Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC is constantly disconnected from my Wi-Fi...


  • Please log in to reply
25 replies to this topic

#1 ParanoiaForViruses

ParanoiaForViruses

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 17 February 2017 - 08:42 PM

I am not sure where this should be posted, but since this is more or less related to networking, I am going to post this here.
 
So for more than a month, I have been constantly being bugged by frequent disconnections. At first I thought it was related to my modem/router, but even when my PC is disconnected my phone's Internet works perfectly on the same Wi-Fi. Admittedly, my phone works on 5GHz Wi-Fi of the same router and my PC can only work on 2.4GHz Wi-Fi, but if they are using the same router to transmit signals, so the router shouldn't be the problem here. Correct?
 
I have tried a lot of methods. I have flushed my DNS cache, used Google PNS addresses on IPv4, run SFC scans, changed network mode to 802.11n only and used media prioritization with 200000 Kbps downstream bandwidth (My internet plan is 1000M if I recall correctly), installed (and uninstalled of course) a number of anti-viruses (Bitdefender, Avast Internet Security and Avast Free Antivirus, Panda Global Protection), and a bunch of different anti-malwares (Malwarebytes Premium Trial and Malwarebytes Free, and I forgot a bunch of them). Anti-viruses so far do nothing for me, except for Panda, which somehow spotted out there are UDP flooding attacks occurring on my PC whenever I use Google Chrome. When I disabled QUIC on Google Chrome, Panda no longer reported this but I still have this problem. I tried uninstalling Google Chrome thinking that might be a problem but as you can tell clearly that isn't the culprit.
 
Anti-malwares spotted a few PUPs and PUMs and stuff but none of them is related to my issue as I have cleared them and clearly I am still pestered by this problem. I have factory reset the PC with the resetting options given and delete and recycle practically everything (is it formatting? I am not sure), with no avail.
 
How can I be certain of the root(s) of the problem? Which procedures are needed to figure out what actually causes this problem? Please help.
 
Edit: Here is the information you may need:

Make and model of computer: Fujitsu LIFEBOOK AH544

How the computer is connected (wireless or wired): Wireless

Make and model of Router: Linksys, LLC EA7500


Approximate Distance From the router the PC is if its a wireless connection: 3 to 4 metres? I am using Wi-Fi at home so it's not far at all.

What type of internet you have (Dsl, Cable, T-1,etc..): Not sure what you want here.

 
Here is the log:
 

 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by cat20 (administrator) on 18-02-2017 at 10:30:30
Running from "C:\Users\cat20\Downloads"
Microsoft Windows 10 Home  (X64)
Model: LIFEBOOK AH544 Manufacturer: FUJITSU
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel(R) Wireless-N 7260 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-IL1OBNS
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E0-18-77-C3-21-B1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : F8-16-54-8F-05-3A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Wireless-N 7260
   Physical Address. . . . . . . . . : F8-16-54-8F-05-39
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d93f:d04e:e7be:2b0%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, February 18, 2017 8:07:26 AM
   Lease Expires . . . . . . . . . . : Sunday, February 19, 2017 10:08:21 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 133699156
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-30-CF-86-E0-18-77-C3-21-B1
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  8.8.8.8

Name:    google.com
Addresses:  2404:6800:4005:808::200e
      172.217.24.206


Pinging google.com [216.58.203.14] with 32 bytes of data:
Reply from 216.58.203.14: bytes=32 time=5ms TTL=54
Reply from 216.58.203.14: bytes=32 time=5ms TTL=54

Ping statistics for 216.58.203.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 5ms, Average = 5ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=406ms TTL=51
Reply from 98.139.183.24: bytes=32 time=231ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 231ms, Maximum = 406ms, Average = 318ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...e0 18 77 c3 21 b1 ......Realtek PCIe GBE Family Controller
  5...f8 16 54 8f 05 3a ......Microsoft Wi-Fi Direct Virtual Adapter
 16...f8 16 54 8f 05 39 ......Intel(R) Wireless-N 7260
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     45
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.103    301
    192.168.1.103  255.255.255.255         On-link     192.168.1.103    301
    192.168.1.255  255.255.255.255         On-link     192.168.1.103    301
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.103    301
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.103    301
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 16    301 fe80::/64                On-link
 16    301 fe80::d93f:d04e:e7be:2b0/128
                                    On-link
  1    331 ff00::/8                 On-link
 16    301 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/18/2017 05:44:59 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/16/2017 09:58:48 AM) (Source: Application Hang) (User: )
Description: The program CK2game.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1698

