Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still compromised?


  • Please log in to reply
5 replies to this topic

#1 Tsarenir

Tsarenir

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 July 2016 - 01:51 PM

TL;DR I went to the website in this picture (http://puu.sh/pQ2ll/784eb6bbe8.jpg) and downloaded a file disguised as a flash update and executed it repeatedly like a moron. It opened a command prompt with a title I don't remember and closed quickly, nothing has happened since. I don't know what it did or if it's even an active threat.
 
I'll put this at the top for those disinterested in the story, I've run Malwarebytes Anti-Malware to no avail, I ran rkill.com and it interacted with nothing, and after that I did a system restore to a point two days ago. I'm aware system restore is dubious at best for virus and malware removal, but I can't think of anything more appropriate to do for something I doubt would even flag as spyware than simply factory resetting my laptop, which I still might do. It feels as if it's running slower than usual, but it's so barely noticeable that it might just be that I rebooted it for the first time in a while combined with placebo. Might I still be infected?
 
I woke up this morning and popped my laptop open, and within minutes of logging onto Steam, a person on my friends list that sends messages to me sporadically with large gaps in between sent me a link saying he found me in a video on Twitch for a game that I play very often. Being early morning, from a friend that does this often, I clicked the link, but instead of the video playing, the box simply showed the "You must update Adobe Flash Player" notice that looks exactly like it would've normally. Here's a screen cap I hesitantly went back for, to show my friend that I'm slightly less of an idiot, http://puu.sh/pQ2ll/784eb6bbe8.jpg
 
Now I just bought this laptop, so in my drunken tiredness this didn't bring up any red flags, even when I clicked on it and it downloaded a file instantly instead of bringing up the Adobe website. For whatever reason, I attempted to open the file repeatedly, and it kept popping up a command prompt with a title I don't recall and am not interested in opening it again to read. If you care enough, feel free to grab the URL from the screen cap. The stars aligned perfectly for me to fall into this trap, as I conveniently was logged out of Twitch as well so that didn't strike me as odd either. It actually didn't dawn on me that this was a phishing site until I started clicking around the page, as despite all of the buttons having the proper mouseover actions, none of them actually do anything when you click them. It was then that I opened a new tab and went to the main twitch page, logged in, refreshed the phishing page and noticed the incorrect URL, facepalmed hard enough to create a minor anomaly in spacetime.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 04 July 2016 - 01:53 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 Tsarenir

Tsarenir
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 July 2016 - 03:56 PM

Adware Cleaner

# AdwCleaner v5.201 - Logfile created 04/07/2016 at 14:09:53
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : TsarenirLT - LAPTOP-OG62JMIO
# Running from : C:\Users\TsarenirLT\Downloads\adwcleaner_5.201.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found : Amazon 1Button App Service

***** [ Folders ] *****

Folder Found : C:\ProgramData\DriverSetupUtility
Folder Found : C:\ProgramData\Application Data\DriverSetupUtility
Folder Found : C:\Program Files (x86)\Amazon\Amazon1ButtonApp
Folder Found : C:\Users\TsarenirLT\AppData\Local\Host App Service
Folder Found : C:\Users\TsarenirLT\AppData\Roaming\Mozilla\Firefox\Profiles\tthrenmd.default\extensions\abb@amazon.com
Folder Found : C:\Program Files\Booking.com
Folder Found : C:\Program Files\DriverSetupUtility

***** [ Files ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : App Explorer
Task Found : ACC
Task Found : Software Update Application

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
Key Found : HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
Key Found : HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
Key Found : HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
Key Found : HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
Key Found : HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
Key Found : HKCU\Software\Host App Service
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}
Key Found : HKU\S-1-5-21-2578348232-4114066595-3129683368-1001\Software\Host App Service
Key Found : HKU\S-1-5-21-2578348232-4114066595-3129683368-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\3DCCCD6BD02558446B24CF1C63EC213C
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKU\S-1-5-21-2578348232-4114066595-3129683368-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com

***** [ Web browsers ] *****

[C:\Users\TsarenirLT\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxps://secure.homepage-web.com/?partner=acer&src=omnibox&q={searchTerms}
[C:\Users\TsarenirLT\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www.trovi.com/?gd=&ctid=CT3321972&octid=EB_ORIGINAL_CTID&ISID=M0DCD5778-840D-4CE2-8984-EEDBFAED3622&SearchSource=55&CUI=&UM=5&UP=SPB4F4A077-F7E4-4628-BDEC-40F109DEBF40&SSPV=

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [4030 bytes] - [04/07/2016 14:09:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4103 bytes] ##########

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by TsarenirLT (Administrator) on Mon 07/04/2016 at 14:18:29.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/04/2016 at 14:20:28.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adware Removal Tool

