Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win Trojan Agent Detected in ClamWin


  • This topic is locked This topic is locked
10 replies to this topic

#1 xkoldrenx

xkoldrenx

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 10 January 2017 - 04:30 PM

I have a virus detected by clamwin portable scanner and would really like to find a way to remove it.. I have ESET and it doesn't even detect it.

 

C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\80d1ac155ebe0ec86c15490d0c15f04e\Microsoft.PowerShell.ConsoleHost.ni.dll: Win.Trojan.Agent-5312173-0 FOUND
 

 

--------------------------------------------------------------------------------------------------------------------------------

 

Farbar Service Scanner Version: 27-01-2016
Ran by xkoldrenx (administrator) on 10-01-2017 at 16:16:45
Running from "C:\Users\xkoldrenx\AppData\Local\Temp\scoped_dir31924_2788"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
-------------------------------------------------------------------------------------

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
-------------------------------------------------------------------------------------------

MiniToolBox by Farbar  Version: 17-06-2016
Ran by xkoldrenx (administrator) on 10-01-2017 at 16:17:57
Running from "C:\Users\xkoldrenx\AppData\Local\Temp\scoped_dir31924_525"
Microsoft Windows 10 Home  (X64)
Model: P377SM-A Manufacturer: Notebook
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Killer Wireless-N 1202 Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
TAP-Windows Adapter V9 = Ethernet 2 (Media disconnected)
Anchorfree HSS VPN Adapter = Ethernet 4 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
add route prefix=104.96.147.3/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=111.221.29.177/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=111.221.29.253/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=131.253.40.37/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.115.60/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.165.248/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.165.253/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.185.70/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.30.202/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=137.116.81.24/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=137.117.235.16/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.55.129.21/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.55.133.204/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.55.240.220/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.106.189/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.121.89/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.124.87/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.91.77/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.96.54/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=168.63.108.233/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.139.2/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.139.254/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.80.58/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.80.62/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.237.208.126/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=2.22.61.43/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=2.22.61.66/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.200/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.46.101.29/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.46.114.58/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.46.223.94/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.68.166.254/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=212.30.134.204/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=212.30.134.205/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.102.21.4/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.218.212.69/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.223.20.82/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.57.101.163/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.57.107.163/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.57.107.27/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.99.10.11/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=64.4.54.22/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=64.4.54.32/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=64.4.6.100/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.39.117.230/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.11/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.7/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.9/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.91/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.92/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.93/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.94/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.108.29/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.108.33/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.108.23/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.138.114/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.138.126/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.138.186/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.63/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.71/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.92/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.93/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.29.238/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.39.10/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=77.67.29.176/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-8V2F31A
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 80-FA-5B-11-5A-37
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-29-AF-65-5F-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 46-29-AF-65-5F-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-3D-10-CF-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Killer Wireless-N 1202 Network Adapter
   Physical Address. . . . . . . . . : 74-29-AF-65-5F-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ac9a:60c4:ea03:1651%21(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.227.25.111(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.192.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 10, 2017 12:11:13 PM
   Lease Expires . . . . . . . . . . : Wednesday, January 11, 2017 2:44:22 PM
   Default Gateway . . . . . . . . . : 10.227.0.1
   DHCP Server . . . . . . . . . . . : 1.1.1.1
   DHCPv6 IAID . . . . . . . . . . . : 125053359
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-00-B6-4A-80-FA-5B-11-5A-37
   DNS Servers . . . . . . . . . . . : 74.82.42.42
                                       199.2.252.10
                                       10.227.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-B0-E4-22-5A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 74-29-AF-65-5F-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  ordns.he.net
Address:  74.82.42.42
 
