Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent and Security.Hijack found by MBAM


  • This topic is locked This topic is locked
40 replies to this topic

#1 SneakyArab

SneakyArab

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 10 October 2016 - 10:59 PM

Hey everyone. My computer started playing up lately and noticed MBAM was blocking a outgoing connection every 30 mins so I ran a scan and it found a Trojan.Agent and Security.Hijack in the registry HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe and 5 other entries all similar. I quarantined and then removed them but I still have problems. I did notice some .txt file that had something to do with a bitcoin miner and keylogger but didnt make a copy of it. I also remember on the 13/08/2016 I jumped onto google and received a error code # 268D3 claiming to be from computervirusfound.tech saying my computer has been blocked to prevent further damage to our network, it claimed my personal data was being stolen and to call +61-1800-893-759 I of course shutdown google immediately. I did take a photo first as it was suspicious. I still have suspicions that my computer is infected and would like some expert help.



BC AdBot (Login to Remove)

 


#2 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 10 October 2016 - 11:31 PM

Just a quick update I tried to run FRST64 but it says Windows cannot access the specified device, folder, file. You may not have the required permissions to access this file. Im the Admin though wth.



#3 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 11 October 2016 - 01:21 AM

FRST64 logs

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 12 October 2016 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious malware was found on your logs.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Avast SafePrice) - C:\Users\matth\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-10-07]
CHR Extension: (Avast Online Security) - C:\Users\matth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\matth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-07]
CHR Extension: (Chrome Media Router) - C:\Users\matth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
C:\Users\matth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\matth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

===

Please scan your computer with ESET Online Scanner.
  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

Please post the logs and let me know of any issues with this computer.

#5 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 12 October 2016 - 06:56 PM

Forgot to mention MBAM discovered a malware entry in safe mode after a fresh install called (Malware Registry Data HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMGMT\PARAMETERS|ServiceDllUnloadOnStop had it removed, but PC still playing up and am worried I didnt catch it al. GMER also found lots of suspicious entry's so I can provide those logs also. Here are the fix log results for FRSTAttached File  Fixlog.txt   3.11KB   2 downloads



#6 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 12 October 2016 - 07:06 PM

On another quick note I am now getting random windows tech support popping up in chrome saying my computr has been blocked saying it has alerted us you are infected with a virus and it is stealing the following information, Facebook login, credit card details and etc please call this number +61 1800-893-759, I shut chrome down straight away and have not rung the number, hope this may help.



#7 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 12 October 2016 - 07:58 PM

Okay eset scan finished and it found 1 result win32googletoolbar bundled with CCleaner. I know I unchecked that when I downloaded CCleaner so it shouldnt have installed, I went to save a txt log of the results then Eset crashed. Then a BSOD showed up saying your PC ran into a problem and needs to restart. We're just collecting some error info, and then we'll restart for you. It has one of those square shaped barcode things you can scan and next to it in writing For more information about this issue and possible fixes, visit http://windows.com/stopcode. If you call a support person, give them this info: Stop Code: DRIVER POWER STATE FAILURE. Got no idea what this is or means. I will try another Eset scan and see what happens.



#8 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 12 October 2016 - 11:08 PM

Eset scan complete nothing found and this time it didnt BSOD. That error is something to do with a corrupted, missing driver or not enough power being supplied, I checked device manager briefly and there is a unknown device now showing up?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 13 October 2016 - 09:51 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (MTB.txt) into your next post.


#10 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 13 October 2016 - 05:15 PM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by matth (administrator) on 14-10-2016 at 08:13:05
Running from "C:\Users\matth\Downloads"
Microsoft Windows 10 Home  (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/13/2016 09:21:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 06:23:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 06:23:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 06:22:02 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (10/13/2016 06:21:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 10:48:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: esetonlinescanner_enu.exe, version: 2.0.12.0, time stamp: 0x57ac3e59
Faulting module name: esetonlinescanner_enu.exe, version: 2.0.12.0, time stamp: 0x57ac3e59
Exception code: 0xc0000005
Fault offset: 0x001a3524
Faulting process id: 0x1ec4
Faulting application start time: 0xesetonlinescanner_enu.exe0
Faulting application path: esetonlinescanner_enu.exe1
Faulting module path: esetonlinescanner_enu.exe2
Report Id: esetonlinescanner_enu.exe3
Faulting package full name: esetonlinescanner_enu.exe4
Faulting package-relative application ID: esetonlinescanner_enu.exe5
 
Error: (10/13/2016 09:39:57 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (10/13/2016 09:39:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 09:39:13 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {00e7adab-c6bb-4abc-93be-fa1b415b4f3f}
 
