Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deadly Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 Elfrot

Elfrot

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 02 June 2017 - 06:37 AM

i have a virus preventing me from download anti virus, and anti malware all of them, keeps telling me administrator blocking this publisher blocking that !!!! its frustrating I have saved the logs below, I cannot even do system restore and windows defender keeps catching it over and over without use...
 
 
Farbar Service Scanner Version: 27-01-2016
Ran by Elfrot (administrator) on 02-06-2017 at 11:25:49
Running from "C:\Users\Elfrot\Downloads\Programs"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****
 
 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Elfrot (administrator) on 02-06-2017 at 11:30:58
Running from "C:\Users\Elfrot\Downloads\Programs"
Microsoft Windows 10 Home  (X64)
Model: Aspire F5-573 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
127.0.0.1 w9448963.iavs9x.u.avast.com
127.0.0.1 w9448963.ivps9x.u.avast.com
127.0.0.1 w9448963.ivps9tiny.u.avast.com
127.0.0.1 w9448963.vpsnitro.u.avast.com
127.0.0.1 w9448963.vpsnitrotiny.u.avast.com
127.0.0.1 w9448963.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 sm00.avast.com
127.0.0.1 submit5.avast.com
127.0.0.1 geoip.avast.com
There are 330 entries.
========================= IP Configuration: ================================
Intel® Dual Band Wireless-AC 3165 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Anchorfree HSS VPN Adapter = Ethernet 4 (Media disconnected)
VPN Client Adapter - VPN = Ethernet 2 (Media disconnected)
TAP-Windows Adapter V9 = Ethernet 3 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VPN - VPN Client" forwarding=enabled advertise=enabled metric=1 nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled metric=1 nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 3" forwarding=enabled advertise=enabled metric=1 nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration
 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : LAPTOP-61H863SN
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : www.huaweimobilewifi.com
Ethernet adapter Ethernet 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VPN Client Adapter - VPN #2
   Physical Address. . . . . . . . . : 00-AC-69-D0-A4-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet 3:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-04-F2-DE-B5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 54-AB-3A-E6-55-6F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 1:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 84-EF-18-C4-C3-19
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet 4:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-DA-C9-DE-8E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
   Connection-specific DNS Suffix  . : www.huaweimobilewifi.com
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3165
   Physical Address. . . . . . . . . : 84-EF-18-C4-C3-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3007:7742:ba3c:e2af%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.8.104(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, June 2, 2017 11:00:24 AM
   Lease Expires . . . . . . . . . . : Saturday, June 3, 2017 11:12:19 AM
   Default Gateway . . . . . . . . . : 192.168.8.1
   DHCP Server . . . . . . . . . . . : 192.168.8.1
   DHCPv6 IAID . . . . . . . . . . . : 512028440
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-99-B9-69-54-AB-3A-E6-55-6F
   DNS Servers . . . . . . . . . . . : 192.168.8.1
                                       192.168.8.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.www.huaweimobilewifi.com:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : www.huaweimobilewifi.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 3:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c1d:1fc6:d60d:76f6(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c1d:1fc6:d60d:76f6%8(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-99-B9-69-54-AB-3A-E6-55-6F
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  www.huaweimobilewifi.com
Address:  192.168.8.1
Name:    google.com
Addresses:  2a00:1450:4009:80c::200e
   172.217.17.110

