Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have No Idea If I'm Infected Or Not


  • Please log in to reply
25 replies to this topic

#1 MM208

MM208

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 28 December 2016 - 06:23 PM

Hi all. I'm running Windows 10 on a new Dell pc. I have been using various free anti virus software such as Avira and Avast. My pc seems to be awfully slow lately. I notice lag in the mouse and hesitation when doing just about anything. I have run scans and they come up negative. I was wondering if it was possible I have something more serious that they aren't locating.

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 28 December 2016 - 08:09 PM

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

 

 

Security Check Scan.

 

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

 

MiniToolBox Scan.

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

 

 

 

 

 

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 28 December 2016 - 08:10 PM

I have been using various free anti virus software such as Avira and Avast.

 

You need only one real time protection software on your machine, uninstall ALL but ONE antivirus... A.S.A.P

 

 

 



#4 MM208

MM208
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 28 December 2016 - 08:18 PM

 

I have been using various free anti virus software such as Avira and Avast.

 

You need only one real time protection software on your machine, uninstall ALL but ONE antivirus... A.S.A.P

 

 

 

 

 

 

I didn't mean to imply that I use more than one at a time. I don't. Sorry.



#5 MM208

MM208
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 28 December 2016 - 08:20 PM

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

 

 

Security Check Scan.

 

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

 

MiniToolBox Scan.

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

 

 

 

 

 

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

 

Okay. Will do. Thanks.



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 28 December 2016 - 08:31 PM

Awaiting logs. :)



#7 MM208

MM208
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 29 December 2016 - 09:06 AM

Okay. This took awhile to complete so I didn't get it all done last night. I don't have a log file for the last utility because nothing was found. The 9Labs utility did find 5 items, one looked to be in the registry. All the various scans I have run from Avira, Avast, AVG, Trend Micro...etc., (not at the same time :grinner: ) never found a thing. I already see a big difference. Everything seems faster, the way it used to be. Now I just need to figure out how I include the logs in the posts. :scratchhead:

 



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 29 December 2016 - 09:09 AM

Copy the logs, then paste them in the reply box.



#9 MM208

MM208
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 29 December 2016 - 09:12 AM

Zemana AntiMalware 2.70.2.244 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/12/28
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Celeron® CPU N3150 @ 1.60GHz
BIOS Mode              : UEFI
CUID                   : 12FB12F8C8DDF065BD4702
Scan Type              : Custom Scan
Duration               : 62m 50s
Scanned Objects        : 237754
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

No threats detected
 

 


Edited by MM208, 29 December 2016 - 09:15 AM.


#10 MM208

MM208
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 29 December 2016 - 09:18 AM

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 28.12.2016 21:46:01
Path starting: C:\Users\luft3\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: luft3
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 17.09.2016 12:05:16
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [452.5 Gb] Used: [41.1 Gb] Free: [411.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled

Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
SUPERAntiSpyware v.6.0.1222
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.70.244
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 16.02 (x64) v.16.02 Warning! Download Update
Uninstall old version and install new one.
7-Zip 16.04 (x64 edition) v.16.04.00.0
VLC media player v.2.2.4
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat Reader DC v.15.020.20042
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 50.1.0 (x86 en-US) v.50.1.0
------------------ [ AntivirusFirewallProcessServices ] -------------------
SAS Core Service (!SASCORE) - The service is running
C:\Program Files\SUPERAntiSpyware\SASCore64.exe v.6.0.0.1080
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.0
C:\Program Files\Windows Defender\MpCmdRun.exe v.4.10.14393.0
C:\Program Files\Windows Defender\NisSrv.exe v.4.10.14393.0
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
----------------------------- [ End of Log ] ------------------------------
 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by luft3 (administrator) on 28-12-2016 at 21:55:37
Running from "C:\Users\luft3\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Inspiron 20-3052 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15566 entries.

========================= IP Configuration: ================================

Dell Wireless 1707 802.11b/g/n (2.4GHZ) = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
add route prefix=0.0.0.0/0 interface="iftype0_0" nexthop=192.168.1.254 metric=1 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-I87918H
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F4-8E-38-8C-5C-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 12-F7-72-68-B3-9B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Dell Wireless 1707 802.11b|g|n (2.4GHZ)
   Physical Address. . . . . . . . . : 30-F7-72-68-B3-9B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:c406:43f0:e8c5:6b70:a366:9980(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:306:c406:43f0:f03e:8df:b3bc:a54e(Preferred)
   Link-local IPv6 Address . . . . . : fe80::e8c5:6b70:a366:9980%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, December 28, 2016 8:04:49 AM
   Lease Expires . . . . . . . . . . : Thursday, December 29, 2016 8:38:16 PM
   Default Gateway . . . . . . . . . : fe80::fa2c:18ff:fe5c:f139%12
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 120649586
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-8F-2C-6B-F4-8E-38-8C-5C-4C
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 30-F7-72-68-B3-9C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c6e:34d9:3f57:febf(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c6e:34d9:3f57:febf%16(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 268435456
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-8F-2C-6B-F4-8E-38-8C-5C-4C
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  homeportal
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4002:c03::65
      74.125.138.101
      74.125.138.100
      74.125.138.139
      74.125.138.138
      74.125.138.102
      74.125.138.113


