Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Misconfigured Docker Services Actively Exploited in Cryptojacking Operation

Featured Deal: Get Over 90% off a Windscribe Pro VPN Lifetime Subscription Deal

Random ads appear in new tabs in browser

Started by sh1kari , Jan 12 2017 07:17 AM

Please log in to reply

9 replies to this topic

#1 sh1kari

Members
6 posts
OFFLINE

Posted 12 January 2017 - 07:17 AM

Even while idling, i have random tabs opening in my firefox and opening random ads. I've tried adwcleaner and refreshing firefox, but that does not seem to have helped with my problem, so i'm turning here asking for help. Please help, and thanks in advance!

EDIT: I should add that i have Windows 10 Pro edition

Edited by sh1kari, 12 January 2017 - 01:29 PM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Broni

The Coolest BC Computer

BC Advisor
42,754 posts
OFFLINE

Gender:Male
Location:Daly City, CA
Local time:07:15 AM

Posted 12 January 2017 - 10:12 PM

Welcome aboard

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MiniToolBox and run it.

Checkmark following boxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices (do NOT change any settings here)
List Users, Partitions and Memory size
List Restore Points

Click Go and post the result.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download

Malwarebytes Anti-Rootkit (MBAR) to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

#3 sh1kari

Topic Starter

Members
6 posts
OFFLINE

Posted 13 January 2017 - 07:35 AM

SecurityCheck.exe logs:

Results of screen317's Security Check version 1.014 --- 12/23/15
   x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
AVG Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG Web TuneUp
Adobe Flash Player    24.0.0.194
Mozilla Firefox (50.1.0)
Google Chrome (55.0.2883.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG Antivirus AVGUI.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FSS log
Farbar Service Scanner Version: 27-01-2016
Ran by Shikari (administrator) on 13-01-2017 at 13:27:35
Running from "C:\Users\Shikari\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Minitoolbox log

MiniToolBox by Farbar Version: 17-06-2016
Ran by Shikari (administrator) on 13-01-2017 at 13:30:00
Running from "C:\Users\Shikari\Desktop"
Microsoft Windows 10 Pro (X64)
Model: p6-2360eg Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-HUJ5PCG
   Primary Dns Suffix . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : localdomain

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix . : localdomain
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 10-60-4B-5C-EC-FF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::40db:65e6:ca16:3332%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Donnerstag, 12. Januar 2017 02:57:41
   Lease Expires . . . . . . . . . . : Donnerstag, 19. Januar 2017 10:02:32
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 34627659
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-B2-37-01-10-60-4B-5C-EC-FF
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.localdomain:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . : localdomain
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:30b1:2636:3f57:fe9b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::30b1:2636:3f57:fe9b%10(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-B2-37-01-10-60-4B-5C-EC-FF
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name:    google.com
Addresses: 2a00:1450:400e:801::200e
      216.58.212.174

Pinging google.com [216.58.212.174] with 32 bytes of data:
Reply from 216.58.212.174: bytes=32 time=48ms TTL=52
Reply from 216.58.212.174: bytes=32 time=49ms TTL=52

Ping statistics for 216.58.212.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 49ms, Average = 48ms
Server: UnKnown
Address: 192.168.1.1

Name:    yahoo.com
Addresses: 2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      2001:4998:44:204::a7
      206.190.36.45
      98.138.253.109
      98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=140ms TTL=46
Reply from 98.139.183.24: bytes=32 time=141ms TTL=46

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 140ms, Maximum = 141ms, Average = 140ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
6...10 60 4b 5c ec ff ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1 255.255.255.255         On-link         127.0.0.1    331
127.255.255.255 255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    291
    192.168.1.100 255.255.255.255         On-link     192.168.1.100    291
    192.168.1.255 255.255.255.255         On-link     192.168.1.100    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    291
255.255.255.255 255.255.255.255         On-link         127.0.0.1    331
255.255.255.255 255.255.255.255         On-link     192.168.1.100    291
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
10    331 ::/0                     On-link
1    331 ::1/128                  On-link
10    331 2001::/32                On-link
10    331 2001:0:5ef5:79fd:30b1:2636:3f57:fe9b/128
                                    On-link
6    291 fe80::/64                On-link
10    331 fe80::/64                On-link
10    331 fe80::30b1:2636:3f57:fe9b/128
                                    On-link
6    291 fe80::40db:65e6:ca16:3332/128
                                    On-link
1    331 ff00::/8                 On-link
6    291 ff00::/8                 On-link
10    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/12/2017 09:10:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/12/2017 09:05:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2017 08:58:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "AVG.VC140.CRT,processorArchitecture="x86",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0"1".
Dependent Assembly AVG.VC140.CRT,processorArchitecture="x86",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2017 08:58:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "AVG.VC140.CRT,processorArchitecture="amd64",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0"1".
Dependent Assembly AVG.VC140.CRT,processorArchitecture="amd64",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2017 11:05:14 AM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (01/12/2017 11:05:14 AM) (Source: PerfNet) (User: )
Description:

