Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ping.exe opens and is seen in Task Manager multiple times


  • Please log in to reply
5 replies to this topic

#1 darrenmullings

darrenmullings

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 07 January 2017 - 04:16 PM

Hello! I need some assistance. I believe I got a virus called "ping". It always reopens upon startup in Task Manager and plays audio ads. I've used multiple virus protection applications (AdwCleaner, RogueKiller, MalwareBytes, Kaspersky, etc) and it never identifies it. I try to end task on it and it sometimes opens again. It would be great if anyone could help! Thanks!


Edited by hamluis, 07 January 2017 - 04:22 PM.
Moved from MRL to Am I Infected, no logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:04 AM

Posted 07 January 2017 - 07:48 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 darrenmullings

darrenmullings
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 07 January 2017 - 11:25 PM

Here is an image of the what the virus shows up as in Task Manager.

https://gyazo.com/56dad1ce67b42c135c55185a09d3f6c8

 

 

Security Check's logs:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 111  
 Java version 32-bit out of Date!
 Adobe Flash Player 24.0.0.186  
 Google Chrome (55.0.2883.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSASCuiL.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
FFS Scan logs: 
 
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 

MiniToolBox's logs:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Darren (administrator) on 07-01-2017 at 23:13:39
Running from "C:\Users\Darren\Downloads"
Microsoft Windows 10 Home  (X64)
Model: GA-78LMT-USB3 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
0.0.0.1 mssplus.mcafee.com
0.0.0.1 mssplus.mcafee.com
127.0.0.1 na1r.services.adobe.com 
127.0.0.1 hlrcv.stage.adobe.com 
127.0.0.1 lmlicenses.wip4.adobe.com 
127.0.0.1 lm.licenses.adobe.com 
127.0.0.1 activate.adobe.com 
127.0.0.1 practivate.adobe.com 
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
========================= IP Configuration: ================================
 
Realtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : TheDar
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fios-router.home
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-D4-35-BA-2D-F6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 76-DA-38-11-28-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Realtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : 74-DA-38-11-28-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d43b:f51:46a5:e840%6(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.153(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, January 7, 2017 10:42:25 PM
   Lease Expires . . . . . . . . . . : Sunday, January 8, 2017 10:42:31 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 74766904
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-59-68-F3-74-D4-35-BA-2D-F6
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c09:333e:9bdb:c35f(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3c09:333e:9bdb:c35f%11(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 352321536
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-59-68-F3-74-D4-35-BA-2D-F6
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.fios-router.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4004:809::200e
 172.217.3.46
 
 
Pinging google.cOM [172.217.3.46] with 32 bytes of data:
Reply from 172.217.3.46: bytes=32 time=5ms TTL=56
Reply from 172.217.3.46: bytes=32 time=11ms TTL=56
 
Ping statistics for 172.217.3.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 11ms, Average = 8ms
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.cOM [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=88ms TTL=53
Reply from 206.190.36.45: bytes=32 time=90ms TTL=53
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 88ms, Maximum = 90ms, Average = 89ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  4...74 d4 35 ba 2d f6 ......Realtek PCIe GBE Family Controller
  7...76 da 38 11 28 e2 ......Microsoft Wi-Fi Direct Virtual Adapter
  6...74 da 38 11 28 e2 ......Realtek RTL8811AU Wireless LAN 802.11ac USB 2.0 Network Adapter
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.153     45
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.153    301
    192.168.1.153  255.255.255.255         On-link     192.168.1.153    301
    192.168.1.255  255.255.255.255         On-link     192.168.1.153    301
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.153    301
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.153    301
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    331 ::/0                     On-link
  1    331 ::1/128                  On-link
 11    331 2001::/32                On-link
 11    331 2001:0:4137:9e76:3c09:333e:9bdb:c35f/128
                                    On-link
  6    301 fe80::/64                On-link
 11    331 fe80::/64                On-link
 11    331 fe80::3c09:333e:9bdb:c35f/128
                                    On-link
  6    301 fe80::d43b:f51:46a5:e840/128
                                    On-link
  1    331 ff00::/8                 On-link
  6    301 ff00::/8                 On-link
 11    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/07/2017 10:42:03 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (01/07/2017 10:34:21 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (01/07/2017 10:33:04 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/07/2017 06:09:46 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (01/07/2017 12:22:43 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (01/07/2017 12:13:39 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (01/07/2017 11:30:35 AM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF (error %3).
 