Pinging google.com [172.217.17.110] with 32 bytes of data:
Reply from 172.217.17.110: bytes=32 time=130ms TTL=53
Reply from 172.217.17.110: bytes=32 time=136ms TTL=53
Ping statistics for 172.217.17.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 130ms, Maximum = 136ms, Average = 133ms
Server:  www.huaweimobilewifi.com
Address:  192.168.8.1
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   2001:4998:44:204::a7
   98.139.183.24
   98.138.253.109
   206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=445ms TTL=48
Reply from 98.139.183.24: bytes=32 time=220ms TTL=48
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 220ms, Maximum = 445ms, Average = 332ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 ac 69 d0 a4 77 ......VPN Client Adapter - VPN #2
  2...00 ff 04 f2 de b5 ......TAP-Windows Adapter V9
 17...54 ab 3a e6 55 6f ......Realtek PCIe GBE Family Controller
 21...84 ef 18 c4 c3 19 ......Microsoft Wi-Fi Direct Virtual Adapter
 23...00 ff da c9 de 8e ......Anchorfree HSS VPN Adapter
 10...84 ef 18 c4 c3 18 ......Intel® Dual Band Wireless-AC 3165
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
  8...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.8.1    192.168.8.104     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.8.0    255.255.255.0         On-link     192.168.8.104    311
    192.168.8.104  255.255.255.255         On-link     192.168.8.104    311
    192.168.8.255  255.255.255.255         On-link     192.168.8.104    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.8.104    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.8.104    311
===========================================================================
Persistent Routes:
  None
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  8    331 2001::/32                On-link
  8    331 2001:0:4137:9e76:1c1d:1fc6:d60d:76f6/128
                                    On-link
 10    311 fe80::/64                On-link
  8    331 fe80::/64                On-link
  8    331 fe80::1c1d:1fc6:d60d:76f6/128
                                    On-link
 10    311 fe80::3007:7742:ba3c:e2af/128
                                    On-link
  1    331 ff00::/8                 On-link
 10    311 ff00::/8                 On-link
  8    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (06/02/2017 11:14:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-61H863SN)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/02/2017 10:54:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 18.40.0.0, time stamp: 0x56b890e3
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0xc18
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5
Error: (06/01/2017 11:39:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-61H863SN)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/01/2017 11:37:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-61H863SN)
Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/01/2017 02:18:23 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 10.0.14393.953 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1668
Start Time: 01d2dad91ed68027
Termination Time: 4294967295
Application Path: C:\Windows\explorer.exe
Report Id: ab7e71f4-46d3-11e7-9def-84ef18c4c31c
Faulting package full name:
Faulting package-relative application ID:
Error: (06/01/2017 01:18:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-61H863SN)
Description: Package Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.
Error: (06/01/2017 01:17:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: YeaDesktop.exe, version: 1.0.0.8, time stamp: 0x59290a3d
Faulting module name: FileSyncShell.dll, version: 17.3.6799.327, time stamp: 0x58d9ba50
Exception code: 0xc0000005
Fault offset: 0x00006dc5
Faulting process id: 0x1d74
Faulting application start time: 0xYeaDesktop.exe0
Faulting application path: YeaDesktop.exe1
Faulting module path: YeaDesktop.exe2
Report Id: YeaDesktop.exe3
Faulting package full name: YeaDesktop.exe4
Faulting package-relative application ID: YeaDesktop.exe5
Error: (06/01/2017 12:52:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: YeaDesktop.exe, version: 1.0.0.8, time stamp: 0x59290a3d
Faulting module name: FileSyncShell.dll, version: 17.3.6799.327, time stamp: 0x58d9ba50
Exception code: 0xc0000005
Fault offset: 0x00006dc5
Faulting process id: 0x1f14
Faulting application start time: 0xYeaDesktop.exe0
Faulting application path: YeaDesktop.exe1
Faulting module path: YeaDesktop.exe2
Report Id: YeaDesktop.exe3
Faulting package full name: YeaDesktop.exe4
Faulting package-relative application ID: YeaDesktop.exe5
Error: (06/01/2017 12:12:42 PM) (Source: ESENT) (User: )
Description: MicrosoftEdge (10808) C:\Users\Elfrot\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: Database recovery/restore failed with unexpected error -1216.
Error: (06/01/2017 12:12:42 PM) (Source: ESENT) (User: )
Description: MicrosoftEdge (10808) C:\Users\Elfrot\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Elfrot\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.