Error: (01/12/2017 11:05:14 AM) (Source: Perflib) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

Error: (01/12/2017 11:05:14 AM) (Source: Perflib) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8

Error: (01/12/2017 11:05:14 AM) (Source: Perflib) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll8

Error: (01/12/2017 11:05:14 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

System errors:
=============
Error: (01/13/2017 01:11:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/13/2017 04:15:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/12/2017 09:14:23 PM) (Source: Service Control Manager) (User: )
Description: The AVG Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/12/2017 10:03:24 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/12/2017 03:01:57 AM) (Source: DCOM) (User: DESKTOP-HUJ5PCG)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}

Error: (01/12/2017 03:01:51 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/12/2017 02:58:45 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/12/2017 02:57:46 AM) (Source: bowser) (User: )
Description: The browser driver has received too many illegal datagrams from the remote computer O2 to name DESKTOP-HUJ5PCG on transport NetBT_Tcpip_{4F8C6521-3AE9-4173-B9A2-53D73F2DDF31}. The data is the datagram.
No more events will be generated until the reset frequency has expired.

Error: (01/12/2017 02:54:09 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.

Error: (01/12/2017 02:53:42 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (01/12/2017 09:10:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (01/12/2017 09:05:03 PM) (Source: SideBySide)(User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll

Error: (01/12/2017 08:58:34 PM) (Source: SideBySide)(User: )
Description: AVG.VC140.CRT,processorArchitecture="x86",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0"C:\Windows\Temp\AvgSetup\6129ac3f-cf03-47cf-91d4-c1290db8050c\install\fmw\avgrdsttestx.exe

Error: (01/12/2017 08:58:31 PM) (Source: SideBySide)(User: )
Description: AVG.VC140.CRT,processorArchitecture="amd64",publicKeyToken="f92d94485545da78",type="win32",version="14.0.23918.0"C:\Windows\Temp\AvgSetup\6129ac3f-cf03-47cf-91d4-c1290db8050c\install\fmw\avgrdsttesta.exe

Error: (01/12/2017 11:05:14 AM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (01/12/2017 11:05:14 AM) (Source: PerfNet)(User: )
Description:

Error: (01/12/2017 11:05:14 AM) (Source: Perflib)(User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

Error: (01/12/2017 11:05:14 AM) (Source: Perflib)(User: )
Description: LsaC:\Windows\System32\Secur32.dll8

Error: (01/12/2017 11:05:14 AM) (Source: Perflib)(User: )
Description: ESENTC:\Windows\system32\esentprf.dll8

Error: (01/12/2017 11:05:14 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