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

Adware Removal Tool 5.1
Time: 2016_07_04_14_25_30
OS: Windows 10 Home - x64 Bit
Account Name: TsarenirLT
Adware Definition: 07032016
Elapsed time: 02:57
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

Browser: Chrome Found : Adware.Homepage-web.com : C:\Users\TsarenirLT\AppData\Local\Google\Chrome\User Data\Default\Preferences
Browser: Chrome Found : Adware.trovi : C:\Users\TsarenirLT\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Browser: Chrome Found : Adware.Homepage-web.com : C:\Users\TsarenirLT\AppData\Local\Google\Chrome\User Data\Default\Last Tabs


ZHP

~ ZHPCleaner v2016.8.13.324 by Nicolas Coolman (2015/08/13)
~ Run by TsarenirLT (Administrator)  (04/07/2016 14:43:54)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Repair
~ Report : C:\Users\TsarenirLT\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\TsarenirLT\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (22)
MOVED folder: C:\WINDOWS\Installer\MSI13D6.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2173.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2B48.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2BE5.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2DC.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI34C5.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI34E5.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4EA2.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4EF1.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4F7F.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5240.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI55D8.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5703.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5762.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5948.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI84BE.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8972.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8B6.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8F30.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIB74D.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBABA.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC148.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 1129
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 22


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-04072016-14_44_07.txt
ZHPCleaner-[S]-04072016-14_36_43.txt

Zemana

Zemana AntiMalware 2.21.2.139 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/7/4
Operating System       : Windows 10 64-bit
Processor              : 8X Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
BIOS Mode              : UEFI
CUID                   : 12DC6B65E6B1FF42DD74E2
Scan Type              : Deep Scan
Duration               : 26m 9s
Scanned Objects        : 321602
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 04 July 2016 - 06:25 PM

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download Minitoolbox and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#5 Tsarenir

Tsarenir
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 July 2016 - 09:10 PM

Malwarebytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/4/2016
Scan Time: 7:18 PM
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.04.07
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: TsarenirLT

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305998
Time Elapsed: 19 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ESET

 

No infections, no log, though your list of steps is a little outdated, but not so much as to be inconvenient.

 

Mini Toolbox

MiniToolBox by Farbar  Version: 17-06-2016
Ran by TsarenirLT (administrator) on 04-07-2016 at 19:25:32
Running from "C:\Users\TsarenirLT\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Aspire VN7-591G Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Qualcomm Atheros QCA61x4 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : LAPTOP-OG62JMIO
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.tn.comcast.net

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 30-65-EC-8E-64-13
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 62-6D-C7-01-AF-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net
   Description . . . . . . . . . . . : Qualcomm Atheros QCA61x4 Wireless Network Adapter
   Physical Address. . . . . . . . . : 60-6D-C7-01-AF-65
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:483:300:8f19:d47b:e5de:e2f9:94d6(Preferred) 
   Temporary IPv6 Address. . . . . . : 2601:483:300:8f19:1978:aad7:1b0:99f9(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::d47b:e5de:e2f9:94d6%9(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.223(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, July 4, 2016 2:13:42 PM
   Lease Expires . . . . . . . . . . : Monday, July 11, 2016 7:07:28 PM
   Default Gateway . . . . . . . . . : fe80::d:cbff:fe8d:c52f%9
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 157314503
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-D3-CE-1C-30-65-EC-8E-64-13
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.tn.comcast.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 4:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1096:21dc:f5ff:ff20(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1096:21dc:f5ff:ff20%8(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-D3-CE-1C-30-65-EC-8E-64-13
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  2607:f8b0:4002:c06::8b
	  173.194.219.139
	  173.194.219.138
	  173.194.219.101
	  173.194.219.102
	  173.194.219.100
	  173.194.219.113


Pinging google.com [2607:f8b0:4002:c06::8b] with 32 bytes of data:
Reply from 2607:f8b0:4002:c06::8b: time=28ms 
Reply from 2607:f8b0:4002:c06::8b: time=28ms 

Ping statistics for 2607:f8b0:4002:c06::8b:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 28ms, Average = 28ms
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
	  2001:4998:58:c02::a9
	  2001:4998:44:204::a7
	  206.190.36.45
	  98.138.253.109
	  98.139.183.24


Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
Reply from 2001:4998:c:a06::2:4008: time=89ms 
Reply from 2001:4998:c:a06::2:4008: time=88ms 

