Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I know if I am infected with malware or spyware


  • Please log in to reply
11 replies to this topic

#1 sunshineiam

sunshineiam

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lewisville, TX
  • Local time:06:26 PM

Posted 24 April 2016 - 05:57 PM

Hi! 

 

I am needing help to see if my computer may be infected with malware and or spyware.

I added a picture and link to the exact specs of my computer. 

 

Lenovo C54010110 AIO Non-touch screen

https://shop.lenovo.com/ISS_Static/WW/wci/products/us/desktop/essential/c-series/c540/c540-datasheet.pdf

 

It has done some different things  over the course of the last four months. It would have all of these processes running and some programs and applications always going. I know that Intel has several now on new computers to do with licensing and other various things. There was one particular program that would run constantly it looked like a normal Intel program. At the end of it was " WILLIAMETTE.EXE" and it was not located where most programs are in the programs folder or x86 one. It was in C:\Windows\System32 folder. I unplugged my computer from the internet and wiped everything off of it. Did a clean install of windows and, the program listed above is not present anymore. But it still has tons of dll things, like it has tons of things going on in the processes. One time it had 3557 or 35537 background processes going. It would not do anything but just freeze up. Since then my gmail passwords have been changed, not by my doing. It has stated under the devices that I have logged on from and iPhone. I have not now or ever owned and or ever owned or used one. I look at the location to see if there was any dependencies and there  was. It is say I have visited locations that I was not ever at. And I looked into the whole accuracy of the GPS. and look at my past travel. It has pretty much been spot on. All of my browsers crash constantly. 

I know that this could be a huge possibility of coincidence. But I am investigating all avenues as to why my computer has started behaving any differently.  I decided to come and see if there was a program I had not tried and that is when I came across GMR. It would run the scan and allow me to barely save a copy of the log. here is the log: 

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-04-24 14:52:20
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST1000DM003-1CH162 rev.CC56 931.51GB
Running: znfd2dh6.exe; Driver: C:\Users\Victoria\AppData\Local\Temp\ugdyapow.sys
 
