Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS changed to 192.168.0.1 on multiple systems


  • This topic is locked This topic is locked
6 replies to this topic

#1 luigi13579

luigi13579

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 31 March 2017 - 05:29 PM

Hi,

 

Basically, I think I carelessly dowloaded a fake version of the Andy Android emulator. Avira seemed to catch it, identifying it as 'PUA/InstallCore (Cloud)' (which I don't think is right), quarantining it. I was running Windows 10 Home with Firefox at that time. Thinking I'd dodged a bullet, I then started experiencing some strange behaviour, making me believe it must have gotten through. One thing I can remember is an error about my connection not being private. Other family members experienced similar behaviour. Failing to fix the issue and not understanding the nature of the virus (router infecting rootkit?), I backed up my stuff and re-installed Windows to try to solve the problem (on this machine at least).

 

On the fresh install of Windows 10, using Chrome, the problem persisted. It then dawned on me to check the internet settings in the console, and with info from web searches, identified the above issue. I'm presuming the Android devices using the router are also infected. I'm not sure how to deal with them either, but this site is strictly about PCs it seems. Any advice here (even somewhere else to go) would be much appreciated.

 

My ISP is Virgin Media (UK). Their DNSs are 192.168.4.100 (primary) and 192.168.8.100 (secondary).

 

There are a lot of assumptions on my part, so I could be way off base. I'll leave it to you. Thanks in advance for any assistance you can offer.

 

Oh, I did a search for topics presenting a similar issue but wasn't sure any quite matched. Feel free to direct me elsewhere if you know of one that does. I'll continue searching in the meantime.

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Lewis (administrator) on DESKTOP-TP82FB6 (31-03-2017 20:41:02)
Running from C:\Users\Lewis\Desktop
Loaded Profiles: Lewis (Available Profiles: Lewis)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\updrgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\update.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3358952 2017-03-30] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-21] (Avira Operations GmbH & Co. KG)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3da22e23-5d5c-4ee5-8e25-1defacbad2e2}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-430608078-807990698-4256682862-1001\Software\Microsoft\Internet Explorer\Main,Start Page = C:\Program Files\Internet Explorer\pcspecialist.html
SearchScopes: HKLM -> DefaultScope {9DCFF3A8-44FE-49C9-8F40-DE84561C38B9} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM -> {9DCFF3A8-44FE-49C9-8F40-DE84561C38B9} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9DCFF3A8-44FE-49C9-8F40-DE84561C38B9} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKLM-x32 -> {9DCFF3A8-44FE-49C9-8F40-DE84561C38B9} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=appattach&hsimp=yhs-appattach&type=493&p={searchTerms}
SearchScopes: HKU\S-1-5-21-430608078-807990698-4256682862-1001 -> DefaultScope {9DCFF3A8-44FE-49C9-8F40-DE84561C38B9} URL = 
 
