[SOLVED] Is efnnouse.exe a virus?

[MONKA]

Hi, Monka.

CKScanner was for something else. It won't help with the issues with stop responding of applications. You can delete it from your desktop.

1. Let's see if JRT picks up anything else. Please download Junkware Removal Tool to your desktop.

• Disable your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

2. Regarding the issue with applications responding, there are a number of corruptions listed in your log. Please perform a SFC (System File Checker) scan which will check and attempt to fix any corrupted files on your system.

• Since you have Windows 8.1, from the desktop, right-click the Windows logo in the bottom-left corner and select Command Prompt (Admin).
• At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the slash)
• When the scan is complete, if no errors are found, restart your computer and post back
• Please let me know in your next reply if the message does not say "Windows resource protection did not find any integrity violations".

Here is the JRT results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.9 (06.27.2015:2)
OS: Windows 8.1 x64
Ran by Monica on Sat 06/27/2015 at 11:48:59.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Failed to delete: [Task] C:\windows\system32\tasks\Uninstaller_SkipUac_Monica
Successfully deleted: [Task] C:\windows\tasks\Uninstaller_SkipUac_Monica.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Monica\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\Monica\AppData\Roaming\software informer



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/27/2015 at 12:50:59.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I will run SFC again to see if after all of these fixing is working now. I did it about 3 times a few days ago and the result were always the same: SFC encountered corrupt files, but couldn't repair it. Lets see how goes now.

I could not paste here the SBS file because for three times the browser freeze, so I include it in Dropbox. Here is the link:

https://www.dropbox.com/s/b88bgh51ch0hap0/CBS.log - Shortcut.lnk?dl=0

 

[Corrine]

Hi, Monka.

First, let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:

• Remove disinfection tools
• Create registry backup
• Purge system restore
  
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

In the meantime, I'll check with the specialists who help when SFC is not able to resolve the corruptions to find out if they want you to start a new topic on the additional issues you are having or continue here.

 

[MONKA]

Hi, Monka.

First, let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:

• Remove disinfection tools
• Create registry backup
• Purge system restore
  
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

In the meantime, I'll check with the specialists who help when SFC is not able to resolve the corruptions to find out if they want you to start a new topic on the additional issues you are having or continue here.

Hi Corrine,

Following you will find the log from this cleaning file. I appreciate a bunch your help with this issue, and now really need help with the corrupted files. I have the Windows disk that I received from HP, the manufacturer of my PC, but I am afraid to run it I lost all the programs I have that didn't come with the system. As I think that you have finished all the steps to clean the computer. Before you go I want to offer you my modest help as a thank you. If in some moment you need to translate a text from or into Spanish, don't hesitate to contact me, I will do it for free.

God bless you.

# DelFix v1.010 - Logfile created 28/06/2015 at 15:32:25
# Updated 26/04/2015 by Xplode
# Username : Monica - KENNY
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Monica\Desktop\adwcleaner_4.207.exe
Deleted : C:\Users\Monica\Desktop\CKScanner.exe
Deleted : C:\Users\Monica\Desktop\JRT.txt
Deleted : C:\Users\Monica\Downloads\Kencontacts.csv
Deleted : C:\Users\Monica\Downloads\Kencontacts.vcf
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #40 [Installed CA Parental Controls | 06/03/2015 23:59:01]
Deleted : RP #41 [Scheduled Checkpoint | 06/11/2015 16:55:27]
Deleted : RP #42 [IObit Uninstaller restore point | 06/12/2015 18:56:46]
Deleted : RP #45 [Driver-auto-backup 6/15/2015 | 06/15/2015 15:23:55]
Deleted : RP #47 [Driver-auto-backup 6/16/2015 | 06/16/2015 23:52:18]
Deleted : RP #48 [HPSF Applying updates | 06/17/2015 22:34:17]
Deleted : RP #49 [Installed HP Support Solutions Framework | 06/17/2015 22:57:55]
Deleted : RP #51 [6/25/15 | 06/25/2015 04:06:30]
Deleted : RP #52 [IObit Uninstaller restore point | 06/26/2015 17:00:44]
Deleted : RP #54 [Restore Point Created by FRST | 06/26/2015 23:13:59]

New restore point created !

########## - EOF - ##########

 

[Corrine]

Thank you, Monka. That is very kind of you. I was very happy to help!

When I hear from the specialists who help with corruptions, they'll either reply here with instructions or I will. Have a nice evening.

 

[Corrine]

Hi, Monka.

The Dropbox link is a shortcut to the CBS log rather than the actual log. In order to determine how best to proceed, the specialists need to see log. Please follow the instructions below and either attach the zipped CBS log to your reply or upload it to Dropbox and provide the new link.

1. On Windows 8, press the Windows key, type This PC, and press Enter.
   On Windows Vista/7, click the Start button
   
   then click Computer.
2. Double-click on the C: drive, under the Hard Disk Drives category, and then scroll down to, and double click on the Windows folder.
3. Find and double click on the Logs folder.
4. Right-click on the CBS folder, and select Copy.
5. Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS.
6. Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder.
7. A new file, also called CBS (CBS.zip), but this time with a different icon, will be created.

