Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOS Attack or Malware?


  • Please log in to reply
24 replies to this topic

#1 flightsim297

flightsim297

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 12 July 2015 - 06:07 PM

I was using my computer as normal. Suddenly the internet stopped. No worries I just will restart my router. Still doesn't work. So I tried to access the internet on another PC and it works fine. Then my internet is back. Then it slows and stop on that one pc again. So after my internet worked again, I downloaded Comodo firewall. It didn't do much. Malwarebytes and hitman pro both reported nothing.

So am I being affected by a DOS attack? I'm not sure why anyone would want to do it, but that's why I'm here!
System specs:

Intel Core i7 4770k
ASRock H87M motherboard
32Gb ram
1tb sshd
Windows 8.1 pro

Also I have UEFI Secure Boot enabled, ultra fast boot in the uefi settings, and fast startup enabled.

The other computers work fine, except this one.
Thank you.

 

EDIT: Using Netstat -a, I see random connections and some strange bitcoin connection. Now what? 


Edited by flightsim297, 12 July 2015 - 08:48 PM.

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:42 AM

Posted 13 July 2015 - 04:16 PM

Hello and welcome,

 

Let's check for malware presence.

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

---------------

Download Security Check from here or here and save it to your Desktop.

§  Double-click SecurityCheck.exe

§  Follow the onscreen instructions inside of the black box.

§  Notepad document should open automatically called checkup.txt; please post the contents of that document.

------

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

Click Back, then Finish to exit ESET Online Scanner.

-----

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

-----

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  Click on Scan button.

§  When the scan has finished click on Clean button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[S0].txt as well.

------

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

----


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 flightsim297

flightsim297
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 13 July 2015 - 08:07 PM

Mini Toolbox Log:

MiniToolBox by Farbar  Version: 01-07-2015
Ran by Winston (administrator) on 13-07-2015 at 18:05:25
Running from "C:\Users\Winston\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
0.0.0.0 0.0.0.0 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
0.0.0.0 cdn.bisrv.com
0.0.0.0 cdn.cdndp.com
0.0.0.0 cdn.download.sweetpacks.com
0.0.0.0 cdn.dpdownload.com
0.0.0.0 cdn.visualbee.net
 
 
========================= IP Configuration: ================================
 
Intel® Ethernet Connection I217-V = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Winston-Desktop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Intel® Ethernet Connection I217-V
   Physical Address. . . . . . . . . : D0-50-99-04-6F-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:304:cfd0:aee0:c517:75da:3d9e:3690(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:304:cfd0:aee0:509d:95d5:db71:1c13(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c517:75da:3d9e:3690%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.80(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, July 10, 2015 10:21:18 PM
   Lease Expires . . . . . . . . . . : Tuesday, July 14, 2015 5:59:59 PM
   Default Gateway . . . . . . . . . : fe80::2a16:2eff:fe94:6c81%3
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 63983769
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-02-8C-ED-D0-50-99-04-6F-04
   DNS Servers . . . . . . . . . . . : 156.154.70.22
                                       156.154.71.22
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  156.154.70.22
 
Name:    google.com
Addresses:  2607:f8b0:4005:803::200e
 74.125.239.128
 74.125.239.136
 74.125.239.142
 74.125.239.132
 74.125.239.133
 74.125.239.137
 74.125.239.135
 74.125.239.131
 74.125.239.129
 74.125.239.130
 74.125.239.134
 
 
Pinging google.com [2607:f8b0:4005:802::1007] with 32 bytes of data:
Reply from 2607:f8b0:4005:802::1007: time=33ms 
Reply from 2607:f8b0:4005:802::1007: time=32ms 
 
Ping statistics for 2607:f8b0:4005:802::1007:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 33ms, Average = 32ms
Server:  UnKnown
Address:  156.154.70.22
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:58:c02::a9: time=118ms 
 
Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 118ms, Maximum = 118ms, Average = 118ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...d0 50 99 04 6f 04 ......Intel® Ethernet Connection I217-V
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.80     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.80    276
     192.168.1.80  255.255.255.255         On-link      192.168.1.80    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.80    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.80    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.80    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    276 ::/0                     fe80::2a16:2eff:fe94:6c81
  1    306 ::1/128                  On-link
  3    276 2602:304:cfd0:aee0::/64  On-link
  3    276 2602:304:cfd0:aee0:509d:95d5:db71:1c13/128
                                    On-link
  3    276 2602:304:cfd0:aee0:c517:75da:3d9e:3690/128
                                    On-link
  3    276 fe80::/64                On-link
  3    276 fe80::c517:75da:3d9e:3690/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/12/2015 00:31:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: FIFA.exe, version: 0.0.0.0, time stamp: 0x5537bdc9
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x1188
Faulting application start time: 0xFIFA.exe0
Faulting application path: FIFA.exe1
Faulting module path: FIFA.exe2
Report Id: FIFA.exe3
Faulting package full name: FIFA.exe4
Faulting package-relative application ID: FIFA.exe5
 
Error: (07/12/2015 00:31:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: FIFA.exe, version: 0.0.0.0, time stamp: 0x5537bdc9
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x1eb0
Faulting application start time: 0xFIFA.exe0
Faulting application path: FIFA.exe1
Faulting module path: FIFA.exe2
Report Id: FIFA.exe3
Faulting package full name: FIFA.exe4
Faulting package-relative application ID: FIFA.exe5
 
Error: (07/12/2015 00:22:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: FIFA.exe, version: 0.0.0.0, time stamp: 0x5537bdc9
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x1c8c
Faulting application start time: 0xFIFA.exe0
Faulting application path: FIFA.exe1
Faulting module path: FIFA.exe2
Report Id: FIFA.exe3
Faulting package full name: FIFA.exe4
Faulting package-relative application ID: FIFA.exe5
 
Error: (07/12/2015 11:28:13 AM) (Source: Application Error) (User: )
Description: Faulting application name: Adobe Premiere Pro.exe, version: 8.2.0.65, time stamp: 0x5486db4a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000100000000
Faulting process id: 0x1818
Faulting application start time: 0xAdobe Premiere Pro.exe0
Faulting application path: Adobe Premiere Pro.exe1
Faulting module path: Adobe Premiere Pro.exe2
Report Id: Adobe Premiere Pro.exe3
Faulting package full name: Adobe Premiere Pro.exe4
Faulting package-relative application ID: Adobe Premiere Pro.exe5
 
Error: (07/11/2015 10:54:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: FIFA.exe, version: 0.0.0.0, time stamp: 0x5537bdc9
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x2198
Faulting application start time: 0xFIFA.exe0
Faulting application path: FIFA.exe1
Faulting module path: FIFA.exe2
Report Id: FIFA.exe3
Faulting package full name: FIFA.exe4
Faulting package-relative application ID: FIFA.exe5
 
Error: (07/11/2015 05:09:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WINSTON-DESKTOP)
Description: Package ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj+FIFA.App was terminated because it took too long to suspend.
 
Error: (07/11/2015 05:09:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: FIFA.exe, version: 0.0.0.0, time stamp: 0x5537bdc9
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x22f8
Faulting application start time: 0xFIFA.exe0
Faulting application path: FIFA.exe1
Faulting module path: FIFA.exe2
Report Id: FIFA.exe3
Faulting package full name: FIFA.exe4
Faulting package-relative application ID: FIFA.exe5
 
Error: (07/11/2015 05:07:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: FIFA.exe, version: 0.0.0.0, time stamp: 0x5537bdc9
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x1f8c
Faulting application start time: 0xFIFA.exe0
Faulting application path: FIFA.exe1
Faulting module path: FIFA.exe2
Report Id: FIFA.exe3
Faulting package full name: FIFA.exe4
Faulting package-relative application ID: FIFA.exe5
 
Error: (07/11/2015 00:18:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: FIFA.exe, version: 0.0.0.0, time stamp: 0x5537bdc9
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0xd14
Faulting application start time: 0xFIFA.exe0
Faulting application path: FIFA.exe1
Faulting module path: FIFA.exe2
Report Id: FIFA.exe3
Faulting package full name: FIFA.exe4
Faulting package-relative application ID: FIFA.exe5
 
Error: (07/11/2015 00:11:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: FIFA.exe, version: 0.0.0.0, time stamp: 0x5537bdc9
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e
Exception code: 0xc0000409
Fault offset: 0x000a326c
Faulting process id: 0x1ec8
Faulting application start time: 0xFIFA.exe0
Faulting application path: FIFA.exe1
Faulting module path: FIFA.exe2
Report Id: FIFA.exe3
Faulting package full name: FIFA.exe4
Faulting package-relative application ID: FIFA.exe5
 