Error: (01/07/2017 11:29:54 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/07/2017 11:22:48 AM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (01/07/2017 08:53:51 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (01/07/2017 11:07:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/07/2017 10:42:27 PM) (Source: Service Control Manager) (User: )
Description: The Ds3Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (01/07/2017 10:42:27 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ds3Service service to connect.
 
Error: (01/07/2017 06:18:39 PM) (Source: Service Control Manager) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (01/07/2017 06:15:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (01/07/2017 06:10:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/07/2017 06:10:07 PM) (Source: Service Control Manager) (User: )
Description: The Ds3Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (01/07/2017 06:10:07 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ds3Service service to connect.
 
Error: (01/07/2017 06:09:00 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:33:05 PM on ‎1/‎7/‎2017 was unexpected.
 
Error: (01/07/2017 12:30:58 PM) (Source: DCOM) (User: THEDAR)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}TheDarDarrenS-1-5-21-4205266027-3812420785-3334294503-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
 
Microsoft Office Sessions:
=========================
Error: (01/07/2017 10:42:03 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.
 
Error: (01/07/2017 10:34:21 PM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (01/07/2017 10:33:04 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (01/07/2017 06:09:46 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.
 
Error: (01/07/2017 12:22:43 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_OFF
 
Error: (01/07/2017 12:13:39 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.
 
Error: (01/07/2017 11:30:35 AM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_OFF
 
Error: (01/07/2017 11:29:54 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/07/2017 11:22:48 AM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.
 
Error: (01/07/2017 08:53:51 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
 