Error: (10/12/2016 10:19:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: 771h5oen.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: 771h5oen.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x000136f5
Faulting process id: 0x1af4
Faulting application start time: 0x771h5oen.exe0
Faulting application path: 771h5oen.exe1
Faulting module path: 771h5oen.exe2
Report Id: 771h5oen.exe3
Faulting package full name: 771h5oen.exe4
Faulting package-relative application ID: 771h5oen.exe5
 
 
System errors:
=============
Error: (10/13/2016 09:21:33 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (10/13/2016 09:04:38 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:04:08 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:03:37 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:03:07 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:02:37 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:02:07 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:01:37 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:01:07 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:00:37 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
 
Microsoft Office Sessions:
=========================
Error: (10/13/2016 09:21:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 06:23:39 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 06:23:21 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 06:22:02 PM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (10/13/2016 06:21:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 10:48:42 AM) (Source: Application Error)(User: )
Description: esetonlinescanner_enu.exe2.0.12.057ac3e59esetonlinescanner_enu.exe2.0.12.057ac3e59c0000005001a35241ec401d224e30a49997fC:\Users\matth\Downloads\esetonlinescanner_enu.exeC:\Users\matth\Downloads\esetonlinescanner_enu.exeef239e00-7bf2-4f59-a629-9dd29fe8c6b6
 
Error: (10/13/2016 09:39:57 AM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x8007001f, A device attached to the system is not functioning.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (10/13/2016 09:39:20 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 09:39:13 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {00e7adab-c6bb-4abc-93be-fa1b415b4f3f}
 
Error: (10/12/2016 10:19:47 PM) (Source: Application Error)(User: )
Description: 771h5oen.exe2.2.19882.056e2cdca771h5oen.exe2.2.19882.056e2cdcac0000005000136f51af401d224727e0f654bC:\Users\matth\Downloads\771h5oen.exeC:\Users\matth\Downloads\771h5oen.exe3b28c5e4-eb70-4b0d-8f29-f08fd06574b7
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-10-12 07:11:26.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-10-11 12:10:05.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-10-11 08:29:10.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-10-11 08:28:59.406
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
**** End of log ****


#11 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 13 October 2016 - 05:26 PM

Also a full log of minitoolbox 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by matth (administrator) on 14-10-2016 at 08:11:45
Running from "C:\Users\matth\Downloads"
Microsoft Windows 10 Home  (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
ProxyServer: 10.0.0.138:80
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : SneakysMachine
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : gateway
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E0-3F-49-A3-56-A2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6581:ed6b:d25f:68ec%2(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.129(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 13 October 2016 6:13:42 PM
   Lease Expires . . . . . . . . . . : Friday, 14 October 2016 8:54:40 AM
   Default Gateway . . . . . . . . . : 10.0.0.138
   DHCP Server . . . . . . . . . . . : 10.0.0.138
   DHCPv6 IAID . . . . . . . . . . . : 48250697
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-13-46-4E-E0-3F-49-A3-56-A2
   DNS Servers . . . . . . . . . . . : 10.0.0.138
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  dsldevice.gateway
Address:  10.0.0.138
 
Name:    google.com
Addresses:  2404:6800:4006:802::200e
 144.131.81.98
 144.131.81.103
 144.131.81.84
 144.131.81.89
 144.131.81.104
 144.131.81.119
 144.131.81.99
 144.131.81.93
 144.131.81.114
 144.131.81.113
 144.131.81.118
 144.131.81.108
 144.131.81.94
 144.131.81.123
 144.131.81.88
 144.131.81.109
 
 
Pinging google.com [144.131.81.123] with 32 bytes of data:
Reply from 144.131.81.123: bytes=32 time=7ms TTL=59
Reply from 144.131.81.123: bytes=32 time=7ms TTL=59
 
Ping statistics for 144.131.81.123:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 7ms, Maximum = 7ms, Average = 7ms
Server:  dsldevice.gateway
Address:  10.0.0.138
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=227ms TTL=46
Reply from 98.139.183.24: bytes=32 time=226ms TTL=46
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 226ms, Maximum = 227ms, Average = 226ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...e0 3f 49 a3 56 a2 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.138       10.0.0.129     25
         10.0.0.0    255.255.255.0         On-link        10.0.0.129    281
       10.0.0.129  255.255.255.255         On-link        10.0.0.129    281
       10.0.0.255  255.255.255.255         On-link        10.0.0.129    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link        10.0.0.129    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link        10.0.0.129    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  2    281 fe80::/64                On-link
  2    281 fe80::6581:ed6b:d25f:68ec/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/13/2016 09:21:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 06:23:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 06:23:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 06:22:02 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (10/13/2016 06:21:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 10:48:42 AM) (Source: Application Error) (User: )
Description: Faulting application name: esetonlinescanner_enu.exe, version: 2.0.12.0, time stamp: 0x57ac3e59
Faulting module name: esetonlinescanner_enu.exe, version: 2.0.12.0, time stamp: 0x57ac3e59
Exception code: 0xc0000005
Fault offset: 0x001a3524
Faulting process id: 0x1ec4
Faulting application start time: 0xesetonlinescanner_enu.exe0
Faulting application path: esetonlinescanner_enu.exe1
Faulting module path: esetonlinescanner_enu.exe2
Report Id: esetonlinescanner_enu.exe3
Faulting package full name: esetonlinescanner_enu.exe4
Faulting package-relative application ID: esetonlinescanner_enu.exe5
 