Pinging google.com [64.233.185.113] with 32 bytes of data:
Reply from 64.233.185.113: bytes=32 time=26ms TTL=45
Reply from 64.233.185.113: bytes=32 time=46ms TTL=45

Ping statistics for 64.233.185.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 46ms, Average = 36ms
Server:  homeportal
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=101ms TTL=44
Reply from 206.190.36.45: bytes=32 time=98ms TTL=44

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 98ms, Maximum = 101ms, Average = 99ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...f4 8e 38 8c 5c 4c ......Realtek PCIe GBE Family Controller
  4...12 f7 72 68 b3 9b ......Microsoft Wi-Fi Direct Virtual Adapter
 12...30 f7 72 68 b3 9b ......Dell Wireless 1707 802.11b|g|n (2.4GHZ)
 11...30 f7 72 68 b3 9c ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.64     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link      192.168.1.64    311
     192.168.1.64  255.255.255.255         On-link      192.168.1.64    311
    192.168.1.255  255.255.255.255         On-link      192.168.1.64    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.64    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.64    311
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0    192.168.1.254       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12    311 ::/0                     fe80::fa2c:18ff:fe5c:f139
  1    331 ::1/128                  On-link
 16    331 2001::/32                On-link
 16    331 2001:0:4137:9e76:1c6e:34d9:3f57:febf/128
                                    On-link
 12    311 2602:306:c406:43f0::/64  On-link
 12    311 2602:306:c406:43f0:e8c5:6b70:a366:9980/128
                                    On-link
 12    311 2602:306:c406:43f0:f03e:8df:b3bc:a54e/128
                                    On-link
 12    311 fe80::/64                On-link
 16    331 fe80::/64                On-link
 16    331 fe80::1c6e:34d9:3f57:febf/128
                                    On-link
 12    311 fe80::e8c5:6b70:a366:9980/128
                                    On-link
  1    331 ff00::/8                 On-link
 16    331 ff00::/8                 On-link
 12    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/28/2016 09:45:35 PM) (Source: Application Hang) (User: )
Description: The program SecurityCheck.exe version 1.4.0.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 26d8

Start Time: 01d2617d6c4dc67c

Termination Time: 4294967295

Application Path: C:\Users\luft3\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe

Report Id: de8e534a-cd70-11e6-b62f-30f77268b39c

Faulting package full name:

Faulting package-relative application ID:

Error: (12/28/2016 03:02:20 PM) (Source: ESENT) (User: )
Description: Windows.Media.Import.PhotoImport (8424) Windows.Media.Import.PhotoImport: The database engine detected multiple threads illegally using the same database session to perform database operations.

    SessionId: 0x0000023E47990920

    Session-context: 0x00000000

    Session-context ThreadId: 0x0000000000000000

    Current ThreadId: 0x00000000000021D8

    Session-trace:

Error: (12/28/2016 08:03:13 AM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (12/27/2016 05:08:30 PM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Passive Policy [2]

Error: (12/27/2016 05:08:30 PM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Critical Policy [1]

Error: (12/27/2016 05:08:30 PM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Active Policy [0]

Error: (12/27/2016 07:55:40 AM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (12/26/2016 01:26:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/26/2016 01:15:43 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/26/2016 12:44:56 PM) (Source: DPTF) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]


System errors:
=============
Error: (12/28/2016 11:00:49 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/28/2016 08:04:09 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/28/2016 08:04:09 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/27/2016 05:09:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/27/2016 05:09:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/27/2016 07:56:53 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/27/2016 07:56:53 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/27/2016 07:56:52 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/26/2016 01:15:20 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x200000000fc59.  The name of the file is "<unable to determine file name>".

Error: (12/26/2016 09:42:37 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (12/28/2016 09:45:35 PM) (Source: Application Hang)(User: )
Description: SecurityCheck.exe1.4.0.4626d801d2617d6c4dc67c4294967295C:\Users\luft3\AppData\Local\Temp\SecurityCheck\SecurityCheck.exede8e534a-cd70-11e6-b62f-30f77268b39c

Error: (12/28/2016 03:02:20 PM) (Source: ESENT)(User: )
Description: Windows.Media.Import.PhotoImport8424Windows.Media.Import.PhotoImport: 0x0000023E479909200x000000000x00000000000000000x00000000000021D8

Error: (12/28/2016 08:03:13 AM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (12/27/2016 05:08:30 PM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Passive Policy [2]

Error: (12/27/2016 05:08:30 PM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Critical Policy [1]

Error: (12/27/2016 05:08:30 PM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function:  PolicyBase::takeControlOfOsc
Message:  Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function:  EsifServices::primitiveExecuteSet
Message:  Error returned from ESIF services interface function call
Participant:  NoParticipant
Domain:  NoDomain
ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance:  255
ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


Policy:  Active Policy [0]