FireFox:
========
FF ProfilePath: C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\5TRd54fc.default [2017-03-30]
FF Extension: (Avira Browser Safety) - C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\5TRd54fc.default\Extensions\abs@avira.com [2017-03-30]
FF Extension: (Avira Password Manager) - C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\5TRd54fc.default\Extensions\passwordmanager@avira.com [2017-03-30]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\5TRd54fc.default\Extensions\safesearchplus2@avira.com [2017-03-30]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-30] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]
CHR Extension: (Google Slides) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-30]
CHR Extension: (Google Docs) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-30]
CHR Extension: (Google Drive) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-30]
CHR Extension: (YouTube) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-30]
CHR Extension: (Avira Password Manager) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-03-30]
CHR Extension: (uBlock Origin) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-30]
CHR Extension: (longURL) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmkcdiijleanafkljglfjihodbkhloej [2017-03-30]
CHR Extension: (Google Sheets) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-30]
CHR Extension: (Avira Browser Safety) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-30]
CHR Extension: (HTTPS Everywhere) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-03-30]
CHR Extension: (Google Docs Offline) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-30]
CHR Extension: (Gmail) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-30]
CHR Extension: (Privacy Badger) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2017-03-30]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [155872 2017-03-30] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2017-03-30] (Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2017-03-30] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [161824 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [163976 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-21] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [48584 2017-03-21] (Avira Operations GmbH & Co. KG)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-03-30] (Malwarebytes)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 20:41 - 2017-03-31 20:42 - 00012060 _____ C:\Users\Lewis\Desktop\FRST.txt
2017-03-31 20:40 - 2017-03-31 20:41 - 00000000 ____D C:\FRST
2017-03-31 20:39 - 2017-03-31 20:39 - 00016148 _____ C:\Windows\system32\DESKTOP-TP82FB6_Lewis_HistoryPrediction.bin
2017-03-31 19:48 - 2017-03-31 20:40 - 02424832 _____ (Farbar) C:\Users\Lewis\Desktop\FRST64.exe
2017-03-31 19:43 - 2017-03-31 19:43 - 00000000 _____ C:\Users\Lewis\defogger_reenable
2017-03-31 19:36 - 2017-03-31 19:40 - 00050477 _____ C:\Users\Lewis\Desktop\Defogger.exe
2017-03-31 18:19 - 2017-03-31 18:19 - 00174893 _____ C:\Users\Lewis\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs.html
2017-03-31 18:19 - 2017-03-31 18:19 - 00000000 ____D C:\Users\Lewis\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs_files
2017-03-31 10:59 - 2017-03-31 11:01 - 00000000 ____D C:\Users\Lewis\AppData\Local\Comms
2017-03-30 20:58 - 2017-03-30 21:45 - 00659520 _____ (O&O Software GmbH) C:\Users\Lewis\Downloads\OOSU10.exe
2017-03-30 20:52 - 2017-03-30 20:52 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Avira
2017-03-30 20:11 - 2017-03-30 20:15 - 00213682 _____ C:\Windows\ntbtlog.txt
2017-03-30 20:11 - 2017-03-30 20:11 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-30 19:48 - 2017-03-30 19:48 - 00000000 ____D C:\Users\Lewis\AppData\Local\CrashDumps
2017-03-30 19:47 - 2017-03-30 19:47 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-30 19:40 - 2017-03-31 20:39 - 00000000 __SHD C:\Users\Lewis\IntelGraphicsProfiles
2017-03-30 19:39 - 2017-03-30 19:39 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-03-30 19:33 - 2017-03-30 19:33 - 00202032 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys
2017-03-30 19:32 - 2017-03-30 19:32 - 00000000 ____D C:\Users\Lewis\AppData\Local\NetworkTiles
2017-03-30 19:28 - 2016-12-29 14:16 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-03-30 19:28 - 2016-12-29 14:16 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-03-30 19:28 - 2016-12-29 14:16 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-03-30 19:28 - 2016-12-29 14:16 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-03-30 19:28 - 2016-12-29 14:16 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-03-30 19:28 - 2016-12-29 14:16 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-03-30 19:28 - 2016-12-29 14:16 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-03-30 19:28 - 2016-12-22 00:59 - 07651057 _____ C:\Windows\system32\nvcoproc.bin
2017-03-30 19:27 - 2017-03-30 22:11 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-30 19:27 - 2016-12-29 14:10 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-30 19:25 - 2017-03-30 19:25 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-30 19:24 - 2017-03-30 19:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-30 19:24 - 2017-03-30 19:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-30 19:23 - 2017-03-30 22:13 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-30 19:23 - 2017-03-30 22:11 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-30 19:23 - 2017-03-30 22:11 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-30 19:23 - 2017-03-30 19:45 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-30 19:23 - 2017-03-30 19:23 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-30 19:23 - 2017-03-30 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-30 19:22 - 2017-03-30 19:22 - 40134200 _____ C:\Windows\system32\nvcompiler.