Name:    google.com
Addresses:  2607:f8b0:4004:80c::200e
 216.58.217.110
 
 
Pinging google.com [216.58.217.110] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 216.58.217.110:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server:  ordns.he.net
Address:  74.82.42.42
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 20...80 fa 5b 11 5a 37 ......Realtek PCIe GBE Family Controller
 13...16 29 af 65 5f 79 ......Microsoft Wi-Fi Direct Virtual Adapter
 17...46 29 af 65 5f 79 ......Microsoft Hosted Network Virtual Adapter
  4...00 ff 3d 10 cf fa ......TAP-Windows Adapter V9
 21...74 29 af 65 5f 79 ......Killer Wireless-N 1202 Network Adapter
 10...00 ff b0 e4 22 5a ......Anchorfree HSS VPN Adapter
  5...74 29 af 65 5f 7a ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.227.0.1    10.227.25.111     50
       10.227.0.0    255.255.192.0         On-link     10.227.25.111    306
    10.227.25.111  255.255.255.255         On-link     10.227.25.111    306
    10.227.63.255  255.255.255.255         On-link     10.227.25.111    306
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     10.227.25.111    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     10.227.25.111    306
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
     104.96.147.3  255.255.255.255         On-link        1
   111.221.29.177  255.255.255.255         On-link        1
   111.221.29.253  255.255.255.255         On-link        1
    131.253.40.37  255.255.255.255         On-link        1
   134.170.115.60  255.255.255.255         On-link        1
  134.170.165.248  255.255.255.255         On-link        1
  134.170.165.253  255.255.255.255         On-link        1
   134.170.185.70  255.255.255.255         On-link        1
   134.170.30.202  255.255.255.255         On-link        1
    137.116.81.24  255.255.255.255         On-link        1
   137.117.235.16  255.255.255.255         On-link        1
    157.55.129.21  255.255.255.255         On-link        1
   157.55.133.204  255.255.255.255         On-link        1
   157.55.240.220  255.255.255.255         On-link        1
   157.56.106.189  255.255.255.255         On-link        1
    157.56.121.89  255.255.255.255         On-link        1
    157.56.124.87  255.255.255.255         On-link        1
     157.56.91.77  255.255.255.255         On-link        1
     157.56.96.54  255.255.255.255         On-link        1
   168.63.108.233  255.255.255.255         On-link        1
    191.232.139.2  255.255.255.255         On-link        1
  191.232.139.254  255.255.255.255         On-link        1
    191.232.80.58  255.255.255.255         On-link        1
    191.232.80.62  255.255.255.255         On-link        1
  191.237.208.126  255.255.255.255         On-link        1
       2.22.61.43  255.255.255.255         On-link        1
       2.22.61.66  255.255.255.255         On-link        1
   204.79.197.200  255.255.255.255         On-link        1
    207.46.101.29  255.255.255.255         On-link        1
    207.46.114.58  255.255.255.255         On-link        1
    207.46.223.94  255.255.255.255         On-link        1
   207.68.166.254  255.255.255.255         On-link        1
   212.30.134.204  255.255.255.255         On-link        1
   212.30.134.205  255.255.255.255         On-link        1
      23.102.21.4  255.255.255.255         On-link        1
    23.218.212.69  255.255.255.255         On-link        1
     23.223.20.82  255.255.255.255         On-link        1
    23.57.101.163  255.255.255.255         On-link        1
    23.57.107.163  255.255.255.255         On-link        1
     23.57.107.27  255.255.255.255         On-link        1
      23.99.10.11  255.255.255.255         On-link        1
       64.4.54.22  255.255.255.255         On-link        1
       64.4.54.32  255.255.255.255         On-link        1
       64.4.6.100  255.255.255.255         On-link        1
    65.39.117.230  255.255.255.255         On-link        1
     65.52.100.11  255.255.255.255         On-link        1
      65.52.100.7  255.255.255.255         On-link        1
      65.52.100.9  255.255.255.255         On-link        1
     65.52.100.91  255.255.255.255         On-link        1
     65.52.100.92  255.255.255.255         On-link        1
     65.52.100.93  255.255.255.255         On-link        1
     65.52.100.94  255.255.255.255         On-link        1
     65.52.108.29  255.255.255.255         On-link        1
     65.52.108.33  255.255.255.255         On-link        1
     65.55.108.23  255.255.255.255         On-link        1
    65.55.138.114  255.255.255.255         On-link        1
    65.55.138.126  255.255.255.255         On-link        1
    65.55.138.186  255.255.255.255         On-link        1
     65.55.252.63  255.255.255.255         On-link        1
     65.55.252.71  255.255.255.255         On-link        1
     65.55.252.92  255.255.255.255         On-link        1
     65.55.252.93  255.255.255.255         On-link        1
     65.55.29.238  255.255.255.255         On-link        1
      65.55.39.10  255.255.255.255         On-link        1
     77.67.29.176  255.255.255.255         On-link        1
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 21    306 fe80::/64                On-link
 21    306 fe80::ac9a:60c4:ea03:1651/128
                                    On-link
  1    331 ff00::/8                 On-link
 21    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/10/2017 04:18:19 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (01/10/2017 04:18:19 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (01/10/2017 04:18:19 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (01/10/2017 04:18:14 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (01/10/2017 04:18:14 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (01/10/2017 04:18:14 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (01/10/2017 04:18:09 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (01/10/2017 04:18:09 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (01/10/2017 04:18:09 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
Error: (01/10/2017 04:18:04 PM) (Source: SecurityCenter) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).
 