 
---- Threads - GMER 2.2 ----
 
Thread  C:\WINDOWS\system32\csrss.exe [572:3604]                                                    fffff96032524060
Thread  C:\WINDOWS\system32\csrss.exe [572:3608]                                                    fffff96032524060
Thread  C:\WINDOWS\system32\svchost.exe [796:912]                                                   00007ffdb81ba8a0
Thread  C:\WINDOWS\system32\svchost.exe [796:916]                                                   00007ffdb81b9c70
Thread  C:\WINDOWS\system32\svchost.exe [796:960]                                                   00007ffdb7df8d90
Thread  C:\WINDOWS\system32\svchost.exe [332:2292]                                                  00007ffdada34ba0
Thread  C:\WINDOWS\system32\svchost.exe [332:2300]                                                  00007ffdb12a1a50
Thread  C:\WINDOWS\system32\svchost.exe [332:3756]                                                  00007ffda5001040
Thread  C:\WINDOWS\system32\svchost.exe [332:3168]                                                  00007ffdaea34c50
Thread  C:\WINDOWS\system32\svchost.exe [332:3160]                                                  00007ffdaea34c50
Thread  C:\WINDOWS\system32\svchost.exe [332:6876]                                                  00007ffd97e1c480
Thread  C:\WINDOWS\system32\svchost.exe [332:6880]                                                  00007ffd97e1c480
Thread  C:\WINDOWS\system32\svchost.exe [332:6884]                                                  00007ffd97e1c480
Thread  C:\WINDOWS\system32\svchost.exe [332:6888]                                                  00007ffd97df8640
Thread  C:\WINDOWS\system32\svchost.exe [332:6892]                                                  00007ffd97e1c480
Thread  C:\WINDOWS\system32\svchost.exe [332:6896]                                                  00007ffd97e27a10
Thread  C:\WINDOWS\system32\svchost.exe [332:7020]                                                  00007ffdafcb2750
Thread  C:\WINDOWS\system32\svchost.exe [332:3960]                                                  00007ffd97e1c480
Thread  C:\WINDOWS\system32\svchost.exe [776:2800]                                                  00007ffdabfec550
Thread  C:\WINDOWS\system32\svchost.exe [776:2804]                                                  00007ffdabfec530
Thread  C:\WINDOWS\system32\svchost.exe [776:2908]                                                  00007ffdac3e6320
Thread  C:\WINDOWS\system32\svchost.exe [776:2912]                                                  00007ffdac3f86e0
Thread  C:\WINDOWS\system32\svchost.exe [776:7048]                                                  00007ffdac007600
Thread  C:\WINDOWS\System32\svchost.exe [812:1512]                                                  00007ffdb32210a0
Thread  C:\WINDOWS\System32\svchost.exe [812:1528]                                                  00007ffdb2f954a0
Thread  C:\WINDOWS\System32\svchost.exe [812:1824]                                                  00007ffdb17a4440
Thread  C:\WINDOWS\System32\svchost.exe [812:2344]                                                  00007ffdb1584410
Thread  C:\WINDOWS\System32\svchost.exe [812:2352]                                                  00007ffdb15871b0
Thread  C:\WINDOWS\System32\svchost.exe [812:2364]                                                  00007ffdb17a4440
Thread  C:\WINDOWS\System32\svchost.exe [812:3000]                                                  00007ffdac3e6320
Thread  C:\WINDOWS\System32\svchost.exe [812:4120]                                                  00007ffd97279d60
Thread  C:\WINDOWS\System32\svchost.exe [812:5972]                                                  00007ffd97272450
Thread  C:\WINDOWS\system32\svchost.exe [1044:4464]                                                 00007ffd99172a20
Thread  C:\WINDOWS\system32\svchost.exe [1044:4884]                                                 00007ffd99172610
Thread  C:\WINDOWS\system32\svchost.exe [1164:1360]                                                 00007ffdb1056aa0
Thread  C:\WINDOWS\system32\svchost.exe [1164:1380]                                                 00007ffdb105b0c0
Thread  C:\WINDOWS\system32\svchost.exe [1164:2584]                                                 00007ffdac831240
Thread  C:\WINDOWS\system32\svchost.exe [1164:2600]                                                 00007ffdac909490
Thread  C:\WINDOWS\system32\svchost.exe [1164:2640]                                                 00007ffdac4129b0
Thread  C:\WINDOWS\system32\svchost.exe [1164:3552]                                                 00007ffdaef53d30
Thread  C:\WINDOWS\system32\svchost.exe [1164:5440]                                                 00007ffdaef522b0
Thread  C:\WINDOWS\System32\spoolsv.exe [1660:5792]                                                 00007ffdac3e6320
Thread  C:\WINDOWS\System32\spoolsv.exe [1660:5796]                                                 00007ffda40529a0
Thread  C:\WINDOWS\System32\spoolsv.exe [1660:5804]                                                 00007ffda5781180
Thread  C:\WINDOWS\System32\spoolsv.exe [1660:5808]                                                 00007ffda42acd90
Thread  C:\WINDOWS\system32\svchost.exe [1952:2248]                                                 00007ffdb04f1530
Thread  C:\WINDOWS\system32\svchost.exe [1952:2252]                                                 00007ffdb04f1530
Thread  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2044:3048]  00007ffdacfaa41c
Thread  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2044:3052]  00007ffdacfa7b08
Thread  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2044:2260]  00007ffdacfa7b08
Thread  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2044:3128]  00007ffda5a1502c
Thread  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2044:3292]  00007ffdacfa7b08
Thread  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2044:4860]  00007ffdacfa7b08
Thread  C:\Program Files\Windows Defender\MsMpEng.exe [1536:5340]                                   00007ffd995c5040
Thread  C:\Program Files\Windows Defender\MsMpEng.exe [1536:5652]                                   00007ffd995c5040
Thread  C:\Program Files\Windows Defender\MsMpEng.exe [1536:5412]                                   00007ffd995c5040
Thread  C:\Program Files\Windows Defender\MsMpEng.exe [1536:1392]                                   00007ffd995c5040
Thread  C:\WINDOWS\system32\taskhostw.exe [3652:3804]                                               00007ffda8da1230
Thread  C:\WINDOWS\system32\taskhostw.exe [3652:3812]                                               00007ffdbb405300
Thread  C:\WINDOWS\system32\taskhostw.exe [3652:3816]                                               00007ffda8cd2020
Thread  C:\WINDOWS\system32\taskhostw.exe [3652:3820]                                               00007ffdb76730f0
Thread  C:\WINDOWS\system32\taskhostw.exe [3652:5520]                                               00007ffdadc5c040
Thread   [4872:5908]                                                                                000000007758c6d0
Thread   [4872:6996]                                                                                000000007758c6d0
Thread   [4872:3080]                                                                                000000007758c6d0
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [5204:3548]                                                   0000000000d15f49
Thread   [3704:6428]                                                                                00007ffdaf113b04
Thread   [3704:5632]                                                                                00007ffdaf0aab6c
Thread   [3704:5052]                                                                                00007ffdaf0aab6c
Thread   [3704:5876]                                                                                00007ffdaf0aab6c
Thread   [3704:6716]                                                                                00007ffdaf0aab6c
Thread   [3704:6988]                                                                                00007ffdaf0aab6c
Thread   [3704:7152]                                                                                00007ffdaf0aab6c
Thread   [3704:6964]                                                                                00007ffdaf0aab6c
Thread   [3704:7076]                                                                                00007ffdaf0aab6c
Thread   [3704:6432]                                                                                00007ffdaf0aab6c
Thread   [3704:1448]                                                                                00007ffdaf0aab6c
Thread   [3704:6584]                                                                                00007ffdaf0aab6c
Thread   [3704:5772]                                                                                00007ffdaf0aab6c
Thread   [3704:2916]                                                                                00007ffdba547bd0
Thread  C:\WINDOWS\system32\ApplicationFrameHost.exe [6404:7100]                                    00007ffdb9898ee0
Thread  C:\WINDOWS\system32\ApplicationFrameHost.exe [6404:3300]                                    00007ffdb9898ee0
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:3404]                                                   0000000000c76b04
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:4572]                                                   0000000071ff8bd0
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:5696]                                                   000000006a55dcad
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:6828]                                                   000000006a55dcad
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:4576]                                                   000000006a55dcad
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:1852]                                                   000000006a55dcad
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:4612]                                                   000000006a55dcad
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:3860]                                                   000000006a55dcad
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:2772]                                                   000000006a55dcad
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:4772]                                                   000000006a55dcad
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:3584]                                                   000000006a55dcad
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:3296]                                                   000000006c05b14f
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [1884:1264]                                                   000000006c05b14f
 
---- EOF - GMER 2.2 ---
 
 
can you please help me make sense of all of this
 
Thank you

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:26 PM

Posted 25 April 2016 - 10:39 AM

Welcome, please do these next....

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sunshineiam

sunshineiam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lewisville, TX
  • Local time:06:26 PM

Posted 09 June 2016 - 11:03 PM

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by lopez (administrator) on 09-06-2016 at 23:02:54
Running from "C:\Users\lopez\Downloads"
Microsoft Windows 10 Pro N  (X64)
Model: 10110 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 feedback.search.microsoft.com
 