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 35233336 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 34717624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 28209080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 24616480 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 20939056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 17753968 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 14665360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 14190520 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-30 19:22 - 2017-03-30 19:22 - 11017016 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 10907368 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 10453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 09246832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 09000336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 08847016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 03972960 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 03509152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 02961336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 02594744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 01964600 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437654.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 01598392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437654.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 01047096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00985144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00951224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00904760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00698544 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00586784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00586520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00483584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00183144 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00163632 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00161016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00141768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-30 19:22 - 2017-03-30 19:22 - 00048696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2017-03-30 19:22 - 2017-03-30 19:22 - 00042296 _____ C:\Windows\system32\nvinfo.pb
2017-03-30 19:22 - 2017-03-30 19:22 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-03-30 19:22 - 2017-03-30 19:22 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-03-30 19:22 - 2017-03-30 19:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-03-30 19:22 - 2017-03-30 19:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-30 19:22 - 2017-03-30 19:22 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-30 19:22 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-30 19:21 - 2017-03-30 19:21 - 00001047 _____ C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-03-30 19:21 - 2017-03-21 14:01 - 00163976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-30 19:21 - 2017-03-21 14:01 - 00161824 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-30 19:21 - 2017-03-21 14:01 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-30 19:21 - 2017-03-21 14:01 - 00048584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-30 19:21 - 2017-03-21 14:01 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-30 19:20 - 2017-03-30 19:21 - 59272008 _____ (Malwarebytes ) C:\Users\Lewis\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-03-30 19:19 - 2017-03-30 20:43 - 00000000 ____D C:\Users\Lewis\AppData\Local\Avira
2017-03-30 19:19 - 2017-03-30 19:19 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-03-30 19:19 - 2017-03-30 19:19 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Mozilla
2017-03-30 19:18 - 2017-03-30 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-30 19:17 - 2017-03-30 20:43 - 00000000 ____D C:\Program Files (x86)\Avira
2017-03-30 19:17 - 2017-03-30 20:41 - 00000000 ____D C:\ProgramData\Avira
2017-03-30 19:17 - 2017-03-30 19:17 - 01814944 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2017-03-30 19:17 - 2017-03-30 19:17 - 00472160 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\Drivers\ETD.sys
2017-03-30 19:17 - 2017-03-30 19:17 - 00071400 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\ETDCoInstaller15005.dll
2017-03-30 19:17 - 2017-03-30 19:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ETD_01011.Wdf
2017-03-30 19:17 - 2017-03-30 19:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-30 19:17 - 2017-03-30 19:17 - 00000000 ____D C:\Program Files\Elantech
2017-03-30 19:16 - 2017-03-30 19:16 - 04769640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lewis\Downloads\avira_en_fass0_58d7a04abba7e__ws.exe
2017-03-30 19:12 - 2017-03-30 19:12 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-30 19:11 - 2017-03-30 19:26 - 00000000 ____D C:\Users\Lewis\AppData\Local\Google
2017-03-30 19:11 - 2017-03-30 19:12 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-30 19:11 - 2017-03-30 19:11 - 09898752 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2017-03-30 19:11 - 2017-03-30 19:11 - 01129376 _____ (Google Inc.) C:\Users\Lewis\Downloads\ChromeSetup.exe
2017-03-30 19:11 - 2017-03-30 19:11 - 00321792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys
2017-03-30 19:11 - 2017-03-30 19:11 - 00091904 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2017-03-30 19:11 - 2017-03-30 19:11 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-30 19:11 - 2017-03-30 19:11 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-30 19:11 - 2017-03-30 19:11 - 00000000 ____D C:\Windows\SysWOW64\sda