Start Time: 01d287f80dfb42ae

Termination Time: 9

Application Path: C:\Users\cat20\Downloads\Crusader.Kings.II.v2.6.3.Hotfix2\CK2game.exe

Report Id: 7168db9d-f3eb-11e6-9be0-e01877c321b1

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2017 09:55:00 AM) (Source: Application Hang) (User: )
Description: The program CK2game.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ff4

Start Time: 01d287f6197e3501

Termination Time: 8

Application Path: C:\Users\cat20\Downloads\Crusader.Kings.II.v2.6.3.Hotfix2\CK2game.exe

Report Id: df959f5c-f3ea-11e6-9be0-e01877c321b1

Faulting package full name:

Faulting package-relative application ID:

Error: (02/15/2017 05:34:49 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/15/2017 05:32:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/15/2017 04:24:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xb30
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (02/15/2017 12:12:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819bf85
Faulting module name: twinapi.appcore.dll, version: 10.0.14393.206, time stamp: 0x57daca78
Exception code: 0xc000027b
Fault offset: 0x000000000006d1c4
Faulting process id: 0x1384
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (02/14/2017 10:32:05 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.


Details:
    (HRESULT : 0x80040210) (0x80040210)

Error: (02/14/2017 09:10:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 51.0.1.6234, time stamp: 0x5888f36c
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f35e
Exception code: 0x80000003
Fault offset: 0x000000000000ff67
Faulting process id: 0x1390
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
Faulting package full name: firefox.exe4
Faulting package-relative application ID: firefox.exe5

Error: (02/13/2017 10:29:44 PM) (Source: Windows Search Service) (User: )
Description: Enumerating user sessions to generate filter pools failed.


Details:
    (HRESULT : 0x80040210) (0x80040210)


System errors:
=============
Error: (02/18/2017 08:07:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 8 0x0 0x0

Error: (02/18/2017 08:07:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 2 0xdeaddeed 0xeeec

Error: (02/18/2017 08:07:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 1 0xc 0x4

Error: (02/18/2017 04:34:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/17/2017 10:40:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/17/2017 03:41:18 AM) (Source: DCOM) (User: DESKTOP-IL1OBNS)
Description: {0134A8B2-3407-4B45-AD25-E9F7C92A80BC}

Error: (02/17/2017 02:14:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 8 0x0 0x0

Error: (02/17/2017 02:14:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 2 0xdeaddeed 0xeeec

Error: (02/17/2017 02:14:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 1 0xc 0x4

Error: (02/17/2017 01:55:42 AM) (Source: Tcpip) (User: )
Description: An attempt to clear a packet coalescing filter on the network adapter with hardware address F8-16-54-8F-05-39 has failed (IPv6 0xc023001f 4).


Microsoft Office Sessions:
=========================
Error: (02/18/2017 05:44:59 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (02/16/2017 09:58:48 AM) (Source: Application Hang)(User: )
Description: CK2game.exe1.0.0.0169801d287f80dfb42ae9C:\Users\cat20\Downloads\Crusader.Kings.II.v2.6.3.Hotfix2\CK2game.exe7168db9d-f3eb-11e6-9be0-e01877c321b1

Error: (02/16/2017 09:55:00 AM) (Source: Application Hang)(User: )
Description: CK2game.exe1.0.0.01ff401d287f6197e35018C:\Users\cat20\Downloads\Crusader.Kings.II.v2.6.3.Hotfix2\CK2game.exedf959f5c-f3ea-11e6-9be0-e01877c321b1

Error: (02/15/2017 05:34:49 AM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/15/2017 05:32:23 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (02/15/2017 04:24:45 AM) (Source: Application Error)(User: )
Description: mbamservice.exe3.1.0.4155881b7a1unknown0.0.0.000000000c00000050000000000000000b3001d2870054e8dc53C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exeunknown7258323a-70fe-45de-a465-d922a8ab3e23

Error: (02/15/2017 12:12:58 AM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.14393.4475819bf85twinapi.appcore.dll10.0.14393.20657daca78c000027b000000000006d1c4138401d286c0056a362aC:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\System32\twinapi.appcore.dll96e71174-4eea-4fb4-8f25-1c8e68f73a30Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewyApp

Error: (02/14/2017 10:32:05 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    (HRESULT : 0x80040210) (0x80040210)