CodeIntegrity Errors:
===================================
  Date: 2017-01-03 23:43:35.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 06:33:52.761
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-02 03:36:00.615
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-31 23:27:00.404
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-31 01:19:05.441
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-30 03:40:29.675
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-29 01:25:06.583
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-27 22:49:40.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-26 03:58:44.979
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-24 02:48:35.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
"South Park - The Stick of Truth" (HKLM-x32\...\{E2C85C1F-DEA8-4A14-BA93-16EC87E72BC2}_is1) (Version: 1.0.0.1380 - )
7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
AAS - Lounge Lizard EP-4 (HKLM-x32\...\Lounge Lizard EP-4) (Version:  - Applied Acoustics Systems)
Ableton Live 9 Suite (HKLM-x32\...\{D8FC77CA-7690-44B6-99B0-987551AA1716}) (Version: 9.0.0.0 - Ableton)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.7.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Animate CC 2015.2 (HKLM-x32\...\FLPR_15_2) (Version: 15.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{F2321021-4348-11E4-B1DF-BDB415F23EC5}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015.3 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A2}) (Version: 10.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AutoHotkey 1.1.14.02 (HKLM\...\AutoHotkey) (Version: 1.1.14.02 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Cableguys VolumeShaper 4.0 (HKLM\...\VolumeShaper_is1) (Version: 4.0 - Cableguys)
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)
CINEMA 4D 15.064 (HKLM\...\MAXON12664043) (Version: 15.064 - MAXON Computer GmbH)
Citra Edge (HKCU\...\citra) (Version: 0.1.68 - Citra Development Team)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Discord (HKCU\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard 9.0 (HKLM\...\EaseUS Data Recovery Wizard 9.0_is1) (Version:  - EaseUS)
Edison (HKLM-x32\...\Edison) (Version:  - Image-Line bvba)
Effectrix 1.4 (HKLM\...\Effectrix_is1) (Version: 1.4 - Sugar Bytes)
EZkeys Grand Piano (HKLM-x32\...\{BEBC94B6-CC95-4160-B753-DD6C5D9374FA}) (Version: 1.0.2 - Toontrack)
EZmix 32-bit (HKLM-x32\...\{C2C4E4DA-78F6-4DB9-A3DD-A78C531FC027}) (Version: 2.1.1 - Toontrack)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio 12.1.2 (HKLM\...\FL Studio 12.1.2_is1) (Version:  - )
FL Studio ASIO (HKLM\...\FL Studio ASIO) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
GameMaker-Studio 1.4.1567 WMF 1522 (HKLM-x32\...\GameMaker-Studio 1.4.1567 WMF 1522) (Version:  - )
Gladiator  full (HKLM-x32\...\Tone2 Gladiator full_is1) (Version: 2.5.0 - Tone2)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Gyazo 3.2.8 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Helm (HKLM\...\{C7487390-8819-4089-88BD-2B5DA80D3284}) (Version: 0.6.0.0 - Matt Tytel)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version:  - Image-Line)
IL Harmless (HKLM-x32\...\IL Harmless) (Version:  - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version:  - Image-Line)
IL Maximus (HKLM-x32\...\IL Maximus) (Version:  - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version:  - Image-Line)
IL Sytrus (HKLM-x32\...\IL Sytrus) (Version:  - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version:  - Image-Line)
iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.00) (Version: 7.00 - iZotope, Inc.)
Jack (HKLM-x32\...\Jack) (Version:  - )
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Max 7 (HKLM-x32\...\{C21C8836-AA7A-454F-8CED-D6722711078B}) (Version: 7.2.1 - Cycling '74)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MicroVolts Surge (HKLM-x32\...\Steam App 109400) (Version:  - NQ Games)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.4.0.1498 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.0.409 - Native Instruments)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 3.0.0 - OGPlanet, Inc.)
Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Reveal Sound Spire (HKLM-x32\...\Reveal Sound Spire) (Version: 1.1.9 - Reveal Sound)
rgc:audio z3ta+ 1.5 (HKLM\...\z3ta+_x86_is1) (Version: 1.5 - Cakewalk Music Software)
Rumble Fighter (HKLM-x32\...\RumbleFighter) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sugar Bytes WOW2 2.1.1 (HKLM\...\WOW2_is1) (Version: 2.1.1 - Sugar Bytes)
Superior Drummer 32-bit (HKLM-x32\...\{8752CE2D-F312-499D-AE46-4AD80506A890}) (Version: 2.4.1 - Toontrack)
Superior Drummer 64-bit (HKLM\...\{0E54CF79-AE40-409E-9253-9563418C730C}) (Version: 2.4.1 - Toontrack)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)
u-he Diva (HKLM-x32\...\u-he Diva) (Version: 1.4.0.3898 - u-he)
Uninstaller (HKLM-x32\...\Uninstaller) (Version: v2.5 - Pulse @ Indextorrent.com)
ValhallaRoom 1.1.0 (HKLM-x32\...\ValhallaRoom_is1) (Version:  - )
ValhallaUberMod 1.0.1 (HKLM-x32\...\ValhallaUberMod_is1) (Version:  - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Virtual Audio Cable 4.15 (HKLM\...\Virtual Audio Cable 4.15) (Version:  - )
Vivaldi (HKCU\...\Vivaldi) (Version: 1.6.689.40 - Vivaldi)
Warframe (HKLM-x32\...\{58A0931C-2B01-45B1-9EB1-830DD7D32B60}) (Version: 1.0.0 - Digital Extremes)
WinRAR 5.30 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH)
Xfer Records LFOTool v1.29 Beta 6 x86 (HKLM-x32\...\Xfer Records LFOTool v1.29 Beta 6 x86_is1) (Version:  - )
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 41%
Total physical RAM: 8173.53 MB
Available physical RAM: 4787.63 MB
Total Virtual: 15853.53 MB
Available Virtual: 11990.48 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:930.73 GB) (Free:203.03 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\THEDAR
 
