MJmusicguy 5 Posted September 6, 2017 Report Share Posted September 6, 2017 9/6/2017 7:26:01 PM Application Rule created for "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe\HxTsr.exe" ive looked it up and it appers to be rlated to office or outlook but i dont use office nor outlook so what is it also on a unrelated not EAM sees to hve crashed mysteriously but its not refelected in the logs atlest on screen should i be concerned or am i just paranoid Link to post Share on other sites
Kevin Zoll 309 Posted September 6, 2017 Report Share Posted September 6, 2017 You very likely have or had a trial version of MS Office that came with your Computer. I am going to have you invoke WIndows File Protection by running the System File Checker. System File Checker Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator. Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /) Let the check run to completion. DO NOT reboot the PC or close the cmd window. Copy & Paste the following command at the Command Prompt and press Enter: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt Link to post Share on other sites
MJmusicguy 5 Posted September 7, 2017 Author Report Share Posted September 7, 2017 heres the file as requested I dont recall having office i may have had it when i first got the pc last year but Libre office has always been my suite of choice also why would EIS have crashed i sent a report in but did not entire my email i havnt had any issues till tonight sfcdetails.txt Link to post Share on other sites
MJmusicguy 5 Posted September 7, 2017 Author Report Share Posted September 7, 2017 would you like me to proceed with a farbar scan? Link to post Share on other sites
Kevin Zoll 309 Posted September 7, 2017 Report Share Posted September 7, 2017 THe system does not appear to have been corrupted according to that SFC scan log. Yes, run a scan with FRST in accordance with the instructions in our start here thread. Link to post Share on other sites
MJmusicguy 5 Posted September 8, 2017 Author Report Share Posted September 8, 2017 Hi I will do so first thing tomorrow Link to post Share on other sites
MJmusicguy 5 Posted September 8, 2017 Author Report Share Posted September 8, 2017 here are the logs requested Addition.txt FRST.txt Link to post Share on other sites
Kevin Zoll 309 Posted September 8, 2017 Report Share Posted September 8, 2017 MBAM and EIS are not compatible. Use one or the other. Other than some orphaned stuff and a restriction, nothing looks amiss. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION SearchScopes: HKU\S-1-5-21-2431762388-1408777004-2867943247-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2431762388-1408777004-2867943247-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-02] (Zemana Ltd.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {08642EB7-349A-4269-8C5B-242809B23C7C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.Note: If the tool warns you about an outdated version please download and run the updated version. Link to post Share on other sites
MJmusicguy 5 Posted September 9, 2017 Author Report Share Posted September 9, 2017 here you are Kevin Fixlog.txt Link to post Share on other sites
Kevin Zoll 309 Posted September 12, 2017 Report Share Posted September 12, 2017 I apologize for the delay in getting back to you. Let's take a fresh look. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running. Link to post Share on other sites
MJmusicguy 5 Posted September 13, 2017 Author Report Share Posted September 13, 2017 Scan_170913-120149.txt Addition.txt FRST.txt Link to post Share on other sites
Kevin Zoll 309 Posted September 13, 2017 Report Share Posted September 13, 2017 Looking through the Event Lo g portion of the FRST logs, it appears that there may be an issue with Cryptographic Services on this system. Let's try resetting some areas of Windows to their defaults. Download Windows Repair by Tweaking.com http://www.tweaking.com/content/page/windows_repair_all_in_one.html to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com Double-click "tweaking.com_windows_repair_aio.zip" and extract the "Tweaking.com - Windows Repair" folder to your desktop. Now open this folder and double-click "Repair_Windows.exe". Click the "Repairs" tab on the far right. Click the "Open Repairs" button (bottom right) Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned. Click "Unselect All" Put a checkmark in the following items: 01 - Reset Registry Permissions 02 - Reset File Permissions 03 - Reset Service Permissions 04 - Register System Files 05 - Repair WMI 10 - Remove Policies Set By Infections 19 - Repair Volume Shadow Copy Service 21 - Repair MSI (Windows Installer) 26 - Restore Important Windows Services 27 - Set Windows Services To Default Startup 28.01 - Repair Windows 8/10 App Store 28.02 - Repair Windows 8/10 App Store (Completely Reset App Store) 29 - Repair Windows 8/10 Component Store 30 - Repair Windows 8/10 COM+ Unmarshalers 31 - Repair Windows 'New' Submenu 32 - Restore UAC (User Account Control) Settings 33 - Repair Performance Counters Note: Leave everything else unchecked Put a checkmark in "Restart System When Finished" Now click the "Start" button (bottom right) Run a fresh scan with FRST, attach the new FRST scan logs to your reply. Link to post Share on other sites
MJmusicguy 5 Posted September 14, 2017 Author Report Share Posted September 14, 2017 Sorry Keven before proceeding can you clarify a bit and if this is a large concern because i do use https://www.safer-networking.org/spybot-anti-beacon/ Link to post Share on other sites