Error: (02/14/2017 09:10:18 AM) (Source: Application Error)(User: )
Description: firefox.exe51.0.1.62345888f36cmozglue.dll51.0.1.62345888f35e80000003000000000000ff67139001d28657faca0b95C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\mozglue.dll5880f3b2-ce92-42ab-a961-5ccdd8fd803b

Error: (02/13/2017 10:29:44 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    (HRESULT : 0x80040210) (0x80040210)


=========================== Installed Programs ============================

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Battery Utility (HKLM-x32\...\{BCC8CBC4-0F36-4F2A-B9C6-717FDF266C90}) (Version: 1.00.00.000 - FUJITSU LIMITED) Hidden
Battery Utility (HKLM-x32\...\InstallShield_{BCC8CBC4-0F36-4F2A-B9C6-717FDF266C90}) (Version: 4.02.36.016 - FUJITSU LIMITED)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Disc Burning Utility (HKLM-x32\...\{C5DEA189-ADE3-477C-85AC-9A3F1637394A}) (Version: 2.3.1.0 - FUJITSU LIMITED)
Discord (HKCU\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Fujitsu BIOS Driver (HKLM\...\{7292FFCF-FA9A-4585-AB80-A71961F931AF}) (Version: 1.2.2.0 - FUJITSU LIMITED) Hidden
Fujitsu BIOS Driver (HKLM-x32\...\InstallShield_{7292FFCF-FA9A-4585-AB80-A71961F931AF}) (Version: 1.2.2.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (HKLM\...\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.6.3.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.6.3.0 - FUJITSU LIMITED)
Function Manager (HKLM\...\{FFAA234C-E621-4787-A02D-5CD0852000D4}) (Version: 1.2.0.0 - FUJITSU LIMITED) Hidden
Function Manager (HKLM-x32\...\InstallShield_{FFAA234C-E621-4787-A02D-5CD0852000D4}) (Version: 1.2.0.0 - FUJITSU LIMITED)
Git version 2.11.1 (HKLM\...\Git_is1) (Version: 2.11.1 - The Git Development Community)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Gyazo 3.3.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
League of Legends (HKLM-x32\...\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
LIFEBOOK Application Panel (HKLM\...\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.5.11.0 - FUJITSU LIMITED) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.5.11.0 - FUJITSU LIMITED)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Core 1.1.0 - SDK 1.0.0 Preview 2.1-003177 (x64) (HKLM-x32\...\{aeefdc43-0737-449a-91fd-90d4cf44688d}) (Version: 1.0.0.3177 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x64 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Global Protection (HKLM\...\{456A8117-2915-414D-8435-AC57447C4E2D}) (Version: 8.31.00 - Panda Security) Hidden
Panda Global Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
Pointing Device Utility (HKLM\...\{DDC49774-40B9-47AE-9C63-5569C08C4082}) (Version: 2.3.1.0 - FUJITSU LIMITED) Hidden
Pointing Device Utility (HKLM-x32\...\InstallShield_{DDC49774-40B9-47AE-9C63-5569C08C4082}) (Version: 2.3.1.0 - FUJITSU LIMITED)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.20 - Synaptics Incorporated)
Wireless Radio Switch Driver (HKLM\...\{13031CDF-00D2-4FCE-AB13-8430D8733574}) (Version: 2.0.0.0 - FUJITSU LIMITED) Hidden
Wireless Radio Switch Driver (HKLM-x32\...\InstallShield_{13031CDF-00D2-4FCE-AB13-8430D8733574}) (Version: 2.0.0.0 - FUJITSU LIMITED)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 81%
Total physical RAM: 4003.85 MB
Available physical RAM: 753.47 MB
Total Virtual: 9891.85 MB
Available Virtual: 4959.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:447.88 GB) (Free:403.46 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-IL1OBNS

Administrator            cat20                    DefaultAccount           
defaultuser0             Guest                    

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

10-02-2017 22:43:23 Windows Update
17-02-2017 21:43:18 Windows Modules Installer

**** End of log ****

Edited by ParanoiaForViruses, 17 February 2017 - 10:06 PM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 18 February 2017 - 11:17 AM

Some things to try in order. Windows 10 Wifi has had a lot of connectivity issues on some computers. 

 

Set your Wifi adapter to maximum power

 

In Device Manager disable, not uninstall, your LAN adapter

 

Disable IPv6

 

Reinstall the Wifi driver.



#3 ParanoiaForViruses

ParanoiaForViruses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 18 February 2017 - 12:59 PM

Just to make sure, I don't have to do them in order right? Now that I notice a huge amount of UDP attacks (again, since Google Chrome somehow always triggers this when QUIC is enabled) once I reinstalled Google Chrome. MAC address of the source is unavailable for unknown reason.