There are 6 entries.
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
add route prefix=66.235.139.19/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.200/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.201/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.203/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.206/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.204/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.208/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.209/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.210/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.211/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=8.26.216.252/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=192.221.113.253/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=72.21.81.200/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=131.253.14.76/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.194.134/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.194.98/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.218.174/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=184.51.150.169/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=31.13.66.36/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.194.46/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=157.56.23.91/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.194.142/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=172.226.189.70/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.194.34/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.194.78/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=23.64.196.216/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=198.105.244.228/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=131.253.40.50/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=64.4.54.165/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=172.232.200.169/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=184.51.150.176/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=65.55.128.81/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.195.34/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=157.58.249.57/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=184.51.150.201/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=184.51.150.163/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=93.184.215.200/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=31.13.66.2/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=179.60.192.7/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=184.51.150.219/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=184.51.150.153/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=134.170.51.248/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=65.52.108.90/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=64.4.6.100/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=23.218.131.3/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=131.253.40.59/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=8.26.220.254/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.194.130/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=107.20.138.157/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=64.4.54.36/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=137.117.100.176/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=172.233.64.143/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=68.67.128.84/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=64.156.167.95/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.197/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=23.98.150.94/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.218.130/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.218.98/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=98.124.243.41/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=172.217.2.162/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=65.55.2.6/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.218.166/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=172.217.2.174/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=31.13.81.13/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=23.2.63.62/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=68.67.129.176/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=172.233.74.155/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=157.55.240.220/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=191.238.241.80/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=23.96.212.225/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=212.43.70.13/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=207.46.7.252/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=31.13.66.5/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=134.170.115.60/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=65.52.108.153/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=64.4.54.22/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=207.68.166.254/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=31.13.66.12/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.194.129/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.218.97/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=23.200.72.142/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=172.226.190.29/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=216.58.218.162/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=109.75.209.245/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
add route prefix=172.217.2.161/32 interface="iftype0_0" nexthop=127.0.0.0 metric=1 publish=Yes
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DELTA-TWO
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless Network Adapter
   Physical Address. . . . . . . . . : 3C-77-E6-51-E5-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-77-E6-51-E5-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 20-1A-06-28-FE-D2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2605:6001:e65d:cd00:f81f:e685:be8f:bc6f(Preferred) 
   Temporary IPv6 Address. . . . . . : 2605:6001:e65d:cd00:69df:9fd8:69eb:f7bc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::f81f:e685:be8f:bc6f%8(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, June 9, 2016 3:43:47 PM
   Lease Expires . . . . . . . . . . : Thursday, June 9, 2016 11:43:48 PM
   Default Gateway . . . . . . . . . : fe80::d605:98ff:fea6:b7b7%8
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 69212678
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-DC-5C-B0-20-1A-06-28-FE-D2
   DNS Servers . . . . . . . . . . . : 209.18.47.62
                                       209.18.47.61
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:20cd:1983:b345:ff99(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::20cd:1983:b345:ff99%5(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-DC-5C-B0-20-1A-06-28-FE-D2
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{E8902E52-B417-4620-AB60-A99A21CF365D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-02.rr.com
Address:  209.18.47.62
 
Name:    google.com
Addresses:  2607:f8b0:4000:803::200e
 172.217.2.174
 
 
Pinging google.com [2607:f8b0:4000:808::200e] with 32 bytes of data:
Reply from 2607:f8b0:4000:808::200e: time=24ms 
Reply from 2607:f8b0:4000:808::200e: time=23ms 
 
Ping statistics for 2607:f8b0:4000:808::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 24ms, Average = 23ms
Server:  dns-cac-lb-02.rr.com
Address:  209.18.47.62
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Reply from 2001:4998:44:204::a7: time=45ms 
Reply from 2001:4998:44:204::a7: time=39ms 
 
Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 45ms, Average = 42ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...3c 77 e6 51 e5 14 ......Qualcomm Atheros AR9485 Wireless Network Adapter
  3...1e 77 e6 51 e5 14 ......Microsoft Wi-Fi Direct Virtual Adapter
  8...20 1a 06 28 fe d2 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    266
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    266
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
    66.235.139.19  255.255.255.255        127.0.0.0       1
   204.79.197.200  255.255.255.255        127.0.0.0       1
   204.79.197.201  255.255.255.255        127.0.0.0       1
   204.79.197.203  255.255.255.255        127.0.0.0       1
   204.79.197.206  255.255.255.255        127.0.0.0       1
   204.79.197.204  255.255.255.255        127.0.0.0       1
   204.79.197.208  255.255.255.255        127.0.0.0       1
   204.79.197.209  255.255.255.255        127.0.0.0       1
   204.79.197.210  255.255.255.255        127.0.0.0       1
   204.79.197.211  255.255.255.255        127.0.0.0       1
     8.26.216.252  255.255.255.255        127.0.0.0       1
  192.221.113.253  255.255.255.255        127.0.0.0       1
     72.21.81.200  255.255.255.255        127.0.0.0       1
    131.253.14.76  255.255.255.255        127.0.0.0       1
   216.58.194.134  255.255.255.255        127.0.0.0       1
    216.58.194.98  255.255.255.255        127.0.0.0       1
   216.58.218.174  255.255.255.255        127.0.0.0       1
   184.51.150.169  255.255.255.255        127.0.0.0       1
      31.13.66.36  255.255.255.255        127.0.0.0       1
    216.58.194.46  255.255.255.255        127.0.0.0       1
     157.56.23.91  255.255.255.255        127.0.0.0       1
   216.58.194.142  255.255.255.255        127.0.0.0       1
   172.226.189.70  255.255.255.255        127.0.0.0       1
    216.58.194.34  255.255.255.255        127.0.0.0       1
    216.58.194.78  255.255.255.255        127.0.0.0       1
    23.64.196.216  255.255.255.255        127.0.0.0       1
  198.105.244.228  255.255.255.255        127.0.0.0       1
    131.253.40.50  255.255.255.255        127.0.0.0       1
      64.4.54.165  255.255.255.255        127.0.0.0       1
  172.232.200.169  255.255.255.255        127.0.0.0       1
   184.51.150.176  255.255.255.255        127.0.0.0       1
     65.55.128.81  255.255.255.255        127.0.0.0       1
    216.58.195.34  255.255.255.255        127.0.0.0       1
    157.58.249.57  255.255.255.255        127.0.0.0       1
   184.51.150.201  255.255.255.255        127.0.0.0       1
   184.51.150.163  255.255.255.255        127.0.0.0       1
   93.184.215.200  255.255.255.255        127.0.0.0       1
       31.13.66.2  255.255.255.255        127.0.0.0       1
     179.60.192.7  255.255.255.255        127.0.0.0       1
   184.51.150.219  255.255.255.255        127.0.0.0       1
   184.51.150.153  255.255.255.255        127.0.0.0       1
   134.170.51.248  255.255.255.255        127.0.0.0       1
     65.52.108.90  255.255.255.255        127.0.0.0       1
       64.4.6.100  255.255.255.255        127.0.0.0       1
     23.218.131.3  255.255.255.255        127.0.0.0       1
    131.253.40.59  255.255.255.255        127.0.0.0       1
     8.26.220.254  255.255.255.255        127.0.0.0       1
   216.58.194.130  255.255.255.255        127.0.0.0       1
   107.20.138.157  255.255.255.255        127.0.0.0       1
       64.4.54.36  255.255.255.255        127.0.0.0       1
  137.117.100.176  255.255.255.255        127.0.0.0       1
   172.233.64.143  255.255.255.255        127.0.0.0       1
     68.67.128.84  255.255.255.255        127.0.0.0       1
    64.156.167.95  255.255.255.255        127.0.0.0       1
   204.79.197.197  255.255.255.255        127.0.0.0       1
     23.98.150.94  255.255.255.255        127.0.0.0       1
   216.58.218.130  255.255.255.255        127.0.0.0       1
    216.58.218.98  255.255.255.255        127.0.0.0       1
    98.124.243.41  255.255.255.255        127.0.0.0       1
    172.217.2.162  255.255.255.255        127.0.0.0       1
        65.55.2.6  255.255.255.255        127.0.0.0       1
   216.58.218.166  255.255.255.255        127.0.0.0       1
    172.217.2.174  255.255.255.255        127.0.0.0       1
      31.13.81.13  255.255.255.255        127.0.0.0       1
       23.2.63.62  255.255.255.255        127.0.0.0       1
    68.67.129.176  255.255.255.255        127.0.0.0       1
   172.233.74.155  255.255.255.255        127.0.0.0       1
   157.55.240.220  255.255.255.255        127.0.0.0       1
   191.238.241.80  255.255.255.255        127.0.0.0       1
    23.96.212.225  255.255.255.255        127.0.0.0       1
     212.43.70.13  255.255.255.255        127.0.0.0       1
     207.46.7.252  255.255.255.255        127.0.0.0       1
       31.13.66.5  255.255.255.255        127.0.0.0       1
   134.170.115.60  255.255.255.255        127.0.0.0       1
    65.52.108.153  255.255.255.255        127.0.0.0       1
       64.4.54.22  255.255.255.255        127.0.0.0       1
   207.68.166.254  255.255.255.255        127.0.0.0       1
      31.13.66.12  255.255.255.255        127.0.0.0       1
   216.58.194.129  255.255.255.255        127.0.0.0       1
    216.58.218.97  255.255.255.255        127.0.0.0       1
    23.200.72.142  255.255.255.255        127.0.0.0       1
   172.226.190.29  255.255.255.255        127.0.0.0       1
   216.58.218.162  255.255.255.255        127.0.0.0       1
   109.75.209.245  255.255.255.255        127.0.0.0       1
    172.217.2.161  255.255.255.255        127.0.0.0       1
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    266 ::/0                     fe80::d605:98ff:fea6:b7b7
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6ab8:20cd:1983:b345:ff99/128
                                    On-link
  8    266 2605:6001:e65d:cd00::/64 On-link
  8    266 2605:6001:e65d:cd00:69df:9fd8:69eb:f7bc/128
                                    On-link
  8    266 2605:6001:e65d:cd00:f81f:e685:be8f:bc6f/128
                                    On-link
  8    266 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::20cd:1983:b345:ff99/128
                                    On-link
  8    266 fe80::f81f:e685:be8f:bc6f/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    266 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/09/2016 03:51:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DELTA-TWO)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/09/2016 03:44:14 PM) (Source: COM+) (User: )
Description: (DtcGetTransactionManagerEx(): hr = 0x8004d01b)
 
Error: (06/09/2016 03:44:14 PM) (Source: MSDTC) (User: )
Description: 
 
Error: (06/09/2016 03:44:14 PM) (Source: MSDTC) (User: )
Description: 0x2
 
Error: (06/09/2016 03:44:14 PM) (Source: MSDTC) (User: )
Description: 
 
Error: (06/08/2016 09:22:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DELTA-TWO)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (06/07/2016 11:14:48 PM) (Source: COM+) (User: )
Description: (DtcGetTransactionManagerEx(): hr = 0x8004d01b)
 
Error: (06/07/2016 11:14:48 PM) (Source: MSDTC) (User: )
Description: 
 
Error: (06/07/2016 11:14:48 PM) (Source: MSDTC) (User: )
Description: 0x2
 
Error: (06/07/2016 11:14:48 PM) (Source: MSDTC) (User: )
Description: 
 
 
System errors:
=============
Error: (06/09/2016 10:23:31 PM) (Source: Service Control Manager) (User: )
Description: The SMIDMI service failed to start due to the following error: 
%%2
 
Error: (06/09/2016 10:23:31 PM) (Source: Service Control Manager) (User: )
Description: The SMIDMI service failed to start due to the following error: 
%%2
 
Error: (06/09/2016 10:23:31 PM) (Source: Service Control Manager) (User: )
Description: The SMIDMI service failed to start due to the following error: 
%%2
 
Error: (06/09/2016 10:23:31 PM) (Source: Service Control Manager) (User: )
Description: The SMIDMI service failed to start due to the following error: 
%%2
 
Error: (06/09/2016 10:23:31 PM) (Source: Service Control Manager) (User: )
Description: The SMIDMI service failed to start due to the following error: 
%%2
 
Error: (06/09/2016 10:23:31 PM) (Source: Service Control Manager) (User: )
Description: The SMIDMI service failed to start due to the following error: 
%%2
 
Error: (06/09/2016 10:03:46 PM) (Source: DCOM) (User: DELTA-TWO)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (06/09/2016 05:22:15 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/09/2016 04:13:40 PM) (Source: DCOM) (User: DELTA-TWO)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DELTA-TWOlopezS-1-5-21-1994814665-6403182-3388131239-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/09/2016 04:13:40 PM) (Source: DCOM) (User: DELTA-TWO)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DELTA-TWOlopezS-1-5-21-1994814665-6403182-3388131239-1001LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (06/09/2016 03:51:03 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DELTA-TWO)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147023170
 