Ping statistics for 2001:4998:c:a06::2:4008:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 88ms, Maximum = 89ms, Average = 88ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...30 65 ec 8e 64 13 ......Realtek PCIe GBE Family Controller
  4...62 6d c7 01 af 65 ......Microsoft Wi-Fi Direct Virtual Adapter
  9...60 6d c7 01 af 65 ......Qualcomm Atheros QCA61x4 Wireless Network Adapter
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  8...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1       10.0.0.223     30
         10.0.0.0    255.255.255.0         On-link        10.0.0.223    286
       10.0.0.223  255.255.255.255         On-link        10.0.0.223    286
       10.0.0.255  255.255.255.255         On-link        10.0.0.223    286
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.0.0.223    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.0.0.223    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9    286 ::/0                     fe80::d:cbff:fe8d:c52f
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:9d38:6abd:1096:21dc:f5ff:ff20/128
                                    On-link
  9    286 2601:483:300:8f19::/64   On-link
  9    286 2601:483:300:8f19:1978:aad7:1b0:99f9/128
                                    On-link
  9    286 2601:483:300:8f19:d47b:e5de:e2f9:94d6/128
                                    On-link
  9    286 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::1096:21dc:f5ff:ff20/128
                                    On-link
  9    286 fe80::d47b:e5de:e2f9:94d6/128
                                    On-link
  1    306 ff00::/8                 On-link
  9    286 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/04/2016 02:18:49 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/04/2016 02:10:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 51.0.2704.103, time stamp: 0x57610874
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xcf8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (07/04/2016 11:42:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000409
Fault offset: 0x00000000000a9ba0
Faulting process id: 0x1c98
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (07/04/2016 11:26:02 AM) (Source: ESENT) (User: )
Description: svchost (1368) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU00060.log.

Error: (07/04/2016 11:16:17 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/04/2016 10:48:30 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/04/2016 10:15:47 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/04/2016 09:58:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 51.0.2704.103, time stamp: 0x57610874
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x8fcc
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (07/03/2016 08:49:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: LAPTOP-OG62JMIO)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/02/2016 10:22:38 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (07/04/2016 07:25:02 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading


Error: (07/04/2016 07:25:02 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\TSAREN~1\AppData\Local\Temp\ehdrv.sys

Error: (07/04/2016 07:25:02 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading


Error: (07/04/2016 07:25:02 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\TSAREN~1\AppData\Local\Temp\ehdrv.sys

Error: (07/04/2016 07:25:02 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading


Error: (07/04/2016 07:25:02 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\TSAREN~1\AppData\Local\Temp\ehdrv.sys

Error: (07/04/2016 07:25:01 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading


Error: (07/04/2016 07:25:01 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\TSAREN~1\AppData\Local\Temp\ehdrv.sys

Error: (07/04/2016 07:25:01 PM) (Source: Service Control Manager) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading


Error: (07/04/2016 07:25:01 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\TSAREN~1\AppData\Local\Temp\ehdrv.sys


Microsoft Office Sessions:
=========================
Error: (07/04/2016 02:18:49 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/04/2016 02:10:34 PM) (Source: Application Error)(User: )
Description: chrome.exe51.0.2704.10357610874unknown0.0.0.000000000c00000050000000000000000cf801d1d61d6641a15fC:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown68d43ee9-107f-4cbb-a1c5-058b45dbca19

Error: (07/04/2016 11:42:56 AM) (Source: Application Error)(User: )
Description: backgroundTaskHost.exe10.0.10586.05632d8f0ntdll.dll10.0.10586.306571af2ebc000040900000000000a9ba01c9801d1d6126a91851cC:\WINDOWS\system32\backgroundTaskHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll77953222-f751-4b96-aa7d-80c4ba34e451Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbweApp

Error: (07/04/2016 11:26:02 AM) (Source: ESENT)(User: )
Description: svchost1368SRUJet: C:\WINDOWS\system32\SRU\SRU00060.log-1811 (0xfffff8ed)

Error: (07/04/2016 11:16:17 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/04/2016 10:48:30 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/04/2016 10:15:47 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/04/2016 09:58:03 AM) (Source: Application Error)(User: )
Description: chrome.exe51.0.2704.10357610874unknown0.0.0.000000000c000000500000000000000008fcc01d1d4f056ba17f7C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown2fc26612-5342-43e6-9f3e-6d1d8b9c5ccf

Error: (07/03/2016 08:49:03 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: LAPTOP-OG62JMIO)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170

Error: (07/02/2016 10:22:38 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.