 
System errors:
=============
Error: (07/12/2015 04:04:52 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (07/12/2015 04:02:18 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (07/12/2015 04:02:15 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (07/12/2015 10:53:13 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (07/11/2015 06:14:31 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (07/10/2015 11:49:23 PM) (Source: Service Control Manager) (User: )
Description: The COMODO Chromodo Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/10/2015 09:47:27 PM) (Source: Service Control Manager) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error: 
%%1058
 
Error: (07/10/2015 10:19:55 AM) (Source: Service Control Manager) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error: 
%%1058
 
Error: (07/09/2015 00:35:16 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer L-TECHSYS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C117D2E-9B97-4BFE-9DC9-216BA8E405B5}.
The master browser is stopping or an election is being forced.
 
Error: (07/06/2015 11:54:58 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
 
Microsoft Office Sessions:
=========================
Error: (07/12/2015 00:31:33 PM) (Source: Application Error)(User: )
Description: FIFA.exe0.0.0.05537bdc9MSVCR110.dll11.0.51106.15098858ec0000409000a326c118801d0bcd95b043144C:\Program Files\WindowsApps\ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj\FIFA.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x86__8wekyb3d8bbwe\MSVCR110.dll9a2ab748-28cc-11e5-8259-d05099046f04ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvjFIFA.App
 
Error: (07/12/2015 00:31:07 PM) (Source: Application Error)(User: )
Description: FIFA.exe0.0.0.05537bdc9MSVCR110.dll11.0.51106.15098858ec0000409000a326c1eb001d0bcd84f0b5df8C:\Program Files\WindowsApps\ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj\FIFA.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x86__8wekyb3d8bbwe\MSVCR110.dll8a8b02cf-28cc-11e5-8259-d05099046f04ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvjFIFA.App
 
Error: (07/12/2015 00:22:51 PM) (Source: Application Error)(User: )
Description: FIFA.exe0.0.0.05537bdc9MSVCR110.dll11.0.51106.15098858ec0000409000a326c1c8c01d0bcd82338f823C:\Program Files\WindowsApps\ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj\FIFA.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x86__8wekyb3d8bbwe\MSVCR110.dll62800942-28cb-11e5-8259-d05099046f04ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvjFIFA.App
 
Error: (07/12/2015 11:28:13 AM) (Source: Application Error)(User: )
Description: Adobe Premiere Pro.exe8.2.0.655486db4aunknown0.0.0.000000000c00000050000000100000000181801d0bccb12a8ac42C:\Program Files\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exeunknownc0c768c3-28c3-11e5-8259-d05099046f04
 
Error: (07/11/2015 10:54:43 PM) (Source: Application Error)(User: )
Description: FIFA.exe0.0.0.05537bdc9MSVCR110.dll11.0.51106.15098858ec0000409000a326c219801d0bc673d21b7cbC:\Program Files\WindowsApps\ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj\FIFA.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x86__8wekyb3d8bbwe\MSVCR110.dll7d60efa5-285a-11e5-8259-d05099046f04ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvjFIFA.App
 
Error: (07/11/2015 05:09:22 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WINSTON-DESKTOP)
Description: ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj+FIFA.App
 
Error: (07/11/2015 05:09:15 PM) (Source: Application Error)(User: )
Description: FIFA.exe0.0.0.05537bdc9MSVCR110.dll11.0.51106.15098858ec0000409000a326c22f801d0bc36c8b9b7b9C:\Program Files\WindowsApps\ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj\FIFA.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x86__8wekyb3d8bbwe\MSVCR110.dll3adf6b0a-282a-11e5-8259-d05099046f04ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvjFIFA.App
 
Error: (07/11/2015 05:07:44 PM) (Source: Application Error)(User: )
Description: FIFA.exe0.0.0.05537bdc9MSVCR110.dll11.0.51106.15098858ec0000409000a326c1f8c01d0bc36bbf2e0acC:\Program Files\WindowsApps\ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj\FIFA.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x86__8wekyb3d8bbwe\MSVCR110.dll04dc2043-282a-11e5-8259-d05099046f04ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvjFIFA.App
 
