Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uTrack.pw, usg.spiessummarising.com and nan.mashfsttest.com


  • Please log in to reply
13 replies to this topic

#1 Fappled

Fappled

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 25 December 2015 - 04:00 PM

Hey, I'm Fappled. As of today, and maybe yesterday, I have come onto the problem where occassionally I get a site popup where it says I should click a link to follow to the next webpage which I was trying to visit originally. Also, occasionally I get a site popup which tells me to download something and spams Chrome with popups. I'm not sure if they are all related or not, so please tell me if they are not :)

 

I am running Windows 10 Pro 64-bit

 

Here is a Malwarebytes log: http://pastebin.com/f1FVtDnQ

 

I was considering reinstalling windows, but I don't want it to come to that if possible.

 

I have also run an avast scan, which has come up with nothing too.

 

Thank you, merry christmas, and I hope you can get back to me soon. 

 

It's currently 21:00 GMT, so I will be heading to sleep soon, so I might not be able to respond.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 25 December 2015 - 04:18 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.


Edited by InadequateInfirmity, 25 December 2015 - 04:46 PM.


#3 Fappled

Fappled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 25 December 2015 - 04:39 PM

I'll do this as soon as I wake up in the morning. Thanks for the fast reply nonetheless.



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 25 December 2015 - 04:44 PM

Not a problem. :) 



#5 Fappled

Fappled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 26 December 2015 - 04:03 AM

I've completed all of them. The logs have been pasted here:

 

AdwCleaner

 

# AdwCleaner v5.026 - Logfile created 25/12/2015 at 22:36:27
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : George - DESKTOP-U1V20TO
# Running from : C:\Users\George\Downloads\Malware Removal\adwcleaner_5.026.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[-] Folder Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_algjnflpgoopkdijmkalfcifomdhmcbe_0.localstorage
[-] File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_algjnflpgoopkdijmkalfcifomdhmcbe_0.localstorage-journal
[-] File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage
[-] File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gngocbkfmikdgphklgmmehbjjlfgdemm_0.localstorage-journal
[-] File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
 
***** [ Web browsers ] *****
 
[-] [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : algjnflpgoopkdijmkalfcifomdhmcbe
[-] [C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gngocbkfmikdgphklgmmehbjjlfgdemm
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2220 bytes] ##########
 
 
JRT
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64 
Ran by George (Administrator) on 25/12/2015 at 22:44:53.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\George\AppData\Local\crashrpt (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B4EC1D2429CD24DC38F0F0B254F35ABB (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/12/2015 at 22:52:25.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Adware Removal Tool
 
Nothing was found so no log was created.
 
ZHPCleaner
 

~ ZHPCleaner v2015.12.25.407 by Nicolas Coolman (2015/12/25)
~ Run by George (Administrator)  (26/12/2015 08:33:31)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\George\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\George\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 10586)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (3)
REPLACED: 158.255.238.129 google-analytics.com
REPLACED: 158.255.238.129 www.google-analytics.com
Number of found redirections 2/83
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (8)
MOVED file: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage    =>PUP.Optional.Generic
MOVED file: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal    =>PUP.Optional.Generic
MOVED file: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage    =>PUP.Optional.ReMarkIt
MOVED file: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal    =>PUP.Optional.ReMarkIt
MOVED folder: C:\WINDOWS\Installer\MSI1CFA.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC4C3.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSICABF.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIE31D.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (1)
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B4EC1D2429CD24DC38F0F0B254F35ABB ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window]  =>PUP.Optional.CrossBrowse
 
 
---\\  Summary of the elements found (4)
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic
http://www.nicolascoolman.fr/?p=398  =>PUP.Optional.ReMarkIt
 
 
---\\  Other deletions. (8)
~ Registry Keys Tracing deleted (8)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 366
~ Items found : 2
~ Items cancelled : 0
~ Items repaired : 9
 