 

b77aac1762cb4b20932acea5accb9377.png

 

Are these false negatives or what? I am still monitoring the situation since I haven't had a single reported UDP attack since I've done all that you mentioned, but I am not convinced that will be the end.


Edited by ParanoiaForViruses, 18 February 2017 - 01:00 PM.


#4 ParanoiaForViruses

ParanoiaForViruses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 18 February 2017 - 01:04 PM

Another UDP flooding report just came in. Seems like your solutions don't fix anything.

 

Anything I can do to stop whatever it is that causes this mess?



#5 JohnC_21

JohnC_21

  • Members
  • 24,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 18 February 2017 - 02:06 PM

You should start a new thread in the Am I infected Forum or start a thread in the Virus Removal Forum after reading the pinned posts on how to attach the required logs. 



#6 ParanoiaForViruses

ParanoiaForViruses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 18 February 2017 - 02:33 PM

I am asking this because these reports do seem like false negatives. As I mentioned in the original post, I used a bunch of anti-viruses (installed and uninstalled consecutively), more than 6 different types of anti-malware tools (including this site's famous Adwcleaner), and they all found problems unrelated to my issue at hand. I even did a formatting-esque factory reset (which recycle and delete everything permanently, as I was told by the additional information under this option) after all of these. Nothing seemed to work, and I am starting to think there's something wrong with my computer hardware, and nothing related to viruses or anti-malwares. It just doesn't seem like it at all.


Edited by ParanoiaForViruses, 18 February 2017 - 02:41 PM.


#7 JohnC_21

JohnC_21

  • Members
  • 24,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 18 February 2017 - 02:56 PM

I am not familiar with infections but I doubt all these UDP attacks would be the result of hardware problems. I believe these UDP attacks are what causing your Wifi to disconnect.

 

You can test your hardware using UBCD. Burn the iso to a CD. Boot the disk and at the menu screen select Parted Magic. Once on the desktop click on diskhealth and run the short/long tests. If those pass then run UBCD again and at the menu screen select Memory and run Memtest+86 for at least 6 passes, preferably overnight. If the kernel of PartedMagic detects your Wifi chipset you should be able to connect via Wifi and see if you get disconnects.

 

If Parted Magic does not detect your Wifi signal download an iso of Mint Cinnamon 18.1. Burn to a DVD and boot.  See if you get disconnects. Mint will run from DVD and RAM. It will not install anything to the HDD. Same as Parted Magic.

 

On a Computer that came pre-installed with Windows 8 or 10 you will need to disable SecureBoot and enable Legacy Boot for UBCD to boot.

 

You may want to try resetting your router and modem after writing down their configuration settings. See if you still get the UDP attacks. 

 

Have you tried running Hitman Pro Alert? Also TDSS killer.



#8 ParanoiaForViruses

ParanoiaForViruses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 18 February 2017 - 03:13 PM

I am not familiar with infections but I doubt all these UDP attacks would be the result of hardware problems. I believe these UDP attacks are what causing your Wifi to disconnect.

 

You can test your hardware using UBCD. Burn the iso to a CD. Boot the disk and at the menu screen select Parted Magic. Once on the desktop click on diskhealth and run the short/long tests. If those pass then run UBCD again and at the menu screen select Memory and run Memtest+86 for at least 6 passes, preferably overnight. If the kernel of PartedMagic detects your Wifi chipset you should be able to connect via Wifi and see if you get disconnects.

 

If Parted Magic does not detect your Wifi signal download an iso of Mint Cinnamon 18.1. Burn to a DVD and boot.  See if you get disconnects. Mint will run from DVD and RAM. It will not install anything to the HDD. Same as Parted Magic.

 

On a Computer that came pre-installed with Windows 8 or 10 you will need to disable SecureBoot and enable Legacy Boot for UBCD to boot.

 

 

Is buring .iso files to a CD and a DVD necessary? Can't I just run it with PowerISO?



#9 JohnC_21

JohnC_21

  • Members
  • 24,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 18 February 2017 - 03:21 PM

I am not sure you can mount the iso using PowerISO from within Windows as the isos are linux based. If you have a spare USB key I can give instructions on using the iso to create a bootable flash drive.



