Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser re-direct/hijack? (Maybe fake pages??)


  • Please log in to reply
13 replies to this topic

#1 ggs1212

ggs1212

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 05 May 2017 - 05:00 AM

After trying to access the website of my VPN provider (ZenMate), I get to their website, (https://zenmate.com/) but however sometimes it looks the same, but the URL bar shows something different. Currently, if I try and access it I get the same layout, but the URL reads (https://a0.awsstatic.com/) it looks like the real site, but the URL bar shows different. It also did this a few days ago, upon clicking the zenmate.com in google, it would show the zenmate site layout, but the URL would read "deviantart.com" , which obviously was not true. Was it a fake/phishing page? Why would the URL read a different site to the one being displayed?

 

I use Firefox, Windows 7 x64 , AVG and Malwarebytes Free


Edited by ggs1212, 05 May 2017 - 05:05 AM.


BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:39 AM

Posted 05 May 2017 - 09:48 AM

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.

 

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.

 

 

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.

 

 

Download AdwCleaner and save it to your desktop.

  1. Click on the file you downloaded.

  2. Click Scan to start AdwCleaner's scanning process.

  3. Once done, make sure to delete all found threats.

  4. Open the “Logfile” and paste its contents into a post.


Edited by iMacg3, 05 May 2017 - 09:48 AM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 06 May 2017 - 05:08 AM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Home (administrator) on 06-05-2017 at 13:46:36
Running from "C:\Users\Home\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: 7522RS3 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.ftp", "127.0.0.1"
"network.proxy.ftp_port", 49736
"network.proxy.no_proxies_on", "localhost, localdomain, .localdomain, local, .local, 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, www.google-analytics.com"
"network.proxy.ssl", "127.0.0.1"
"network.proxy.ssl_port", 49736
========================= Hosts content: =================================
========================= IP Configuration: ================================

300Mbps Wireless USB Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Home-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 300Mbps Wireless USB Adapter
   Physical Address. . . . . . . . . : F4-F2-6D-07-C6-3F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a0a5:c220:79ed:269%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, 06 May, 2017 1:30:18 PM
   Lease Expires . . . . . . . . . . : Sunday, 07 May, 2017 1:30:18 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 318042733
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-C4-66-65-00-01-6C-4D-C6-79
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       0.0.0.0
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-01-6C-4D-C6-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{59F10D26-14BC-4ADE-9406-472785947105}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{53D2790F-D2F1-4D51-A273-EF473BCF74C6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:3ceb:590:3f57:fe9a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3ceb:590:3f57:fe9a%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2404:6800:4006:804::200e
      172.217.25.142
      172.217.25.142
      172.217.25.142


Pinging google.com [172.217.25.142] with 32 bytes of data:
Reply from 172.217.25.142: bytes=32 time=62ms TTL=55
Reply from 172.217.25.142: bytes=32 time=130ms TTL=55

Ping statistics for 172.217.25.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 130ms, Average = 96ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=280ms TTL=51
Reply from 98.138.253.109: bytes=32 time=255ms TTL=51

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 255ms, Maximum = 280ms, Average = 267ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...f4 f2 6d 07 c6 3f ......300Mbps Wireless USB Adapter
 11...00 01 6c 4d c6 79 ......Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    281
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:9d38:6abd:3ceb:590:3f57:fe9a/128
                                    On-link
 12    281 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::3ceb:590:3f57:fe9a/128
                                    On-link
 12    281 fe80::a0a5:c220:79ed:269/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/06/2017 01:31:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2017 03:18:35 PM) (Source: NetBalancer 9.7.2 161114.0937) (User: )
Description: Member: CheckForNewVersion
File: C:\wrk\seriousbit\netb\deskapp\src\SeriousBit.NetBalancer.Core\News\NewsVerifier.cs
Line: 70
Exception: System.Net.WebException: The remote name could not be resolved: 'netbalancer.com'
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at \*Sh'?RPDO^\&?Z^Z5EA:4n{D_$.blIEo<N7xp8>R<xvnQ%jx\]a<$.MoveNext()

Error: (05/05/2017 03:15:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2017 01:32:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: haloce.exe, version: 1.0.10.621, time stamp: 0x53726824
Faulting module name: haloce.exe, version: 1.0.10.621, time stamp: 0x53726824
Exception code: 0xc0000005
Fault offset: 0x000438b2
Faulting process id: 0x16c4
Faulting application start time: 0xhaloce.exe0
Faulting application path: haloce.exe1
Faulting module path: haloce.exe2
Report Id: haloce.exe3

Error: (05/04/2017 10:46:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This operation returned because the timeout period expired.
.