System errors:
=============
Error: (06/02/2017 11:05:58 AM) (Source: Service Control Manager) (User: )
Description: The glory service terminated unexpectedly.  It has done this 1 time(s).
Error: (06/02/2017 11:02:38 AM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (06/02/2017 11:00:55 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service hung on starting.
Error: (06/02/2017 10:57:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/02/2017 10:57:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/02/2017 10:57:26 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (06/02/2017 10:57:12 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (06/02/2017 10:54:24 AM) (Source: Service Control Manager) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/02/2017 10:54:24 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
Error: (06/02/2017 10:53:59 AM) (Source: Service Control Manager) (User: )
Description: The USER_ESRV_SVC_QUEENCREEK service terminated with the following error:
%%497

Microsoft Office Sessions:
=========================
Error: (06/02/2017 11:14:23 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-61H863SN)
Description: Microsoft.WindowsStore_8wekyb3d8bbwe!App-2147023170
Error: (06/02/2017 10:54:21 AM) (Source: Application Error)(User: )
Description: ZeroConfigService.exe18.40.0.056b890e3ntdll.dll10.0.14393.4795825887fc0000005000000000002f7dbc1801d2db8e89a5841dC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\WINDOWS\SYSTEM32\ntdll.dll74b12b90-2a1d-4ee0-9059-9a503d033fe5
Error: (06/01/2017 11:39:38 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-61H863SN)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (06/01/2017 11:37:02 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-61H863SN)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo-2147009280
Error: (06/01/2017 02:18:23 PM) (Source: Application Hang)(User: )
Description: explorer.exe10.0.14393.953166801d2dad91ed680274294967295C:\Windows\explorer.exeab7e71f4-46d3-11e7-9def-84ef18c4c31c
Error: (06/01/2017 01:18:01 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-61H863SN)
Description: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe+MicrosoftEdge
Error: (06/01/2017 01:17:11 PM) (Source: Application Error)(User: )
Description: YeaDesktop.exe1.0.0.859290a3dFileSyncShell.dll17.3.6799.32758d9ba50c000000500006dc51d7401d2dad95086f8dcC:\Program Files (x86)\YeaDesktop\YeaDesktop.exeC:\Users\Elfrot\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dllc5eee202-85c9-4699-b643-3838b19972dc
Error: (06/01/2017 12:52:43 PM) (Source: Application Error)(User: )
Description: YeaDesktop.exe1.0.0.859290a3dFileSyncShell.dll17.3.6799.32758d9ba50c000000500006dc51f1401d2dad5efaf73c0C:\Program Files (x86)\YeaDesktop\YeaDesktop.exeC:\Users\Elfrot\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll77c02d91-8bf9-4075-a941-678704c67247
Error: (06/01/2017 12:12:42 PM) (Source: ESENT)(User: )
Description: MicrosoftEdge10808C:\Users\Elfrot\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: -1216
Error: (06/01/2017 12:12:42 PM) (Source: ESENT)(User: )
Description: MicrosoftEdge10808C:\Users\Elfrot\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: -1216C:\Users\Elfrot\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