2017-03-30 19:10 - 2017-03-30 19:10 - 00079632 _____ (Intel Corporation) C:\Windows\system32\Drivers\ibtfltcoex.sys
2017-03-30 19:08 - 2017-03-30 19:08 - 00000000 ____D C:\Users\Lewis\AppData\Local\MicrosoftEdge
2017-03-30 16:26 - 2017-03-30 16:26 - 02508272 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe
2017-03-30 16:26 - 2017-03-30 16:26 - 01468976 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
2017-03-30 16:26 - 2017-03-30 16:26 - 00865328 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll
2017-03-30 16:26 - 2017-03-30 16:26 - 00632816 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2017-03-30 16:26 - 2017-03-30 16:26 - 00616496 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll
2017-03-30 16:26 - 2017-03-30 16:26 - 00443296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2017-03-30 16:26 - 2017-03-30 16:26 - 00357936 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll
2017-03-30 16:26 - 2017-03-30 16:26 - 00223792 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2017-03-30 16:26 - 2017-03-30 16:26 - 00187844 _____ C:\Windows\system32\resTHA.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00180644 _____ C:\Windows\system32\resELL.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00176500 _____ C:\Windows\system32\resRUS.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00162356 _____ C:\Windows\system32\resARA.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00161812 _____ C:\Windows\system32\resHEB.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00161764 _____ C:\Windows\system32\resJPN.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00157172 _____ C:\Windows\system32\resFRA.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00157156 _____ C:\Windows\system32\resHUN.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00155460 _____ C:\Windows\system32\resKOR.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00155364 _____ C:\Windows\system32\resITA.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00155364 _____ C:\Windows\system32\resDEU.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00155204 _____ C:\Windows\system32\resROM.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00155092 _____ C:\Windows\system32\resESN.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00154660 _____ C:\Windows\system32\resPLK.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00154532 _____ C:\Windows\system32\resSKY.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00154324 _____ C:\Windows\system32\resNLD.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00153764 _____ C:\Windows\system32\resPTB.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00153636 _____ C:\Windows\system32\resTRK.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00153604 _____ C:\Windows\system32\resCSY.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00153476 _____ C:\Windows\system32\resPTG.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00153060 _____ C:\Windows\system32\resFIN.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00152628 _____ C:\Windows\system32\resHRV.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00152164 _____ C:\Windows\system32\resSVE.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00152004 _____ C:\Windows\system32\resSLV.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00151060 _____ C:\Windows\system32\resNOR.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00150548 _____ C:\Windows\system32\resDAN.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00149236 _____ C:\Windows\system32\resENU.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00147460 _____ C:\Windows\system32\resCHT.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00146628 _____ C:\Windows\system32\resCHS.cui
2017-03-30 16:26 - 2017-03-30 16:26 - 00072688 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2017-03-30 16:26 - 2017-03-30 16:26 - 00072688 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2017-03-30 16:26 - 2017-03-30 16:26 - 00069104 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2017-03-30 16:26 - 2017-03-30 16:26 - 00069104 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2017-03-30 16:26 - 2017-03-30 16:26 - 00000000 ____D C:\Program Files\Intel
2017-03-30 16:26 - 2017-03-30 16:26 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-30 16:26 - 2017-03-30 16:26 - 00000000 ____D C:\Intel
2017-03-30 16:25 - 2017-03-30 16:26 - 00141872 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 22914032 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 17846768 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 12334064 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 11905424 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 11053040 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 10574976 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 08528880 _____ (Intel Corporation) C:\Windows\system32\ig7icd64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 06512112 _____ (Intel Corporation) C:\Windows\SysWOW64\ig7icd32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 04636608 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 04371872 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 04368288 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 04024368 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 03797960 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2017-03-30 16:25 - 2017-03-30 16:25 - 03668768 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 02813952 _____ C:\Windows\system32\iglhxa64.cpa