 
~ End of clean in 00h00mn03s
===================
ZHPCleaner-[R]-26122015-08_33_34.txt
ZHPCleaner-[S]-26122015-08_19_42.txt
 
Zemana Anti-Malware
 

Zemana AntiMalware 2.19.2.737 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/12/26
Operating System       : Windows 10 64-bit
Processor              : 6X AMD FX™-6100 Six-Core Processor
BIOS Mode              : Legacy
CUID                   : 00CBBEE249D056466F68A8
Scan Type              : Deep Scan
Duration               : 18m 38s
Scanned Objects        : 290309
Detected Objects       : 5
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Chrome Startup Url
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Chrome Startup Url
 
Chrome Startup Url
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Chrome Startup Url
 
adwcleaner_5.026.exe
Status             : Scanned
Object             : %userprofile%\downloads\malware removal\adwcleaner_5.026.exe
MD5                : 76F7569DB01B4D65431B0E6BBBDD261D
Publisher          : -
Size               : 1743360
Version            : 5.0.2.6
Detection          : Heur.Malicious!Pa
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\malware removal\adwcleaner_5.026.exe
 
SECOH-QAD.dll
Status             : Scanned
Object             : %systemroot%\secoh-qad.dll
MD5                : 6D7FDBF9CEAC51A76750FD38CF801F30
Publisher          : -
Size               : 3584
Version            : -
Detection          : PUA:Win32/HackTool.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\secoh-qad.dll
 
SECOH-QAD.exe
Status             : Scanned
Object             : %appdata%\zhp\quarantine\secoh-qad.exe
MD5                : 38DE5B216C33833AF710E88F7F64FC98
Publisher          : -
Size               : 4608
Version            : -
Detection          : PUA:Win32/HackTool.Gen
Cleaning Action    : Quarantine
Traces             :
                File - %appdata%\zhp\quarantine\secoh-qad.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 5
Reported as safe      : 0
Failed                : 0
 


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 AM

Posted 26 December 2015 - 10:40 AM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

 

Minitoolbox scan.

 

 

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

 

Then Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#7 Fappled

Fappled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 27 December 2015 - 09:51 AM

For whatever reason, the link to Minitoolbox did not work so I got it from here: http://www.bleepingcomputer.com/download/minitoolbox/dl/65/
 
Malwarebytes Anti-Malware
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/12/2015
Scan Time: 17:37
Logfile: Malwarebytes Log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.26.03
Rootkit Database: v2015.12.26.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: George
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347185
Time Elapsed: 12 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET Online Scanner
 

No log created - nothing found.
 
9-Lab Scanner
 
9-lab Removal Tool 1.0.0.38 BETA
9-lab.com
 
Database version: 125.36746
 
Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.11.10586.0
George :: DESKTOP-U1V20TO
 