Thank you!

 

[MONKA]

Hi Lorraine,

Sorry for the delay, but I just saw your message now. I have the log as you requested. I had to use dropbox again because the browser stop responding every time I tried to paste in here.

https://www.dropbox.com/s/f19dr08d6fjuv15/CBS-1.log?dl=0

 

[BrianDrab]

Hi, Monka

You have two corruptions. One which we'll fix here and another that is a known issue and can't be fixed. Info on the known issue is below.

https://support.microsoft.com/en-us/kb/3022345

Originally Posted by Microsoft
This update enables the Diagnostics Tracking Service in Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1. This tracking service collects data about functional issues in Windows.

This update contains the following two manifests that are occasionally updated by the Diagnostic Tracking Service:

telemetry.ASM-WindowsDefault.json
utc.app.json

The two files are marked as static files in the update. When an advanced user runs the System File Checker Tool (sfc.exe), the files are unintentionally flagged as corrupted. There is no impact or corruption on a device that is running this update, and this issue will be fixed in a later service update.

Let's fix the one corruption that we can.

2015-06-27 19:05:31, Info                  CSI    000008fd [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-06-27 19:05:32, Info                  CSI    000008fe Hashes for file member \SystemRoot\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB do not match actual file [l:36{18}]"Amd64\CNBJ2530.DPB" :
  Found: {l:32 b:mhY/Fv0vSJpsX71lgKQjAjq8TwvrREU/YJQ7kn050VU=} Expected: {l:32 b:n520k714Uu3utHa5JGQ6HQYbZphKhlMWq5pEmfnCDuw=}

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

 

[MONKA]

Hi, Monka

You have two corruptions. One which we'll fix here and another that is a known issue and can't be fixed. Info on the known issue is below.

https://support.microsoft.com/en-us/kb/3022345

Originally Posted by Microsoft
This update enables the Diagnostics Tracking Service in Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1. This tracking service collects data about functional issues in Windows.

This update contains the following two manifests that are occasionally updated by the Diagnostic Tracking Service:

telemetry.ASM-WindowsDefault.json
utc.app.json

The two files are marked as static files in the update. When an advanced user runs the System File Checker Tool (sfc.exe), the files are unintentionally flagged as corrupted. There is no impact or corruption on a device that is running this update, and this issue will be fixed in a later service update.

Let's fix the one corruption that we can.

2015-06-27 19:05:31, Info                  CSI    000008fd [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-06-27 19:05:32, Info                  CSI    000008fe Hashes for file member \SystemRoot\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB do not match actual file [l:36{18}]"Amd64\CNBJ2530.DPB" :
  Found: {l:32 b:mhY/Fv0vSJpsX71lgKQjAjq8TwvrREU/YJQ7kn050VU=} Expected: {l:32 b:n520k714Uu3utHa5JGQ6HQYbZphKhlMWq5pEmfnCDuw=}

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Hi Brian,

Thank you for take care of my issues. I don't know what to do, because the script has been running for over an hour, and about 45 mins. on a 20%. Should I stop it?

 

[MONKA]

Now has been running for almost 2 hours, and continue in the same place! :huh:

 

[BrianDrab]

It should only take a minute or so to run so yes go ahead and stop it. Then reboot your computer and then try running the script again. Thanks.

 

[MONKA]

Hi,

Well, after 4 hours, I finish the test. This was the result:

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-07-02 17:52:10.447
Microsoft Windows 8.1 Update 3 - amd64
Not using a script file.




AutoAnalysis::
FIXED: Performed DISM repair on file Amd64\CNBJ2530.DPB of version 6.3.9600.17415.

CORRUPT: C:\windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.3.9600.17842_none_90da81a4dac50d54\utc.app.json
CORRUPT: C:\windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.3.9600.17842_none_90da81a4dac50d54\telemetry.ASM-WindowsDefault.json


SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
CBS & SFC total detected corruption count: 2
CBS & SFC total unimportant corruption count: 0
CBS & SFC total fixed corruption count: 1
SURT total detected corruption count: 0
SURT total unimportant corruption count: 0
SURT total fixed corruption count: 0
AutoAnalysis:: directive completed successfully.




Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 1 datablocks.
Finish time: 2015-07-02 21:59:59.793
----------------------EOF-----------------------

 

[BrianDrab]

It doesn't appear that you followed the steps correctly. Please follow the instructions from Post#27 again. You want to make sure to drag the SFCFix.zip file with your mouse and drop it on top of the SFCFix.exe as shown below. Thank you.