Error: (10/13/2016 09:39:57 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (10/13/2016 09:39:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/13/2016 09:39:13 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {00e7adab-c6bb-4abc-93be-fa1b415b4f3f}
 
Error: (10/12/2016 10:19:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: 771h5oen.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: 771h5oen.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x000136f5
Faulting process id: 0x1af4
Faulting application start time: 0x771h5oen.exe0
Faulting application path: 771h5oen.exe1
Faulting module path: 771h5oen.exe2
Report Id: 771h5oen.exe3
Faulting package full name: 771h5oen.exe4
Faulting package-relative application ID: 771h5oen.exe5
 
 
System errors:
=============
Error: (10/13/2016 09:21:33 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (10/13/2016 09:04:38 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:04:08 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:03:37 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:03:07 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:02:37 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:02:07 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:01:37 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:01:07 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (10/13/2016 09:00:37 PM) (Source: DCOM) (User: SNEAKYSMACHINE)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
 
Microsoft Office Sessions:
=========================
Error: (10/13/2016 09:21:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 06:23:39 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 06:23:21 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 06:22:02 PM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (10/13/2016 06:21:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 10:48:42 AM) (Source: Application Error)(User: )
Description: esetonlinescanner_enu.exe2.0.12.057ac3e59esetonlinescanner_enu.exe2.0.12.057ac3e59c0000005001a35241ec401d224e30a49997fC:\Users\matth\Downloads\esetonlinescanner_enu.exeC:\Users\matth\Downloads\esetonlinescanner_enu.exeef239e00-7bf2-4f59-a629-9dd29fe8c6b6
 
Error: (10/13/2016 09:39:57 AM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x8007001f, A device attached to the system is not functioning.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (10/13/2016 09:39:20 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (10/13/2016 09:39:13 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {00e7adab-c6bb-4abc-93be-fa1b415b4f3f}
 
Error: (10/12/2016 10:19:47 PM) (Source: Application Error)(User: )
Description: 771h5oen.exe2.2.19882.056e2cdca771h5oen.exe2.2.19882.056e2cdcac0000005000136f51af401d224727e0f654bC:\Users\matth\Downloads\771h5oen.exeC:\Users\matth\Downloads\771h5oen.exe3b28c5e4-eb70-4b0d-8f29-f08fd06574b7
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-10-12 07:11:26.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-10-11 12:10:05.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-10-11 08:29:10.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-10-11 08:28:59.406
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
 
 
=========================== Installed Programs ============================
 
AlienFX for IskuFX (HKLM\...\{2C3FC2CC-0A8B-409E-B487-8CD54F4DC1D4}) (Version: 1.02 - Roccat GmbH) Hidden
AlienFX for IskuFX (HKLM-x32\...\InstallShield_{2C3FC2CC-0A8B-409E-B487-8CD54F4DC1D4}) (Version: 1.02 - Roccat GmbH)
AlienFX for KoneXTD (HKLM\...\{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH) Hidden
AlienFX for KoneXTD (HKLM-x32\...\InstallShield_{48725548-E470-4816-99DD-6667EABAB982}) (Version: 1.02 - Roccat GmbH)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 373.06 - NVIDIA Corporation) Hidden
Batman: Arkham City GOTY (HKLM\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Grim Dawn (HKLM\...\Steam App 219990) (Version:  - Crate Entertainment)
LEGO® Worlds (HKLM\...\Steam App 332310) (Version:  - TT Games)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 373.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 373.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.1.1.35466 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
ROCCAT Isku FX Keyboard Driver (HKLM-x32\...\{DC69933C-E7B0-455D-8E54-FAC1EEF046FF}) (Version:  - Roccat GmbH)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)
Roccat Talk (HKLM-x32\...\{605D671E-1D1E-4840-84D9-BFACE17F160D}) (Version: 1.00.0013 - Roccat GmbH)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Sword Coast Legends (HKLM\...\Steam App 325600) (Version:  - n-Space)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wasteland 2: Director's Cut (HKLM\...\Steam App 404730) (Version:  - inXile Entertainment)
XCOM: Enemy Unknown (HKLM\...\Steam App 200510) (Version:  - Firaxis Games)
 