27/12/2015 09:06:53
9lab-log-2015-12-27 (09-06-53).txt
 
Scan type: Full
Objects scanned: 65677
Time Elapsed: 34 m 21 s
 
Files detected: 19
[A5BA7331849B84F278C369410B3FE870] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\Quarantine\hosts]
[FA428FE448E005720BDC0B94D1AB5089] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\Quarantine\https_static.olark.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\Quarantine\https_static.olark.com_0.localstorage-journal]
[1EF9261011C170B6BB90DAFF4DF4BCF2] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\Quarantine\http_static.re-markit00.re-markit.co_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\Quarantine\http_static.re-markit00.re-markit.co_0.localstorage-journal]
[976524E42F2272D78E32544D76400D57] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\Tempo.txt]
[D702D37EE19B1FC76E7DA1F3D211AE0E] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\Trace.txt]
[A85993E11D1E08A8E183297B40B0E97C] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\ZHPCleaner-[R]-26122015-08_33_34.txt]
[2BD4E133E55A8097A40D431F31AAF231] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\ZHPCleaner-[S]-26122015-08_19_42.txt]
[EAE21D5C0A65B9B9EE80420C55059A4B] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[3377C350D3FA71BF25322399D144501B] Trojan.FPL.Rotbrow.vb [c:\users\george\appdata\roaming\ZHP\ZHPQ_Files.txt]
[92E002EC044F0C784F974F24C250F1BE] Malware.Win32.Gen.E4D3.sm!ff [C:\Program Files\ShareX\Recorder-devices-setup.exe]
[155A5962B6A63652BF4A9795F4010F84] Malware.Win32.Gen.3969.sm!ff [C:\Program Files (x86)\AMD\CNext\CCCSlim\CCCInstall.exe]
[7F931D9545E9A6CA9FB13D4811C9A2CA] Malware.Win32.Gen.sm!s1 [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear\Uninstall TunnelBear.lnk]
[9EF8369C9DBA3B90BBFD90E8B40A9CC0] Malware.Win32.Gen.sm!s1 [C:\ProgramData\Package Cache\{16e8ed28-0234-485c-9898-d1fb0462161a}\TunnelBear-Install.exe]
[DEA093FA42CBAE52542BB5BBFA7B35B2] Malware.Win32.Gen.cc!s1 [C:\Users\George\AppData\Roaming\ZHP\ZHPCleaner.exe]
[5A249C98EC52992C8FDAD98A33ED6C85] Malware.Win32.Gen.cc!s1 [C:\Users\George\Desktop\ZHPCleaner.lnk]
[DEA093FA42CBAE52542BB5BBFA7B35B2] Malware.Win32.Gen.cc!s1 [C:\Users\George\Downloads\Malware Removal\ZHPCleaner.exe]
 
Minitoolbox
 
MiniToolBox by Farbar  Version: 02-11-2015
Ran by George (administrator) on 27-12-2015 at 10:22:06
Running from "C:\Users\George\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com
 
There are 45 entries.
 
========================= IP Configuration: ================================
 
Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter = Wi-Fi (Connected)
TunnelBear Adapter V9 = Ethernet 2 (Media disconnected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-U1V20TO
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : AC-22-0B-28-12-CB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 64-66-B3-26-98-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 64-66-B3-26-98-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3454:338a:afb9:9f7f%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 27 December 2015 08:48:52
   Lease Expires . . . . . . . . . . : 28 December 2015 08:48:51
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 40134323
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-08-93-24-AC-22-0B-28-12-CB
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TunnelBear Adapter V9
   Physical Address. . . . . . . . . : 00-FF-20-5F-78-A0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:34e4:352e:a956:3b2c(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::34e4:352e:a956:3b2c%6(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 469762048
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-08-93-24-AC-22-0B-28-12-CB
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  BThomehub.home
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2a00:1450:400c:c04::64
 74.125.206.102
 74.125.206.113
 74.125.206.138
 74.125.206.101
 74.125.206.100
 74.125.206.139
 
 
Pinging google.com [74.125.206.102] with 32 bytes of data:
Reply from 74.125.206.102: bytes=32 time=38ms TTL=41
Reply from 74.125.206.102: bytes=32 time=37ms TTL=41
 
Ping statistics for 74.125.206.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 37ms, Maximum = 38ms, Average = 37ms
Server:  BThomehub.home
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=113ms TTL=43
Reply from 98.139.183.24: bytes=32 time=114ms TTL=43
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 113ms, Maximum = 114ms, Average = 113ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...ac 22 0b 28 12 cb ......Realtek PCIe GBE Family Controller
 10...64 66 b3 26 98 28 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...64 66 b3 26 98 28 ......Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter
  3...00 ff 20 5f 78 a0 ......TunnelBear Adapter V9
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.69     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.69    281
     192.168.1.69  255.255.255.255         On-link      192.168.1.69    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.69    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.69    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.69    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:5ef5:79fd:34e4:352e:a956:3b2c/128
                                    On-link
  5    281 fe80::/64                On-link
  6    306 fe80::/64                On-link
  5    281 fe80::3454:338a:afb9:9f7f/128
                                    On-link
  6    306 fe80::34e4:352e:a956:3b2c/128
                                    On-link
  1    306 ff00::/8                 On-link
  5    281 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/27/2015 09:03:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (12/27/2015 09:00:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (12/26/2015 06:07:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (12/26/2015 06:07:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (12/26/2015 06:07:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
 