#10 ParanoiaForViruses

ParanoiaForViruses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 18 February 2017 - 04:03 PM

The results are interesting to say at least:
 
Adwcleaner:
 
# AdwCleaner v6.043 - Logfile created 19/02/2017 at 03:48:49
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : cat20 - DESKTOP-IL1OBNS
# Running from : C:\Users\cat20\Downloads\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
Service Found:  panda_url_filtering
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\cat20\AppData\LocalLow\pandasecuritytb
Folder Found:  C:\Program Files\Panda Security URL Filtering
Folder Found:  C:\Program Files (x86)\pandasecuritytb
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1158 Bytes] - [19/02/2017 03:48:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1231 Bytes] ##########
TDSSKiller: Its scan returned no results.

HitmanPro Alert:
HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : DESKTOP-IL1OBNS
   Windows . . . . . . . : 10.0.0.14393.X64/4
   User name . . . . . . : DESKTOP-IL1OBNS\cat20
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (29 days left)

   Scan date . . . . . . : 2017-02-19 04:21:56
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 58s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 90

   Objects scanned . . . : 1,474,497
   Files scanned . . . . : 39,270
   Remnants scanned  . . : 301,426 files / 1,133,801 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFA70F79977640
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF801BD835410 \??\C:\WINDOWS\system32\drivers\hmpalert.sys+152592
   Solution
      DriverObject . . . : FFFFA70F79977640
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF801B8C03840 \SystemRoot\System32\drivers\storport.sys+14400

Malware _____________________________________________________________________

   C:\AdwCleaner\quarantine\files\cafckdccwrdsvmualzibyniqmjyujqog\pandasecurityDx.dll -> Deleted
      Size . . . . . . . : 115,192 bytes
      Age  . . . . . . . : 0.0 days (2017-02-19 03:49:38)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 604120FBEC6AC0ED7D0DCC14F929DB4648892A6C1CDA70C9F13ADB4982D2C322
      Product  . . . . . : Panda Safe Web
      Description  . . . : Panda Safe Web Link Library
      Version  . . . . . : 1.0.0.24
      Copyright  . . . . :  © 2016 Panda Security and Visicom Media Inc.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Agent.bhe
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\quarantine\files\cafckdccwrdsvmualzibyniqmjyujqog\pandasecuritytb.dll -> Deleted
      Size . . . . . . . : 549,880 bytes
      Age  . . . . . . . : 0.0 days (2017-02-19 03:49:38)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 5CB79BB5F43B8C4735826518861B00F230080F47EE449207997C42A687A1B490
      Product  . . . . . : Panda Safe Web
      Publisher  . . . . : Visicom Media Inc
      Description  . . . : Panda Safe Web
      Version  . . . . . : 5.0.8.275
      Copyright  . . . . :  © 2016 Panda Security and Visicom Media Inc.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Agent.bhe
      Fuzzy  . . . . . . : 95.0

   C:\AdwCleaner\quarantine\files\cafckdccwrdsvmualzibyniqmjyujqog\ToolbarCleaner.exe -> Deleted
      Size . . . . . . . : 1,760,792 bytes
      Age  . . . . . . . : 0.0 days (2017-02-19 03:49:38)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 02CAC82194B9015CEA359B76B360460BFABE2BBC94E539D650BFEAEFC61C2141
      Product  . . . . . : Toolbar Cleaner
      Publisher  . . . . : Visicom Media Inc.
      Description  . . . : Toolbar Cleaner
      Version  . . . . . : 2.0.8.3
      Copyright  . . . . : Copyright (c) 2015 All rights reserved Visicom Media Inc.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Visicom.a
      Fuzzy  . . . . . . : 95.0


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}\ (MyStart) -> Deleted
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}\ (MyStart) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\cat20\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0XY1801T.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1AMT2Q8A.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1S0LKUPL.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4IBNLD4T.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4J9ZSKEU.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4Q2610XX.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\508B4E91.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\613H1LHN.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\92FNK5H2.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9GNNBWCX.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9NKYS1WD.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BRR8NYGA.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\D2XSSISY.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\E7CMHJ5P.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EM6LVGZH.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GULPSXSK.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\I4069OKQ.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LLV2N0ZK.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NAQDJMYQ.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SNQ8L2L4.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YBY5W09Y.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZJ74ZTH9.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZYKTIVYS.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\4UTTF2FI.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\PUIZFAA3.cookie
   C:\Users\cat20\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\RLVR9GEL.cookie
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:2505110097.log.optimizely.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:262855726.log.optimizely.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:a.c.appier.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:adbrn.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:addthis.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:adnxs.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:ads.linkedin.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:ads.servebom.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:adsymptotic.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:agkn.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:bidswitch.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:bizrate.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:bluekai.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:c.appier.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:crwdcntrl.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:ctnsnet.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:demdex.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:dotomi.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:doubleclick.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:dpm.demdex.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:everesttech.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:gocm.c.appier.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:gssprt.jp
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:imrworldwide.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:intel.tt.omtrdc.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:krxd.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:lijit.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:mathtag.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:ml314.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:openx.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:outbrain.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:pagefair.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:rfihub.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:rlcdn.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:scorecardresearch.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:simpli.fi
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:skimresources.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:statcounter.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:sxp.smartclip.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:taboola.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:trc.taboola.com
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:w55c.net
   C:\Users\cat20\AppData\Roaming\Mozilla\Firefox\Profiles\r1joeaq3.default\cookies.sqlite:xiti.com