Error: (05/04/2017 09:57:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/04/2017 08:01:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This network connection does not exist.
.

Error: (05/04/2017 08:01:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: 12175 (0x2f8f).

Error: (05/04/2017 08:00:58 PM) (Source: PerfNet) (User: )
Description:

Error: (05/04/2017 08:00:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: 12175 (0x2f8f).


System errors:
=============
Error: (05/06/2017 01:38:25 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (05/06/2017 01:36:17 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/06/2017 01:31:57 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
papycpu2
papyjoy

Error: (05/06/2017 01:30:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (05/06/2017 01:30:00 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\papyjoy.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/06/2017 01:30:00 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\papycpu2.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (05/06/2017 01:30:13 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:12:17 PM on ‎5/‎5/‎2017 was unexpected.

Error: (05/05/2017 06:08:31 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/05/2017 03:22:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (05/05/2017 03:21:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (05/06/2017 01:31:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2017 03:18:35 PM) (Source: NetBalancer 9.7.2 161114.0937)(User: )
Description: Member: CheckForNewVersion
File: C:\wrk\seriousbit\netb\deskapp\src\SeriousBit.NetBalancer.Core\News\NewsVerifier.cs
Line: 70
Exception: System.Net.WebException: The remote name could not be resolved: 'netbalancer.com'
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at \*Sh'?RPDO^\&?Z^Z5EA:4n{D_$.blIEo<N7xp8>R<xvnQ%jx\]a<$.MoveNext()

Error: (05/05/2017 03:15:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2017 01:32:29 AM) (Source: Application Error)(User: )
Description: haloce.exe1.0.10.62153726824haloce.exe1.0.10.62153726824c0000005000438b216c401d2c4efd736e44cC:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloce.exeC:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloce.exea527b284-30ef-11e7-8273-00016c4dc679

Error: (05/04/2017 10:46:14 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crtThis operation returned because the timeout period expired.

Error: (05/04/2017 09:57:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/04/2017 08:01:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crtThis network connection does not exist.

Error: (05/04/2017 08:01:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt12175 (0x2f8f)

Error: (05/04/2017 08:00:58 PM) (Source: PerfNet)(User: )
Description:

Error: (05/04/2017 08:00:39 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt12175 (0x2f8f)