MJmusicguy 5 Posted September 14, 2017 Author Report Share Posted September 14, 2017 im worried that such actions could damge my system Link to post Share on other sites
MJmusicguy 5 Posted September 14, 2017 Author Report Share Posted September 14, 2017 i wont begin to pretend anything that program did and as nervous as i was with it your the expert and know far more then little old me here are the logs first boot after windows repair Addition.txt FRST.txt Link to post Share on other sites
MJmusicguy 5 Posted September 14, 2017 Author Report Share Posted September 14, 2017 do you want the fix loga for the other tool to or no? Link to post Share on other sites
Kevin Zoll 309 Posted September 14, 2017 Report Share Posted September 14, 2017 No need for the Windows Repair logs. As I mentioned in an earlier post MBAM and EIS are not compatible. Uninstall one of them. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-2431762388-1408777004-2867943247-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --user-data-dir="C:\Users\Branden\AppData\Local\ASUS GIFTBOX\User Data" --no-sandbox --flag-swi (the data entry has 100 more characters). U1 aswbdisk; no ImagePath S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] Task: {13B80432-7F47-44F9-8D04-DC0E19CA63C6} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{662D790F-5C55-49FD-BF1D-34742578904E}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)" Task: {13B80432-7F47-44F9-8D04-DC0E19CA63C6} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{662D790F-5C55-49FD-BF1D-34742578904E}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{662D790F-5C55-49FD-BF1D-34742578904E}_System Diagnostics" Task: {77880A83-BCFA-4F61-975E-D28FAB3E2DE1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{0439115E-8125-45CE-ACDD-A2BC8248C4D3}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)" Task: {77880A83-BCFA-4F61-975E-D28FAB3E2DE1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{0439115E-8125-45CE-ACDD-A2BC8248C4D3}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{0439115E-8125-45CE-ACDD-A2BC8248C4D3}_System Diagnostics" Task: {D3873DE7-29D8-4146-B6E2-99A991D7DC88} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3C4866E3-A93B-44BE-A8E8-8D4BCE7DB4B8}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)" Task: {D3873DE7-29D8-4146-B6E2-99A991D7DC88} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3C4866E3-A93B-44BE-A8E8-8D4BCE7DB4B8}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{3C4866E3-A93B-44BE-A8E8-8D4BCE7DB4B8}_System Diagnostics" Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.Note: If the tool warns you about an outdated version please download and run the updated version. Link to post Share on other sites
MJmusicguy 5 Posted September 14, 2017 Author Report Share Posted September 14, 2017 ok here ya go i will uninstall malwarebytes soon and i asked if you wamted the logs because there were some warnings in there so ill include them all in a zip just in case 2017-09-13_10.46.36-PM.zip Fixlog.txt Link to post Share on other sites
Kevin Zoll 309 Posted September 14, 2017 Report Share Posted September 14, 2017 Everything should be fine at this point, but let's double check. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running. Link to post Share on other sites
MJmusicguy 5 Posted September 14, 2017 Author Report Share Posted September 14, 2017 heres fresh logs after MBAM removal should we not be concernd by the errors warnings generated by the windows repair tool? Addition.txt FRST.txt Link to post Share on other sites
Kevin Zoll 309 Posted September 14, 2017 Report Share Posted September 14, 2017 The errors in the Windows Repair log are not something to be overly concerned with they will not effect system performance or stability. Your FRST logs look fine. How are things running? Link to post Share on other sites
MJmusicguy 5 Posted September 14, 2017 Author Report Share Posted September 14, 2017 great now thanks kevin can you just explain what the tweak tool did and why you had merun it i just like to learn also heres the eek log i missed scan_170914-211005.txt Link to post Share on other sites
MJmusicguy 5 Posted September 14, 2017 Author Report Share Posted September 14, 2017 how do i remove all the tools we use and do i keep the repair tools registry backup? Link to post Share on other sites
Kevin Zoll 309 Posted September 15, 2017 Report Share Posted September 15, 2017 The Windows Repair tool loads and runs several different scripts based on what I told it to do. The scripts reset the selected items to their default values and settings. I decided to have you run it with the options I selected, because of several permissions related errors that were present in the Events log of the FRST Additional Scans report. Unless you are having problems, it is time to do the final steps. Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to:Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle BinDownload to your Desktop: - CCleaner Portable To remove Windows Repair by Tweaking.com run its uninstaller. Run Windows Update and update your Windows Operating System.Articles to Read:How to Protect Your Computer From MalwareHow to keep you and your Windows PC happyWeb, email, chat, password and kids safetyHow Did I Get Infected? That should take care of everything. Safe Surfing! Link to post Share on other sites
Kevin Zoll 309 Posted September 21, 2017 Report Share Posted September 21, 2017 Thread Closed Reason: ResolvedThe procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread. Link to post Share on other sites
Recommended Posts