========================= Devices: ================================
 
Name: Intel® 8 Series/C220 Series USB EHCI #1 - 8C26
Description: Intel® 8 Series/C220 Series USB EHCI #1 - 8C26
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Device ID: PCI\VEN_8086&DEV_8C26&SUBSYS_85341043&REV_05\3&11583659&0&E8
 
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Device ID: HID\VID_1E7D&PID_3264&MI_01&COL01\7&31E19FF&0&0000
 
Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C01\1
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C02\1
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C02\2
 
Name: Intel® Management Engine Interface 
Description: Intel® Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Device ID: PCI\VEN_8086&DEV_8C3A&SUBSYS_85341043&REV_04\3&11583659&0&B0
 
Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: PCI\VEN_8086&DEV_0C00&SUBSYS_85341043&REV_06\3&11583659&0&00
 
Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C0B\0
 
Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C0B\1
 
Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C0B\2
 
Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C0B\3
 
Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C0B\4
 
Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Device ID: SWD\PRINTENUM\PRINTQUEUES
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&78CD1A&0
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Device ID: HID\VID_1E7D&PID_2E22&MI_00&COL04\7&3072CA1B&0&0003
 
Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: volmgr
Device ID: ROOT\VOLMGR\0000
 
Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Device ID: HID\VID_1E7D&PID_3264&MI_00\7&164E363D&0&0000
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_859E1043&REV_11\4&33CE3517&0&00E2
 
Name: Fax
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Device ID: SWD\PRINTENUM\{1A8FBFD1-BBB0-4C28-A2F8-946A33E6DDAA}
 
Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C04\4&1E24C1BE&0
 
Name: Microsoft Basic Display Driver
Description: Microsoft Basic Display Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Device ID: ROOT\BASICDISPLAY\0000
 
Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\THERMALZONE\TZ00
 
Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\THERMALZONE\TZ01
 
Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Device ID: ACPI\PNP0C14\ASUSWMI
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&5854A60&0
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_104385B0&REV_1003\4&CD9EA92&0&0001
 
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0103\0
 
Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Device ID: ROOT\COMPOSITEBUS\0000
 
Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Device ID: ROOT\VDRVROOT\0000
 
Name: Intel® USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Description: USB xHCI Compliant Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Generic USB xHCI Host Controller
Service: USBXHCI
Device ID: PCI\VEN_8086&DEV_8C31&SUBSYS_85341043&REV_05\3&11583659&0&A0
 
Name: Legacy device
Description: Legacy device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
Device ID: ACPI\INT0800\4&1E24C1BE&0
 
Name: Microsoft Storage Spaces Controller
Description: Microsoft Storage Spaces Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: spaceport
Device ID: ROOT\SPACEPORT\0000
 
Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
Device ID: USB\VID_8087&PID_8000\5&18088FC2&0&1
 
Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Device ID: ACPI\PNP0501\1
 
Name: PCI-to-PCI Bridge
Description: PCI-to-PCI Bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1B21&DEV_1080&SUBSYS_84891043&REV_03\4&37F85449&0&00E3
 
Name: Intel® Core™ i5-4670K CPU @ 3.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4670K_CPU_@_3.40GHZ\_1
 
Name: Intel® Core™ i5-4670K CPU @ 3.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4670K_CPU_@_3.40GHZ\_2
 
Name: Intel® Core™ i5-4670K CPU @ 3.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4670K_CPU_@_3.40GHZ\_3
 
Name: Intel® Core™ i5-4670K CPU @ 3.40GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4670K_CPU_@_3.40GHZ\_4
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT4
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT5
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT6
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT7
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{E83AA619-462F-11E6-9D8C-806E6F6E6963}#0000000000100000
 
Name: AMDA00 Interface
Description: AMDA00 Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK Computer Inc.
Service: WUDFRd
Device ID: ACPI\PNP0A0A\2&DABA3FF&1
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_10DE&DEV_10F1&SUBSYS_37161458&REV_A1\4&3834D97&0&0108
 
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Device ID: USB\VID_1E7D&PID_3264\5&15C311E1&0&4
 
Name: Intel® 8 Series/C220 Series PCI Express Root Port #1 - 8C10
Description: Intel® 8 Series/C220 Series PCI Express Root Port #1 - 8C10
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service: pci
Device ID: PCI\VEN_8086&DEV_8C10&SUBSYS_85341043&REV_D5\3&11583659&0&E0
 
Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0100\4&1E24C1BE&0
 
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Device ID: USB\VID_1E7D&PID_2E22\5&15C311E1&0&3
 
Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: ROOT\UMBUS\0000
 
Name: Microsoft Radio Device Enumeration Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Device ID: SWD\RADIO\{3DB5895D-CC28-44B3-AD3D-6F01A782B8D2}
 
Name: Microsoft Device Association Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Device ID: SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}
 
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Device ID: HID\VID_1E7D&PID_2E22&MI_00&COL01\7&3072CA1B&0&0000
 
Name: Intel® 8 Series/C220 Series SMBus Controller - 8C22
Description: Intel® 8 Series/C220 Series SMBus Controller - 8C22
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service: 
Device ID: PCI\VEN_8086&DEV_8C22&SUBSYS_85341043&REV_05\3&11583659&0&FB
 
Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000
 
Name: PCI Express Root Complex
Description: PCI Express Root Complex
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A08\0
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{E83AA618-462F-11E6-9D8C-806E6F6E6963}#0000000000100000
 
Name: Microphone (High Definition Audio Device)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service: 
Device ID: SWD\MMDEVAPI\{0.0.1.00000000}.{0CB4B6D5-99CB-47D9-A459-0B845D3A8D49}
 
Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Device ID: HTREE\ROOT\0
 
Name: Microsoft Basic Render Driver
Description: Microsoft Basic Render Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BasicRender
Device ID: ROOT\BASICRENDER\0000
 
Name: Intel® Z87 LPC Controller - 8C44
Description: Intel® Z87 LPC Controller - 8C44
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service: msisadrv
Device ID: PCI\VEN_8086&DEV_8C44&SUBSYS_85341043&REV_05\3&11583659&0&F8
 
Name: SAMSUNG-4 (NVIDIA High Definition Audio)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service: 
Device ID: SWD\MMDEVAPI\{0.0.0.00000000}.{AB6A0ADF-0C04-409A-862E-8DD499089427}
 
Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0084&SUBSYS_14583716&REV_1001\5&2CF8BF14&0&0001
 
Name: Microsoft XPS Document Writer
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Device ID: SWD\PRINTENUM\{8655806B-8C3C-4B45-AF0C-D20DAB2617E6}
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{E83AA619-462F-11E6-9D8C-806E6F6E6963}#000000E8C4900000
 
Name: USB Root Hub (xHCI)
Description: USB Root Hub (xHCI)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB HUBs)
Service: USBHUB3
Device ID: USB\ROOT_HUB30\4&1ED8C4AE&0&0
 
Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&1
 
Name: HL-DT-ST DVDRAM GH22NS50
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: SCSI\CDROM&VEN_HL-DT-ST&PROD_DVDRAM_GH22NS50\4&E937C7&0&010000
 
Name: Standard SATA AHCI Controller
Description: Standard SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Standard SATA AHCI Controller
Service: storahci
Device ID: PCI\VEN_8086&DEV_8C02&SUBSYS_85341043&REV_05\3&11583659&0&FA
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C02\10
 
Name: PCI-to-PCI Bridge
Description: PCI-to-PCI Bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_8086&DEV_0C01&SUBSYS_85341043&REV_06\3&11583659&0&08
 
Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
Device ID: USB\VID_8087&PID_8008\5&49593B2&0&1
 
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 
Device ID: HID\VID_1E7D&PID_2E22&MI_00&COL02\7&3072CA1B&0&0001
 
Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Device ID: ACPI\PNP0C14\MXM2
 
Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Device ID: HID\VID_1E7D&PID_2E22&MI_01\7&1D42ADDD&0&0000
 
Name: Microsoft GS Wavetable Synth
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Device ID: SWD\MMDEVAPI\MICROSOFTGSWAVETABLESYNTH
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_8086&DEV_8C20&SUBSYS_85B01043&REV_05\3&11583659&0&D8
 
Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C0C\AA
 
Name: Headphones (High Definition Audio Device)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service: 
Device ID: SWD\MMDEVAPI\{0.0.0.00000000}.{A6218D25-2961-4F0B-8A17-BBE21A7CCA6D}
 
Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0B00\4&1E24C1BE&0
 
Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
Device ID: DISPLAY\SAM0B30\5&251A6C33&0&UID4353
 
Name: Intel® 8 Series/C220 Series USB EHCI #2 - 8C2D
Description: Intel® 8 Series/C220 Series USB EHCI #2 - 8C2D
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Device ID: PCI\VEN_8086&DEV_8C2D&SUBSYS_85341043&REV_05\3&11583659&0&D0
 
Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0000\4&1E24C1BE&0
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C02\111
 