CodeIntegrity Errors:
===================================
  Date: 2016-12-04 18:36:51.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16452_none_ddd7c20fccdf1fa7\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-04 18:36:51.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16452_none_ddd7c20fccdf1fa7\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-04 18:36:51.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16452_none_ddd7c20fccdf1fa7\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-04 18:36:51.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16452_none_ddd7c20fccdf1fa7\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-04 18:36:51.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16452_none_ddd7c20fccdf1fa7\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-04 18:36:51.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16452_none_ddd7c20fccdf1fa7\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-04 18:36:51.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16384_none_ddb950f9ccf5a901\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-04 18:36:51.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16384_none_ddb950f9ccf5a901\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-04 18:36:51.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16384_none_ddb950f9ccf5a901\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-04 18:36:51.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\WinSxS\x86_windows-defender-nis-drivers_31bf3856ad364e35_6.3.9600.16384_none_ddb950f9ccf5a901\WdNisDrv.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Ace Stream Media 3.1.16.1 (HKCU\...\AceStream) (Version: 3.1.16.1 - Ace Stream Media)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Standard Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AVG (HKLM\...\{FA46D289-E8EA-4222-AF8F-B205214947FA}) (Version: 1.181.4 - AVG Technologies) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.181.3.3057 - AVG Technologies)
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{0898F764-D48A-DE16-BEE6-3D003B701FFD}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FDADC57D-5D12-1669-E15E-07C9D55DDD78}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{60DA95E6-3B1C-811E-9356-BD8ECE030749}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{07FC7436-E7B5-2646-BA48-32D7E9A8C666}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{E04C7D42-CAA0-CCAF-5916-E0C49E129BE2}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D9929D54-2DA6-34B9-D9B8-3AA168A12E56}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{A621A41A-BDA2-8E01-B073-394C3EEF28BF}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{581A480E-F28E-5153-8B41-F77EFBA3AD34}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2FFD48A8-D2E9-C256-4C04-82472D531802}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{40B17B27-AE12-072A-5041-4835EA7D8530}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3E293710-1410-87AF-B5E4-5AD5D6E3362C}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{AA758256-BAB5-5FC0-954C-DA2C953D2786}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{433E7A26-1C27-1FBB-A2A8-347D4833B34E}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07B5AB95-77AD-AC26-496B-722066229B87}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3FFB59B6-520F-37D8-DC0A-61FBC1C74DFC}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{9141FD82-4253-9CA6-1A73-31F2A2FFB0A4}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{ED18DB34-7C6F-2B5C-32DB-1E2762E432C5}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{6D08D442-48EC-FC20-A2B5-1FA8E88AD9E7}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{49691258-4A4D-F4C5-4C0C-C21860490650}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{10E9C0F4-AA89-7426-54C2-4F53DE895682}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{2522CA6D-EF72-C63C-D2B9-CDC55F01E7B1}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0156 - Disc Soft Ltd)
EAX Unified (HKLM-x32\...\EAX Unified) (Version:  - )
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
F1 Challenge 99-02 (HKLM-x32\...\{5FB31CB9-A4A2-49FD-00AF-41785B21FDEE}) (Version:  - )
F1 Manager (HKLM-x32\...\F1 Manager) (Version:  - )
FMW 1 (HKLM\...\{DC301684-9A48-4E46-870F-DDA8981E298D}) (Version: 1.192.3 - AVG Technologies) Hidden
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPxPatch (remove only) (HKLM-x32\...\GPxPatch) (Version:  - )
GTR 2 1.0.0.0 (HKLM-x32\...\{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1) (Version: v1.0.0.0 - 10tacle Studios Publishing AG)
Halo 2 for Windows Vista (HKLM-x32\...\{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.2 - HexChat)
Lenovo Service Bridge (HKCU\...\dda9ca0b023f4c56) (Version: 1.6.6.0 - Lenovo)
LibreOffice 5.1.4.2 (HKLM-x32\...\{D5D4AC5C-C757-4EB2-857C-B021DB22482C}) (Version: 5.1.4.2 - The Document Foundation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Halo Custom Edition (HKLM-x32\...\Halo CE) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
Mod DTM v3.5 (HKLM-x32\...\{4A091FC6-6DFE-4CB0-BF45-D90AB2353226}) (Version: 3.5 - Race-Online)
MoTeC i2 Pro (HKLM-x32\...\{D416059B-C21B-4405-ACC0-010C481E0FDA}) (Version: 1.01.0082 - MoTeC)
Mozilla Firefox 53.0 (x64 en-US) (HKLM\...\Mozilla Firefox 53.0 (x64 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NASCAR® Racing 2003 Season (HKLM-x32\...\{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}) (Version:  - Sierra Entertainment)
NetBalancer (HKLM\...\NetBalancer_is1) (Version:  - SeriousBit)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Race Driver (HKLM-x32\...\{8E309767-4214-4A04-AB88-FE86155FC151}) (Version: 1.00.0000 - Codemasters) Hidden
rFactor (remove only) (HKLM-x32\...\rFactor) (Version:  - )
rFactor Data Acquisition Plugin (HKLM-x32\...\rFactor Data Acquisition Plugin) (Version: 1.3.2 - dzRacing)
Richard Burns Rally (HKLM-x32\...\{92C7D009-A464-4948-A980-7A3E28CB2F49}) (Version: 1.00.000 - )
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
V8Factor Unleashed v1.1 (HKLM-x32\...\{4250E912-12F6-485F-8901-EB596F67F02E}_is1) (Version: v1.1 - Team ORSM)
V8FU_Season 2007 v1 (HKLM-x32\...\{53EF86F7-104C-45AF-B290-AB2832AE21F7}_is1) (Version: v1 - Team ORSM)
V8FU_Season 2009 v1 (HKLM-x32\...\{EB95395C-645F-4AD6-9206-FCAC9820C14D}_is1) (Version: v1 - Team ORSM)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Warzone 2100-3.1.5 (HKLM-x32\...\Warzone 2100-3.1.5) (Version: 3.1.5 - Warzone 2100 Project)
Warzone 2100-3.2.1 (HKLM-x32\...\Warzone 2100-3.2.1) (Version: 3.2.1 - Warzone 2100 Project)
Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.8.9.0 - BiniSoft.org)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 2.0.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.4 - The Wireshark developer community, https://www.wireshark.org)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 82%
Total physical RAM: 2047.24 MB
Available physical RAM: 366.36 MB
Total Virtual: 4094.48 MB
Available Virtual: 2156.36 MB