=========================== Installed Programs ============================
. . (HKLM\...\{12B07FF1-29CB-45AC-B493-1DB88BE717BD}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{C01175B6-6575-4526-A55B-2BC2F10BA083}) (Version: 2.7.2.4 - Intel) Hidden
µTorrent (HKCU\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-b862c235-0b20-4b77-aa56-91f484978370) (Version: 3.0.2.118 - WildTangent) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.07.2004 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3007 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.02.3001 - Acer Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
AdvancedModule (HKCU\...\Advanced Module_is1) (Version:  - )
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKCU\...\Host App Service) (Version: 0.273.1.711 - SweetLabs)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Battlerite (HKLM\...\Steam App 504370) (Version:  - Stunlock Studios)
C&C:Online (HKLM-x32\...\{1298F091-2180-4779-BDA0-1176247252D0}) (Version: 2.0.7 - Revora)
Chrome Remote Desktop Host (HKLM-x32\...\{88D5D9A4-48C4-4D0A-88B9-3E18661CF0D9}) (Version: 57.0.2987.37 - Google Inc.)
Cloud Pirates (HKLM\...\Steam App 559460) (Version:  - Allods Team)
CloudPirates (HKCU\...\CloudPirates) (Version: 1.40 - My.com B.V.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
DARK SOULS™ II (HKLM\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.10.0 - Dashlane, Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3015 - Acer Incorporated)
ELAN HIDI2C Filter Driver X64 13.6.5.2_WHQL (HKLM\...\Elantech) (Version: 13.6.5.2 - ELAN Microelectronic Corp.)
Epic Games Launcher (HKLM-x32\...\{50582847-2051-45E8-8624-CCBBAADA6B5B}) (Version: 1.1.97.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
Games of Glory (HKLM\...\Steam App 342150) (Version:  - Lightbulb Crew)
GenTool (HKLM-x32\...\GenTool) (Version: 7.4 - xezon)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.96 - SecureMix LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Home Makeover (HKLM-x32\...\WTA-fec1d1b1-db79-4577-9cc5-59f6911218e3) (Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-63e2285a-eed2-4c27-b2c5-69602f2f8544) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-9eb10f2a-85a6-45af-8b83-61e54fdb2890) (Version: 3.0.2.118 - WildTangent) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LoLReplay2 (HKLM-x32\...\{9D5BAC5A-EDBF-4A34-AC2D-139C84B7E050}_is1) (Version: v2.6.3 - Aequus Gaming Ltd.)
Magic Academy (HKLM-x32\...\WTA-b0da4215-352d-414d-9554-3b02c8d32d24) (Version: 2.2.0.97 - WildTangent) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Might and Magic® VI (HKLM-x32\...\Might and Magic® VI) (Version:  - )
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.12.10.00 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
My.com Game Center (HKCU\...\MyComGames) (Version: 3.201 - My.com B.V.)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7967.2073 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.9.38188 - Electronic Arts, Inc.)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-e5b694a0-708f-4052-ac4e-2626850f6182) (Version: 3.0.2.59 - WildTangent) Hidden
Priceline.com Weblink (HKLM-x32\...\{4A9B758D-CBDA-43EA-A5AF-EE25206E3507}) (Version: 1.16.0726 - Acer)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-912291c6-bdca-4151-8c45-dec579254fef) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-c9af3a5b-b5ae-4bb5-a012-aa37fbb48cbc) (Version: 3.0.2.126 - WildTangent) Hidden
SMITE (HKLM\...\Steam App 386360) (Version:  - Hi-Rez Studios)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Spotify Weblink (HKLM-x32\...\{8CADF0CB-E834-4019-9B11-B84E051F2A8E}) (Version: 1.16.1210 - Acer)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Fighter V NEW CFN Beta (HKLM\...\Steam App 593880) (Version:  - Capcom)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
theHunter (HKLM\...\Steam App 253710) (Version:  - Expansive Worlds)
UnHackMe 8.90 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Viber (HKCU\...\{f3ec70a6-7c39-417d-8ee9-894c0c51d5f9}) (Version: 6.7.0.1091 - Viber Media Inc.)
Viber (HKLM-x32\...\{A99081BB-AFA1-4811-8F11-8001581990DA}) (Version: 6.7.0.1091 - Viber Media Inc.) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.1.1.12 - WildTangent) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17376 - Microsoft Corporation)
Windscribe version 1.61 build 9 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.61 build 9 - Windscribe)
Wise Program Uninstaller 2.01 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 2.01 - WiseCleaner.com, Inc.)
========================= Devices: ================================

========================= Memory info: ===================================
Percentage of memory in use: 37%
Total physical RAM: 8060.13 MB
Available physical RAM: 5040.86 MB
Total Virtual: 9340.13 MB
Available Virtual: 6181.68 MB
========================= Partitions: =====================================
1 Drive c: (Acer) (Fixed) (Total:471.41 GB) (Free:384.04 GB) NTFS
2 Drive d: (GENERALSZH_DVD) (CDROM) (Total:3.22 GB) (Free:0 GB) CDFS
3 Drive g: (Games) (Fixed) (Total:458.98 GB) (Free:225.53 GB) NTFS
========================= Users: ========================================
User accounts for \\LAPTOP-61H863SN
Administrator            DefaultAccount           Elfrot                  
Guest                   

**** End of log ****

Edit: Moved topic from Am I Infected to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 05 June 2017 - 06:30 PM

Hi Elfrot :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Let's get some FRST logs.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 09 June 2017 - 11:28 AM

Hi Elfrot,

Are you still with me?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 11 June 2017 - 12:03 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users