Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Steam store pop-up ads and redirecting


  • This topic is locked This topic is locked
9 replies to this topic

#1 euanicorn

euanicorn

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 01 December 2015 - 07:06 PM

Hey, I'm having issues on Windows 7.

 

When browsing the Steam store I get pop-up ads and the store itself redirects to advertising websites. Firefox was also redirecting to advertisements but this has stopped, although I've noticed that downloads in Firefox often cancel prematurely and it's overall more sluggish and prone to becoming unresponsive. The likely point of infection was from a bad torrent, but I've been powered down and out of the country for a few months since then and as far as I can tell the torrent itself has been taken down.

 

I've booted in safe mode and tried scanning with AVG, Ad-Aware and Malware Bytes with all definitions up to date, but no detections.

 

I'm really not knowledgeable and don't know my next steps, I'd appreciate any advice.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:22 AM

Posted 01 December 2015 - 10:04 PM

Hello, please run these next.

In FireFox it may be the Add ons/Plugins. First look for and disable any unknown items..

How to disable extensions and plugins

Keeping your third-party plugins up to date


Next....
3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.


  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology


  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
  • [/list]

Edited by boopme, 01 December 2015 - 10:05 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 euanicorn

euanicorn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 02 December 2015 - 06:20 AM

Hey boopme, thanks for the response. Here's MTB's result;

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by euan (administrator) on 02-12-2015 at 05:02:00
Running from "C:\Users\euan\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com

There are 48 entries.

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Hamachi Network Interface = Local Area Connection 2 (Connected)
Spotflux Network Device Driver = Local Area Connection 2 (Media disconnected)
Spotflux Network Device Driver = Local Area Connection 3 (Media disconnected)
Spotflux Virtual Network Device Driver = Local Area Connection 5 (Media disconnected)
Evolve Virtual Ethernet Adapter = Evolve Gaming Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=255.255.255.255/32 interface="Evolve Gaming Connection" nexthop=0.0.0.0 metric=1 publish=No
add route prefix=224.0.0.0/4 interface="Evolve Gaming Connection" nexthop=0.0.0.0 metric=1 publish=No
add route prefix=0.0.0.0/0 interface="Local Area Connection 2" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : euan-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Spotflux Virtual Network Device Driver
   Physical Address. . . . . . . . . : 00-FF-FB-43-C9-C4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Evolve Gaming Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Evolve Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 00-00-54-54-9B-20
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Spotflux Network Device Driver
   Physical Address. . . . . . . . . : 00-FF-D4-C0-0C-3F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Spotflux Network Device Driver
   Physical Address. . . . . . . . . : 00-FF-7E-1F-3E-A3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : BC-AE-C5-DF-35-A0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c168:b904:91cf:7a83%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 02 December 2015 04:55:08
   Lease Expires . . . . . . . . . . : 01 December 2016 04:55:08
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 247246533
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1D-D2-31-BC-AE-C5-DF-35-A0
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-64-1C-F6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1964:1cf6(Preferred)
   Link-local IPv6 Address . . . . . : fe80::dd58:2aa9:e11d:d105%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 25.100.28.246(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : 02 December 2015 04:55:08
   Lease Expires . . . . . . . . . . : 01 December 2016 04:57:21
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 326793701
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1D-D2-31-BC-AE-C5-DF-35-A0
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2a00:1450:4009:801::200e
      216.58.208.46


Pinging google.com [216.58.210.46] with 32 bytes of data:
Reply from 216.58.210.46: bytes=32 time=53ms TTL=56
Reply from 216.58.210.46: bytes=32 time=56ms TTL=56

Ping statistics for 216.58.210.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 53ms, Maximum = 56ms, Average = 54ms
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=211ms TTL=51
Reply from 206.190.36.45: bytes=32 time=212ms TTL=51