Name: ST1000DM003-1CH162
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: SCSI\DISK&VEN_&PROD_ST1000DM003-1CH1\4&E937C7&0&000000
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_1E7D&PID_2E22&MI_01\6&1406C24&0&0001
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Device ID: HID\VID_1E7D&PID_2E22&MI_00&COL03\7&3072CA1B&0&0002
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_1E7D&PID_2E22&MI_00\6&1406C24&0&0000
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\INT3F0D\4&1E24C1BE&0
 
Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\MSSMBIOS\0000
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_1E7D&PID_3264&MI_01\6&5F63851&0&0001
 
Name: Intel® 8 Series/C220 Series PCI Express Root Port #3 - 8C14
Description: Intel® 8 Series/C220 Series PCI Express Root Port #3 - 8C14
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service: pci
Device ID: PCI\VEN_8086&DEV_8C14&SUBSYS_85341043&REV_D5\3&11583659&0&E2
 
Name: PCI-to-PCI Bridge
Description: PCI-to-PCI Bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_85341043&REV_D5\3&11583659&0&E3
 
Name: Digital Audio (S/PDIF) (High Definition Audio Device)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service: 
Device ID: SWD\MMDEVAPI\{0.0.0.00000000}.{B732A246-A177-4CA2-98DC-6C1F7D1E3CF2}
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{E83AA618-462F-11E6-9D8C-806E6F6E6963}#000000001F500000
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_1E7D&PID_3264&MI_00\6&5F63851&0&0000
 
Name: NVIDIA GeForce GTX 1060 6GB
Description: NVIDIA GeForce GTX 1060 6GB
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Device ID: PCI\VEN_10DE&DEV_1C03&SUBSYS_37161458&REV_A1\4&3834D97&0&0008
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Device ID: HID\VID_1E7D&PID_3264&MI_01&COL05\7&31E19FF&0&0004
 
Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000
 
Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0200\4&1E24C1BE&0
 
Name: ST31000528ASQ
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: SCSI\DISK&VEN_&PROD_ST31000528ASQ\4&E937C7&0&030000
 
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Device ID: HID\VID_1E7D&PID_3264&MI_01&COL04\7&31E19FF&0&0003
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Device ID: ROOT\RDPBUS\0000
 
Name: HID-compliant system controller
Description: HID-compliant system controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Device ID: HID\VID_1E7D&PID_3264&MI_01&COL03\7&31E19FF&0&0002
 
Name: Microsoft Print to PDF
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Device ID: SWD\PRINTENUM\{5E754652-F5B7-4038-8839-BF0E8E82BC5E}
 
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 
Device ID: HID\VID_1E7D&PID_3264&MI_01&COL02\7&31E19FF&0&0001
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 11%
Total physical RAM: 32706.36 MB
Available physical RAM: 28973 MB
Total Virtual: 37826.36 MB
Available Virtual: 33632.21 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931.07 GB) (Free:874.29 GB) NTFS
2 Drive d: () (Fixed) (Total:931.02 GB) (Free:567.76 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SNEAKYSMACHINE
 
Administrator            DefaultAccount           Guest                    
matth                    
 
========================= Minidump Files ==================================
 
C:\WINDOWS\Minidump\101216-24375-01.dmp
C:\WINDOWS\Minidump\101216-24765-01.dmp
========================= Restore Points ==================================
 
11-10-2016 00:51:34 Windows Update
11-10-2016 04:31:38 JRT Pre-Junkware Removal
13-10-2016 08:23:21 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
13-10-2016 08:23:36 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
13-10-2016 11:21:06 JRT Pre-Junkware Removal
 
**** End of log ****


#12 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 13 October 2016 - 08:51 PM

I thought I would also mention that today all my games started taking up to 3 mins to load, the screen would flash and blink out then reappear before finally loading into the game. And Battlefield 4 wont load at all keeps timing out everytime I try to connect to a server, this a new problem I have never had before.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 14 October 2016 - 09:21 AM


Nothing I fix in my Fixlog could create any problems.

Restart the computer normally. If the problem persists restore your system with the point created by the Farbar tool.
It was created by the Restore command I used in the fixkist.

Quote from hour Fixlog.txt file.
Restore point was successfully created.

When done restart the computer normally.

If the problem persists please run the Farbar tool normally.
Post fresh FRST and Addition.txt files for my review.

Let me know what issues you are having.

