iphone has roughly 1GB RAM. that's more then enough for a phone.

 

and it's EXTREMELY difficult to infect an iphone,

 

the only way you can get infected is if it's jail-broken.

 scan your machine for threats and your network for vulnerabilities, and as for your iphone, if it is infected, you'd be well advised to reinstall the stock OS.

 

if you have something called AppBuyer( i think the only malware for iphone) then reinstall the stock OS


    IT Auditor & Security Professional

hQBT2G3.png


#3 CrunchMaster

CrunchMaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 04 August 2016 - 08:19 PM

RAM means Random Access Memory, i dont understand how it can "disappear"  and your iphone has roughly 1GB RAM. that's more then enough for a phone.

 

and it's EXTREMELY difficult to infect an iphone,

 

the only way you can get infected is if it's jail-broken.

 scan your machine for threats and your network for vulnerabilities, and as for your iphone, if it is infected, you'd be well advised to reinstall the stock OS.

 

if you have something called AppBuyer( i think the only malware for iphone) then reinstall the stock OS

I have a 16 gig phone--  What I meant by "disappearing" memory is  that I have the same apps installed on my phone since I got it, but my available space has decreased  to where I had 1 G left--without adding a thing.  No pics, no music, nothing.  I deleted some apps one by one and the available space did not budge.  Today I checked space available and it decreased as I looked at it.  Thank goodness my husband was there and saw this too, because I'd have thought I was losing my mind.

 

My phone was bought from Verizon and not jailbroken.  And the apps installed were my banking apps, Starbucks, DD, and Google and NPR News.  I have read on many security sites that iOS vulnerabilities are not uncommon, and have affected many Phone users--more than people think.  I reinstalled the OS yesterday, but wanted some advice from people who know more than I as to whether my family's router could be corrupted and how I could determine this.  Three devices on the network are acting the same way--Windows laptops, an Android , and 2 iPhone 6s.



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:13 PM

Posted 04 August 2016 - 08:35 PM

If your router is infected it can easily be fixed using the hard reset function. Normally this is done by holding a paperclip or similar in a reset pinhole on the router for 10-30 seconds (depending on model). Please check your router model online for the exact instructions.

 

Important: After resetting your router change your default administrator password immediately to a strong password, before connecting the device back to the internet.

 

If your other devices still have issues after resetting your router please let us know.


Edited by TsVk!, 04 August 2016 - 08:36 PM.


#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:13 PM

Posted 04 August 2016 - 08:42 PM

Just thinking about it, after running the router reset...

 

:step1: Please download MiniToolBox, save it to your desktop and run it.

 

Checkmark the following checkboxes:

 

aak3k9.jpg

 

:step2: Click Go and copy and paste the results your reply.

 

Please download Security Check and run it. Allow requests to bypass your firewall.

 

Copy and paste the results into your reply.

 

TsVk!


Edited by TsVk!, 04 August 2016 - 08:58 PM.


#6 CrunchMaster

CrunchMaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 04 August 2016 - 10:07 PM

Hi TsVk!, here are the results of Mini Tool Box:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Sharon (administrator) on 04-08-2016 at 22:59:40
Running from "C:\Users\Sharon\Downloads"
Microsoft Windows 10 Home  (X64)
Model: 20245 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi (Connected)
Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Local Area Connection* 7" address=172.20.31.246 mask=255.255.252.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Awesomeness
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fios-router.home
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : This Qualcomm Atheros network Controller connects you to the network.
   Physical Address. . . . . . . . . : 20-89-84-98-6B-8B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-FD-52-6C-B1-E4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 24-FD-52-6C-B1-E4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5d36:45b4:9962:f85a%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.151(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, August 2, 2016 11:23:26 PM
   Lease Expires . . . . . . . . . . : Friday, August 5, 2016 10:42:10 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 304414034
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-30-AC-A0-20-89-84-98-6B-8B
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 24-FD-52-6D-00-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4006:80e::200e
 65.199.32.90
 65.199.32.88
 65.199.32.86
 65.199.32.89
 65.199.32.87
 65.199.32.85
 65.199.32.91
 65.199.32.84
 
 
Pinging google.Com [65.199.32.85] with 32 bytes of data:
Reply from 65.199.32.85: bytes=32 time=11ms TTL=59
Reply from 65.199.32.85: bytes=32 time=22ms TTL=59
 
Ping statistics for 65.199.32.85:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 22ms, Average = 16ms
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.Com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=87ms TTL=52
Reply from 98.138.253.109: bytes=32 time=90ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 87ms, Maximum = 90ms, Average = 88ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...20 89 84 98 6b 8b ......This Qualcomm Atheros network Controller connects you to the network.
  2...16 fd 52 6c b1 e4 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...24 fd 52 6c b1 e4 ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
 14...24 fd 52 6d 00 ea ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.151     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.151    281
    192.168.1.151  255.255.255.255         On-link     192.168.1.151    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.151    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.151    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.151    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  3    281 fe80::/64                On-link
  3    281 fe80::5d36:45b4:9962:f85a/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/04/2016 06:35:32 PM) (Source: Microsoft-Windows-RestartManager) (User: AWESOMENESS)
Description: Application or service 'Apple Mobile Device Service' could not be restarted.
 
Error: (08/04/2016 06:35:03 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/03/2016 10:26:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: AWESOMENESS)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/03/2016 12:18:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250
 
Error: (08/03/2016 12:18:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250
 
Error: (08/03/2016 12:18:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/02/2016 10:44:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
 
Error: (08/02/2016 10:44:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
 
Error: (08/02/2016 10:44:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/02/2016 01:45:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1281
 
 
System errors:
=============
Error: (08/04/2016 07:58:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/04/2016 07:45:25 PM) (Source: DCOM) (User: AWESOMENESS)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}AWESOMENESSSharonS-1-5-21-627097730-1672044363-852593499-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
 
Error: (08/04/2016 06:35:32 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (08/04/2016 06:35:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.
 
Error: (08/04/2016 02:56:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/04/2016 01:22:28 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/04/2016 01:10:42 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 9 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/04/2016 01:10:41 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/03/2016 10:26:40 PM) (Source: DCOM) (User: AWESOMENESS)
Description: App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca
 
Error: (08/03/2016 10:03:10 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (08/04/2016 06:35:32 PM) (Source: Microsoft-Windows-RestartManager)(User: AWESOMENESS)
Description: 0AppleMobileDeviceService.exeApple Mobile Device Service03026217823760
 
Error: (08/04/2016 06:35:03 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (08/03/2016 10:26:41 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: AWESOMENESS)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927141
 
Error: (08/03/2016 12:18:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250
 
Error: (08/03/2016 12:18:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250
 
Error: (08/03/2016 12:18:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/02/2016 10:44:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
 
Error: (08/02/2016 10:44:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
 
Error: (08/02/2016 10:44:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/02/2016 01:45:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1281
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-08-04 22:23:22.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-03 16:34:23.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-02 12:07:34.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-31 16:14:44.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-31 15:57:43.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-29 10:48:41.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-28 10:35:50.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-27 09:10:13.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-26 16:39:20.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-07-26 16:39:20.799
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.4.0 - IObit)
Avira (HKLM-x32\...\{A4D3E7B8-410D-443A-B6AB-F32CDD4BD28C}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.12 - BleachBit)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.0 - Conexant)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.125 - IObit)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10291 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10120.11116 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.73.5 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo Service Bridge (HKCU\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Lenovo Solution Center (HKLM\...\{E442BFFD-8406-4C6D-BE7E-0CF6E61EE363}) (Version: 3.2.004.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7070.2033 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 48.0 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0 (x64 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
 
**** End of log ****
 
 
And the Security Check:
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender        
IObit Malware Fighter   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 VirusTotal Uploader 2.2   
 Java 8 Update 101  
 Java version 32-bit out of Date!
 Google Chrome (51.0.2704.106) 
 Google Chrome (52.0.2743.82) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 IObit IObit Malware Fighter IMFsrv.exe  
 IObit IObit Malware Fighter IMF.exe  
 IObit IObit Malware Fighter IMFTips.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 
I also just checked remote access permission settings by chance and was floored to find it checked, when I had unchecked it after installing Win 10 about a year ago.  Weird.