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 211ms, Maximum = 212ms, Average = 211ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 21...00 ff fb 43 c9 c4 ......Spotflux Virtual Network Device Driver
 17...00 00 54 54 9b 20 ......Evolve Virtual Ethernet Adapter
 15...00 ff d4 c0 0c 3f ......Spotflux Network Device Driver
 14...00 ff 7e 1f 3e a3 ......Spotflux Network Device Driver
 10...bc ae c5 df 35 a0 ......Realtek PCIe GBE Family Controller
 13...7a 79 19 64 1c f6 ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1    25.100.28.246   9256
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.11     20
         25.0.0.0        255.0.0.0         On-link     25.100.28.246   9256
    25.100.28.246  255.255.255.255         On-link     25.100.28.246   9256
   25.255.255.255  255.255.255.255         On-link     25.100.28.246   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link      192.168.2.11    276
     192.168.2.11  255.255.255.255         On-link      192.168.2.11    276
    192.168.2.255  255.255.255.255         On-link      192.168.2.11    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.2.11    276
        224.0.0.0        240.0.0.0         On-link     25.100.28.246   9256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.2.11    276
  255.255.255.255  255.255.255.255         On-link     25.100.28.246   9256
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
  255.255.255.255  255.255.255.255         On-link        1
        224.0.0.0        240.0.0.0         On-link        1
          0.0.0.0          0.0.0.0         25.0.0.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 13    276 2620:9b::/96             On-link
 13    276 2620:9b::1964:1cf6/128   On-link
 10    276 fe80::/64                On-link
 13    276 fe80::/64                On-link
 10    276 fe80::c168:b904:91cf:7a83/128
                                    On-link
 13    276 fe80::dd58:2aa9:e11d:d105/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/01/2015 06:01:09 PM) (Source: MsiInstaller) (User: euan-PC)
Description: Product: AntimalwareEngine -- Error 1335. The cabinet file 'Data1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (11/30/2015 03:04:14 PM) (Source: Microsoft-Windows-RestartManager) (User: euan-PC)
Description: Application or service 'MSCamSvc' could not be restarted.

Error: (11/30/2015 02:58:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (08/30/2015 11:23:18 PM) (Source: MsiInstaller) (User: euan-PC)
Description: Product: NVIDIA PhysX -- Installation terminated

Error: (08/30/2015 01:03:41 PM) (Source: MsiInstaller) (User: euan-PC)
Description: Product: NVIDIA PhysX -- Installation terminated

Error: (08/29/2015 08:35:35 PM) (Source: MsiInstaller) (User: euan-PC)
Description: Product: NVIDIA PhysX -- Installation terminated

Error: (08/29/2015 08:22:24 PM) (Source: MsiInstaller) (User: euan-PC)
Description: Product: NVIDIA PhysX -- Installation terminated

Error: (08/29/2015 02:38:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x1358
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (08/28/2015 10:49:27 AM) (Source: NvStreamSvc) (User: )
Description: An error has occurred (NvVAD initialization failed [6]).

Error: (08/28/2015 10:49:27 AM) (Source: NvStreamSvc) (User: )
Description: An error has occurred (Failed to set NvVAD endpoint as default Audio endpoint [0]).


System errors:
=============
Error: (12/02/2015 04:56:12 AM) (Source: Service Control Manager) (User: )
Description: The Spotflux Connection Manager service failed to start due to the following error:
%%1053

Error: (12/02/2015 04:56:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spotflux Connection Manager service to connect.

Error: (12/02/2015 04:55:30 AM) (Source: Service Control Manager) (User: )
Description: The MSCamSvc service failed to start due to the following error:
%%2

Error: (12/01/2015 11:39:32 PM) (Source: Service Control Manager) (User: )
Description: The MSCamSvc service failed to start due to the following error:
%%2

Error: (12/01/2015 11:27:52 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 11:27:50 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 11:27:49 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 11:27:48 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 11:27:47 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 11:27:46 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (12/01/2015 06:01:09 PM) (Source: MsiInstaller)(User: euan-PC)
Description: Product: AntimalwareEngine -- Error 1335. The cabinet file 'Data1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/30/2015 03:04:14 PM) (Source: Microsoft-Windows-RestartManager)(User: euan-PC)
Description: 0MSCamS64.exeMSCamSvc03026217825560

Error: (11/30/2015 02:58:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crtThis operation returned because the timeout period expired.

Error: (08/30/2015 11:23:18 PM) (Source: MsiInstaller)(User: euan-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/30/2015 01:03:41 PM) (Source: MsiInstaller)(User: euan-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/29/2015 08:35:35 PM) (Source: MsiInstaller)(User: euan-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/29/2015 08:22:24 PM) (Source: MsiInstaller)(User: euan-PC)
Description: Product: NVIDIA PhysX -- Installation terminated(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/29/2015 02:38:03 PM) (Source: Application Error)(User: )
Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755c116b14000001500052d24135801d0e26842425a3dC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe8d35bd9a-4e5b-11e5-b9ae-bcaec5df35a0

Error: (08/28/2015 10:49:27 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (08/28/2015 10:49:27 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]