========================= Partitions: =====================================

1 Drive c: (SYSTEM) (Fixed) (Total:298.09 GB) (Free:55.27 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-PC

Administrator            Guest                    Home                     

========================= Restore Points ==================================

05-05-2017 14:13:46 Scheduled Checkpoint

**** End of log ****
 

 

ESET log:

 

Call m_esets_charon_create
13:56:39 m_esets_charon_create OK
13:56:39 Call m_esets_charon_start_send_thread
13:56:39 Call m_esets_charon_setup_set
13:56:39 m_esets_charon_setup_set OK
13:56:39 Scanner engine: 33289
16:34:32 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.16.0
# EOSSerial=8a6684c054421b459edc9121b73fc215
# engine=33289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-05-06 08:34:28
# local_time=2017-05-06 16:34:28 (+0800, W. Australia Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2891531 245689518 0 0
# scanned=2
# found=0
# cleaned=0
# scan_time=9479
17:04:53 Call m_esets_charon_send
17:04:53 Call m_esets_charon_destroy
17:04:55 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Home\AppData\Local\ESET\ESETOnlineScanner\Quarantine\

 

End of log====

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 22.0.0.192  
 Google Chrome (57.0.2987.133)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 AVG Antivirus AVGSvc.exe  
 AVG Antivirus afwServ.exe  
 AVG Antivirus AVGUI.exe  
 AVG Antivirus x64 aswidsagenta.exe
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Firewall Control wfcs.exe   
 Windows Firewall Control wfc.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

====================

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by Home (Administrator) on 06-May-17 at 17:28:19.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Failed to delete: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX32PJY0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59NMCIL9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2X61V5L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7NB3QIP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8EF4AQR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59NMCIL9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2X61V5L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O7NB3QIP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX32PJY0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8EF4AQR (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06-May-17 at 17:34:02.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v6.045 - Logfile created 06/05/2017 at 17:51:17
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-05-05.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Home - HOME-PC
# Running from : C:\Users\Home\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Home\AppData\LocalLow\.acestream
[-] Folder deleted: C:\Users\Home\AppData\Roaming\.acestream
[-] Folder deleted: C:\Users\Home\AppData\Roaming\acestream
[-] Folder deleted: C:\_acestream_cache_


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\Classes\.acelive
[-] Key deleted: HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\Classes\.acemedia
[-] Key deleted: HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\Classes\.acestream
[-] Key deleted: HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\Classes\.tslive
[-] Key deleted: HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\Classes\acestream
[-] Key deleted: HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\Classes\AceStream.file
[#] Key deleted on reboot: HKCU\Software\Classes\.acelive
[#] Key deleted on reboot: HKCU\Software\Classes\.acemedia
[#] Key deleted on reboot: HKCU\Software\Classes\.acestream
[#] Key deleted on reboot: HKCU\Software\Classes\.tslive
[#] Key deleted on reboot: HKCU\Software\Classes\acestream
[#] Key deleted on reboot: HKCU\Software\Classes\AceStream.file
[-] Key deleted: HKLM\SOFTWARE\Classes\.acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acelive
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acemedia
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.tslive
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\acestream
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AceStream.file
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\.acestream
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Key deleted: HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\AceStream
[-] Key deleted: HKU\S-1-5-21-3828139814-2548984782-3901974033-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Key deleted on reboot: HKCU\Software\AceStream
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Key deleted on reboot: [x64] HKCU\Software\AceStream
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[-] Key deleted: HKCU\Software\Classes\Applications\ace_player.exe
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[#] Key deleted on reboot: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Key deleted on reboot: HKCU\SOFTWARE\Classes\Applications\ace_player.exe
[-] Value deleted: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [acewebextension_unlisted@acestream.org]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5297 Bytes] - [06/05/2017 17:51:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [5086 Bytes] - [16/04/2017 20:56:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [5160 Bytes] - [06/05/2017 17:42:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5516 Bytes] ##########
 



#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:39 AM

Posted 06 May 2017 - 10:04 AM

How's your computer doing?

Do you use a proxy server?


Edited by iMacg3, 06 May 2017 - 10:05 AM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 07 May 2017 - 08:26 AM

How's your computer doing?