Error: (07/11/2015 00:18:51 PM) (Source: Application Error)(User: )
Description: FIFA.exe0.0.0.05537bdc9MSVCR110.dll11.0.51106.15098858ec0000409000a326cd1401d0bc0e6a4dbae6C:\Program Files\WindowsApps\ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj\FIFA.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x86__8wekyb3d8bbwe\MSVCR110.dlla97ac19a-2801-11e5-8259-d05099046f04ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvjFIFA.App
 
Error: (07/11/2015 00:11:23 PM) (Source: Application Error)(User: )
Description: FIFA.exe0.0.0.05537bdc9MSVCR110.dll11.0.51106.15098858ec0000409000a326c1ec801d0bc09c2117a77C:\Program Files\WindowsApps\ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvj\FIFA.exeC:\Program Files\WindowsApps\Microsoft.VCLibs.110.00_11.0.51106.1_x86__8wekyb3d8bbwe\MSVCR110.dll9e50fd21-2800-11e5-8259-d05099046f04ElectronicArtsMobile.FIFA15_1.4.4.0_x86__q5ha1ztykcgvjFIFA.App
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-13 18:03:46.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 16:20:42.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 16:10:00.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 15:50:55.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 15:34:17.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 11:43:12.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 09:59:46.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-13 00:04:19.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-12 22:10:52.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-12 22:04:29.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.1.88 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.3.0 - IObit)
APP Shop v1.0.19 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.19 - ASRock Inc.)
ASRock Restart to UEFI v1.0.3 (HKLM-x32\...\ASRock Restart to UEFI_is1) (Version:  - )
ASRock XFast RAM v3.0.2 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
A-Tuning v2.0.49.2 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.49.2 - )
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 42.1.2.91 - Comodo)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
COMODO Firewall (HKLM\...\{4C5D0B6A-944A-47A6-A2F3-BCB58E05CA5D}) (Version: 8.2.0.4591 - COMODO Security Solutions Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.0.0.0054 - Disc Soft Ltd)
f.lux (HKCU\...\Flux) (Version:  - )
Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
FS Recorder 2.16 alpha for FSX (HKLM-x32\...\{A4A23588-2A3B-4031-B907-48C2E814335C}) (Version: 2.1.6.0 - Matthias Neusinger)
FS Water Configurator 3.15 (HKLM\...\FS Water Configurator) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - )
IconPack Installer (HKLM-x32\...\IconPack) (Version: Installer - SkinPack)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.1.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.1.0 ESR (x86 en-US)) (Version: 38.1.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
qBittorrent 3.2.0 (HKLM-x32\...\qBittorrent) (Version: 3.2.0 - The qBittorrent project)
Reload Icons Cache 1.00 (HKLM-x32\...\Reload Icons Cache 1.00) (Version: 1.00 - Mr Blade Design's)
REX Essential Plus Overdrive (HKLM-x32\...\{9F30A684-44DC-4BDF-89ED-70F9021B851F}) (Version: 3.5.2012.1029 - REX Game Studios)
Sandboxie 4.18 (64-bit) (HKLM\...\Sandboxie) (Version: 4.18 - Sandboxie Holdings, LLC)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.1 - IObit)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.5.8 - Splashtop Inc.)
Stardock ModernMix (HKLM\...\ModernMix_is1) (Version: 1.12 - Stardock Software, Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Unchecky v0.3.7.5 (HKLM-x32\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)
UxStyle (HKLM\...\{86D24646-DAF6-4F5E-BCAD-CF7EF8E362E1}) (Version: 0.2.3.0 - The Within Network, LLC) Hidden
UxStyle (HKLM-x32\...\{05560347-3a9b-4644-a8ed-8b64cc947189}) (Version: 0.2.3.0 - The Within Network, LLC)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.38 - ASRock Inc.)
 