Edited by CrunchMaster, 04 August 2016 - 10:48 PM.


#7 CrunchMaster

CrunchMaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 04 August 2016 - 11:02 PM

Hey, there shows a strange phone on my network called angler.  Is this a program or some unauthorized person??  Only the mac address is visible:  dc:ee:06:17:76:ef   The maker is Huawei and the model is a Nexus 6P!       12:34 am EST- Just refreshed my connected devices and angler is gone .  Windows Event Logs show An attempt was made to query the existence of a blank password for an account.
 
Subject:
Security ID: AWESOMENESS\Sharon
Account Name: Sharon
Account Domain: AWESOMENESS
Logon ID: 0x851B9
 
Additional Information:
Caller Workstation: AWESOMENESS
Target Account Name: Guest
Target Account Domain: AWESOMENESS


 
 
Please let me know--

Edited by CrunchMaster, 05 August 2016 - 12:11 AM.


#8 CrunchMaster

CrunchMaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 05 August 2016 - 12:08 AM

Disconnected all devices from wifi and unplugged my router. There were a slew of attempted intrusions. Can someone please let me know how to fix this? Please help

#9 CrunchMaster

CrunchMaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 05 August 2016 - 12:55 AM

I wanted to mention I put a separate user account on the laptop for my mom. She used it once about one month ago. Just checked admin event viewer and at 1:16 am this morning--about 40 mins ago--there is an event logged AMZNMobileLLCKindleforWindows8...(String of numbers) install failed for Kath. Error 'Package failed updates, dependency or conflict validation' Event 214

Needless to say, i was not attempting to install Kindle nor was my mom.
Administrative Events( some)

*** Event 513, CAP12. 8/4/2016. Cryptographic services failed while processing the Onidentity 0 call in the System Writer.
***Events related to Apple Mobile Device
***Event 1014, DNS Client Events. 8/4/2016. Name resolution for name nexus.officeappa.live.com times out after none of the configuration DNS servers responded.
****Event 1014 (same as above but for wifi login.xfinity.com
***event 69, AppModel-Runtime. Failed with 0x499 modifying AppModelRunrime status for package Microsoft.Getstarted_4.0.9.0_x64_8wekyb3d8bbwe for user AWESOMENESS\Kath (current user). (Current status=0x0, desired status=0x20)
***Event 69. Same as above but for Microsoft.3DBuilder_11.1.9.0
**Event 69. Same as above but for Microsoft.Office.Sway_string of characters and numbers
Same as above but tried to modify Microsoft.People
Same as above but tried to modify Microsoft.Windows.Alarms
****Event 10, App Readiness. The Appx operation 'RegisterPackageAsync' on 'FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64_zx03kxexxb716' failed ....
Because this package depends on another package.

Event 16, Kernel-General. 8/5/2016 1:23:04 am The access history in hive\?\C:\Users\Sharon\AppData\Local\Microsoft\Windows\UsrClass.dat was cleared updating 9283 keys and creating 865 modified pages.

Event 43, WindowsUpdateClient. 8/5/2016 2:54:29 am. Windows has started installing the following update: Twitter
Event 16, Kernel. 8/5/2016. 2:54:30 am. The access history in hive\??\\C:Users\Kath\AppData\Local\Packages.....(numbers).Twitter_5.1.3.0_x86_wegeqdk(more numbers)\ActivationStore\ActivationStore.dat was cleared updating 25 keys and creating3 modified pages.

******^CHECK out the last few lines. Sorry for delay in reply. I'm typing on my phone. Tried getting into my router to change password but Kept getting incorrect password message. Unplugged router again. Wifi off. Refreshed logs and see above. How should I proceed with router?

Edited by CrunchMaster, 05 August 2016 - 02:17 AM.


#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:13 PM

Posted 05 August 2016 - 01:09 AM

Did you reset your router? Change the admin password? If not please do this immediately!

 

If that's done now just change your wifi password to something strong.

 

Just in case... (though I see nothing to suspect it in your log) let's probe for malware.

 

:step1: Download TFC and save the file on your desktop.

  1. Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  2. Double-click on the TFC icon.
  3. When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  4. When done, press OK to reboot your computer and finish the cleanup.

:step2: Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Report button...a logfile will open in Notepad for review.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool, or you can save it to the desktop to be easily found for your reply.

Please let me know if this application removes something you want to keep on your system

 

:step3: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

:step4: Please download and install MalwareBytes Anti-Malware.

  • You may want to uncheck the free trial for the premium version during installation.
  • Let the database version update on first run, before proceeding
  • Click "Scan now"
  • Click "remove threats" to remove all and follow the reboot instructions.
  • To export the log click on History > then click your scan log > Export > text file
  • Save on your desktop

:step5: ESET Online scanner

 

Follow this link or right click and "copy link location", then paste the link into the address bar on your newly opened browser instance

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Firstly, Accept the Terms and click Start
  • Click Enable detection of potentially unwanted applications and click Start again.

 

ESET will then download updates, install and begin scanning your computer. Please be patient as this can take some time.

 

  • When the scan completes, click List of found threats. Note: If no malware was found you will not get a list.

 

1446ya9.jpg

  • Click Export to text file and save the log on your desktop. Then click the Back button.

hry77t.jpg

  • Check Uninstall application on close and Delete quarantined files, then click the Finish button.

 

106x9g7.jpg

 

When you click finish the browser will not close but will offer you ESET products. Be aware the scan has actually finished and you need to close the browser window and reboot your computer to complete the process.

  • Please save the log to your desktop for your reply.

Please copy all the logs into your next reply.

 

TsVk!



#11 CrunchMaster

CrunchMaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 05 August 2016 - 08:09 PM

Just thinking about it, after running the router reset...

 

:step1: Please download MiniToolBox, save it to your desktop and run it.

 

Checkmark the following checkboxes:

 

aak3k9.jpg

 

:step2: Click Go and copy and paste the results your reply.

 

Please download Security Check and run it. Allow requests to bypass your firewall.

 

Copy and paste the results into your reply.

 

TsVk!

 

Did you reset your router? Change the admin password? If not please do this immediately!

 

If that's done now just change your wifi password to something strong.

 

Just in case... (though I see nothing to suspect it in your log) let's probe for malware.

 

:step1: Download TFC and save the file on your desktop.

  1. Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  2. Double-click on the TFC icon.
  3. When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  4. When done, press OK to reboot your computer and finish the cleanup.

:step2: Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Report button...a logfile will open in Notepad for review.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool, or you can save it to the desktop to be easily found for your reply.

Please let me know if this application removes something you want to keep on your system

 

:step3: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

:step4: Please download and install MalwareBytes Anti-Malware.

  • You may want to uncheck the free trial for the premium version during installation.
  • Let the database version update on first run, before proceeding
  • Click "Scan now"
  • Click "remove threats" to remove all and follow the reboot instructions.
  • To export the log click on History > then click your scan log > Export > text file
  • Save on your desktop

:step5: ESET Online scanner

 

Follow this link or right click and "copy link location", then paste the link into the address bar on your newly opened browser instance

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Firstly, Accept the Terms and click Start
  • Click Enable detection of potentially unwanted applications and click Start again.

