Recommended Posts

9/6/2017 7:26:01 PM
Application Rule created for "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe\HxTsr.exe"


ive looked it up and it appers to be rlated to office or outlook but i dont use office nor outlook so what is it also on a unrelated not EAM sees to hve crashed mysteriously but its not refelected in the logs atlest on screen

should i be concerned or am i just paranoid  

Share this post


Link to post
Share on other sites

You very likely have or had a trial version of MS Office that came with your Computer.

I am going to have you invoke WIndows File Protection by running the System File Checker.

System File Checker

  • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
  • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
  • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
  • Copy & Paste the following command at the Command Prompt and press Enter:


findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

Share this post


Link to post
Share on other sites

heres the file as requested I dont recall having office i may have had it when i first got the pc last year but Libre office has always been my suite of choice also why would EIS have crashed i sent a report in but did not entire my email i havnt had any issues till tonight 

sfcdetails.txt

Share this post


Link to post
Share on other sites

THe system does not appear to have been corrupted according to that SFC scan log.

Yes, run a scan with FRST in accordance with the instructions in our start here thread.

Share this post


Link to post
Share on other sites

MBAM and EIS are not compatible.  Use one or the other.

Other than some orphaned stuff and a restriction, nothing looks amiss.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2431762388-1408777004-2867943247-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2431762388-1408777004-2867943247-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-02] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {08642EB7-349A-4269-8C5B-242809B23C7C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

Close Notepad.



NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

I apologize for the delay in getting back to you.

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites

Looking through the Event Lo g portion of the FRST logs, it appears that there may be an issue with Cryptographic Services on this system.

Let's try resetting some areas of Windows to their defaults.

Download Windows Repair by Tweaking.com http://www.tweaking.com/content/page/windows_repair_all_in_one.html to your desktop.  Use the direct download link for the Portable version of Windows Repair by Tweaking.com

  • Double-click "tweaking.com_windows_repair_aio.zip" and extract the "Tweaking.com - Windows Repair" folder to your desktop.
  • Now open this folder and double-click "Repair_Windows.exe".
  • Click the "Repairs" tab on the far right.
  • Click the "Open Repairs" button (bottom right)

Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.

  • Click "Unselect All"
  • Put a checkmark in the following items:
    • 01 - Reset Registry Permissions
    • 02 - Reset File Permissions
    • 03 - Reset Service Permissions
    • 04 - Register System Files
    • 05 - Repair WMI
    • 10 - Remove Policies Set By Infections
    • 19 - Repair Volume Shadow Copy Service
    • 21 - Repair MSI (Windows Installer)
    • 26 - Restore Important Windows Services
    • 27 - Set Windows Services To Default Startup
    • 28.01 - Repair Windows 8/10 App Store
    • 28.02 - Repair Windows 8/10 App Store (Completely Reset App Store)
    • 29 - Repair Windows 8/10 Component Store
    • 30 - Repair Windows 8/10 COM+ Unmarshalers
    • 31 - Repair Windows 'New' Submenu
    • 32 - Restore UAC (User Account Control) Settings
    • 33 - Repair Performance Counters

Note: Leave everything else unchecked

  • Put a checkmark in "Restart System When Finished"
  • Now click the "Start" button (bottom right)

Run a fresh scan with FRST, attach the new FRST scan logs to your reply.

 

Share this post


Link to post
Share on other sites

No need for the Windows Repair logs.

As I mentioned in an earlier post MBAM and EIS are not compatible.  Uninstall one of them.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKU\S-1-5-21-2431762388-1408777004-2867943247-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe  --no-displaying-insecure-content --disable-devtools --user-data-dir="C:\Users\Branden\AppData\Local\ASUS GIFTBOX\User Data" --no-sandbox --flag-swi (the data entry has 100 more characters).
U1 aswbdisk; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
Task: {13B80432-7F47-44F9-8D04-DC0E19CA63C6} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{662D790F-5C55-49FD-BF1D-34742578904E}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {13B80432-7F47-44F9-8D04-DC0E19CA63C6} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{662D790F-5C55-49FD-BF1D-34742578904E}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{662D790F-5C55-49FD-BF1D-34742578904E}_System Diagnostics"
Task: {77880A83-BCFA-4F61-975E-D28FAB3E2DE1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{0439115E-8125-45CE-ACDD-A2BC8248C4D3}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {77880A83-BCFA-4F61-975E-D28FAB3E2DE1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{0439115E-8125-45CE-ACDD-A2BC8248C4D3}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{0439115E-8125-45CE-ACDD-A2BC8248C4D3}_System Diagnostics"
Task: {D3873DE7-29D8-4146-B6E2-99A991D7DC88} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3C4866E3-A93B-44BE-A8E8-8D4BCE7DB4B8}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {D3873DE7-29D8-4146-B6E2-99A991D7DC88} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{3C4866E3-A93B-44BE-A8E8-8D4BCE7DB4B8}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{3C4866E3-A93B-44BE-A8E8-8D4BCE7DB4B8}_System Diagnostics"

Close Notepad.



NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Everything should be fine at this point, but let's double check.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running.

Share this post


Link to post
Share on other sites

The errors in the Windows Repair log are not something to be overly concerned with they will not effect system performance or stability.

Your FRST logs look fine.

How are things running?

Share this post


Link to post
Share on other sites

The Windows Repair tool loads and runs several different scripts based on what I told it to do.  The scripts reset the selected items to their default values and settings.  I decided to have you run it with the options I selected, because of several permissions related errors that were present in the Events log of the FRST Additional Scans report.

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

Download Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

  • Click the Run button.


When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad.

Empty the Recycle Bin

Download to your Desktop:
- CCleaner Portable

To remove Windows Repair by Tweaking.com run its uninstaller.

Run Windows Update and update your Windows Operating System.

Articles to Read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
How Did I Get Infected?

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.