Needless to say, these scans seemed to find nothing really malicious at all. If they are pointing fingers at each other, even to the expense of calling out part of Panda Anti-virus as malware, or doing nothing, it is safe to say that my computer is not infected?

I have a USB drive that is used as a Windows 10 recovery disk but I find that rather useless so I am planning on deleting the content inside and use it as a bootable disk. Thank you so much for your help so far and hopefully you can teach me how to create the bootable disk.

Edited by ParanoiaForViruses, 18 February 2017 - 04:11 PM.


#11 JohnC_21

JohnC_21

  • Members
  • 24,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 18 February 2017 - 04:15 PM

As I posted, I am not that knowledgeable in detecting infections. Adwcleaner can take care of Adware but it may miss something deeper in the system. That is why it would be best to post either in the Am I Infected Forum or the Malware Removal Forum where a person with malware experience can look at your logs. The UDP flood suggests to me there is an infection.

 

Download Rufus

 

Rufus Instructions:

Run Rufus with the USB flash drive attached. Select MBR partition scheme for BIOS and UEFI. Leave all boxes as checked. If FreeDos is shown in the dropdown box select iso image, click the icon, and browse to the iso file. Press Start. Any data on the flash drive will need to be backed up as the drive will be formatted.



#12 ParanoiaForViruses

ParanoiaForViruses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 18 February 2017 - 04:19 PM

As I posted, I am not that knowledgeable in detecting infections. Adwcleaner can take care of Adware but it may miss something deeper in the system. That is why it would be best to post either in the Am I Infected Forum or the Malware Removal Forum where a person with malware experience can look at your logs. The UDP flood suggests to me there is an infection.
 
Download Rufus
 
Rufus Instructions:
Run Rufus with the USB flash drive attached. Select MBR partition scheme for BIOS and UEFI. Leave all boxes as checked. If FreeDos is shown in the dropdown box select iso image, click the icon, and browse to the iso file. Press Start. Any data on the flash drive will need to be backed up as the drive will be formatted.


I edited my previous post since half of its content was missing. Read it again. (Even if you aren't an expert in that area)

#13 JohnC_21

JohnC_21

  • Members
  • 24,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 18 February 2017 - 04:26 PM

Are you still getting the UDP flood issue? 

 

https://www.incapsula.com/ddos/attack-glossary/dns-flood.html


Edited by JohnC_21, 18 February 2017 - 04:47 PM.


#14 ParanoiaForViruses

ParanoiaForViruses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 18 February 2017 - 07:13 PM

I am still having the issue but I haven't had a reported UDP flooding attack for the last hour because I haven't started browsing the web. Once I do, when I am watching a video/stream, these types of attacks start occurring.

I am having a bit of an issue with UBCD. I can't seem to use it because it's not executable. Even when the content of the entire .iso file is copied to my USB, I am only getting as far as this:

8a90437598e64e388a41d50ab04d6ae1.png

I've tried to browse for something that seemingly looks like an executable file with no avail. I will try Mint Cinnamon 18.1 soon, but don't expect any results.

#15 JohnC_21

JohnC_21

  • Members
  • 24,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 18 February 2017 - 07:23 PM

There is no executable as it's linux. The file structure looks okay. You created it with Rufus, correct? Attach the flash drive and restart the computer. You may need to disable SecureBoot and enable Legacy Boot in your UEFI settings. It could also be called CSM boot.

 

Tap F12 at boot to access the boot menu and select your USB flash drive. If the flash drive is not listed in the Boot menu change your boot priority setting in UEFI/BIOS.

 

http://www.fujitsu.com/downloads/COMP/fpcap/uguide/WIN8_downgrade_to_Win7_GUIDE_EN_20121120.pdf






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users