 
System errors:
=============
Error: (01/10/2017 02:35:30 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (01/10/2017 02:35:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
 
Error: (01/10/2017 12:02:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/10/2017 12:02:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/10/2017 12:02:37 PM) (Source: Service Control Manager) (User: )
Description: The WMPNetworkSvc service terminated with the following error: 
%%1008 = An attempt was made to reference a token that does not exist.
 
 
Error: (01/10/2017 12:02:36 PM) (Source: Service Control Manager) (User: )
Description: The HvHost service terminated with the following error: 
%%31 = A device attached to the system is not functioning.
 
 
Error: (01/10/2017 12:02:36 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (01/10/2017 11:14:52 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WMI Performance Adapter service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (01/10/2017 11:13:20 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (01/10/2017 11:12:52 AM) (Source: Service Control Manager) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/10/2017 04:18:19 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
Error: (01/10/2017 04:18:19 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
Error: (01/10/2017 04:18:19 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
Error: (01/10/2017 04:18:14 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
Error: (01/10/2017 04:18:14 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
Error: (01/10/2017 04:18:14 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
Error: (01/10/2017 04:18:09 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
Error: (01/10/2017 04:18:09 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
Error: (01/10/2017 04:18:09 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
Error: (01/10/2017 04:18:04 PM) (Source: SecurityCenter)(User: )
Description: SECURITY_PRODUCT_STATE_ON
 
 
CodeIntegrity Errors:
===================================
  Date: 2017-01-10 14:35:33.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-10 14:02:54.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-10 12:56:12.433
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-01-10 12:36:47.500
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-10 12:31:06.308
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-10 12:26:48.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-01-10 12:11:27.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-10 12:11:13.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-01-10 12:04:41.903
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-10 12:03:18.918
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
Avira Connect (HKLM-x32\...\{7774002B-60B3-4146-BF82-5BF767D468B8}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.3.19655 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Driver Booster 4.1 (HKLM-x32\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
ESET Internet Security (HKLM\...\{78044E82-0B61-42DA-A4E6-9BD0BD28797F}) (Version: 10.0.386.0 - ESET, spol. s r.o.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hotspot Shield 6.2.0 (HKLM-x32\...\{08543744-c005-4d26-87f3-1c0b86bc466d}) (Version: 6.2.0.10083 - AnchorFree Inc.)
Hotspot Shield 6.2.0 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925B147AA86}) (Version: 6.2.0.10083 - AnchorFree Inc.) Hidden
Hotspot Shield 6.2.0 (HKLM-x32\...\HotspotShield) (Version: 6.2.0 - AnchorFree Inc.) Hidden
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.404761.40 - Comodo)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit)
KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software)
Logitech Gaming Software 8.90 (HKLM\...\Logitech Gaming Software) (Version: 8.90.117 - Logitech Inc.)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Micron Storage Executive (HKCU\...\Micron Storage Executive 3.38.102016.07) (Version: 3.38.102016.07 - Micron Technology)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.27055 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7629 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
STAR WARS™ Jedi Knight™ - Jedi Academy™ (HKLM-x32\...\1428935726_is1) (Version: 2.0.0.4 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Tether (HKLM-x32\...\{C5C67EA4-16FA-473C-B274-904A71162DE4}) (Version: 1.0.1 - ClockworkMod)
Tweaking.com - Advanced System Tweaker (HKLM-x32\...\Tweaking.com - Advanced System Tweaker) (Version: 2.0.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.22 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
 
========================= Devices: ================================
 
Name: Synaptics SMBus TouchPad
Description: Synaptics SMBus TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Device ID: ACPI\SYN1214\3
Problem: : This device cannot work properly until you restart your computer. (Code14)
Resolution: Restart your computer.
 
Name: Insyde Airplane Mode HID Mini-Driver
Description: Insyde Airplane Mode HID Mini-Driver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Insyde
Service: AirplaneModeHid
Device ID: ACPI\PNPC000\1
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 38%
Total physical RAM: 16329.15 MB
Available physical RAM: 10111.68 MB
Total Virtual: 18761.15 MB
Available Virtual: 11882.91 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:475.45 GB) (Free:306.65 GB) NTFS
2 Drive d: () (Fixed) (Total:931.51 GB) (Free:881.36 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-8V2F31A
 
Administrator            DefaultAccount           defaultuser0             
Guest                    xkoldrenx                
 
========================= Minidump Files ==================================
 
C:\WINDOWS\Minidump\010617-12296-01.dmp
========================= Restore Points ==================================
 
08-01-2017 04:35:41 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
08-01-2017 04:35:56 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
08-01-2017 18:15:57 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
08-01-2017 18:16:05 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
08-01-2017 22:55:42 Installed DirectX
10-01-2017 16:12:51 Driver Booster : Synaptics PS/2 Port TouchPad
10-01-2017 17:11:51 Driver Booster : Synaptics PS/2 Port TouchPad
10-01-2017 19:38:39 Windows Modules Installer
 
**** End of log ****
----------------------------------------------------------------------------------------------------------------------

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/10/2017 04:24:02 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\XKOLDR~1\AppData\Local\Temp\scoped_dir31924_15513\SecurityCheck.exe (PID: 33072) [SUP-HEUR]
 * C:\Users\XKOLDR~1\AppData\Local\Temp\scoped_dir31924_2788\FSS.exe (PID: 33336) [SUP-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * agp440 [Missing Service]
 * DiagTrack [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 01/10/2017 04:24:14 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
 
 


BC AdBot (Login to Remove)

 


#2 xkoldrenx

xkoldrenx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 11 January 2017 - 10:39 AM

Did I post this right?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 11 January 2017 - 11:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We need the following information before suggesting any remedial action.


Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.
==============================

#4 xkoldrenx

xkoldrenx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 11 January 2017 - 03:18 PM

Attached File  mbamlogs.txt   1.02KB   3 downloads

 

Attached File  AdwCleanerS1.txt   1.27KB   2 downloads

 

Attached File  FRST.txt   236.49KB   3 downloads

 

Attached File  Addition.txt   50.1KB   4 downloads

 

 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 12 January 2017 - 09:30 AM


Please verify the integrity of the file in bold. Submit the file in bold to VirusTotal

Follow the instrutions on this page.
https://www.virustotal.com/

C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\80d1ac155ebe0ec86c15490d0c15f04e\Microsoft.PowerShell.ConsoleHost.ni.dll

Post the results for my review.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1788167875-423910536-2191347671-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\xkoldrenx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xkoldrenx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-05]
CHR Extension: (Chrome Media Router) - C:\Users\xkoldrenx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-05]
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2664568 2016-12-29] (AnchorFree Inc.)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
U0 aswVmm; no ImagePath
U4 edevmon; system32\DRIVERS\edevmon.sys [X]
U4 ekbdflt; \SystemRoot\system32\DRIVERS\ekbdflt.sys [X]
U4 epfw; \SystemRoot\system32\DRIVERS\epfw.sys [X]
U3 iswSvc; no ImagePath
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#6 xkoldrenx

xkoldrenx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 12 January 2017 - 11:59 AM

when I click choose file on virustotal i goto assembly folder but cannot see native images.. nor any folders just files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 12 January 2017 - 02:22 PM

The file is in this folder 80d1ac155ebe0ec86c15490d0c15f04e

#8 xkoldrenx

xkoldrenx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 12 January 2017 - 05:34 PM

No what i'm trying to say is once I goto assembly folder it only shows a list of files such as this.. I do not see a folder past assembly

 

Attached File  Untitled.jpg   80.2KB   0 downloads

 

Attached File  Untitled2.jpg   81.13KB   0 downloads

 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 13 January 2017 - 11:21 AM

I can see mine in Windows 10. I suspect that hour Operating files are Hidden.

Unhide files/folders Windows.
How To:

In Windows 10 follow one or the options on this page.
http://www.howtogeek.com/131916/how-to-use-the-advanced-startup-options-to-fix-your-windows-8-computer/
<<<>>>

#10 xkoldrenx

xkoldrenx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 13 January 2017 - 04:23 PM

this is so weird i checked "show hidden files and folders" and unchecked "hide protected operating system files" and it's still showing the same thing in assembly hmmm..



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 14 January 2017 - 08:37 AM


Checking furter on the issue I can across this article.

Your Computer is Clean.

You have ESET protection and WinClam is superfluous. I would remove it as suggested. Your call.

http://www.techsupportforum.com/forums/f50/two-pesky-virus-i-cannot-remove-win-trojan-agent-5331045-0-help-1174601.html

Do you have other issues with this computer?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users