 

ESET will then download updates, install and begin scanning your computer. Please be patient as this can take some time.

 

  • When the scan completes, click List of found threats. Note: If no malware was found you will not get a list.

 

1446ya9.jpg

  • Click Export to text file and save the log on your desktop. Then click the Back button.

hry77t.jpg

  • Check Uninstall application on close and Delete quarantined files, then click the Finish button.

 

106x9g7.jpg

 

When you click finish the browser will not close but will offer you ESET products. Be aware the scan has actually finished and you need to close the browser window and reboot your computer to complete the process.

  • Please save the log to your desktop for your reply.

Please copy all the logs into your next reply.

 

TsVk!

Hi, I factory restored laptop today after finding random ip exclusions in Malwarebytes. The root kit scan was also disabled.  After restore, I found the following remote programs listed:   Delicious-Emily's Childhood memories, LUXOR- 5thPassage, The Rise of Atlantis, and 2 others.  I started from scratch running programs you suggested, so here is first result from Tool Box: 

 

 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TheBoss
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fios-router.home

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-FD-52-6C-B1-E4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 24-FD-52-6C-B1-E4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5d36:45b4:9962:f85a%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.151(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, August 5, 2016 8:32:22 PM
   Lease Expires . . . . . . . . . . : Saturday, August 6, 2016 8:55:24 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 304414034
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-30-AC-A0-20-89-84-98-6B-8B
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 24-FD-52-6D-00-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : SWDL1.WDS
   Description . . . . . . . . . . . : Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 20-89-84-98-6B-8B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.fios-router.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:8c15:14e6:208f:3f57:fe68(Preferred)
   Link-local IPv6 Address . . . . . : fe80::14e6:208f:3f57:fe68%34(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 570425344
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-30-AC-A0-20-89-84-98-6B-8B
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:80d::200e
   65.199.32.26
   65.199.32.27
   65.199.32.25
   65.199.32.20
   65.199.32.24
   65.199.32.21
   65.199.32.23
   65.199.32.22

Pinging google.cOm [65.199.32.26] with 32 bytes of data:
Reply from 65.199.32.26: bytes=32 time=11ms TTL=59
Reply from 65.199.32.26: bytes=32 time=14ms TTL=59

Ping statistics for 65.199.32.26:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 14ms, Average = 12ms
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.cOm [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=37ms TTL=50
Reply from 98.139.183.24: bytes=32 time=26ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 37ms, Average = 31ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=8ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 8ms, Average = 4ms
===========================================================================
Interface List
 18...16 fd 52 6c b1 e4 ......Microsoft Wi-Fi Direct Virtual Adapter
 17...24 fd 52 6c b1 e4 ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
 16...24 fd 52 6d 00 ea ......Bluetooth Device (Personal Area Network)
 12...20 89 84 98 6b 8b ......Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 34...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.151     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.151    281
    192.168.1.151  255.255.255.255         On-link     192.168.1.151    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.151    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.151    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.151    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 34    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 34    306 2001::/32                On-link
 34    306 2001:0:5cf2:8c15:14e6:208f:3f57:fe68/128
                                    On-link
 17    281 fe80::/64                On-link
 34    306 fe80::/64                On-link
 34    306 fe80::14e6:208f:3f57:fe68/128
                                    On-link
 17    281 fe80::5d36:45b4:9962:f85a/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    281 ff00::/8                 On-link
 34    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/05/2016 08:59:42 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (08/05/2016 08:25:29 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/05/2016 08:25:28 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9e4b231b-3e45-41f4-967f-c914f178b6ac

Error: (08/05/2016 08:25:28 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

System errors:
=============
Error: (08/05/2016 08:26:18 PM) (Source: DCOM) (User: TheBoss)
Description: "C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Platform.Service.RemoteProcess

Error: (08/05/2016 08:18:20 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Microsoft Office Sessions:
=========================
Error: (08/05/2016 08:59:42 PM) (Source: McLogEvent)(User: NT AUTHORITY)
Description: 1

Error: (08/05/2016 08:25:29 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9e4b231b-3e45-41f4-967f-c914f178b6ac;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/05/2016 08:25:28 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE79e4b231b-3e45-41f4-967f-c914f178b6ac