Error: (06/09/2016 03:44:14 PM) (Source: COM+)(User: )
Description: (DtcGetTransactionManagerEx(): hr = 0x8004d01b)
 
Error: (06/09/2016 03:44:14 PM) (Source: MSDTC)(User: )
Description: 
 
Error: (06/09/2016 03:44:14 PM) (Source: MSDTC)(User: )
Description: 0x2
 
Error: (06/09/2016 03:44:14 PM) (Source: MSDTC)(User: )
Description: 
 
Error: (06/08/2016 09:22:35 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DELTA-TWO)
Description: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App
 
Error: (06/07/2016 11:14:48 PM) (Source: COM+)(User: )
Description: (DtcGetTransactionManagerEx(): hr = 0x8004d01b)
 
Error: (06/07/2016 11:14:48 PM) (Source: MSDTC)(User: )
Description: 
 
Error: (06/07/2016 11:14:48 PM) (Source: MSDTC)(User: )
Description: 0x2
 
Error: (06/07/2016 11:14:48 PM) (Source: MSDTC)(User: )
Description: 
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-06-09 15:57:28.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-08 16:55:07.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-07 23:14:16.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-06 16:32:08.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-02 08:17:47.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-01 19:07:37.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-29 15:06:23.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-29 03:37:09.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-29 03:26:50.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-29 01:15:31.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
calibre (HKLM-x32\...\{0CBE2506-9352-48E2-946D-C670C35A038C}) (Version: 2.58.0 - Kovid Goyal)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Foxit PhantomPDF Business (HKLM-x32\...\{C399624C-EE2B-4998-BE7A-E702EC932102}) (Version: 7.3.4.311 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2763.0 - Google Inc.)
Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 53.0.2763.0 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Highlighter (HKLM-x32\...\{A62B4B00-4F1A-46C9-A2EC-BF3A8DA1B545}) (Version: 1.1.3 - Mandiant)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Slitheris Network Discovery 1.0.128 (HKLM-x32\...\Slitheris_is1) (Version: 1.0.128 - Komodo Laboratories LLC)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.5 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
VoiceZoneConnect (HKLM-x32\...\{38044CA6-958D-378E-0C33-15F4FF343C06}) (Version: 1.5.1 - Time Warner Cable Media Inc) Hidden
VoiceZoneConnect (HKLM-x32\...\com.twc.voicezoneconnect) (Version: 1.5.1 - Time Warner Cable Media Inc)
Windows 10 Manager (HKCU\...\Windows 10 Manager 1.1.3) (Version: 1.1.3 - Yamicsoft)
Windows 10 Wizard (HKLM-x32\...\{5370B8FE-5301-41C0-9D7C-3986CF88C596}) (Version: 1.0.1.0 - Digital Care Solutions)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WPS Office (10.1.0.5609) (HKCU\...\Kingsoft Office) (Version: 10.1.0.5609 - Kingsoft Corp.)
York Network Trace 1.63 (HKLM-x32\...\York Network Trace_is1) (Version:  - CompSoft)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 85%
Total physical RAM: 3998.35 MB
Available physical RAM: 588.82 MB
Total Virtual: 7070.35 MB
Available Virtual: 2965.92 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:468.56 GB) (Free:227.34 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.33 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:23.1 GB) (Free:23.03 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DELTA-TWO
 
Administrator            blaqu                    DefaultAccount           
Guest                    jaked                    lopez                    
 
 
**** End of log ****


#4 sunshineiam

sunshineiam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lewisville, TX
  • Local time:06:26 PM

Posted 09 June 2016 - 11:07 PM

# AdwCleaner v5.119 - Logfile created 09/06/2016 at 23:05:18
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 10 Pro N  (X64)
# Username : lopez - DELTA-TWO
# Running from : C:\Users\lopez\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [621 bytes] - [09/06/2016 23:05:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [693 bytes] ##########


#5 sunshineiam

sunshineiam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lewisville, TX
  • Local time:06:26 PM

Posted 09 June 2016 - 11:10 PM

# AdwCleaner v5.119 - Logfile created 09/06/2016 at 23:05:18
# Updated 30/05/2016 by Xplode
# Database : 2016-06-07.1 [Server]
# Operating system : Windows 10 Pro N  (X64)
# Username : lopez - DELTA-TWO
# Running from : C:\Users\lopez\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [621 bytes] - [09/06/2016 23:05:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [693 bytes] ##########


#6 sunshineiam

sunshineiam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lewisville, TX
  • Local time:06:26 PM

Posted 09 June 2016 - 11:24 PM

OK sorry that it has taken me so long to respond I could not remember what email address I used, There is a new symptom the System Compressed  Memory is running extremely high now. I was told to disable "superfetch" and also the runtime broker is constantly running at a high rate. I was told to disable it as well. I have not on that one though, because I am not sure. Also I forget what I was doing I think I was getting ready to play Roblox with my kids and for some reason it would not let me. It stated I was missing the VWMCore.DLL or something close to that and when I was trying to repair it, I ran this program and I it stated I was missing tons of files and such. Also every single device and one point is constantly getting booted off the internet. We call time warner and the send a tech out we are told that it is fine and it continues on. The other day our LG smart tv in the living room kept getting this error "crawl.io" and we would have to power it down and power it back up. But the odd thing was every time it did that, my children's tablets screens blacked out and they restarted. I know this probably sounds super crazy and I apologize for that. But there was other people and the kids here to attest to it! 