#14 SneakyArab

SneakyArab
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 14 October 2016 - 06:09 PM

So you are saying that there is no longer a virus on my PC and that it looks to have been removed. If so what about remaining files or invalid registry entry's it may have left behind. I was really worried as it was a persistent virus and took many attempts to find the parent file which Im hoping it was. I wish I could better explain  the PC's problems but the main issue seems to be the games taking forever to load and struggling to load any in fullscreen mode. Well thanks for the help if thats it and let me know of anything I may have to do. Anyways I will leave and here are two more to browse over just in case

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-10-12 19:57:49
-----------------------------
19:57:49.257    OS Version: Windows x64 6.2.9200 
19:57:49.257    Number of processors: 4 586 0x3C03
19:57:49.257    ComputerName: SNEAKYSMACHINE  UserName: matth
19:57:50.810    Initialize success
19:57:57.310    VM: initialized successfully
19:57:57.310    VM: Intel CPU BiosDisabled 
19:58:21.322    Disk 0  \Device\Harddisk0\DR0 -> \Device\0000002c
19:58:21.322    Disk 0 Vendor: ST1000DM003-1CH162 CC49 Size: 953869MB BusType: 11
19:58:21.322    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000002e
19:58:21.322    Disk 1 Vendor: ST31000528ASQ AP24 Size: 953869MB BusType: 11
19:58:21.436    Disk 1 MBR read successfully
19:58:21.436    Disk 1 MBR scan
19:58:21.452    Disk 1 Windows 7 default MBR code
19:58:21.452    Disk 1 Partition 1 00     07      HPFS/NTFS NTFS       953416 MB offset 2048
19:58:21.483    Disk 1 Partition 2 00     27 Hidden NTFS WinRE NTFS          450 MB offset 1952598016
19:58:21.483    Disk 1 scanning C:\WINDOWS\system32\drivers
19:58:29.379    Service scanning
19:58:35.782    Modules scanning
19:58:35.798    Disk 1 trace - called modules:
19:58:35.819    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys storahci.sys hal.dll 
19:58:35.819    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffde096c3cf060]
19:58:35.819    3 CLASSPNP.SYS[fffff8064e7f5efb] -> nt!IofCallDriver -> [0xffffde096b98abc0]
19:58:35.835    5 ACPI.sys[fffff8064d884571] -> nt!IofCallDriver -> [0xffffde096b989c40]
19:58:35.835    7 ACPI.sys[fffff8064d884571] -> nt!IofCallDriver -> \Device\0000002e[0xffffde096b986400]
19:58:35.850    Disk 1 statistics 7647/0/0 @ 0.68 MB/s
19:58:35.850    Scan finished successfully
19:58:47.942    Disk 1 MBR has been saved successfully to "C:\Users\matth\Desktop\MBR.dat"
19:58:47.957    The log file has been saved successfully to "C:\Users\matth\Desktop\aswMBR.txt"
 
GMER LOG
GMER 2.2.19882 - http://www.gmer.net
3rd party scan 2016-10-12 21:01:26
Windows 6.2.9200  x64 \Device\Harddisk1\DR1 -> \Device\0000002e ST31000528ASQ rev.AP24 931.51GB
Running: 771h5oen.exe; Driver: C:\Users\matth\AppData\Local\Temp\kwtcrfob.sys
 
 
---- Threads - GMER 2.2 ----
 
Thread   C:\WINDOWS\system32\csrss.exe [604:728]                                                                                             fffff641cfba6c20
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [3088:5024]                                                                                           0000000000a660ca
Thread   C:\WINDOWS\SYSTEM32\ntdll.dll [3088:2612]                                                                                           0000000000a6479a
 
---- Services - GMER 2.2 ----
 
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [AUTO] CDPUserSvc_53ef0                                           <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] MessagingService_53ef0                                   <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [AUTO] OneSyncSvc_53ef0                                           <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] PimIndexMaintenanceSvc_53ef0                             <-- ROOTKIT !!!
Service  C:\WINDOWS\System32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] UnistoreSvc_53ef0                                        <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] UserDataSvc_53ef0                                        <-- ROOTKIT !!!
Service  C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                   [MANUAL] WpnUserService_53ef0                                     <-- ROOTKIT !!!
 