Error: (12/26/2015 05:16:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: clover.exe, version: 3.0.406.0, time stamp: 0x52e0f76d
Faulting module name: clover.dll, version: 3.0.406.0, time stamp: 0x52e0f75f
Exception code: 0x80000003
Fault offset: 0x00106c90
Faulting process ID: 0x17d4
Faulting application start time: 0xclover.exe0
Faulting application path: clover.exe1
Faulting module path: clover.exe2
Report ID: clover.exe3
Faulting package full name: clover.exe4
Faulting package-relative application ID: clover.exe5
 
Error: (12/26/2015 08:57:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/25/2015 10:45:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/25/2015 11:06:57 AM) (Source: Application Hang) (User: )
Description: The program JustCause3.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2278
 
Start Time: 01d13f044b0f28e7
 
Termination Time: 648
 
Application Path: C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
 
Report Id: 983c2ba8-aaf7-11e5-b7b1-ac220b2812cb
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/25/2015 09:39:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: cnext.exe, version: 10.1.1.1522, time stamp: 0x5661c9e1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0x1eec
Faulting application start time: 0xcnext.exe0
Faulting application path: cnext.exe1
Faulting module path: cnext.exe2
Report ID: cnext.exe3
Faulting package full name: cnext.exe4
Faulting package-relative application ID: cnext.exe5
 
 
System errors:
=============
Error: (12/27/2015 08:48:55 AM) (Source: Service Control Manager) (User: )
Description: The amdacpksd service failed to start due to the following error: 
%%31
 
Error: (12/27/2015 08:48:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/27/2015 08:48:44 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 21:20:25 on ‎26/‎12/‎2015 was unexpected.
 
Error: (12/26/2015 06:13:28 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (12/26/2015 06:13:28 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\George\AppData\Local\Temp\ehdrv.sys
 
Error: (12/26/2015 06:13:27 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (12/26/2015 06:13:27 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\George\AppData\Local\Temp\ehdrv.sys
 
Error: (12/26/2015 06:13:27 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (12/26/2015 06:13:27 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\George\AppData\Local\Temp\ehdrv.sys
 
Error: (12/26/2015 06:11:49 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
 
Microsoft Office Sessions:
=========================
Error: (12/27/2015 09:03:20 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifestC:\Users\George\Downloads\Malware Removal\esetsmartinstaller_enu.exe
 
Error: (12/27/2015 09:00:47 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifestC:\Users\George\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/26/2015 06:07:18 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifestC:\Users\George\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/26/2015 06:07:17 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifestC:\Users\George\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/26/2015 06:07:15 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifestc:\users\george\downloads\esetsmartinstaller_enu.exe
 
Error: (12/26/2015 05:16:27 PM) (Source: Application Error)(User: )
Description: clover.exe3.0.406.052e0f76dclover.dll3.0.406.052e0f75f8000000300106c9017d401d14000f24089faC:\Program Files (x86)\Clover\clover.exeC:\Program Files (x86)\Clover\clover.dll2ae59dde-2f02-4baf-a0f3-883bc21a234f
 
Error: (12/26/2015 08:57:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (12/25/2015 10:45:09 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (12/25/2015 11:06:57 AM) (Source: Application Hang)(User: )
Description: JustCause3.exe0.0.0.0227801d13f044b0f28e7648C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe983c2ba8-aaf7-11e5-b7b1-ac220b2812cb
 