Administrator            Darren                   DefaultAccount           
Guest                    
 
========================= Minidump Files ==================================
 
C:\WINDOWS\Minidump\010217-23062-01.dmp
C:\WINDOWS\Minidump\010217-24218-01.dmp
C:\WINDOWS\Minidump\010317-27734-01.dmp
C:\WINDOWS\Minidump\010517-34843-01.dmp
C:\WINDOWS\Minidump\010617-36578-01.dmp
C:\WINDOWS\Minidump\082516-22328-01.dmp
C:\WINDOWS\Minidump\090216-60656-01.dmp
C:\WINDOWS\Minidump\090816-22062-01.dmp
C:\WINDOWS\Minidump\102316-24062-01.dmp
C:\WINDOWS\Minidump\102516-18734-01.dmp
C:\WINDOWS\Minidump\110716-39593-01.dmp
C:\WINDOWS\Minidump\111316-37750-01.dmp
C:\WINDOWS\Minidump\112116-26906-01.dmp
C:\WINDOWS\Minidump\112516-23390-01.dmp
C:\WINDOWS\Minidump\112616-23265-01.dmp
C:\WINDOWS\Minidump\112716-23781-01.dmp
C:\WINDOWS\Minidump\112916-26656-01.dmp
C:\WINDOWS\Minidump\120216-23343-01.dmp
C:\WINDOWS\Minidump\120316-25312-01.dmp
C:\WINDOWS\Minidump\120416-24984-01.dmp
C:\WINDOWS\Minidump\121016-27656-01.dmp
C:\WINDOWS\Minidump\121616-42500-01.dmp
C:\WINDOWS\Minidump\121816-42203-01.dmp
C:\WINDOWS\Minidump\122116-25687-01.dmp
C:\WINDOWS\Minidump\122416-52500-01.dmp
C:\WINDOWS\Minidump\122516-33875-01.dmp
C:\WINDOWS\Minidump\122716-29453-01.dmp
C:\WINDOWS\Minidump\122816-33078-01.dmp
C:\WINDOWS\Minidump\123016-36062-01.dmp
========================= Restore Points ==================================
 
24-12-2016 18:53:49 Installed Superior Drummer 64-bit.
29-12-2016 15:20:45 Installed Animate.
07-01-2017 13:53:34 Scheduled Checkpoint
 
**** End of log ****
 
 
MalwareBytes Anti-Rookit logs:
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
Darren :: THEDAR [administrator]
 
1/7/2017 9:23:51 PM
mbar-log-2017-01-07 (21-23-51).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 474527
Time elapsed: 45 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [6cd19e9f2d4f56e03d9037bd16ed8c74]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [1d20b28badcf4beb786ef202da297d83]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [25183d003e3efc3aee1812e5689bf60a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [d06d99a42d4f9a9c1eaf0ce83ac9718f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [70cde855d5a792a456908f650ff4649c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [3904ef4eceaea591ef178077c63d3fc1]
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
MalwareBytes did not identify any threats and neither did RKill.
 
Here are the MalwareBytes:
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/8/17
Scan Time: 2:11 AM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.949
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 498453
Time Elapsed: 21 min, 36 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
Upon restarting my computer, I still got ping in the background playing some ad.
 
Please help. Thank you.

Edited by darrenmullings, 08 January 2017 - 12:06 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:04 AM

Posted 08 January 2017 - 08:16 PM

MBAR detected some issues but we're not allowed to run MBAR fixes in this forum.

You'll need elevated help.

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 darrenmullings

darrenmullings
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 13 January 2017 - 05:11 PM

The issue is resolved. Thank you!



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:04 AM

Posted 13 January 2017 - 09:36 PM

p22003888.gif


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users