Error: (08/05/2016 08:25:28 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE700010001(0x00000000, 20:25:28:819 - https://activation.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=DM)
00020001(0x00000000, 20:25:28:819)
00030001(0x00000000, 20:25:28:819 - https://activation.sls.microsoft.com)
00030002(0x00000000, 20:25:28:819 - 0)
00040001(0x00000000, 20:25:28:819 - https://activation.sls.microsoft.com)
00040002(0x00000000, 20:25:28:819 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 20:25:28:835 - 0, 1)
00040006(0x00000001, 20:25:28:835 - 0, https://activation.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 20:25:28:835 - 0)
00020008(0x80072EE7, 20:25:28:835 - SOAPAction: "http://microsoft.com/SL/ProductActivationService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>ProductActivation</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[1]"><TokenEntry><Name>PublishLicense</Name><Value>VKlasU4QMEbio8pPxT9Ewpf0gnI4817PP43fSYePmZS3jpMLvHqhnK/rB+lEoTWkTSQuw+iUVMpn1BFzUjFuVk365jdik8Q3SYS7PJGzL61D3e6CBN07BoiG5VbWz4njiF5Va8gkoPPVWt9LEjq7LaC8VcU2xyuIvss3t2kDqX/z1sL4q6SuXMUAyLdFfRW/3ErXvujQnV6Tii51zvkoIIQi9j8vulKUQodFuHQXYr2boFrwFat0Es397NMQzKMEHyAoGntehIMAw+2Hhysio2ZLj6ctcOhnCMgbz4MthAmqhbO9l8p/0sN2mnv17CLTRVh3yMZbFnJ4cbB0U26LPAYnIS2BVYmpzUYvTczPSQ3d2282w3miXXHOgI18PlxnrVVkj/oUG0a8t9SkD8Y9/xclg4r52TCMdsLXA9P+RerBZKNloHwKglClxoXcfdU/Nlmkr87oEYpzjOyxulGrJpTLC6jdvhT+SXuc+pholJ+nOreIkhHHFZaouoe+1nW9j9yh3tDoUuR2LwOORSa1+foSMIegEgIT7rRcR25wM+EdDAQOgrimxe6giz+3PxJIrD20LUJaWNOgZgnSLOIsq3HM3nTLnvkv4ZGjL5mRKsaZ3DqQZcrpWaWNWxRQW/5bi+nM8o6tgXahIyrz+ymU2cHNdJ73w+Ej62DqM2tvYHSAi/eRL71R11VbF0Sg+xE0MfmPtk4iuIcTR61IzTrQWermGSWqT6+GqRu111Yuw584KCq6hUSyBeNR2PnWcfNUtrtdSxrgj6YWmPgHXVShDs+aPD41+II1ykeCBOZK2sN0B9bhnmbnuYqAVsXl2rB+w7Xvut6sOeBxaZY07H+BdyaKPw5LtlRFlgnP+n4mAd+6AUx9xOhOe+visqFMa5Ga/WxUff+sudRqemSx7xQjLSawfm2s02JYKEHJJ8oz13MCPW8jSRfSxER7E3HaprgEQItsbTAnufJw3NXplghL//MvwHRZ+gwqojC1RYO1DErPbKzLyFbWflYsgjm2EfKPZDnbjIiGlKaH1P1xwhHurmIO7HK+bF0DkOcxSymJsp6aR8794+XXnq/GHqtqwTHjtTx5l65j5ZxJ1ZtK5oDc5lFx50OtiyXP7UiSXXEFRIGrOvPJcEH6kaY+uP0kwyikZ4NMwNZ7sgSeYLMrp0soYQRdHP7JlTlhyE7Y8ngh62JJdEHe/medn2x6mrWhTeZXEJDoWv9Dd6Q6y2JeQNk3CYbglQu1GcXW/SfuZ7ISJVeOj+broalkvjULuMe4PC1IV8+va0t2enso/1VIp4Q1EEI3vvvTnersvvDy9iQqbyo4ai453cl+JI12SpAoFHBV2tBlXJ2zfXHAKL4M8hYVl2/qgonK2DPH62F0Gq8OG16L5FtJ2Wvdzrs7UyO0MWUKm4K7REXE5TGvqBkby+FV79V6i+7v8cH3wuOmSOWRS8nAMGgWvjx33bmT2vn5g8oM8WxDe7Pc2EvKCckVWnh7Ip2zQi4M9i919AvfcP2yISYeWeddect/5vgSD6NkFLIFRmLF7gCj1f2EG+fvdSKxvh0CuQMVsWWGqlR/71zq6IyEs2iKLEpeqOC/tM48Ct5n0Gy0w+F+F3ybeVS1yixf9VsF+7t52JxYk/PceW0K86DIVeb3zlL5lTOHiEvgftaFuSF1snE/UZcqZfB1efhENIMD9/4/LJlCn985ahr7DLKivF4IK/FVuhkzShWczaLHJVG0U/7oUhcedv94KXiQuuD+lHcdOGHdd0ySXzq50xr0DEVkdbHJRe5jeYYcFUjTsJNLqicC2UouHwermVy5mU+CrUzmiaXeILKDc6ZeFZ922b7PBnwHMOCMdB2ZQbtpqwwYI3m6jVy1fubTudpd3D6UJZtpDBgpL4A+56Sc0fhCsVU2uV4EGnZiWbCLvf5xy1PE10kbk1+W+/PIBQmhbQzx4pqczIjcPF84J2xdf0QL0R3ztLc/UMuURxAZVpJovxdU82z+57peObmmF7mLJLmPZrA8fqDgAdvQTLUXpjGe396NFtHtJJmrtmrzdH4QR/VYwnw0KhqZi3JNZmc9XakarfXcyFPn6jXSk6Sloy36ql0ooJaNSCRpgk76pFkWLlvvgOFKaxMUQYw/WjcG90NNH3CX7GrDlHZTspYKXpK2GUDD0TOe6OrBjhzdMX7eBId9hvp9PUfs320BaXeT8xy3KDrlBbDV+wPmOS/b+fZZYoPBcO7hdhagJpFwForGl1Tr6LaB4E7RddynYQurCCoK7J6WYSEQeSxECVkyfyh3vO8QbUrg9fnLPg8AqllFbtWX+EZwctaXL+Ml1psfGHuUlOWYHx1UdV3H/c+fjZzdChWz/nMsTNVf7NzkVy/0dJQlct/2Gu+OG36ZRKQjxCG8PisHgg5/YkY5MwON5r8+t8GWHZaOSWTE1bNZG+MU1EWbSIwMgWmeWc7ZTReZtC7UTiFeoASPI/iCnAfxZ5L+zyC7bGEOhaG2xzE0si4LmPjiqEnSil12lLt9Db6Yk+F2C/NCxlGkfr2yLXVMroJ0K8sE91Ji5cWC8ajO4xdW26SplXJB+fJRL2z4jKrqq35BFO/cg3Owm2WqIMVccBgkgoo/RCEgZw/BOVgSC+Kgu6+roj0ly7uUtauMG6PyKYTupUskIA75wBtzljJ3tyDj4Wn/PoPLLZlJGPMlb9ASpebAJhYlKT6OHYMCIKgIGPql7tQtGdyRdWMlwuQBm0IcXnZQ6xWu8DqY12zTBpq5ggPewEfEhuQYRmCLL+s3jz0EnCz4Q83Oqb/XN4EBSh4UbwwqRPxU3oR/bIyrR0Mohxru+Esg9galK7ywUlC9I/x2pzYU7NP9mQg/m7nwYPGBuI9Jzs2sx3AZbQPwsV294TFtfq4WXx3xe6PwiqW92N2OU4ixZf1FrpdVrpEiaOnEuzgDva5o+UAwNLOZDQ+ET8p8F+ZTKRXsspGGysRTvrUD3mL6r9V6ayHZczjuE5VgamaS8R3J+bFcwAhjm/RRhMzzW18NfFJGS+DLm98HTBvbDGTggVLzi4zZTCWmw6WHln6Cna+a8hcWAp+w6eq3fN2tRobfryfDSMZoXHfkfHN9fcGp3v21Ite/G/kVz3XJNdYWGlCXZYfz/Q+gVb+mxETilF9w2mnieeFMseBiMxDdtm9KYGoPMCpY0v4OEY11wFnt4uToL4DQsIO+LwpOjY6j8Rhr29N5luJuPFOiUl6tFq4W/YeEPky/xSTqIfGQHB4DUImPebANY8JaZ7R/zpLgP/jZeUc94952R/Z+pF9jYncRsKLJJxBkvmi+xwAxnRBcSKpFATAbfnQVZO1JK+5iKha28A7+PA8CLpds1rWnjUzhhhUSRG9S/4fKAHyFNyy/fJTRZmrm3XFtLy4wLUJGZFsp6o3ZaLFydx7URULM20VRgQ4GY8XueE2aIpJw2HqaG9VvEsO8hFf3XKWHbnUnsI58C53MlzksNClfeAvBnmeV6DdihhaWAEVi4pQx0bERB2WeFfbS7FpaDtH5xxyQ+sWVQQnnFsX3Xe4EdrrSJhkc9ZGvC4TiByRQOy/y3RQhEpYfKusYtVsV2y6ciEJHRedZ8Vb6Gzmer3kEp3tH3yInleFuQyId++iA01lQnPypSmRHX37nmm5MzRNZsuEaK3AH6GBVfXoBGtp7X9GDDD66YV8ZwViMz0r0ld2ksv6rALSL7N+AuTTb6lDj6NPkV571FMr1MXiqdrMlIl4UZRxKVDyEIyArwcEAoKycgNmP2vyjC5vo3L/a2wTjqKN+mkmf1XEwzM1X7RYEhsHFRxNhqtXVHh/qCOWfvTc4TehuYVEQi1g88WlsA2N6gTKYSd1zgncbmORuDgTfzb6hhAKv+O7gScCT7R6z4zYV0wmDW3y8XCSzv8SIuky8jxDSL/2t/wUmauU69B/vDSjpq4JtnQtd28RxPC+wamJKBTGlzlm7D9zLYDwzPx8Y4vbFePawotjCE1yoX/jkLgUqos4ql5WWwyWz534gntB/rsEDW+kz2+c8rmBkGocEqrkZ61XrcLGodX9KCZLnliGUbgDMtJbU7GV85+DE8gkzyasqBML8jGXCN5z0H6KkA8xUgQPE6aBDnUUDhvHTy0+oktHA6wmIPLMFfLm0zFxufNBuYEe/4u8c1sDcCrf+UydBoyaDJcZOqMfgDKw08aqPhy60cFDvuQ3EFB6063gobpFm/WxBVhZGcGtcUJxrZ9LVqFx5SWnjDzhJpkor6jlj4n87UOP6UQ0RD/Ouq2DUUYih5R2SsRDHtraxoIx5jUmSAYoATZ9L9Bn0p53IhFJN316JvBlgcKrsy1n8cMC/ubkZvpAL3Im1HQPuT/Bou4Wuj/GomUsViBQbzwX/3isFlDz6xlE0KX/mbXEgr13hTOt15Y+mPl89hhnhI4UsMzn++FxDHYMk/nzt6SDQtIWXLbYwEz/U7QrjUtXRwxDIzPqewc/kGMRWVpFBqwBFZWAV0gotrb29obhgMJSe6v+se4gF/YimUTeruywxmUGg2PR0oudDUizQymoHEVD0VuMB4jBeXPlpza2n0xd0Jrpg3Es0jhgKxSl/OHBveWGxOtWkgwlJosOOTc6Op5ueO8JZ3EqmjwjJ0D8wdoyqlFwvaf37vqJdvjYsIh9q1Kz/WkMN2CTNpbTbd3dGnROgXe/Y8wUCz6+9D+bfnnUtG5TjOcxK668sGkFzzPsyF1E5WfxkcIM7fmhg0wtjL0ghGeYVM2d9KL5+WUWkgDrPgZG/DdBxrZ+nikbhGbWxbFsr08via7uQzS7MzzgKsBu1UMqiBHrYdiTjd03LSDhxJPWNOqNY2Y6jCS9KxIdgaP7GKEN012Y8m/46RglF9xgFyEsUQYRkZNuEO6CTzsdlI3Mvi+vF0suiwFbfWyfrN1rxuhtrmHltTJQf/XTglc8P3Bn39lLoXl9nte1V4OXNc/No6CLD/HUbVLv/jF2qtVxlVQwfv2STVEqm6RrF8rlbPBn61QNe411pojVGXADuYeTx0OIEjTAHD8L76edwdd2gSbTV6hu1jEBMNs027SE2rOa1roR/ebcpY8o5BaSBTZqFqBs+7zhv2g+5gQx2sbm/yHdugqN3Psm6DPKqyx3Ubva1IklDGA9HZsy6BjvnZjRKoitd5iAnENe0cMK5h++gOhp7n/AHR5iRqMFouq3wT3oL9X30ZOMFOSQ1ewlB1kA3v555LBf3o8XKbVm+3lGn15IxVirEoZfWZzM5mWD944uKTj56+7Z6HFhD/zKrFLkZcKEyW4rjfdjYcis19vKYsr4i2Dz8kelqkrZQ7iqwxLZMubxMphKVnP8lZYEaF+HruBUG+sN8T8dLovwg4ixLf19ihVUIXFNbUlxdCobK61LoZSqu2b0Cm9YNXLDIgdsJqGcstybM3sBqEOA8jXKSw7XZe0ZK6tIdHv8WXWmy4jmJfQr1hrwbyZ86Sv2v8weIWisBSrXSAJeOeMq4ms9FxJA7TibQnrD+8+xMfU/N1KPXR6WHGSTnchXojClWSjDMy8Gehr8JVrto55jg7CtB0vuaus4aorkoAj/HUs3SGQtvY0PX+gzVWHvcGpd1FYSkKJq1krZlBGhYQiqT3CEYe38kQrr+gVhdBPzj/Hwz17Uh9Z0Kqz1TM+ggfsb/bL5fb2Hrfo0GigrIfLPf1FJkJDc0y5uZWbsFJtcGFYCTGHdRHES4iC7LITaam3d8rZenYCfZKYOlIWEd6C7w72PqwEAObvPTipw22lFoJtC22YDtculyT/0ZtjG9RVTJVfdLXqZpsWBXo/Kk46I7/vGOiQUVX92KhY92fJsHLuwqDPwebg+ZCn+6BTfImSquuxl4Uj2j9zlq+iIb3+fwZgKFUIMwYVNHg+ZaUso6Gbt5RIlNuJc1U1KS5Gq6JsVQCt44pHXMw4aaujtA2LbG4MaH2UW0hCrbf/P9Rbty0PS/xHJA0FwUqn4mIomvRB9/6GullbUyNJvTRLToihKSaPJN92ldviZZ31/0T8ZlLVSbcN9SfDIqjje+TZEjJgVQE+f40TN5QgSHtIxt/5GkomJ+uNYKsyV3w+vf5KuQgXu+dOkAvzK0zdonE+nLSEwBNw762gwGH+sUw/GnTPdY3Q5maLUFcTnQ1xxv1Wq7/A4SkcExqZkxKBDyrw4bCF/HiPZVds8Cryh9Vq0c4r0XAXX0cMsOz4d4CbKJTI99y8KF1nDHtJNiJB/4FI1QT/lueG1kRaGHMTnpQ3NiDKRZQ82pPP3jzO83VgM/sFIeXNRXGMYTUa3xEtLltDHRhvBIzw+ts4pftEzPb1TDaoua5AukoHFM2N9++b8NZivwfTIHQbf9cCImImULl9fwaGo4WSOCmDuokwfxdz0EOpcnF6Lg5gwvnJQk/PAKA0N9GdYXOiFo36Z9lpNImgbGpFedxb+Yhll/lW2xHp9zwdwirEnQR7jHSI4A9wBZhJffAuxb8mPwwqxGL25qVfOb0rER7hagROHHVsfIy2bhzX0Pjb8FHT/7nHLkwlk3i0CmTi0m0HmlQlXSu+uVpTcYKSLqINEXc+2u7EcCt2VrkvB5+M+5brtSkfkZV1OLz1dnFop+jA8SRvRAPlExXF1SH68XcA8Xfk5+Sr/s0uC8XmzCa+a0wKfyfdyDtEZQZXU8ZNAygtYmWeVD8EJtjYXkinvYX0Q9P/+lY17TfBCLIaQkNTV1EDEod4ClHU/2GMFShECmYsrc3PhRQ/pIrCLdESLDxWXnCjiJNksV/2XZUuCeqs5UM+DEDZLihRWqzbXKSswhaiOSmk0aosa4kX7R9bI4MCdKPmPbuBPugF/3e8AMActMnMSFS8OJ6wACdEF2NddGgqQbT5MVXeplQWHPNhctdKNSIlSzrJ9RNUvAO56Ny7i/JcHmkujblv+E3ie4sgZPJNgx6tw+aebZ/pvml4zxlsu3/vfqea/QuWKxPVl24YLn2YTmdCRqAACmK+Fb39pg2DsEfW/hCT2ms4U65dWXWEQ9d+KIy7QYxox5/4cqbDC5N6eZ3rtgIOR5lVdD41HSyc0IShdNOT/HBTpIFWk3o6lBDo9wuGROSMmSzRnG+znfjGt08joHgpmXQdrYWWPfdLntIsbDg3Ba9je3FcsZHBO0hYGkPYnh9N7uV+iPCTzYVCuFGNq1cw426hNDuHuq1iyp2Df5wkdftKiCv3wUKYa0g9vrcBGoA1xwTWTWyD1hUS4/vNOrXzuH+nsnZcdjHPZgaeeaLMGmiN0D0GfX8JxCE0JgLxHtfK3hc7mfvKHRGlBRQ6LrOdgITHldvRGV9o4tXYm+EG+QaHWxdopPk1mw7Z4uE1UQmGog0fL1M63Ue/UbNBtFZZHtnoFbkMmNibI0Il+NaNjDWTswTzjpW4k6SHnqVXC81y09bZ14XMf+TnYXplaf7afEWJ42A4/liYHRFfkU2YFJUJhcL6D26zMG7pPVNGzMbIa/A6cVlamlHf1CQmz1Olgm2kP+hKtpt/0iUrBxVnbE1oB+7i2axei1/jwOghRy91Fhp0MBhnJbS3fncfLGQQhl2XpJfjKpj9c/0aJ2c5g2/xnJSZOV0Y7UH/aoO2qeAXY05rgvJIT+S+Fz/CyUxUCnA8Jdd6sOlDy3MWte/QvQhkQ9tghYDvxJ1sN6aBFJYepVCoG5Vx2qImeNfGBp5eZoNfz5tGA0/DV6KPkmQLK5P/F3cj2kimnd7BwuUJ4NeQ7wbHKQNv04fl8Q6Q0PSPll/oy7eEGS0AMIu9l8qzsdpzdvYrfbK+HgK9OEZGLt0cLRY+seksQukOZeDAOXG7Ipjh55Iu58Sl/mWb1XkTPncymRIgP0ZLS7YzzOewN8Px5ImvO2DvOHuOSNvN8oL+z/9kTXv6aowCXZxEyEeEBvb4WQ7tQsbHzaws4va+VTQUuyPIVtq6MqKmG6T0vF0tfU8Eyosjv9YFmsW5L++Itypef2S1+1pE/zHiXydLISS9KnKc7TfqKK380dDE7KolKj5M5vn+AaseZgVF0bv002vyH2Yzg4cFa8y1kAL5udTPUzwKQ8HStVedmI8uDpGlMONKWh+KFWt2/78F3lvVvvRjZdDoDc0X/aqGwDT7Yho85MM84Tm5FBVBn0L1r7jl7BMW7kn1hzmGaZIIy7GOVxfkZgeQHW32k2PZ0vR5Kyjpcr919ds82lTuvktE+ptAirtrDrbHxab4FjNrTomS0dt4VkYt8SbIFcGt2fMGuXkk4RVR2+nTIBWbGJ2sy982ptPo3eUZrhyIgl7irFNk2O6dKJysnjIqHO1piH4oYg3KcKSFg4TaKr1hSSkYQ2PvpUqLt2Umt8+qlSR4KbgjCJsHBRVU4cwqAaWlBiigeKVkIWFQfl3y9DXoxhopSyfgd1WGfzB0lsbRxOWqUdc7dUsIe3D5yI9dVLl+TSTJA1tZ69ORWRKH8Z/MESzxQ6IkW+xMZ30pdeKWjxF76mgf814qBRbVGxb+hL9Efi6jnNQ2lTpQthVgbHGKKOpYJLLc0tAivnp+zJ2QsugLQkQD06rQVbiCsqu1qeAbMWBdX9JMVgG1qPBV4p5QQn9ldd0GzsXz9R0M4JcdjpkqEcezWbxrwrXors61n8nIjdbisb7zzt++vOyFGxpBzt7p/G5Fm4zTXPjNXRdcq1vWNWhQ6JdKd5AAjepZieQPqMlWh1uYEU84cjuyyk7Pt2AXWBr4Nb9Ajgl6JdEorvVWH/iioDe8Rex9ByglV/H3i0ZWugxYG+TAt14KdN5BFXmFuyzEdynLATxwFwD/Ns4gXFhqE2OC4fna2opOuusje5LGy9hzStIc5ld1v8SkecZ3MjxiRo3Tcdj8f7YUS+sdd1i/Ukj45Ro1cDJGm+9I1++MONBiPygnCkkU9WPMvLca6iOwguvyL1HEryclx4yCsL1QvAKX89qZM+gpXfzMiBOqeMv6sT96S6bbe7BwHRvZid3RBYv87mH9AVHyzM95HszmcpH5Wp0dmitnwK8pPdUNzUvL9+YYf0u8OAnsoFN62m/Kbgp8vJvE1raNgol/Ub03rNcQ+i3QXfG64p8hGuIZW3OepjE+Gbh6p7kKJgn2ekdt4fPSVQhrw+c+Y1nF1MG58k3UDI4ZNwue1/LagS7ohceoTEkA1KCiXSp9ew3hAOCrPl3YO6XmtMcQ+jVWxe4czElJaW4dteTArwK3wTLe0NK03Apq7Go9br3jIauZOqxcSehxw/rQbfIf4X8wU2e7EM2pWz5iiWOi/Yzx+dQdEUjEiZZMi3bMuOFuYJpyXasUdTEiUU0tN0sWwiWXcYQHSDckq12n1cL9lqXpWPWI3935UpqCCRfNE3qKarjWaLOKNY3ldm95d8Luo+Tcy7rakWusVczWAVSMRUIWHk/tl/em5rd8AvNCok5Lc+Nvy7UhnpUR8oV5HiQ9V+p/GsUkRQdP2GixTo3OweiMwwL2eafEELuLmHbN3Vct8tzFM2IaQA4m1sphkO6I+6gBXP2fEt6wGB3ZreQqVee4Tp8WNh9hH+XWr2slESYbFDkpAzMKpZaGIZfXbEG/cdkt6Q4fvkYthMgg4xXl45XgeQa0+8U3h3u+y9SaOuKOyDG5LY/e1hF+fx5RwpRDwvtmejEmCdxa0moC4KMIcNzZUdRHuLXX3R5FJ9tfPFvTpOIjEU2I4LB6NC+bQIOYCR6tkxG2KPH4rUEyaHAF5tjBLF72Z9EcYICFrDdX1UANZxIjWbRuRdabjnNysNNc+jPJghqPTEcvrRe5AvKsfnIUZCsHbtO2zF7wd87Vm2Gy10wqfFwURgqgAM3Zm4JtZH100ef/uK67P/vaaacb8Ep+3TMskrn40/AR+d+qucH7Avcd0pecOsIVebFT+oE/abbrY7tjAK6VF071x5xVCHOsHnsqO7T7y72czfQZo1OQCZAMcxQOLpt44XzQLgeCYNgGEI3U/Pi7dGtBQcLy2TZuJMf7G/py8dgkshvaRXj70iUxqlsYpTx3O5Cl7XlpQpe+lu1Q+bHZ69lO37pI3+h2cVmTDJHkpeCotATWofj6FbereaBcoVE0wyXxMNSUtEcGOK5LkHyU5GpqpP60pQYoMLCYMEcqeRVLlv4tYJ++NJXIjnxPB7/a5D4JGyEUxZ7y5PBYxcoP5Xlio/ivTMvoEFU3r3EHRwgz7YpuyP/SqS+ONtmBhEoR0VkE5CI4jx2UP3uICvMcj13S66rfTW2vu95KzkWoXTRUTJn087Qx2/bOzLbsOlIsCVs/bae7UDg+m9YqCz6s/eVYv0OGdDJT6ctAtAmmO5NUlduESZ0bLllJl5F+ahPJ7lTRAd+jURztsVvpnuQc1aUGeq3ELuG7ww7bkzxdW9O+2LLTDepu20aokYqkA3FxYUS2O9HBDZdA8E4KihUQS9H7yHzATqaaEdqS/1dEttc8ldPWC47fs1z09D2uQnb5/1VeZBSqUg/sd3rhSVW89nMFUHn0RiV4PuTxreeqBzfL2KPJ0+uvH3ltUoR2qNLCxNSE095a/LNp8JlZPMnU3qsPiRXC6x4hGuM9xUXvK5djKNro1UTpfC8LQpkS5hZvbzm+RtcuORmeixtvJKYtXbD0NImxxMEKmb1FBIwxRjtwtGHUfH8DCxh62Bojmx9kUXBcj1AiMkpcDuS9kVKTrrltHBfRKfuM+MbTcfqcPMqaySsVD7ziPYwkLefw/+V1qc0kWv9aizH8+N6B9KTyJGVe2OK3OHmOPIblsQhSpBffYi/BZTER+yDpa+qJB/xG7Gw9M+DYqlJDafrdZIzpgcKiN+nwB6vY0K5RPe3FHlsBkzb0RIbIK1uG1eFHzLLjX16zpYi3dxD5oH4OERP/mxTlpuwhGEUYbiBwvTtgqUqBzONTxrdGuQprpSHAOarOELafpkwJh0YoUC+4Zw/HszW8c2quuORR88AVhtNJqo6Vd4KZfujoL+KJ5M6bwtd7iEIAPdb41os+N48Yiy6+lzAr/2WtJK7e4N+0DuY0T3zGR9Wa4/3MvFNJoXQi9pKfv/AZpW+edV8/IVbxFGEiKJhBm5PydfQucEEZfbP4BxzWCGcX/nl6ISz3ZcO0c76XH2GYJGoPV3Ep8XGoX2AX+42DawV2IWOcxbXp5yxcAvHwK9Prh2Eq7YUTuIQX1hhDcuBwALhNlmHTqM04kzrxAJsmMAKirTMwBKdrua2cAbdawZxL0MNHM6Hb50KrPPX+pJWKSnaJECWvzYH+q7EY/+OKLN0VqfxgqzxJYOyolonH+3sjvSfScRTW4PQMieklaZPthw8+I9qmsYbQ8jreIo0imvQrDK1IgzY3DATx4F17YPVKb7tS4+NZ1eA/+hDy5kvfU44x9+RKc6iuhHkP6ITQM0r7H96M8MVQ80GvjXRtEJWziKI2K6xn/5ru9nfAqRQHcVgs7farXpQ8p3X8nJWVQDLGi/kS11mqqpG5eZHXkTwGYc0tDhlbsPRkM1c/GUwTQZa0MMKxrtEb+9cft3BwTt/Wlxz0tFNwON8t4QF4LffoviKWGrm+s/Oa5RgOvM4Jx+V5WzDrC7lw2b4d3Kzwhdh2/pSGyGGC4Qx4NV+6H1nEVlG+G1cyWXX//V7GGLQiEjpwvQFwtrsv3nZ26QKJIOlyLEbH/e+yJ2dobfNL4UVI0AXANJeAIKIIKHh3MaFBwbBoyYPvJOtNTAv+kqiSNyAdTd+/ZwhYupnkcAjuM9MsTz9eliGh629u9iV8mS/IetizVuz+QXInJdXqH2sy4DUvsWu2KwNVsPOA2P+LtBa8BIHW0GqXWGZGatskOPOBzWtxh3wI81TSlsyLOEHGJRkiXvwdrNYOL6o7cuqLvgmBlRrbQCXCyeKVu1WNSzRprXs9SyEEXGrtl+dqYUQusHf4SyxSwic55l6KlpOpdDsy0vHGTAzaHkodrU8Q4Q1X28EAPr1LxDG8znlZqWcRmOkn1Dzi40TSDZ34AhG0GSkR+D/SAwvTszgmaD4Dnvze9j7NSCeeiHcb9xCHKMbRZkusdAQVp22G8QJBJJJZNrsyA9B9IA1j+2IFdn34Bo6EubPkSYKBvpUOoMwqUfKvKWvMBNNggMGBNu4feW3BtznbCCMEl/i8MA7D1h3sgMW1kQOHFvZwRWcr4ISIgqdAWGNEeimA1hBR0dsDJ0RaZNA5/H8Ow6cmlRHW7gjLf5ey6AlI2m4d9YLKlkpgktT2NrUesVNiTTSAUOnAKwdQFXig3HkL6VAyhOu6asII0gM1/3IqbWwbPTGDzJavnslj578VBey+yu/lJIZGPuL7wXampvKjhKlIDR/ofRHmyoQdtjOqMxBgKuEkYLNGl7UU/eSJbJaSIGfcZEW34B2L1Z4PBFYseNJO4XZQdDFmIXVbRJ+DwL5fQhGDpkUz56GO1zWJEzmcovwYYJyKMwfd2jx26rUd8Z+7i+td/0eUy+M6eske3G4KAQIrZ5g4QfmqETM18udYLeAzHaWB93VBKsNv1Jp25EMgxGIPT8XGtHA8oOKv8aXTarkXrvPa1kLKaNpmy5Qq2O0IEohowhPZq5vMzncRaN0h8IcRLU5hyu3Vfud2EUJI3tcJ2kc1RJ9/A4Qvz91IrXBZLWd2rWZYVo9RG98gdEZTRNQm4Ti8NnLQUb1a7EW95A9oLJci3BxGcb1G5EKT0jCQHRnlHaU9QGdDhjUpe9Yaud3nJmobcPjR/oKAneq5i3bqPM3q1wenY0XjWuNQ9ADP+5PVCHHkKYiV4Tra+zbtLs8VI9DAb3flbt9RwjNDFz2PGap+cLj9UnaNC/+K2zwNxcIZKOTAVrPGWKk1+QVz2Zzj1MzcRWnYwJ05Yj4n2Jofb+lNye2l1b8CR5R7e0iz6cAWSmk9hQiyNajsVVT/VD9qEOJa4+YpQ8rwsnwYVWPnlOz2v2mzTncezRu7QIeQX29wrAjM0lQEjyn1duqvi4Du1ubQqrNFmoF8zrJVSSQnafCSyT8wxlWUXAXz73iGj3VkKJ9UL+3LEJyQTsdsea5XFpETp4BxdPM8VdvHKKygf8SV+rq/HnpUyxvJiv850n1VlVP0Vwbz743FXn6hRfXC2E6zae6yBaChk5GB0lMUrWvnDz7ABxg+D0SBH3f6qDJp1CjrbObANO/yn74kV2O0ZSDJkMSZFzw3vxnTa6vTJyfiboFk7JXIYBmYXVLBd6VA9TMNNmKP3DWtzajQUU2eggJw/7ewoUyt+MAtbkD6UQJ5mC65YqRJ+S+bmXj/swwLAoPe+GU51/6R1YI0U7Dl9F95FqJ5dM6pDhmAutq2a4fmP3z9DfQ25Eg9x0D6dZekoZoBkKUYyVqAPYNfFdpSMjWMAYNu7D0pisQ3Q73CTGM/uSI5NjRzTVAOyT6y9YgUK0NruY5oVouKgGozXZUqKQe2CkZdnrszQ9e7yGG87Mn0jMOx5lwweXgq5Hccwf3vKcErOHqekaImUqEEHmA7QCuAFLwHcHCOpUE2zsSp7AxV9qPxAeUHd6vnBy/lktTYvvKsplX+V6JfKGigx8nbto5WzKt3g+r9mAlapzwY2f8jdA17o4voi/QQKaG0SpxrLAKAxEzp0ucSIBtvMjaCmULSNbODN+4AdA7dby7djNzfiEVXe8y4g1Q+vEphEaXiVtSsNb0tDARAB3zN6lQcgsVP1lKrdJUXe3H2nyrsjL0CwZr2aTGlElcxN4G46Lf/84G2aaA2EVv1RXJ1Beg0bX/0JSJIEXJsjZpJ36zhGEFK6NSBpVFFh2STrbaTdFElVjpkc3h+0993s01Rld3am50s3BoaNAXaD5JBKkip+QRgOWMTdCf1ko530T1yLvAjNIP9vFBZkfOgRrNRdAun8yLfslF+X+6a4JtcYD+w0meS7TeGt3uF93vyJNvhDrxNAG86wnnL6UmqLRB1CjZd9bfoZWlp0H2aRuUBXI7TagLx/9b02JxQzp6ECqgAR+5z939uqQPciKtzgGFookasCeSCZeu6z4Et1X/cLWAeGR96p6yccxkerAYKvCpmzzn/pkSghSQpPj0A0QgJDe3YuUo8zBqMZMPiNdjgjFdRbJW1AvvcO2a0ruqHutEZcEnNdZOWi9ooOSmzKkt+dnTqCGWAz0gT7os6oDtjJQPDaaeMD+CW1QGHEt2JpeGXduiSd1M+YI1w2ZUhqYbUu1dFt9SSTTU8CQJnclLQakQDNVkZv07CSPJfBYQVMDFH0pnY4kKmkxzo3wQ6xakaDR1wFClZ/soKkkC66BcPNdxEDtT+9m7lMgi3GXnqnnXGVCsMPSg3R3WEVrYRd8O5BObPiN8viRyygIlLwT6QmNg9T6oJAqD0/z4A==</Value></TokenEntry></Values></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[16]"><TokenEntry><Name>SessionKey</Name><Value>X8fx6nhvgfKlTaSJofp9npNZ3vuX8jZh8/RiG523yzaxD2QTapSBBdbtZIo2Lmt4HA2Q9CngQ2PzsXqWhBjEKpyTU+MCZM98dicPguTB9pZEAHZOpPYiIXRPdBfMpcaP3R2XUywkPHYN9nwpNKD0numrS7eB5Q9wWP+xr4r6hhegpmf6+GrDT59hPwuVKsskMHSd1P4xiNlaB5dsLECYgqoYCWBMhgmzY425jmVpE0UvRJWyE85z23RIyy0mqL9UbNFF0oDzBBa8QhzudADg2fE1HBS3WWcuTrIyUh5uDADQWqls6PjxpJqCYkV8/Piw4AWtdnxb4MOW7+IlF/eudA==</Value></TokenEntry><TokenEntry><Name>BindingType</Name><Value>W3IbHHaivvgGlCIqNuA4NCcbJ9xJEg8PTX1rH+leIKE=</Value></TokenEntry><TokenEntry><Name>Binding</Name><Value>FW37jIMDFjQsvfM+8sLJmEZqebfCjFPZX5bhxdue8QwM9mp0hkHW6/GRwjHWzoUiq8Q1mLKjjTNF9C6cmSab4/EiVM7gw2UY6RtIUQOnKTE=</Value></TokenEntry><TokenEntry><Name>ProductKey</Name><Value>Jet8SZU0fCGJQLHGVeyzYfyU0WuRkDRPGWgL7HFwvWM=</Value></TokenEntry><TokenEntry><Name>ProductKeyType</Name><Value>W3IbHHaivvgGlCIqNuA4NG+SicL7waWunHkBF0RqleA=</Value></TokenEntry><TokenEntry><Name>ProductKeyActConfigId</Name><Value>Kyw1tCBaxqwdR6DnHJ80H8mYwdeNRX8LIlCaodF/e6vMxvr1G3oHQvyd77YvOcO3G4yg/pFfXaCgK7wjiUtBQGkEt0NetDPlXNwqFjkOIJA=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.licenseCategory</Name><Value>Lu7BSn1yWTidIGr9vFLA4TKwG19TnRXQcrW5Xm4izck=</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.licenseCategory</Name><Value>Lu7BSn1yWTidIGr9vFLA4Soblqdxj1pZjmr5F10WWWg=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.sysprepAction</Name><Value>CuduENxK17co3viHAkQMwg==</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.sysprepAction</Name><Value>CuduENxK17co3viHAkQMwg==</Value></TokenEntry><TokenEntry><Name>ClientInformation</Name><Value>mtlNxQ4cMy5MJ0qSIx7Yh+hJ0/VXDVakU9okteFByJvsQYvoayIUx3uYQi6P1jJlYacT7QtMV0qGd/AukJpgWg==</Value></TokenEntry><TokenEntry><Name>ReferralInformation</Name><Value>0LVRGDJRLxSu/bwXi/4X2ivPxHElXZ5H3drS8ZbqF2j3uwhR1pgFe/+8UYzt3Rz/Z95ZyjYOxMx32cCATRM1HA==</Value></TokenEntry><TokenEntry><Name>ClientSystemTime</Name><Value>nxmhqWsFHGBV5JnO+7bQweJTXIAwkckau6Lk1CefcY4=</Value></TokenEntry><TokenEntry><Name>ClientSystemTimeUtc</Name><Value>nxmhqWsFHGBV5JnO+7bQweJTXIAwkckau6Lk1CefcY4=</Value></TokenEntry><TokenEntry><Name>otherInfoPublic.secureStoreId</Name><Value>abLEoBG0Osm+tGJn7T9+gCyJVzDwJWfwJKg6sCg4Sdxjc9sZpCOsFX/4TBsXYF9m</Value></TokenEntry><TokenEntry><Name>otherInfoPrivate.secureStoreId</Name><Value>abLEoBG0Osm+tGJn7T9+gCyJVzDwJWfwJKg6sCg4Sdxjc9sZpCOsFX/4TBsXYF9m</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EE7, 20:25:28:850 - <NULL>)
00010003(0x80072EE7, 20:25:28:850)