2017-03-30 16:25 - 2017-03-30 16:25 - 02035696 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 01994224 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 01793008 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 01766896 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 01155984 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 01151832 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00969120 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00678896 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00659504 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00555424 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00554912 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00540064 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00467688 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00409504 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00408992 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00393632 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00392688 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00385520 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00378816 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00374256 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00329200 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00328608 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00295408 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00290208 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00285168 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00264176 _____ C:\Windows\system32\igfxCPL.cpl
2017-03-30 16:25 - 2017-03-30 16:25 - 00261104 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00256928 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00232944 _____ C:\Windows\system32\igdde64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00229648 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00228848 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00204192 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00199080 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00194544 _____ C:\Windows\SysWOW64\igdde32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00194352 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00193520 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00191984 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4252.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00191024 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00170992 _____ C:\Windows\system32\igdail64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00169352 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00164256 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2017-03-30 16:25 - 2017-03-30 16:25 - 00163824 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00152560 _____ C:\Windows\SysWOW64\igdail32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00107568 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00102896 _____ C:\Windows\system32\IccLibDll_x64.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00095216 _____ C:\Windows\system32\igfxCUIServicePS.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00078320 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00068080 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00044025 _____ C:\Windows\system32\iglhxo64.vp
2017-03-30 16:25 - 2017-03-30 16:25 - 00043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2017-03-30 16:25 - 2017-03-30 16:25 - 00043494 _____ C:\Windows\system32\iglhxc64.vp
2017-03-30 16:25 - 2017-03-30 16:25 - 00043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2017-03-30 16:25 - 2017-03-30 16:25 - 00043256 _____ C:\Windows\system32\iglhxg64.vp
2017-03-30 16:25 - 2017-03-30 16:25 - 00042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2017-03-30 16:25 - 2017-03-30 16:25 - 00040704 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00039408 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00019440 _____ ( ) C:\Windows\system32\igfxDILib.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00018928 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00018928 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00018928 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00013808 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00013808 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2017-03-30 16:25 - 2017-03-30 16:25 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-30 16:25 - 2017-03-30 16:25 - 00002564 _____ C:\Windows\system32\iglhxs64.vp
2017-03-30 16:25 - 2017-03-30 16:25 - 00001125 _____ C:\Windows\system32\iglhxa64.vp
2017-03-30 16:25 - 2017-03-30 16:25 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2017-03-30 16:25 - 2017-03-30 16:25 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2017-03-30 16:25 - 2017-03-30 16:25 - 00000895 _____ C:\Windows\system32\CustomModeAppv2_0.exe.config
2017-03-30 16:25 - 2017-03-30 16:25 - 00000889 _____ C:\Windows\system32\Gfxv4_0.exe.config
2017-03-30 16:25 - 2017-03-30 16:25 - 00000889 _____ C:\Windows\system32\DPTopologyApp.exe.config
2017-03-30 16:25 - 2017-03-30 16:25 - 00000889 _____ C:\Windows\system32\CustomModeApp.exe.config
2017-03-30 16:24 - 2017-03-30 16:24 - 27898680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 07235584 _____ (Dolby Laboratories) C:\Windows\system32\EEP64H.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 07235584 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 03309264 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 02130448 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 02027184 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL
2017-03-30 16:24 - 2017-03-30 16:24 - 02012496 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 01752904 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL
2017-03-30 16:24 - 2017-03-30 16:24 - 01192784 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 01180496 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 01031376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00896344 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO64.DLL
