Solved New virus/ malware

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
393
That is excellent news!
However, the cleaning process is not yet finished. Please, go on with the instructions in my previous post and stay with me until i tell you the computer is clean. 🙂
 

Ladysmith94

Thread Starter
Joined
Feb 13, 2010
Messages
35
That is excellent news!
However, the cleaning process is not yet finished. Please, go on with the instructions in my previous post and stay with me until i tell you the computer is clean. 🙂
Sorry. I missed the previous post. Will continue.
 

Ladysmith94

Thread Starter
Joined
Feb 13, 2010
Messages
35
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-05-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-22-2020
# Duration: 00:00:06
# OS: Windows 10 Home
# Cleaned: 6
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\smitt\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\DllKitPRO
Deleted HKLM\Software\Wow6432Node\Outbyte
Deleted HKLM\Software\Wow6432Node\\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1818 octets] - [21/05/2020 12:32:20]
AdwCleaner[S01].txt - [1879 octets] - [22/05/2020 08:59:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
393
Thank you.

Just a reminder, in case you missed it: I also need the Addition log, which is in the same location as FRST is.
 

Ladysmith94

Thread Starter
Joined
Feb 13, 2010
Messages
35
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by smitt (22-05-2020 09:17:33)
Running from C:\Users\smitt\Desktop\TechSupport Guy
Windows 10 Home Version 1903 18362.836 (X64) (2019-08-18 05:02:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1006171801-932624171-3450071032-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1006171801-932624171-3450071032-503 - Limited - Disabled)
Guest (S-1-5-21-1006171801-932624171-3450071032-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1006171801-932624171-3450071032-1003 - Limited - Enabled)
smitt (S-1-5-21-1006171801-932624171-3450071032-1001 - Administrator - Enabled) => C:\Users\smitt
WDAGUtilityAccount (S-1-5-21-1006171801-932624171-3450071032-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (HKLM-x32\...\{23170F69-40C1-2701-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20063 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.371 - Adobe)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 20.3.2405 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 81.0.4133.130 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.438 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.7.915.0 - AVAST Software) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX520 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX520_series) (Version: 1.00 - Canon Inc.)
Canon MX520 series On-screen Manual (HKLM-x32\...\Canon MX520 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX520 series User Registration (HKLM-x32\...\Canon MX520 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.66 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.61 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1006171801-932624171-3450071032-1001\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 72.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 72.0.2 (x86 en-US)) (Version: 72.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 72.0.2.7321 - Mozilla)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Viasat Browser (HKLM-x32\...\Viasat Browser) (Version: 80.0.3987.28808 - Viasat and The Chromium Authors)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-03-07] (Canon Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.38.21323.0_x64__8wekyb3d8bbwe [2020-05-14] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-11] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-05-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-19] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-06-02 01:26 - 2012-08-08 21:56 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\P2PLib.dll
2016-06-02 01:26 - 2012-11-06 09:47 - 000114688 _____ () [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll
2017-05-10 14:44 - 2012-06-22 12:56 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2017-05-10 14:46 - 2012-08-31 10:30 - 000312832 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2017-05-10 14:44 - 2012-09-27 13:33 - 000520192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2017-05-10 14:43 - 2012-07-31 03:48 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2016-06-02 01:26 - 2012-11-06 14:31 - 000623616 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlLib.dll
2016-06-02 01:26 - 2012-09-13 09:25 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\IpLib.dll
2016-06-02 01:26 - 2012-05-07 14:23 - 000040960 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlICS.dll
2016-06-02 01:26 - 2012-10-12 10:25 - 000266240 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlIhvOid.dll
2016-06-02 01:26 - 2012-06-22 16:01 - 000044544 _____ (Realtek) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlQRCode.dll
2016-06-02 01:26 - 2009-07-23 17:32 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\LIBEAY32.dll
2019-03-29 11:46 - 2018-09-05 21:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2019-01-06 00:58 - 000000832 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1006171801-932624171-3450071032-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\smitt\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\b9fbe9eb-d94a-4fb3-88ec-4cd04606bbde_6.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{16410A0A-2A0E-4BDA-ABF3-4C1A1012AF9A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D933460B-35E5-4891-96BD-DFBDAD992955}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B960A674-3BDC-41B2-AF19-A4F6B7846E38}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7EFCF5FA-BC56-41F5-AD98-AAF3AE6CE6C9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{CD58445B-1AC8-427B-ADA4-BF7379700B79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B69DD905-5FED-4A66-B2A6-6B948FCFDBCC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DE574ECC-25D2-4F21-87FD-43B6C4D62F5A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6C5FCB29-6089-41DC-A2F8-E935ED6F98BA}] => (Allow) LPort=1900
FirewallRules: [{52A66836-9A11-4DDA-A442-B43B4FECFE0F}] => (Allow) LPort=2869
FirewallRules: [{D523681F-3906-4810-92B3-03145BA75028}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{482D193E-F8F3-46E7-BCB9-11D49F5754D7}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe (Realtek) [File not signed]
FirewallRules: [{9333ABA7-2042-4326-938F-E630214305C4}] => (Allow) LPort=53
FirewallRules: [{33E523BA-B35C-42C9-84B0-350B73C52042}] => (Allow) LPort=53
FirewallRules: [{866FC77C-2953-4A14-80CB-61B88B9C068F}] => (Allow) LPort=68
FirewallRules: [{125C4A0A-AEE0-49E6-B6F3-35833E21A0E5}] => (Allow) LPort=67
FirewallRules: [{914CAC78-E145-4D6B-BE4F-9493063A2BE0}] => (Allow) LPort=53
FirewallRules: [{030A25BA-A113-41EC-A096-D16A39267A05}] => (Allow) LPort=1542
FirewallRules: [{F41391F6-8A59-4C5E-BCF7-99D01B09B48E}] => (Allow) LPort=1542
FirewallRules: [{E11B5239-18D1-4AD8-8779-66B9902C9DDD}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{8E708545-243C-417D-AAAD-93D78D079D9C}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{79D269B0-E4CD-4B50-84A7-D96DF2B4D70D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{29B904D0-C6E0-44D2-BD8E-C84DFB9EEF90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{162F5659-63B4-4F9B-B099-7B1042AAEC04}] => (Allow) C:\Program Files (x86)\ViaSat\Viasat Browser\Application\Viasat Browser.exe (Viasat Inc. -> Viasat Inc.)
FirewallRules: [{7826F393-6544-4908-9A2D-827E3B5558F2}] => (Allow) C:\Program Files (x86)\ViaSat\Viasat Browser\Application\Viasat Browser.exe (Viasat Inc. -> Viasat Inc.)
FirewallRules: [{2B07741A-1C47-40DF-8BB2-031CF15F958F}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FAB36DD3-C904-426E-9F67-0A7F351B5B03}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