Error: (12/25/2015 09:39:49 AM) (Source: Application Error)(User: )
Description: cnext.exe10.1.1.15225661c9e1unknown0.0.0.000000000c000000500000000000000001eec01d13ef786a62eafC:\Program Files\AMD\CNext\CNext\cnext.exeunknownd0285602-e154-44c3-8afd-66e37e3f0cd6
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-12-26 08:48:14.702
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-26 08:48:14.641
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-26 08:48:04.236
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\DmNotificationBroker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-26 08:48:04.214
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\DmNotificationBroker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-26 08:47:53.116
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\MicrosoftAccountCloudAP.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-26 08:47:53.098
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\MicrosoftAccountCloudAP.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-26 08:47:52.630
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-26 08:47:52.608
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-26 08:47:52.402
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\DsmUserTask.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-26 08:47:52.383
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\System32\DsmUserTask.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
ACP Application (HKLM\...\{0005151F-80F8-4EF4-C953-50A4BE48F529}) (Version: 2015.1204.1152.59 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.4 - Codeusa Software)
Catalyst Control Center Next Localization BR (HKLM\...\{D99BA8BB-CCA8-204C-1867-E904459A8B73}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{C1EB1702-1520-5BB2-9DED-5827FA12CB86}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DB27CA77-C209-BFF6-700D-88E3FFAFE63D}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C0BE1CF5-F93D-2641-314B-85E2EB4A9256}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{00953243-411E-294C-6B7B-1BEDB868EA39}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{724A76E5-F967-25B3-C2CD-36BEBBB10A40}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{EEEDD350-B86B-0FD7-CFF2-EF425C9443A7}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{DAC228C5-C688-1F91-EEFA-EAA15002639F}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C70FDFA1-4B45-FDCD-708B-CC97C3D8033A}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{C2CE1F6B-1866-DB80-2AD6-FD50E056821D}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{F937AF00-B63F-E9F4-1B52-4C903E347FCD}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{EBC36C18-E293-C3AC-9E8E-BA4BAC09346B}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{A0C43CD7-AE8C-B0F3-4031-7565481DA451}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{0CEFD072-4694-36C9-333E-C77BFBDC9DAB}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4525810-2BB6-4989-0E35-6D78826561BB}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{83D51B96-9433-356B-EB77-F26F4DB6B622}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DF47369F-DBEA-8AB1-B562-0A815ED0C454}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{005A39B4-C104-C892-8E36-F00926DF37B2}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{CF858C19-75B3-513C-188F-A87FEF8B4A01}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{598E3EC4-B4A4-3CE3-ED42-26D8A29210B5}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BB3FA5E5-3652-4EDD-1229-0487E93EE950}) (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.1 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
Just Cause 3 (HKLM-x32\...\Steam App 225540) (Version:  - Avalanche Studios)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
SafeZone Stable 1.46.1990.139 (HKLM-x32\...\SafeZone 1.46.1990.139) (Version: 1.46.1990.139 - Avast Software) Hidden
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.5.0 - ShareX Team)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
TunnelBear (HKLM-x32\...\{16e8ed28-0234-485c-9898-d1fb0462161a}) (Version: 2.3.20.1 - TunnelBear)
TunnelBear (HKLM-x32\...\{8B95DB67-29B8-4479-BBC5-3122BCB0AF1E}) (Version: 2.3.20.1 - TunnelBear) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.737 - Zemana Ltd.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 50%
Total physical RAM: 16366.11 MB
Available physical RAM: 8036.45 MB
Total Virtual: 17390.11 MB
Available Virtual: 5972.55 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:930.97 GB) (Free:718.09 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-U1V20TO
 
Administrator            DefaultAccount           defaultuser0             
George                   Guest                    
 
 
**** End of log ****
 
Security Check
 

SecurityCheck by glax24 v.1.4.0.32 [01.11.15]
WebSite: www.safezone.cc
DateLog: 27.12.2015 10:26:28
Path starting: C:\Users\George\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: George
VersionXML: 2.21is-26.12.2015
___________________________________________________________________________
 