 

[MONKA]

I restarted the PC after the fixing, and took 4 mins to restart, 2 mins to open the login screen, and 30 secs to start. The desktop was missing from the toolbar, and I had to wait 15 secs to get Firefox open. Trying to open a shortcut, explorer stop responding and didn't reset itself for 15 secs. Opening a program took 2.5 mins waiting. It's not normal that a PC with 8Gb RAM, and 1 Tera HHDD, function unbelievably slow. Even Firefox last about half minute to open the right click if it doesn't stop responding. I don't know if you checked all the scans done before, because in one of them appeared a lot of corrupted registry files. I really will appreciate your help, because I am trying to avoid a system refresh or restart as I have a lot of programs that if are deleted, I could not take them back anymore.

Thanks for your cooperation!

 

[MONKA]

I did everything as indicated. I dragged the zip file into the exe, and the scan started immediately. It took from 6pm to 10pm to give me the txt file. It asked for a windows 8 disk, and I put the HP recovery CD #1 that I have. They are 4 CDs. Maybe the files that must be recopied didn't were in there. However, I got the results like it was done. I don't have a Win 8 installation CD. The OS came with the computer, and the only thing I could get from HP were those recovery disks. If you know how to obtain a Win 8.1 installation file, please share the info with me.

 

[MONKA]

Sorry, I forgot to tell you, I didn't download the zip file that you gave me. I had it before. Maybe this is why didn't work as you expected. I will do it again.

 

[MONKA]

Ok, I ran it again but now with the script that you gave. As you said, it finish in a few secs. Here is the result:

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-07-02 23:24:29.148
Microsoft Windows 8.1 Update 3 - amd64
Using .zip script file at C:\Users\Monica\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\windows\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB

Successfully copied file C:\Users\Monica\AppData\Local\niemiro\Archive\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB to C:\windows\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB.

Successfully restored ownership for C:\windows\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB
Successfully restored permissions on C:\windows\winsxs\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2015-07-02 23:24:35.070
Script hash: 2nvwD57DxG/MQl1Wdn6uAg6TgnXUO4RnGhKmB5joI2w=
----------------------EOF-----------------------

 

[MONKA]

I restarted again. This time took 18 secs. to restart, but 1.5 mins. to open the login screen, and other 15 secs. to start. Firefox lasted 15 secs. to open. Explorer.exe freeze the first time I open it, and in a second try, was frozen about 10 secs. before autorestart. The program this time was only 18 secs. to open.

 

[BrianDrab]

Hi Monka -

Please do a Clean Boot of your machine by following the article below.
https://support.microsoft.com/en-us/kb/929135

Then please follow the instructions below.

Step#1 - DISM /RestoreHealth Scan
Warning:this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Right-click on the Start
   
   button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
   Dism /Online /Cleanup-Image /RestoreHealth
3. Once it finishes, copy and paste the following into the command-prompt window and press Enter. If prompted to overwrite the existing file go ahead.
   copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
   
4. Once this has completed please go to your Desktop and you will find CBS.txt => Please zip/upload to this thread.
   Please Note:: if the file is too big (over 7MB) to upload to your next post, please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

Also let me know if your machine is more responsive while in a clean boot state. Thanks.

 

[MONKA]

Hi Monka -

Please do a Clean Boot of your machine by following the article below.
https://support.microsoft.com/en-us/kb/929135

Then please follow the instructions below.

Step#1 - DISM /RestoreHealth Scan
Warning:this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Right-click on the Start
   
   button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
   Dism /Online /Cleanup-Image /RestoreHealth
3. Once it finishes, copy and paste the following into the command-prompt window and press Enter. If prompted to overwrite the existing file go ahead.
   copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
   
4. Once this has completed please go to your Desktop and you will find CBS.txt => Please zip/upload to this thread.
   Please Note:: if the file is too big (over 7MB) to upload to your next post, please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

Also let me know if your machine is more responsive while in a clean boot state. Thanks.

Hi Brian, and thanks again for helping me. I am running Dism now. However, I tried to do that a couple times before, and the scan got stuck in "Image Version: 6.3.9600.17031" forever. Actually, have passed already 5 mins, and nothing changed. How long will it take to process?

 

[MONKA]

Hi Monka -

Please do a Clean Boot of your machine by following the article below.
https://support.microsoft.com/en-us/kb/929135

Then please follow the instructions below.

Step#1 - DISM /RestoreHealth Scan
Warning:this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Right-click on the Start
   
   button and select Command Prompt (Admin)
2. When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
   Dism /Online /Cleanup-Image /RestoreHealth
3. Once it finishes, copy and paste the following into the command-prompt window and press Enter. If prompted to overwrite the existing file go ahead.
   copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
   
4. Once this has completed please go to your Desktop and you will find CBS.txt => Please zip/upload to this thread.
   Please Note:: if the file is too big (over 7MB) to upload to your next post, please upload via a service such as Dropbox or One Drive or SendSpace and just provide the link.

Also let me know if your machine is more responsive while in a clean boot state. Thanks.

The computer continue slow, even when I tried to paste here the CBS everything (including the task manager) frozen and I had to restart. Then the restart was spinning forever, and I had to turned off with the button. I think that there is an error in the cleanup. Here is the link to dropbox:
https://www.dropbox.com/s/8mbo0p7i5pfcwac/cbs.txt?dl=0