Error: (12/27/2016 07:55:40 AM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (12/26/2016 01:26:17 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (12/26/2016 01:15:43 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (12/26/2016 12:44:56 PM) (Source: DPTF)(User: )
Description: Intel® Dynamic Platform and Thermal FrameworkESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]


=========================== Installed Programs ============================

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{11F6087F-2114-45B5-9EB3-F80E1368CBE9}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.9.6 (HKLM-x32\...\Any Video Converter) (Version: 5.9.6 - Anvsoft)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F0DB834}) (Version: 3.4.13900.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell OSD (HKLM-x32\...\Dell OSD_is1) (Version: 1.3.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell Update (HKLM-x32\...\{2BE9948C-FD9C-40B0-AC04-EE2AAB4C19D4}) (Version: 1.8.1114.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Elevated Installer (HKLM-x32\...\{E4612F14-2D8D-4A1A-B8F9-B4DEDA68473F}) (Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{00bf033c-5ade-400f-a174-be74932eebc6}) (Version: 4.5.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{CA49099B-D84C-433C-9D94-B60A991BE323}) (Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{01B3689E-1900-44F1-9B14-63F2121E51CB}) (Version: 4.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6568.0 - Waves Audio Ltd.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Moo0 Disk Cleaner 1.23 (HKLM-x32\...\Moo0 DiskCleaner) (Version:  - )
Moo0 File Shredder 1.21 (HKLM-x32\...\Moo0 FileShredder) (Version:  - )
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Product Registration (HKLM\...\{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.244 - Zemana Ltd.)

========================= Devices: ================================

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Device ID: USB\VID_0C45&PID_6710&MI_00\6&1B53187F&0&0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 4009.44 MB
Available physical RAM: 1873.25 MB
Total Virtual: 5406.44 MB
Available Virtual: 2498.08 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:411.39 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-I87918H

Administrator            DefaultAccount           Guest                    
luft3                    


**** End of log ****
 

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 151.45776

Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.11.14393.0
luft3 :: DESKTOP-I87918H

12/28/2016 10:10:44 PM
9lab-log-2016-12-28 (22-10-44).txt

Scan type: Full
Objects scanned: 48048
Time Elapsed: 1 h 10 m

Registry Keys detected: 1
Adware.RPL.Downloader.vl [HKEY_CURRENT_USER\SOFTWARE\OCS]


Files detected: 3
[ACCBDEC10AE55877C7FBAEE2D76467F4] PUP.PL.Gen.dd [c:\windows\system32\tasks\PCDEventLauncherTask]
[4265526361F33CCFCDCEE01E8B1FC54C] Malware.MPL.Heur.vl [C:\Users\luft3\AppData\Local\Temp\BTF.vbs]
[4643E0B996595633B0ABDE2D1878CDE1] Malware.MPL.Heur.vl [C:\Users\luft3\AppData\Local\Temp\wget.js]

 



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 29 December 2016 - 09:19 AM

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.
 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.





  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

 

Reset Host File

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.


#12 MM208

MM208
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 29 December 2016 - 09:23 AM

Okay, will do.



#13 MM208

MM208
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 29 December 2016 - 10:14 AM

It's a good thing you told me where else to find the log file for the Adware Cleaner because I couldn't find it. :thumbsup2: 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by luft3 (Administrator) on Thu 12/29/2016 at  9:49:42.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\ProgramData\1466729316.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1468189454.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1468189458.bdinstall.bin (File)
Successfully deleted: C:\Users\luft3\AppData\Roaming\Mozilla\Firefox\Profiles\QRvkfGip.default\extensions\safesearchplus2@avira.com\data\search.xml (File)
Successfully deleted: C:\Users\luft3\AppData\Roaming\Mozilla\Firefox\Profiles\QRvkfGip.default\extensions\safesearchplus2@avira.com\search.xml (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask-Retry (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0B9496C-C013-4163-8D99-A1195B2ECDC2} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/29/2016 at  9:52:08.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v6.041 - Logfile created 29/12/2016 at 09:39:15
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-29.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : luft3 - DESKTOP-I87918H
# Running from : C:\Users\luft3\Desktop\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.sof
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.softwa
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.s
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.softwa
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.soft
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2834 Bytes] - [29/12/2016 09:34:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [2740 Bytes] - [29/12/2016 09:39:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2813 Bytes] ##########
 

 

-|x| RstHosts v2.0 - Rapport créé le 29/12/2016 à 09:54:00
-|x| Système d'exploitation : Windows 10 Home  (64 bits)
-|x| Nom d'utilisateur : luft3 - DESKTOP-I87918H (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 30/10/2015 - 02:24:38
Date de modification : 29/12/2016 - 09:53:41
Date de dernier accès : 29/12/2016 - 09:53:41

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1       localhost
::1             localhost

-|x|- E.O.F - C:\RstHosts.txt - 610 bytes -|x|-
 



#14 MM208

MM208
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 29 December 2016 - 10:48 AM

It's interesting looking through these logs and trying to decipher what they mean. I see things that make me say, "Now, what is that? What does that mean?"



#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 29 December 2016 - 11:05 AM

At this point are you having any issues?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users