#7 sunshineiam

sunshineiam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lewisville, TX
  • Local time:06:26 PM

Posted 10 June 2016 - 12:18 AM

C:\Users\lopez\AppData\Local\Kingsoft\WPS Office\10.1.0.5609\wtoolex\wpsupdate.exe a variant of Win32/KingSoft.D potentially unwanted application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87.zip a variant of Win32/AdapterWatch.A potentially unsafe application deleted
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\awatch.exe a variant of Win32/AdapterWatch.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\browsinghistoryview.exe a variant of Win32/BrowsingHistoryView.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\bulletspassview.exe a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\chromepass.exe a variant of Win32/PSWTool.ChromePass.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\dialupass.exe a variant of Win32/PSWTool.Dialupass.F potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\iepv.exe a variant of Win32/PSWTool.IEPassView.NAE potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\lsasecretsdump.exe Win32/PSWTool.LsaSecretsDump.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\lsasecretsview.exe Win32/PSWTool.LsasView potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\mailpv.exe a variant of Win32/PSWTool.MailPassView.E potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\mspass.exe a variant of Win32/MPass.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\netpass.exe a variant of Win32/NetPass.AA potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\operapassview.exe Win32/PSWTool.OperaPassView potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\outlookaddressbookview.exe a variant of Win32/OutlookAddressBookView.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\passwordfox.exe a variant of Win32/PSWTool.PassFox.D potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\passwordscan.exe a variant of Win32/PSWTool.WebBrowserPassView.C potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\pcanypass.exe a variant of Win32/PSWTool.PCAnyPass.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\produkey.exe a variant of Win32/PSWTool.ProductKey potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\pstpassword.exe a variant of Win32/PSWTool.PstPassword.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\routerpassview.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\skypecontactsview.exe a variant of Win32/SkypeContactsView.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\skypelogview.exe a variant of Win32/SkypeLogView.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\smsniff.exe a variant of Win32/Sniffer.SniffPass.B potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\sniffpass.exe a variant of Win32/Sniffer.SniffPass.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\vncpassview.exe a variant of Win32/PSWTool.VNCPassView.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\webbrowserpassview.exe a variant of Win32/PSWTool.WebBrowserPassView.B potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\wirelesskeyview.exe a variant of Win32/WirelessKeyView.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\wirelessnetview.exe a variant of Win32/PSWTool.WirelessNetView.A potentially unsafe application cleaned by deleting
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\x64\wirelesskeyview.exe a variant of Win64/WirelessKeyView.B potentially unsafe application cleaned by deleting


#8 sunshineiam

sunshineiam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lewisville, TX
  • Local time:06:26 PM

Posted 10 June 2016 - 08:46 AM

This is the list of the missing files :

Missing files
-------------
002 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
010 C:\WINDOWS\system32\AxInstSV.dll
010 C:\WINDOWS\system32\AJRouter.dll
010 C:\WINDOWS\system32\appidsvc.dll
010 C:\WINDOWS\system32\appinfo.dll
010 C:\WINDOWS\system32\Alg.exe
010 C:\WINDOWS\System32\AppReadiness.dll
010 C:\WINDOWS\system32\appxdeploymentserver.dll
010 C:\WINDOWS\system32\tzautoupdate.dll
010 C:\WINDOWS\system32\qmgr.dll
010 C:\WINDOWS\system32\bisrv.dll
010 C:\WINDOWS\system32\bfe.dll
010 C:\WINDOWS\system32\bdesvc.dll
010 C:\WINDOWS\System32\BthHFSrv.dll
010 C:\WINDOWS\System32\bthserv.dll
010 C:\WINDOWS\system32\peerdistsvc.dll
010 C:\WINDOWS\system32\ClipSVC.dll
010 C:\WINDOWS\system32\browser.dll
010 C:\WINDOWS\system32\vaultsvc.dll
010 C:\WINDOWS\system32\cryptsvc.dll
010 C:\WINDOWS\system32\cscsvc.dll
010 C:\WINDOWS\system32\dssvc.dll
010 C:\WINDOWS\system32\dcpsvc.dll
010 C:\WINDOWS\system32\embeddedmodesvc.dll
010 C:\WINDOWS\system32\dosvc.dll
010 C:\WINDOWS\system32\das.dll
010 C:\WINDOWS\system32\DeviceSetupManager.dll
010 C:\WINDOWS\system32\DevQueryBroker.dll
010 C:\WINDOWS\system32\trkwks.dll
010 C:\WINDOWS\system32\dmwappushsvc.dll
010 C:\WINDOWS\System32\moshost.dll
010 C:\WINDOWS\system32\efssvc.dll
010 EnterpriseAppMgmtSvc.dll
010 C:\WINDOWS\system32\wecsvc.dll
010 C:\WINDOWS\system32\wevtsvc.dll
010 C:\WINDOWS\system32\fhsvc.dll
010 C:\WINDOWS\system32\fdPHost.dll
010 C:\WINDOWS\system32\fdrespub.dll
010 C:\WINDOWS\system32\ieetwcollectorres.dll
010 C:\WINDOWS\system32\igfxCUIService.exe
010 C:\WINDOWS\system32\ikeext.dll
010 C:\WINDOWS\system32\ui0detect.exe
010 C:\WINDOWS\system32\licensemanagersvc.dll
010 C:\WINDOWS\system32\lltdres.dll
010 C:\WINDOWS\system32\lsm.dll
010 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
010 C:\Windows\system32\mfevtps.exe
010 C:\WINDOWS\system32\workfolderssvc.dll
010 C:\WINDOWS\system32\cdpsvc.dll
010 C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll
010 C:\WINDOWS\system32\eapsvc.dll
010 C:\WINDOWS\system32\ipnathlp.dll
010 C:\WINDOWS\system32\ncasvc.dll
010 C:\WINDOWS\System32\NgcCtnrSvc.dll
010 C:\WINDOWS\System32\ngcsvc.dll
010 C:\WINDOWS\System32\certprop.dll
010 C:\WINDOWS\System32\certprop.dll
010 C:\WINDOWS\system32\sppsvc.exe
010 C:\WINDOWS\system32\TabSvc.dll
010 C:\WINDOWS\system32\diagtrack.dll
010 C:\WINDOWS\System32\sensrsvc.dll
010 C:\WINDOWS\system32\svsvc.dll
010 C:\WINDOWS\system32\wlidsvc.dll
010 C:\WINDOWS\system32\wbengine.exe
010 C:\WINDOWS\system32\vssvc.exe
010 C:\WINDOWS\System32\swprv.dll
010 C:\WINDOWS\system32\NcdAutoSetup.dll
010 C:\WINDOWS\system32\ncbservice.dll
010 C:\WINDOWS\system32\netman.dll
010 C:\WINDOWS\system32\netprofmsvc.dll
010 C:\WINDOWS\System32\nlasvc.dll
010 C:\WINDOWS\system32\NetSetupSvc.dll
010 C:\WINDOWS\system32\nsisvc.dll
010 C:\WINDOWS\system32\p2psvc.dll
010 C:\WINDOWS\system32\pnrpauto.dll
010 C:\WINDOWS\system32\pnrpsvc.dll
010 C:\WINDOWS\system32\pnrpsvc.dll
010 C:\WINDOWS\System32\wercplsupport.dll
010 C:\WINDOWS\system32\profsvc.dll
010 C:\WINDOWS\System32\RDXService.dll
010 regsvc.dll
010 C:\WINDOWS\system32\rasauto.dll
010 C:\WINDOWS\system32\rasmans.dll
010 C:\WINDOWS\system32\umrdp.dll
010 C:\WINDOWS\System32\termsrv.dll
010 C:\WINDOWS\system32\PhoneserviceRes.dll
010 C:\WINDOWS\system32\RpcEpMap.dll
010 C:\WINDOWS\system32\Locator.exe
010 C:\WINDOWS\system32\samsrv.dll