---- Registry - GMER 2.2 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                   0x76 0x5A 0xA1 0xE2 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                               0x99 0xA9 0x33 0x3C ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-US                                                               9
Reg      HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SAM0B300_2C_07DD_53^006537865BE574ECBD1BDB75BA5C47DC@Timestamp  0xF0 0x93 0x59 0xE3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                    676
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                   2058502332
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                    42e0742c-7bea-49df-b420-df9ca6c
Reg      HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName                                                                         \BaseNamedObjects\WDI_{21d72145-a72c-4f0c-86ab-a49014bdd3bd}
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start                                                                                   2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName                                                              Global\MMF_BITS82bce059-b6a5-4861-8db1-d29e7472d0b3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BITS                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0@Type                                                                        224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0@Start                                                                       2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0@ErrorControl                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0@ImagePath                                                                   C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0@DisplayName                                                                 CDPUserSvc_53ef0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0@FailureActions                                                              0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0@Description                                                                 @%SystemRoot%\system32\cdpusersvc.dll,-101
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0\Security                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0\Security@Security                                                           0x01 0x00 0x14 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_53ef0                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{13873d52-e793-466b-b26a-8cee7147339a}@LastProbeTime               1476297063
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0@Type                                                                  224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0@Start                                                                 3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0@ErrorControl                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0@ImagePath                                                             C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0@DisplayName                                                           MessagingService_53ef0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0@FailureActions                                                        0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0@Description                                                           @%SystemRoot%\system32\MessagingService.dll,-101
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0\Security                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0\Security@Security                                                     0x01 0x00 0x14 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0\TriggerInfo                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0\TriggerInfo\0                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0\TriggerInfo\0@Type                                                    7
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0\TriggerInfo\0@Action                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0\TriggerInfo\0@Guid                                                    0x16 0x28 0x7A 0x2D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0\TriggerInfo\0@Data0                                                   0x75 0x18 0xBC 0xA3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0\TriggerInfo\0@DataType0                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_53ef0                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0@Type                                                                        224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0@Start                                                                       2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0@ErrorControl                                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0@ImagePath                                                                   C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0@DisplayName                                                                 Sync Host_53ef0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0@FailureActions                                                              0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0@Description                                                                 @%SystemRoot%\system32\APHostRes.dll,-10001
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0\Security                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0\Security@Security                                                           0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_53ef0                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0@Type                                                            224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0@Start                                                           3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0@ErrorControl                                                    0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0@ImagePath                                                       C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0@DisplayName                                                     Contact Data_53ef0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0@FailureActions                                                  0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0@Description                                                     @%SystemRoot%\system32\UserDataAccessRes.dll,-15000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0\Security                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0\Security@Security                                               0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_53ef0                                                                 
Reg      HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing                                2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                     ?Wed?, ?Oct ?12 ?16, 06:32:08 PM??????????????????????b????????
Reg      HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends                                                           504
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                     1042
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                    52
Reg      HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                              8
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{005cd443-950e-4a9f-a1fb-77fc26d3d5df}@LeaseObtainedTime         1476266274
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{005cd443-950e-4a9f-a1fb-77fc26d3d5df}@T1                        1476267912
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{005cd443-950e-4a9f-a1fb-77fc26d3d5df}@T2                        1476269262
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{005cd443-950e-4a9f-a1fb-77fc26d3d5df}@LeaseTerminatesTime       1476269874
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{005cd443-950e-4a9f-a1fb-77fc26d3d5df}@Dhcpv6State              1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0@Type                                                                       224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0@Start                                                                      3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0@ErrorControl                                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0@ImagePath                                                                  C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0@DisplayName                                                                User Data Storage_53ef0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0@FailureActions                                                             0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0@Description                                                                @%SystemRoot%\system32\UserDataAccessRes.dll,-10002
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0\Security                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0\Security@Security                                                          0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_53ef0                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0@Type                                                                       224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0@Start                                                                      3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0@ErrorControl                                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0@ImagePath                                                                  C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0@DisplayName                                                                User Data Access_53ef0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0@FailureActions                                                             0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0@Description                                                                @%SystemRoot%\system32\UserDataAccessRes.dll,-14000
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0\Security                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0\Security@Security                                                          0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_53ef0                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                 0xF8 0x1F 0x87 0xA9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                      0xF8 0x87 0x4B 0x0B ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                       0xF8 0xB7 0xC2 0x47 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0@Type                                                                    224
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0@Start                                                                   3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0@ErrorControl                                                            0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0@ImagePath                                                               C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0@DisplayName                                                             Windows Push Notifications User Service_53ef0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0@FailureActions                                                          0x80 0x51 0x01 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0@Description                                                             @%SystemRoot%\system32\WpnUserService.dll,-2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0\Security                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0\Security@Security                                                       0x01 0x00 0x04 0x80 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_53ef0                                                                         
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                                  0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                              0x64 0x62 0x03 0x00 ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E281AD41-AAC7-40A7-B412-8D60165FA7A5}@LastAccessedTime            0x20 0x90 0x09 0x57 ...
Reg      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{E281AD41-AAC7-40A7-B412-8D60165FA7A5}@LaunchCount                 1
 
---- EOF - GMER 2.2 ----
Once again thankyou for your help!


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 15 October 2016 - 12:29 PM



In case you have a CD emulator disable it.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

If you did have a CD emunerator and you disabled it run the GMER and the aswMBR tools one more time.
Post the refresh logs.

==

===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users