CodeIntegrity Errors:
===================================
  Date: 2016-07-04 14:59:15.214
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-04 14:59:15.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-04 14:59:04.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\DmNotificationBroker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-04 14:59:04.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\DmNotificationBroker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-04 14:58:32.857
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\DsmUserTask.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-04 14:58:32.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\DsmUserTask.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-04 14:58:28.535
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\EditionUpgradeManagerObj.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-04 14:58:28.510
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\edpauditapi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-04 14:58:28.497
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\edpauditapi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-04 14:58:26.331
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-44b15a0c-012a-42cf-98f1-165fff52d3de) (Version: 3.0.2.118 - WildTangent) Hidden
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.07.2003.0 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3005 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.10.2001 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3006 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
ADOM (Ancient Domains Of Mystery) (HKLM\...\Steam App 333300) (Version:  - Thomas Biskup)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.17.2002.1 - Acer Incorporated)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.4 - AVAST Software)
Banished (HKLM\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 1.0.13.0 - Dashlane SAS)
Delver (HKLM\...\Steam App 249630) (Version:  - Priority Interrupt)
Dino Storm (HKLM-x32\...\WildTangentGDF-acer-dinostorm) (Version: 13.0.0.6 - WildTangent) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
DuelystLauncher (HKCU\...\launcher) (Version: 0.0.10 - Counterplay Games Inc.)
eBay Worldwide (HKLM-x32\...\{3DC26EA7-03E3-4353-9424-EEB7A34A7504}) (Version: 2.5.0427 - OEM)
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Gnomoria (HKLM\...\Steam App 224500) (Version:  - Robotronic Games)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.30.3 - Google Inc.) Hidden
Home Makeover (HKLM-x32\...\WTA-3cf95c4f-180b-4280-8f16-c53e066361fb) (Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-1230f393-e73b-4a65-b2df-1ad3a6b6744f) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-d63130dc-efc8-4c06-a15e-a2edcf5b04f3) (Version: 3.0.2.118 - WildTangent) Hidden
Kingdom Rush (HKLM\...\Steam App 246420) (Version:  - Ironhide Game Studio)
Magic Academy (HKLM-x32\...\WTA-c89a8073-438e-4611-9c1c-a1121411ab40) (Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-134665ac-2bca-44cd-a74e-fb5c2e88e579) (Version: 3.0.2.59 - WildTangent) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.041 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-7aae79e6-c8f9-4751-bb78-5f3a73b0dc29) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-8f50145d-d9dd-494c-aee5-8647a1ff13c9) (Version: 3.0.2.126 - WildTangent) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Marines (HKLM\...\Steam App 253630) (Version:  - Worthless Bums)
Tales of Maj'Eyal (HKLM\...\Steam App 259680) (Version:  - DarkGod)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Underrail (HKLM\...\Steam App 250520) (Version:  - Stygian Software)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.139 - Zemana Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 8115.27 MB
Available physical RAM: 4066.77 MB
Total Virtual: 12723.27 MB
Available Virtual: 8665.93 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:862.92 GB) NTFS

========================= Users: ========================================

User accounts for \\LAPTOP-OG62JMIO

Administrator            DefaultAccount           Guest                    
TsarenirLT               


**** End of log ****

SecurityCheck

SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 04.07.2016 19:26:00
Path starting: C:\Users\TsarenirLT\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: TsarenirLT
VersionXML: 3.16is-02.07.2016
___________________________________________________________________________

Windows 10(6.3.10586) (x64) Core Lang: English(0409)
Installation date OS: 23.06.2016 09:16:18
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [930.9 Gb] Used: [68 Gb] Free: [862.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.420.10586.0
User Account Control [b]enabled[/b]
[color=red][b]Automatic Updates disabled (-1)[/b][/color]
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4693.1005
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast SecureLine v.1.0.239.4
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.21.139
------------------------------- [ Browser ] -------------------------------
Google Chrome v.51.0.2704.103 [color=red][b]Warning! [url=https://www.google.com/intl/en/chrome/browser/desktop/index.html]Download Update[/url][/b][/color]
Mozilla Firefox 38.0.1 (x86 en-US) v.38.0.1 [color=red][b]Warning! [url=https://www.mozilla.org/en-US/firefox/all/]Download Update[/url][/b][/color]
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.51.0.2704.103
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avast SecureLine (SecureLine) - The service is running
C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe v.0.0.0.0
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
C:\Program Files\Windows Defender\MsMpEng.exe v.4.9.10586.0
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.9.10586.0
C:\Program Files\Windows Defender\NisSrv.exe v.4.9.10586.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Delver [b][color=red]Warning! Suspected Adware![/color][/b] If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using [url=https://www.malwarebytes.org/mwb-download/]Malwarebytes Anti-Malware[/url] and [url=https://toolslib.net/downloads/viewdownload/1-adwcleaner/]AdwCleaner (by Xplode)[/url]. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
WildTangent Games v.1.0.4.0 [b]Warning![/b] Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Update Installer for WildTangent Games App [color=blue][b]<< Hidden[/b][/color] [b]Warning![/b] Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
WildTangent Games App v.4.0.11.16 [color=blue][b]<< Hidden[/b][/color] [b]Warning![/b] Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 PM

Posted 11 July 2016 - 04:27 AM

Sorry for the delay, you still need help?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users