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:26 PM

Posted 10 June 2016 - 09:35 AM

Do you run a Sandbox?

Which app produced the Missing Files list?


Please run...
Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 sunshineiam

sunshineiam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lewisville, TX
  • Local time:06:26 PM

Posted 15 June 2016 - 06:56 AM

SQLite format 3 @     !                                                               ! -æ
   Ø    ûöñìçâÝØ                                                                                                                                                                                                                                                                                                                                                                                                                                                                           J‚ktableIDSLogsIDSLogsCREATE TABLE IDSLogs(
 ID INTEGER PRIMARY KEY,
 Date INTEGER,
 StrDate TEXT,
 Event INTEGER,
 FileName TEXT,
 PID INTEGER,
 Infection INTEGER,
 Info TEXT,
 Unic TEXT)e##ƒtableDBIntegrityDBIntegrityCREATE TABLE DBIntegrity(
 ID INTEGER PRIMARY KEY,
 TableName TEXT,
 Revision INTEGER NOT NULL DEFAULT 1,
 RecordsLimit INTEGER NOT NULL DEFAULT 300,
           
    
        
  
3 êØɵœ‚iVF3                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
ScanLogs,  QLogs, QObjects, + USessionDetails, +USessionUpdates, + USessionModules, URequests,
 ULogs, IDSLogs, #DBIntegrity,
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
   K K                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               J‚ktableIDSLogsIDSLogsCREATE TABLE IDSLogs(
 ID INTEGER PRIMARY KEY,
 Date INTEGER,
 StrDate TEXT,
 Event INTEGER,
 FileName TEXT,
 PID INTEGER,
 Infection INTEGER,
 Info TEXT,
 Unic TEXT)e##ƒtableDBIntegrityDBIntegrityCREATE TABLE DBIntegrity(
 ID INTEGER PRIMARY KEY,
 TableName TEXT,
 Revision INTEGER NOT NULL DEFAULT 1,
 RecordsLimit INTEGER NOT NULL DEFAULT 300,
 LastSentID INTEGER NOT NULL DEFAULT 0)
   ë ¬ ë                                                                                                                                                                                                                               >‚[tableULogsULogsCREATE TABLE ULogs(
 ID INTEGER PRIMARY KEY,
 AutoUpdate INTEGER,
 Started INTEGER,
 Finished INTEGER,
 FilesCount INTEGER,
 TotalSize INTEGER,
 Result INTEGER)„Q3ˆ_triggerIDSLogs_AfterInsertIDSLogsCREATE TRIGGER IDSLogs_AfterInsert AFTER INSERT ON IDSLogs
BEGIN
 UPDATE IDSLogs SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END,
  StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch')
  WHERE ROWID = New.ROWID;

 DELETE FROM IDSLogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'IDSLogs') = 0 THEN 0
  ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='IDSLogs') END;
END
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
   Í Í? É                                                                                                                                                                                          ‚1/„'triggerULogs_AfterInsertULogsCREATE TRIGGER ULogs_AfterInsert AFTER INSERT ON ULogs
BEGIN
 DELETE FROM ULogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'ULogs') = 0 THEN 0
  ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='ULogs') END;
END‚;1„9triggerULogs_BeforeDeleteULogsCREATE TRIGGER ULogs_BeforeDelete BEFORE DELETE ON ULogs
BEGIN
 DELETE FROM URequests WHERE SessionID=old.ID;
 DELETE FROM USessionDetails WHERE SessionID=old.ID;
 DELETE FROM USessionModules WHERE SessionID=old.ID;
 DELETE FROM USessionUpdates WHERE SessionID=old.ID;
END>‚KtableURequestsURequestsCREATE TABLE URequests(
 ID INTEGER PRIMARY KEY,
 Date INTEGER,
 StrDate TEXT,
 SessionID INTEGER,
 URL TEXT,
 ResponseCode INTEGER,
 ResponseText TEXT)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
   0 œ ù 0                                  F
++‚CtableUSessionUpdatesUSessionUpdatesCREATE TABLE USessionUpdates(
 ID INTEGER PRIMARY KEY,
 SessionID INTEGER,
 URL TEXT,
 Path TEXT,
 Name TEXT,
 Size INTEGER,
 MD5 TEXT,
 Desc TEXT)  ++wtableUSessionModulesUSessionModules
CREATE TABLE USessionModules(
 ID INTEGER PRIMARY KEY,
 SessionID INTEGER,
 Name TEXT,
 Version TEXT,
 MD5 TEXT)„a7ˆwtriggerURequests_AfterInsertURequestsCREATE TRIGGER URequests_AfterInsert AFTER INSERT ON URequests
BEGIN
 UPDATE URequests SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END,
  StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch')
  WHERE ROWID = New.ROWID;