02-05-2020 01:54:58 Scheduled Checkpoint
11-05-2020 07:32:04 Scheduled Checkpoint
19-05-2020 13:43:02 Removed Java 8 Update 111

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/22/2020 09:13:22 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (05/22/2020 09:11:48 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (05/22/2020 09:01:04 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (05/22/2020 09:00:24 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4404,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/22/2020 08:49:38 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (05/22/2020 08:31:04 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (05/22/2020 08:19:37 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (05/22/2020 08:01:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (05/22/2020 09:07:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/22/2020 09:07:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (05/22/2020 09:02:47 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Avast Antivirus service did not shut down properly after receiving a preshutdown control.

Error: (05/22/2020 09:01:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/22/2020 09:01:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/22/2020 09:01:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/22/2020 09:01:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RtlService service terminated unexpectedly. It has done this 1 time(s).

Error: (05/22/2020 09:01:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2019-10-10 20:55:50.485
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4160E094-A0BE-476E-BE65-E150004F6DE8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-22 04:18:07.512
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-03-22 04:18:07.512
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-03-22 04:18:07.511
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-03-22 04:18:07.479
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-03-22 04:18:07.478
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-05-22 09:11:47.017
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-22 09:10:08.066
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-22 09:10:06.792
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-22 09:10:00.551
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-22 09:09:57.391
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-22 09:09:55.066
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-22 09:09:34.664
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-22 09:09:30.800
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 2.3.1 05/21/2007
Motherboard: Dell Inc. 0TY565
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
Percentage of memory in use: 70%
Total physical RAM: 4029.61 MB
Available physical RAM: 1173.02 MB
Total Virtual: 8125.61 MB
Available Virtual: 5096.39 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.59 GB) (Free:870.59 GB) NTFS

\\?\Volume{ca699730-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{ca699730-0000-0000-0000-00ace8000000}\ () (Fixed) (Total:0.82 GB) (Free:0.41 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CA699730)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=844 MB) - (Type=27)

==================== End of Addition.txt =======================
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
393
Hi Ladysmith94.