Windows 10(6.3.10586) (x64) Professional Lang: English(0809)
Installation date OS: 21.12.2015 13:16:16
LicenseStatus: Windows®, Professional edition The machine is permanently activated.
LicenseStatus: Office 15, OfficeProPlusVL_KMS_Client edition Volume activation will expire : 256282 minutes
LicenseStatus: Office 16, Office16ProPlusVL_KMS_Client edition Volume activation will expire : 256511 minutes
Boot Mode: Normal
Default Browser: C:\WINDOWS\system32\LaunchWinApp.exe
SystemDrive: C: FS: [NTFS] Capacity: [931 Gb] Used: [212.9 Gb] Free: [718.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.20.10586.0
User Account Control enabled
Automatic Updates disabled (-1)
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
avast! Antivirus (enabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
avast! Antivirus (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
avast! Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Internet Security v.11.1.2245
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.0.1024 v.2.2.0.1024
Zemana AntiMalware v.2.19.737
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.30 (64-bit) v.5.30.0
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 66 v.8.0.660.18
------------------------------- [ Browser ] -------------------------------
Google Chrome v.47.0.2526.106
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.47.0.2526.106
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.11.1.2245.1540
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.11.1.2245.1540
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.125.0
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.6.0
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.19.0
----------------------------- [ End of Log ] ------------------------------
 


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 27 December 2015 - 03:58 PM

Hi Fappled :)

My name is Aura and I'll be assisting you with your issue in replacement of Inedequate (reason being that since he just got accepted in the Study Hall, he cannot assist in AII threads until he reaches a certain level of the training).

It seems that you used a KMS activator to illegally activate your copy of Microsoft Office, is it the same for your Windows, and that's why your Windows Updates are disabled?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Fappled

Fappled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 27 December 2015 - 05:16 PM

Hello Aura and thank you for helping me :)

Well my father built my PC for me and put Windows on with Microsoft Office not too long ago. I'd have to ask him, but maybe that explains why my computer has never asked me to restart to update like it used to, if it's not automatic. I never use any of the Office functions, so I'd be happy to remove it, if it causes any problems.

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 27 December 2015 - 11:09 PM

It would be good if you could remove it yes. First because it's against Microsoft's EULA and legally you could get in trouble for it, and secondly because we could refuse to assist you in the future here since BleepingComputer doesn't support piracy.

This being said, are you still getting redirected in your web browser(s)?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Fappled

Fappled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 28 December 2015 - 02:30 AM

Oh right, okay, do you know any safe alternatives to Office which I could download? And no, I don't seem to be being redirected any longer, nor is Malwarebytes popping up saying that it's detected something.

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 28 December 2015 - 11:14 AM

OpenOffice is the most popular alternative to Microsoft Office. It's free and open-source :)

https://www.openoffice.org/

And if you're not getting redirected anymore, it looks like your issue has been solved then. In that case, keep an eye open in the next few days for these redirections and if they occur again, you can report back here to let me know and we'll take another look :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Fappled

Fappled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 28 December 2015 - 01:31 PM

OpenOffice is the most popular alternative to Microsoft Office. It's free and open-source :)

https://www.openoffice.org/

And if you're not getting redirected anymore, it looks like your issue has been solved then. In that case, keep an eye open in the next few days for these redirections and if they occur again, you can report back here to let me know and we'll take another look :)

 

Okay thank you very much. I have uninstalled Office and installed OpenOffice. It looks pretty similar to be honest, so I'm not surprised it is popular. Thank you for both your Inadequate's help, I hope you both have a great new year. I'll be sure to bump this post if needed.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 28 December 2015 - 01:32 PM

No problem Fappled, you're welcome :) I'm sure that Inadequate will see your post thanking him as well :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users