=========================== Installed Programs ============================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{30B9595A-D4B5-4198-8F3C-2219C78590C9}_AdAwareUpdater) (Version: 11.9.662.8718 - Lavasoft)
AdAwareInstaller (HKLM\...\{4BD85818-48C7-4F21-985E-FE68C080235A}) (Version: 11.9.662.8718 - Lavasoft) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Age of Wonders 3 (HKLM-x32\...\Age of Wonders 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
AntimalwareEngine (HKLM\...\{6E5FAEC8-C3C1-44E8-B8DE-CE3F9568BF85}) (Version: 3.0.98.0 - Lavasoft) Hidden
Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
AVG 2015 (HKLM\...\{A7F6A216-7309-47C2-86F3-A97E9E162398}) (Version: 15.0.6176 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\{EA439355-B3C9-4475-8D3D-F5DAB10609B7}) (Version: 15.0.4477 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
BitComet 1.27 (HKLM-x32\...\BitComet) (Version: 1.27 - CometNetwork)
BitComet 1.35 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.35 - CometNetwork)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2568 - CDBurnerXP)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - )
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
CSI New York (HKLM-x32\...\CSI New York1.0) (Version: 1.0 - Your Company)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dead Rising 3 v.1.0 (HKLM-x32\...\Dead Rising 3_is1) (Version:  - )
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Distant Worlds (HKLM-x32\...\Distant Worlds1.00) (Version: 1.00 - Matrix Games)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dominions 4 (HKLM-x32\...\Steam App 259060) (Version:  - Illwinter Game Design)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Dying Light (HKLM-x32\...\Dying Light_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Eastern Front (HKLM-x32\...\Eastern Front) (Version: 1.5.1.0 - )
Elite Dangerous Launcher version 0.4.2854.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.2854.0 - Frontier Developments)
Endless Legend (HKLM-x32\...\Endless Legend_is1) (Version: Endless Legend - Amplitude Studios)
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Evil Genius (HKLM-x32\...\Steam App 3720) (Version:  - Elixir Studios)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.10 - Echobit, LLC)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Faster Than Light (HKLM-x32\...\Faster Than Light_is1) (Version:  - GOG.com)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - Square Enix)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - )
Impulse (HKLM-x32\...\{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}) (Version: 1.0 - Stardock Corporation) Hidden
Impulse (HKLM-x32\...\Impulse) (Version:  - Stardock)
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\SW5qdXN0aWNlR29kc0Ftb25nVXNVbHRpbWF0ZUVkaXRpb24=_is1) (Version: 1 - )
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Lichdom: Battlemage (HKLM-x32\...\Steam App 261760) (Version:  - Xaviant)
LogMeIn Hamachi (HKLM-x32\...\{D31AA60E-A9E5-47CF-AE3C-C980C5A1FF51}) (Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LOOT version 0.8.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.0 - LOOT Team)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.64 - )
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN Tap Adapter 9.0.0.8 (HKLM-x32\...\OpenVPN Tap Adapter) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Project Zomboid (remove only) (HKLM-x32\...\ProjectZomboid) (Version:  - )
PVSonyDll (HKLM\...\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}) (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rayman Legends (HKLM-x32\...\Steam App 242550) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Sir, You Are Being Hunted (HKLM-x32\...\Steam App 242880) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version:  - The SKSE Team)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Spotflux (HKLM-x32\...\{BC5F4285-CE6A-448E-9E20-C01F14981457}) (Version: 2.9.3 - Spotflux) Hidden
Spotflux (HKLM-x32\...\Spotflux 2.9.3) (Version: 2.9.3 - Spotflux)
Spotflux (HKLM-x32\...\Spotflux) (Version: 3.1.0 - Spotflux)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version:  - Creative Assembly)
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version:  - RedLynx and Ubisoft Shanghai)
Trials Fusion (HKLM-x32\...\Steam App 245490) (Version:  - RedLynx, in collaboration with  Ubisoft Shanghai, Ubisoft Kiev)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Warhammer: End Times - Vermintide (HKLM-x32\...\Steam App 235540) (Version:  - Fatshark)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Wings of Prey 1.0.4.1 (HKLM-x32\...\{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1) (Version: 1.0.4.1 - Gaijin Entertainment, Corp.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - )
XCom Long War EW Mod version Beta 15f (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 15f - JohnnyLump)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
Zafehouse Diaries (HKLM-x32\...\GOGPACKZAFEHOUSEDIARIES_is1) (Version: 2.0.0.3 - GOG.com)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 4077.25 MB
Available physical RAM: 1974.64 MB
Total Virtual: 8152.71 MB
Available Virtual: 5912.19 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.5 GB) (Free:274.31 GB) NTFS
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:51.8 GB) NTFS

========================= Users: ========================================

User accounts for \\EUAN-PC

Administrator            euan                     Guest                    


**** End of log ****
 



#4 euanicorn

euanicorn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 02 December 2015 - 06:23 AM

Esetscanner ran for about five hours before hanging on one small file, and never progressing further. I don't think it cleaned up as I had to stop the scan, so I'll wait on that again.