Do you use a proxy server?

I use a VPN called zenmate which is a proxy, its a browser based extension for firefox. I am still getting strange redirects sometimes when I try and log in (to access the VPN/Proxy upon startup of firefox) at the zenmate site, attached is pictures of what I mean.

 

Here is a photo of the normal site, before the weird URL thing:

 

http://i.imgur.com/2CdpZwy.png 

 

And here is one of the many weird URL's that appear to be the same site with a different URL

 

http://i.imgur.com/WApGSlt.png

 

There was more variations of these weird URL things, but I kept trying to replicate it, and could only get that one.

 

Any idea what it could be? I suspect it may be a fake page for phishing or something.

 

Does my computer look clean? or should we scan it with more tools?


Edited by ggs1212, 07 May 2017 - 08:32 AM.


#6 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:39 AM

Posted 07 May 2017 - 09:54 AM

I would recommend you uninstall and reinstall the Zenmate extension for Firefox and see if any more strange URLs come up again.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#7 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 07 May 2017 - 10:08 AM

I have un-installed and re-installed the extension, hopefully it fixes it. If more strange things happen, will let you know.

 

Is the rest of the computer clean? Thanks for the help.



#8 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:39 AM

Posted 07 May 2017 - 10:34 AM

I would recommend running one more anti-malware program just to be sure.

 

Download Malwarebytes Anti-Rootkit and save it to your desktop.

  1. Double-click on the .EXE file that you downloaded and follow the extracting prompt.

  2. Find the MBAR folder and launch the executable in the folder.

  3. Select the option to Update the virus definitions.

  4. Once done updating, MBAR will scan your computer.

  5. When complete, please click Cleanup to remove the threats. Do NOT click inside the window when MBAR is doing the cleanup process.

  6. When finished, restart the PC.

  7. Post these logs in a forum post, which are inside the MBAR folder: mbar-log(date) and system-log.txt.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#9 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 08 May 2017 - 09:47 AM

Scan came back clean...

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 2146689024, free: 347090944

Downloaded database version: v2017.05.08.06
Downloaded database version: v2017.04.02.01
Downloaded database version: v2017.04.03.01
=======================================
Initializing...
------------ Kernel report ------------
     05/08/2017 21:44:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\avgRvrt.sys
\SystemRoot\system32\drivers\avgVmm.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\pwdrvio.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\avgbuniva.sys
\SystemRoot\system32\drivers\avgbloga.sys
\SystemRoot\system32\drivers\avgbidsha.sys
\SystemRoot\system32\drivers\avgSP.sys
\SystemRoot\system32\drivers\avgSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\avgRdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\nbdrv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\avgbidsdrivera.sys
\SystemRoot\system32\drivers\avgbdiska.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\dtlitescsibus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\dtliteusbbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\RTL8192cu.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\avgMonFlt.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\avgStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\WmVirHid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\asyncmac.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\shell32.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\difxapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\wininet.dll
\Windows\System32\lpk.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.05.08.06
  rootkit: v2017.04.02.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80027bd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80027bc530, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80027bd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8002683040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8002338060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F5AD648C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 625137664
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Scan finished
 



#10 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:39 AM

Posted 08 May 2017 - 10:29 AM

Any more strange URLs?


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#11 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 10 May 2017 - 11:02 PM

Not so far. If I see anymore I will post



#12 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:39 AM

Posted 11 May 2017 - 10:53 AM

Download Xplode Delfix and save it to your desktop.

 

  1. Run the Delfix file you downloaded.

  2. Make sure that Remove disinfecton tools is selected and that nothing else is checked. This will remove all the tools we used to clean up the malware.

  3. Click OK and paste the log file for Delfix into a post.

  4. Once finished running Delfix, your computer is clean.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#13 ggs1212

ggs1212
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 12 May 2017 - 03:40 AM

Got redirected to this :

 

https://versand-status.de/login/?utm_medium=in_product&utm_source=extension_interface&utm_campaign=login_unknown_unknown&utm_content=menu

 

its supposed to read zenmate.com



#14 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:05:39 AM

Posted 12 May 2017 - 08:00 AM

Please post in the Virus, Trojan, Spyware, and Malware Removal Logs section, and make sure to read this guide before you post.

 

This seems to be a serious infection and I cannot help you in this forum. The experts in the other section will be able to get your problem resolved quickly.

Thanks for using Bleeping Computer!


Regards, iMacg3

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users