=========================== Installed Programs ============================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{05f7f410-0274-45d0-91dc-712a62aadd96}) (Version: 1.2.68.19138 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{E2ED917A-F98B-4062-B1CC-A91627B79457}) (Version: 1.2.68.19138 - Avira Operations GmbH & Co. KG) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10206 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{B8908ABE-8AAE-41FD-A367-391CD492981B}) (Version: 2.0.018.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 11.6.385 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

**** End of log ****



#12 CrunchMaster

CrunchMaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 05 August 2016 - 08:29 PM

I keep having some random audio ad start up sporadically--  I touch nohing--

 

Anyway, results are as follows: JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8 x64
Ran by MyComputer (Administrator) on Fri 08/05/2016 at 21:20:38.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 8

Failed to delete: C:\Users\MyComputer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YY2KNBLO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MyComputer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BJCZ0GO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MyComputer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46TGVK5W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MyComputer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJVDO4R6 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BJCZ0GO (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46TGVK5W (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJVDO4R6 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YY2KNBLO (Temporary Internet Files Folder)

 

Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0283141470453918mcinstcleanup (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/05/2016 at 21:23:01.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Nothing showed in Adaware

 

Still waiting on ESET and Malwarebytes.  I have had only a light blue screen on ESET for about 20 mins now--



#13 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:13 PM

Posted 05 August 2016 - 08:42 PM

Please uninstall McAfee Internet Security. You only need one antivirus, two together cause issues and are less secure.

 

also, please apply this fix...

 

  1. Navigate to your C:\Windows folder within Windows Explorer.
     
  2. Right click on the folder Registration. Click on Properties, and go to the Security tab.
     
  3. Click the Advanced button. If the User Account Control dialog box appears, click Continue.
     
  4. In the following dialog, make sure that the following permissions are set:
    • The Administrators group has Full Control over This folder and files.
    • The Everyone group has List folder/read data, Read attributes, Read extended attributes, and read permissions for This folder and files.
    • The SYSTEM account has Full Control over This folder and files.
       
  5. Click OK.

Let me know if there's any issues.


Edited by TsVk!, 05 August 2016 - 08:55 PM.


#14 CrunchMaster

CrunchMaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 06 August 2016 - 07:32 AM

Went to registration and I cannot change Everyone's permissions. It is set to Read and Execute. Also, after rebooting and changing passwords TWICE on router, "Angler" popped up again under my network connected devices. Please help me remove this. I feel so violated

#15 CrunchMaster

CrunchMaster
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 06 August 2016 - 07:47 AM

Just rebooted my computer and tried to adjust those settings. I was able to this time! Please advise of next steps. Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users