 

This was the resulting export at 94%;

 

C:\Downloads\Injustice.Gods.Among.Us.Ultimate.Edition-RELOADED\rld-ingoamus.iso    a variant of Win32/HackTool.Crack.BL potentially unsafe application    
C:\Downloads\Metro Last Light-RELOADED\rld-mtll.iso    a variant of Win32/HackTool.Crack.BQ potentially unsafe application    
C:\Downloads\Wargame European Escalation\rld-wees.iso    a variant of Win32/HackTool.Crack.BQ potentially unsafe application    
C:\Program Files (x86)\Crusader Kings II\steam_api.dll    a variant of Win32/Packed.VMProtect.ABD trojan    
C:\Program Files (x86)\Endless Legend\steam_api64.dll    a variant of Win64/HackTool.Crack.D potentially unsafe application    
C:\Program Files (x86)\spotflux\netfilter\driver\amd64\netfilter2.sys    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\spotflux\netfilter\driver\i386\netfilter2.sys    a variant of Win32/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\spotflux\netfilter\driver-win7\amd64\netfilter2.sys    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\spotflux\netfilter\driver-win7\i386\netfilter2.sys    a variant of Win32/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\spotflux\netfilter\driver-win8\amd64\netfilter2.sys    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\spotflux\netfilter\driver-win8\i386\netfilter2.sys    a variant of Win32/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\spotflux\netfilter\release\win32\ProtocolFilters.dll    a variant of Win32/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\spotflux\netfilter\release\x64\nfapi.dll    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\spotflux\services\nfapi.dll    a variant of Win32/NetFilter.A potentially unsafe application    
C:\ProgramData\spotflux\updates\dist\install.exe    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Users\All Users\spotflux\updates\dist\install.exe    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Windows\System32\drivers\netfilter2.sys    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Windows.old\Documents and Settings\Nunan\Application Data\Sun\Java\Deployment\cache\6.0\33\5937b421-59d291aa    multiple threats    
C:\Windows.old\Documents and Settings\Nunan\Application Data\Sun\Java\Deployment\cache\6.0\42\3cb543ea-781e766b    a variant of Java/TrojanDownloader.OpenStream.NBF trojan


Edited by euanicorn, 02 December 2015 - 06:24 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:22 AM

Posted 02 December 2015 - 11:06 AM

Hi, a few things here.

Looks like you have 2 active AV's on here... Ad-Aware Antivirus and AVG 2015. You should only have 1 active as it will usually cause conflicts in operation.

Go into Control Panel and remove any Java apps there for now.
----------

You have Cracked apps on here...

C:\Documents and Settings\Les\Desktop\Programs\Dreamweaver MX\keygen.exe...a variant of Win32/Keygen.CY application


The practice of using keygens, hacking tools, cracking tools, warez, torrents or any pirated software is not only considered illegal activity but it is a serious security risk.


Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

TrendMicro Warning


...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV


...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study


...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware


...a staggering 59% of the key generators and crack tools downloaded from P2P networks represent a security liability since they contain malicious and unwanted code. "25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious software or potentially unwanted software. A significant number of these Web sites attempted to install malicious or unwanted code...In addition to the peer-to-peer networks, 11% of the key generators and crack tools downloaded from Web sites were also plagued by malicious and unwanted software.

Microsoft Reveals the Risks of Using Pirated XP and Office
Whatever You Do, Do Not Download Windows 7 Via Torrent Sites

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so they need to be removed.

Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!


___________

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
Now run ESET again..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 euanicorn

euanicorn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 03 December 2015 - 03:52 AM

Hi boopme, thanks for your thorough response. On your advice I've removed the cracked exes.

 

Here's JRT.txt;

 

File System: 3

Successfully deleted: C:\Users\euan\AppData\Local\28050 (Folder)
Successfully deleted: C:\Users\euan\AppData\Roaming\3909 (Folder)
Successfully deleted: C:\Users\euan\AppData\Roaming\wyupdate au (Folder)



Registry: 0

 

 

And here's the esetscanner result;

 

C:\Windows\System32\drivers\netfilter2.sys    a variant of Win64/NetFilter.A potentially unsafe application    cleaned by deleting - quarantined



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:22 AM

Posted 03 December 2015 - 04:37 PM

Ok , good, how is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 euanicorn

euanicorn
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 04 December 2015 - 01:59 AM

Unfortunately it looks like the problem's persisting - again it's just Valve's Steam Store, it still redirects to adverts and has pop ups if I click anywhere on the store.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:22 AM

Posted 04 December 2015 - 12:30 PM

Ok, it must b being protected by a driver or something. We need to repost and get a deeper look.
Please follow this Preparation Guide. Do steps 6,7and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:22 AM

Posted 13 December 2015 - 02:54 PM

Re-posted in Malware Removal Logs.

This topic is closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users