The Malwarebytes and AdwCleaner logs are good, and the fact that you don't get the warning from Avast is also good.

Let's make some tidying up now.

1. Run FRST

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
Task: {B283DA9B-E1BF-427E-BC96-B07D2139424B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

2. Browsers usage

As I already told you, you have many browsers running in your computer: Internet Explorer, Edge, Google Chrome, Mozilla Firefox, Viasat, Avast. You can't uninstall Internet Explorer and Edge, and your default one is Avast browser. So, you may consider to uninstall at least 2 of the others. In any case, you have to keep them all up to date. I can see that at least Mozilla Firefox needs to be updated (if you keep it, here you can get the latest version).

3. Windows update

Your Windows operating system is still running in version 1903. The latest one is 1909, and a new one will be released this month. Although version 1903 is still supported, have in mind that it is important always to keep current with the latest security fixes from Microsoft.
  • If you decide to upgrade, go here, and click on the Update now button.
  • Follow the instructions, choose to keep your files and apps when you are asked, and be patient. The process might take a few hours, depending also from your wi-fi connection speed.

4. Feedback

Please, report any other issue you may have with the computer.
 

Ladysmith94

Thread Starter
Joined
Feb 13, 2010
Messages
35
Frstlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2020 01
Ran by smitt (24-05-2020 18:58:08) Run:1
Running from C:\Users\smitt\Desktop\TechSupport Guy
Loaded Profiles: smitt
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {B283DA9B-E1BF-427E-BC96-B07D2139424B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B283DA9B-E1BF-427E-BC96-B07D2139424B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B283DA9B-E1BF-427E-BC96-B07D2139424B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32828648 B
Java, Flash, Steam htmlcache => 885 B
Windows/system/drivers => 44022231 B
Edge => 24964 B
Chrome => 23856293 B
Firefox => 25164856 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 25972 B
Users => 25972 B
ProgramData => 25972 B
Public => 25972 B
systemprofile => 25972 B
systemprofile32 => 25972 B
LocalService => 82676 B
NetworkService => 87262 B
smitt => 57714046 B

RecycleBin => 5428848 B
EmptyTemp: => 190.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:59:59 ====



I am proceeding with the remaining instructions, deleting browsers and updates.
The only other issue this computer has is with Windows Live Mail.
Once these other things are completed, if it is still having problems, I will let you know here in this post.
 

Ladysmith94

Thread Starter
Joined
Feb 13, 2010
Messages
35
Question re: Windows update.
The computer is set for automatic updates. I am not sure I understand why it is not up-to-date.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
393
Question re: Windows update.
The computer is set for automatic updates. I am not sure I understand why it is not up-to-date.
It can happen for several reasons.

Were you able to do the update? Any problem during the process?
 

Ladysmith94

Thread Starter
Joined
Feb 13, 2010
Messages
35
I have not done the update yet. I am wanting to be sure hubby can stay off of it for the necessary time frame.
will report when it is completed.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
393
Hi, Ladysmith.

Glad to hear that the update went fine! :)

Are you experiencing any other issue regarding this computer?

1. About Windows Live Essentials

As for Windows Live Essentials you have installed in the computer, have in mind that it is no longer supported by Microsoft. The package includes several applications, e.g. Windows Live Mail which is discontinued since November 2014. That's the reason you are having issues with it. Windows 10 have other applications which you can try. Mail, for example, is an email client built in Windows 10. Of course, there are many other free email clients, if you want to have one, instead of send and receive email via browser.

The following is from Microsoft's page:

We're no longer offering the Windows Essentials 2012 suite for download, but if you already have it installed, it will continue to work as it does today. It reached end of support on January 10, 2017, and it isn't available in Windows 10.
Windows Essentials included:
  • Windows Movie Maker
  • Windows Photo Gallery
  • Windows Live Writer
  • Windows Live Mail
  • Windows Live Family Safety
  • OneDrive desktop app for Windows
Considering the above, please uninstall Windows Live Essentials:
  • Press the Windows key together with the R key on the keyboard at the same time, to open the Control Panel.
  • Type appwiz.cpl in the window open and click OK.
  • In the list of programs look for the program listed below, right-click the entry and click Uninstall.
    Code:
    Windows Live Essentials
  • Select all the programs included in the package.
  • Restart the computer.

2. Fresh FRST logs

After the above, please provide fresh FRST logs, so to check if everything is fine.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply (or attach).
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top