CodeIntegrity Errors:
===================================
Date: 2017-01-09 04:42:30.839
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-01-04 10:43:52.057
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-12-24 09:47:45.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-12-18 10:48:56.420
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-12-15 12:23:30.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-12-15 10:02:19.037
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-12-13 12:47:05.675
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.9.42923 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Skybox Labs)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
APB Reloaded (HKLM\...\Steam App 113400) (Version: - Reloaded Productions)
Arma 2 (HKLM\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version: - Bohemia Interactive)
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 2.0.0.0 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 2.0.0.0 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.125.2.55495 - AVG Technologies)
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.1.3006 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
AVG Zen (HKLM\...\{6BC93AB9-A4E0-4BC3-8376-FDE32F41B0B6}) (Version: 1.125.28 - AVG Technologies) Hidden
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM\...\Steam App 80) (Version: - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM\...\Steam App 100) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0492 - Disc Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio)
Discord (HKCU\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{83475ED4-8CCD-4F42-B877-7E2CC2BBD97B}) (Version: 2.0.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-332 335 Series Printer Uninstall (HKLM\...\EPSON XP-332 335 Series) (Version: - Seiko Epson Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.52.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ESEA Client (HKCU\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
f.lux (HKCU\...\Flux) (Version: - )
FMW 1 (HKLM\...\{23B70FAD-E859-4444-BA81-BD66DBF28F30}) (Version: 1.152.5 - AVG Technologies) Hidden
GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies)
Git version 2.11.0 (HKLM\...\Git_is1) (Version: 2.11.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Grand Theft Auto: San Andreas (HKLM\...\Steam App 12120) (Version: - Rockstar Games)
GRID (HKLM\...\Steam App 12750) (Version: - Codemasters Studios)
H1Z1: Just Survive (HKLM\...\Steam App 295110) (Version: - Daybreak Game Company)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version: - Daybreak Game Company)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.2.0.933 - IObit)
JetBrains PyCharm 2016.3 (HKLM-x32\...\PyCharm 2016.3) (Version: 163.8233.8 - JetBrains s.r.o.)
League of Legends (HKLM-x32\...\{2A3DD76D-BB24-4C4B-BC36-FB25D8902946}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Mafia II (HKLM-x32\...\Mafia II_is1) (Version: - )
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MTA:SA v1.5.3 (HKLM-x32\...\MTA:SA 1.5) (Version: v1.5.3 - Multi Theft Auto)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NetLimiter 4 (HKLM\...\{031BF857-9D3C-4DEE-97F2-69698EE82B06}) (Version: 4.0.25.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.25.0) (Version: 4.0.25.0 - Locktime Software)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios)
Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.5.1 (64-bit) (HKCU\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (64-bit) (HKLM\...\{495EFF61-4949-4304-872E-441B48022991}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (64-bit) (HKLM\...\{2690DE23-49CD-4973-AA74-F77C4C852189}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (HKLM\...\{70D9C8DA-F1A1-43B0-B325-6263CD21E535}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (HKLM\...\{5C8D887B-998A-4708-9120-CE040C4A5B47}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (HKLM\...\{39F30A3E-99D9-46E3-8582-7422FE54A1FB}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (HKLM\...\{E98CFF92-01E0-4E30-8C72-3C82111091C2}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (HKLM\...\{0F774261-D55F-4180-B266-A9E1C6F4CD7A}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (HKLM\...\{A47BAF5B-53CC-4E60-847A-E13CAF26F467}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (HKLM\...\{A1B06412-F898-47C9-968F-D3B331ABB202}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (HKLM\...\{34E72E6D-77E8-4C17-99B8-42497B7308C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2690 - )
RIFT (HKLM\...\Steam App 39120) (Version: - Trion Worlds)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Soldat version 1.7.1 (HKLM-x32\...\Soldat_is1) (Version: 1.7.1 - Transhuman Design)
Spotify (HKCU\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader Extreme HD (HKLM\...\Steam App 16700) (Version: - Firefly Studios)
Stronghold Crusader HD (HKLM\...\Steam App 40970) (Version: - FireFly Studios)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM\...\Steam App 20920) (Version: - CD PROJEKT RED)
Titan Quest (HKLM-x32\...\Titan Quest_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version: - Iron Lore Entertainment)
Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version: - Ubisoft)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.2 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Watch_Dogs (HKLM\...\Steam App 243470) (Version: - Ubisoft)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 8147.29 MB
Available physical RAM: 4399.34 MB
Total Virtual: 9427.29 MB
Available Virtual: 4811.56 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:300 GB) (Free:172.96 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:1562.53 GB) (Free:1143.59 GB) NTFS
3 Drive e: (Mafia II) (CDROM) (Total:5.57 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\DESKTOP-HUJ5PCG

Administrator            DefaultAccount           defaultuser0
Guest                    Shikari

========================= Restore Points ==================================

28-12-2016 08:34:49 Windows Update
05-01-2017 16:00:09 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
11-01-2017 03:45:18 Windows Update

**** End of log ****

Malwarebytes scan log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/12/17
Scan Time: 7:34 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.989
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-HUJ5PCG\Shikari

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404639
Time Elapsed: 5 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Vondos, C:\USERS\SHIKARI\APPDATA\LOCAL\TEMP\NS7402FA9C\0D4931CA_STP\BS-FF-DE.EXE, Delete-on-Reboot, [1219], [337296],1.0.989

Physical Sector: 0
(No malicious items detected)

(end)

#4 sh1kari

Topic Starter

Members
6 posts
OFFLINE

Posted 13 January 2017 - 07:58 AM

MBAR log 1

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2017.01.13.08
rootkit: v2016.11.20.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
Shikari :: DESKTOP-HUJ5PCG [administrator]

13.01.2017 13:40:20
mbar-log-2017-01-13 (13-40-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 327981
Time elapsed: 14 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

MBAR log 2

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8543055872, free: 4516347904