========================= Devices: ================================
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_8086&DEV_8C3A&SUBSYS_8C3A1849&REV_04\3&11583659&0&B0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_8086&DEV_8C22&SUBSYS_8C221849&REV_05\3&11583659&0&FB
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 10%
Total physical RAM: 31652.79 MB
Available physical RAM: 28483.9 MB
Total Virtual: 63396.79 MB
Available Virtual: 59432.47 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931 GB) (Free:764.3 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\WINSTON-DESKTOP
 
Administrator            Guest                    Winston                  
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
10-06-2015 05:46:56 Removed SlimCleaner
06-07-2015 04:33:16 Windows Update
10-07-2015 06:54:19 Windows Update
 
**** End of log ****

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#4 flightsim297

flightsim297
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 13 July 2015 - 08:09 PM

Security Check Log:

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Windows Defender                     
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45  
 Mozilla Firefox 38.1.0 Firefox out of Date! 
 Google Chrome (43.0.2357.130) 
 Google Chrome (43.0.2357.132) 
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Comodo Firewall cmdagent.exe 
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae64.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Edited by flightsim297, 13 July 2015 - 08:09 PM.

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#5 flightsim297

flightsim297
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 13 July 2015 - 09:11 PM

ESET LOG

C:\Users\Winston\AppData\Local\Microsoft\Windows\INetCache\Low\IE\8FTEYEDP\YFCEIY6S.htm HTML/ScrInject.B.Gen virus deleted - quarantined

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#6 flightsim297

flightsim297
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 13 July 2015 - 09:20 PM

Malwarebytes log

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/13/2015
Scan Time: 7:12 PM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.13.06
Rootkit Database: v2015.07.10.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Winston
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355789
Time Elapsed: 7 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#7 RolandJS

RolandJS

  • Members
  • 4,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:07:42 PM

Posted 13 July 2015 - 09:32 PM

Since you're troubleshooting, recommend turning off fast boot; that way, hardware is fully tested before BIOS and Windows respectively "go online."

One less "battle front" to question.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#8 flightsim297

flightsim297
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 13 July 2015 - 09:36 PM

ADW Cleaner Log

# AdwCleaner v4.208 - Logfile created 13/07/2015 at 19:23:14
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Winston - WINSTON-DESKTOP
# Running from : C:\Users\Winston\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Winston\AppData\Local\slimware utilities inc

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.132

[C:\Users\Winston\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Winston\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1893 bytes] - [13/07/2015 19:22:49]
AdwCleaner[S0].txt - [1830 bytes] - [13/07/2015 19:23:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1889  bytes] ##########


NOTE: I can't connect anymore! Argh I have to use another PC.

BTW Thanks for the advice RolandJS,  I'll turn it off.

 

Edit: Internet is back temporarily, still the same issue so far.


Edited by flightsim297, 13 July 2015 - 09:38 PM.

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#9 flightsim297

flightsim297
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 13 July 2015 - 10:14 PM

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.7 (07.13.2015:1)
OS: Windows 8.1 Pro x64
Ran by Winston on Mon 07/13/2015 at 19:38:52.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Winston
Successfully deleted: [Task] C:\Windows\tasks\Uninstaller_SkipUac_Winston.job



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\ProgramData\1433543384.bdinstall.bin



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\users\public\documents\downloaded installers
Successfully deleted: [Folder] C:\Users\Winston\AppData\Roaming\productdata



~~~ Chrome


[C:\Users\Winston\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Winston\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Winston\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Winston\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/13/2015 at 20:10:16.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:42 AM

Posted 14 July 2015 - 01:16 AM

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

§  Make sure the following options are checked:
 

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

---------

 

 

Ping statistics for 2001:4998:58:c02::a9:

    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

 

It seems that you have problems with connection definitely.

 

Is it possible to connect that PC with other type of connection (wifi), to different network or something like that?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#11 flightsim297

flightsim297
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 14 July 2015 - 01:24 AM

Farbar Service Scanner Version: 17-01-2015
Ran by Winston (administrator) on 13-07-2015 at 23:23:55
Running from "C:\Users\Winston\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#12 flightsim297

flightsim297
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 14 July 2015 - 01:28 AM

Also I don't have a WiFi adapter. I'm going to go to sleep now, will run further tests tom.

Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:42 AM

Posted 14 July 2015 - 04:11 AM

Are you using the same Ethernet Cable for both computers? 

Is this a onboard ethernet or a card?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 flightsim297

flightsim297
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 14 July 2015 - 11:52 AM

Different cables and it is onboard ethernet


Windows 10 Insider

Flight Sim Enthusiast

- Windows 95, 98, 2000, XP, 7, and 8.1 user

- Oh and I like helping people too!


#15 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:42 AM

Posted 14 July 2015 - 11:57 AM

Can you use other cable to see if it is a cable problem?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users