 DELETE FROM URequests WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'URequests') = 0 THEN 0
  ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='URequests') END;
END
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
” Ö :Ô Ö6                                                                                                                                                                                                    b'
indexQObjects_SHA1QObjectsCREATE UNIQUE INDEX QObjects_SHA1 ON QObjects(SHA1, Quarantined)\++‚otableUSessionDetailsUSessionDetailsCREATE TABLE USessionDetails(
 ID INTEGER PRIMARY KEY,
 SessionID INTEGER,
 Path TEXT,
 Size INTEGER,
 MD5 TEXT,
 Description TEXT,
 Downloaded INTEGER,
 Copyed INTEGER)y?+indexUSessionUpdates_SessionIDUSessionUpdatesCREATE INDEX USessionUpdates_SessionID ON USessionUpdates(SessionID)   @++‚CtableUSessionUpdatesUSessionUpdatesCREATE TABLE USess‚)
„%tableQObjectsQObjectsCREATE TABLE QObjects(
 ID INTEGER PRIMARY KEY,
 Name TEXT,
 Location TEXT,
 FileSize INTEGER,
 InfectionType TEXT,
 RiskLevel INTEGER,
 Quarantined INTEGER,
 Submitted INTEGER,
 Restored INTEGER,
 Removed INTEGER,
 SHA1 TEXT,
 Status INTEGER,
 Unic TEXT)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
œ Ö Ö D1‚EtriggerQObjects_UpdateOfSQObjectsCREATE TRIGGER QObjects_UpdateOfS UPDATE OF Submitted ON QObjects
BEGIN
 INSERT INTO QLogs(ObjectID, Date, Event)
 VALUES(New.ID, New.Submitted, 6);
END‚>1„9triggerQObjects_UpdateOfRQObjectsCREATE TRIGGER QObjects_UpdateOfR UPDATE OF Restored, Removed ON QObjects
BEGIN
 INSERT INTO QLogs(ObjectID, Date, Event)
 VALUES(New.ID, CASE WHEN New.Restored IS NOT NULL THEN New.Restored ELSE New.Removed END,
  CASE WHEN New.Restored IS NOT NULL THEN 4 ELSE 5 END);
ENDƒ;…7triggerQObjects_UpdateOfStatusQObjectsCREATE TRIGGER QObjects_UpdateOfStatus UPDATE OF Status ON QObjects  WHEN New.Status IN (2, 3, 11)
BEGIN
 INSERT INTO QLogs(ObjectID, Date, Event)
 VALUES(New.ID, CASE WHEN New.Restored IS NOT NULL THEN New.Restored ELSE New.Removed END,
  CASE WHEN New.Status = 3 THEN 8 WHEN New.Status = 2 THEN 9 WHEN New.Status = 11 THEN 7 END);
END   d'
indexQObjects_SHA1QObjectsCREATE UNIQUE INDEX QObjects_SHA1 ON QObjects(SHA1, Quarantined)
   k 9÷k                                                                                                                                                                                                                                                                                                                                                              qtableQLogsQLogsCREATE TABLE QLogs(
 ID INTEGER PRIMARY KEY,
 ObjectID INTEGER,
 Date INTEGER,
 StrDate TEXT,
 Event INTEGER)‚?5„7triggerQObjects_AfterInsertQObjectsCREATE TRIGGER QObjects_AfterInsert AFTER INSERT ON QObjects
BEGIN
 INSERT INTO QLogs(ObjectID, Date, Event)
 VALUES(New.ID, New.Quarantined, CASE WHEN New.Status = 3 THEN 8 WHEN New.Status = 2 THEN 9 WHEN New.Status = 11 THEN 7 WHEN New.Status = 12 THEN 3 ELSE 2 END);
ENDD1‚EtriggerQObjects_UpdateOfSQObjectsCREATE TRIGGER QObjects_UpdateOfS UPDATE OF Submitted ON QObjects
BEGIN
 INSERT INTO QLogs(ObjectID, Date, Event)
 VALUES(New.ID, New.Submitted, 6);
END
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
   ^ ¼^ v                                                                                                        eƒtableScanLogsScanLogsCREATE TABLE ScanLogs(
 ID INTEGER PRIMARY KEY,
 ScanDate INTEGER,
 StrScanDate TEXT,
 Method INTEGER,
 CountObj INTEGER,
 FoundObj INTEGER,
 Duration TEXT,
 FileName TEXT,
 ScanType INTEGER)\#indexQLogs_EventQLogsCREATE UNIQUE INDEX QLogs_Event ON QLogs(ObjectID, Date, Event)„A/ˆGtriggerQLogs_AfterInsertQLogsCREATE TRIGGER QLogs_AfterInsert AFTER INSERT ON QLogs
BEGIN
 UPDATE QLogs SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END,
  StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch')
  WHERE ROWID = New.ROWID;

 DELETE FROM QLogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'QLogs') = 0 THEN 0
  ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='QLogs') END;
END
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
   Ï Ï                                                                                                                                                                                                                                                                                                                                                                                                                                                                   ‚F5„EtriggerScanLogs_AfterInsertScanLogsCREATE TRIGGER ScanLogs_AfterInsert AFTER INSERT ON ScanLogs
BEGIN
 DELETE FROM ScanLogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'ScanLogs') = 0 THEN 0
  ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='ScanLogs') END;
ENDeƒtableScanLogsScanLogsCREATE TABLE ScanLogs(
 ID INTEGER PRIMARY KEY,
 ScanDate INTEGER,
 StrScanDate TEXT,
 Method INTEGER,
 CountObj INTEGER,
 FoundObj INTEGER,
 Duration TEXT,
 FileName TEXT,
 ScanType INTEGER)



#11 sunshineiam

sunshineiam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Lewisville, TX
  • Local time:06:26 PM

Posted 16 June 2016 - 02:20 AM

Emsisoft Emergency Kit - Version 11.0
Last update: 6/15/2016 6:58:55 AM
User account: DELTA-TWO\lopez

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 6/15/2016 7:03:01 AM
C:\Users\lopez\Downloads\nirsoft_package_1.19.87\NirSoft\rdpv.exe  detected: Gen:Application.Heur.bmKfbW76vOjO (B)

Scanned 79037
Found 1

Scan end: 6/15/2016 7:10:07 AM
Scan time: 0:07:06



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:26 PM

Posted 16 June 2016 - 12:37 PM

Looks good any issues?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users