Downloaded database version: v2017.01.13.08
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.12.16.01
Initializing...
======================
------------ Kernel report ------------
     01/13/2017 13:40:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\drivers\nldrv.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Users\Shikari\AppData\Local\Temp\ESEADriver2.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\TIxHCIlfilter.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TIxHCIufilter.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\dtultrausbbus.sys
\SystemRoot\System32\drivers\dtliteusbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\dtultrascsibus.sys
\SystemRoot\System32\drivers\dtlitescsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\??\C:\Windows\system32\drivers\farflt.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\drivers\avgVmm.sys
\SystemRoot\system32\drivers\avgSP.sys
\SystemRoot\system32\drivers\avgbdiska.sys
\SystemRoot\system32\drivers\avgNetSec.sys
\SystemRoot\system32\drivers\avgbidsdrivera.sys
\SystemRoot\system32\drivers\avgbidsha.sys
\SystemRoot\system32\drivers\avgbloga.sys
\SystemRoot\system32\drivers\avgbuniva.sys
\SystemRoot\system32\drivers\avgSnx.sys
\SystemRoot\system32\drivers\avgRdr2.sys
\SystemRoot\system32\drivers\avgMonFlt.sys
\SystemRoot\system32\drivers\avgStm.sys
\??\C:\Windows\system32\drivers\mwac.sys
\SystemRoot\System32\cdd.dll
----------- End -----------
Done!

Scan started
Database versions:
main:    v2017.01.13.08
rootkit: v2016.11.20.01

<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 713A097F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 629145600
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 629147648 Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 630171648 Numsec = 3276855296
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
File "C:\Users\Shikari\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-629147648-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-630171648-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Rkill log

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/13/2017 01:57:23 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* agp440 [Missing Service]
* gagp30kx [Missing Service]
* IEEtwCollectorService [Missing Service]
* IoQos [Missing Service]
* nv_agp [Missing Service]
* TimeBroker [Missing Service]
* uagp35 [Missing Service]
* uliagpkx [Missing Service]
* WcsPlugInService [Missing Service]
* wpcfltr [Missing Service]
* WSService [Missing Service]

* AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
* WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

* vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
* vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/13/2017 01:57:52 PM
Execution time: 0 hours(s), 0 minute(s), and 58 seconds(s)

#5 Broni

The Coolest BC Computer

BC Advisor
42,754 posts
OFFLINE

Gender:Male
Location:Daly City, CA
Local time:07:15 AM

Posted 13 January 2017 - 09:30 PM

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Edited by Broni, 13 January 2017 - 09:30 PM.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

#6 sh1kari

Topic Starter

Members
6 posts
OFFLINE

Posted 14 January 2017 - 11:07 AM

AdwCleaner log

# AdwCleaner v6.042 - Logfile created 14/01/2017 at 16:55:44
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-11.1 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : Shikari - DESKTOP-HUJ5PCG
# Running from : C:\Users\Shikari\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: vToolbarUpdater40.3.6
[-] Service deleted: WtuSystemSupport

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Shikari\AppData\Local\avg web tuneup
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search

***** [ Files ] *****

[-] File deleted: C:\Users\Shikari\AppData\Roaming\Mozilla\Firefox\Profiles\wjqqh0gn.default-1484222363419\extensions\Avg@toolbar.xpi
[-] File deleted: C:\Users\Shikari\AppData\Roaming\Mozilla\Firefox\Profiles\wjqqh0gn.default-1484222363419\searchplugins\avg-secure-search.xml

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[-] Data restored: HKU\S-1-5-21-135125168-492407345-2220286911-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKU\S-1-5-21-135125168-492407345-2220286911-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142017025345246\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-135125168-492407345-2220286911-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-135125168-492407345-2220286911-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKU\S-1-5-21-135125168-492407345-2220286911-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142017025345246\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-135125168-492407345-2220286911-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142017025345246\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8221 Bytes] - [12/01/2017 02:54:00]
C:\AdwCleaner\AdwCleaner[C2].txt - [5646 Bytes] - [14/01/2017 16:55:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [7887 Bytes] - [12/01/2017 02:53:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [5937 Bytes] - [14/01/2017 16:53:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5865 Bytes] ##########

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by Shikari (Administrator) on 14.01.2017 at 17:01:45,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 5

Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_Shikari (Task)
Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_Shikari.job (Task)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.01.2017 at 17:04:53,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7 sh1kari

Topic Starter

Members
6 posts
OFFLINE

Posted 14 January 2017 - 02:45 PM

And from the Sophos tool, no threats were found.

#8 Broni

The Coolest BC Computer

BC Advisor
42,754 posts
OFFLINE

Gender:Male
Location:Daly City, CA
Local time:07:15 AM

Posted 14 January 2017 - 08:50 PM

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

#9 sh1kari

Topic Starter

Members
6 posts
OFFLINE

Posted 15 January 2017 - 11:01 AM

Unfortunately the ads still keep popping up

They're quite intrusive as well. No matter what i do, they always open a new firefox tab, or if firefox is turned off, they launch firefox to open the tab.

Edited by sh1kari, 15 January 2017 - 11:10 AM.