2017-03-30 16:24 - 2017-03-30 16:24 - 00754760 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO32.DLL
2017-03-30 16:24 - 2017-03-30 16:24 - 00701136 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2017-03-30 16:24 - 2017-03-30 16:24 - 00678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00633904 _____ (Creative Technology Ltd.) C:\Windows\system32\VMTHX64.DLL
2017-03-30 16:24 - 2017-03-30 16:24 - 00568304 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMTHX32.DLL
2017-03-30 16:24 - 2017-03-30 16:24 - 00446224 _____ (Dolby Laboratories) C:\Windows\system32\EED64H.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00446224 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00400504 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL
2017-03-30 16:24 - 2017-03-30 16:24 - 00260120 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00147224 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00147216 _____ (Dolby Laboratories) C:\Windows\system32\EEL64H.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00132248 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00130144 _____ (Dolby Laboratories) C:\Windows\system32\EEA64H.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00130144 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00104088 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00101016 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00094720 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00093712 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00084688 _____ (Dolby Laboratories) C:\Windows\system32\EEG64H.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00084688 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00080400 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00067272 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPLD64.DLL
2017-03-30 16:24 - 2017-03-30 16:24 - 00064152 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2017-03-30 16:24 - 2017-03-30 16:24 - 00063144 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPCN64.DLL
2017-03-30 16:24 - 2017-03-30 16:24 - 00042192 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys
2017-03-30 16:24 - 2017-03-30 16:24 - 00036504 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2017-03-30 16:24 - 2017-03-30 16:24 - 00000000 ____D C:\Windows\system32\SRSLabs
2017-03-30 16:24 - 2017-03-30 16:24 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Skype
2017-03-30 16:24 - 2017-03-30 16:24 - 00000000 ____D C:\Program Files\VIA
2017-03-30 16:23 - 2017-03-30 16:25 - 00002363 _____ C:\Users\Lewis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-30 16:23 - 2017-03-30 16:25 - 00000000 ___RD C:\Users\Lewis\OneDrive
2017-03-30 16:22 - 2017-03-30 16:22 - 00000000 ____D C:\Users\Lewis\AppData\Local\Publishers
2017-03-30 16:21 - 2017-03-31 19:43 - 00000000 ____D C:\Users\Lewis
2017-03-30 16:21 - 2017-03-31 18:16 - 00000000 ____D C:\Users\Lewis\AppData\Local\Packages
2017-03-30 16:21 - 2017-03-30 16:21 - 00016148 _____ C:\Windows\system32\DESKTOP-TP82FB6_defaultuser0_HistoryPrediction.bin
2017-03-30 16:21 - 2017-03-30 16:21 - 00000020 ___SH C:\Users\Lewis\ntuser.ini
2017-03-30 16:21 - 2017-03-30 16:21 - 00000000 _SHDL C:\Users\Lewis\My Documents
2017-03-30 16:21 - 2017-03-30 16:21 - 00000000 _SHDL C:\Users\Lewis\Documents\My Videos
2017-03-30 16:21 - 2017-03-30 16:21 - 00000000 _SHDL C:\Users\Lewis\Documents\My Pictures
2017-03-30 16:21 - 2017-03-30 16:21 - 00000000 _SHDL C:\Users\Lewis\Documents\My Music
2017-03-30 16:21 - 2017-03-30 16:21 - 00000000 ____D C:\Users\Lewis\AppData\Roaming\Adobe
2017-03-30 16:21 - 2017-03-30 16:21 - 00000000 ____D C:\Users\Lewis\AppData\Local\VirtualStore
2017-03-30 16:21 - 2017-03-30 16:21 - 00000000 ____D C:\Users\Lewis\AppData\Local\TileDataLayer
2017-03-30 16:17 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-03-30 16:17 - 2015-11-18 07:36 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-03-30 16:17 - 2015-11-18 06:56 - 04047280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-03-30 16:17 - 2015-08-19 05:50 - 00609592 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 18:18 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2017-03-31 18:17 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-31 18:04 - 2015-07-10 12:02 - 00000000 ____D C:\Windows\INF
2017-03-31 01:10 - 2015-07-10 12:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-03-30 22:15 - 2015-07-16 17:08 - 00875126 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-30 22:11 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-30 22:10 - 2015-07-10 10:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2017-03-30 20:29 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2017-03-30 19:38 - 2015-07-10 13:20 - 00189264 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-30 19:28 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\Help
2017-03-30 19:21 - 2015-07-10 14:12 - 00000000 ____D C:\Windows\OCR
2017-03-30 16:21 - 2015-07-16 17:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-30 16:17 - 2015-07-16 09:01 - 00000000 ____D C:\Windows\Panther
2017-03-30 16:17 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\oobe
2017-03-30 16:15 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2015-07-16 17:02
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 01 April 2017 - 08:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Chrome Web Store Payments) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

If the problem persist it may be necessary to reset your router.

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html


Please let me know what problem persists with this computer.

#3 luigi13579

luigi13579
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 01 April 2017 - 12:52 PM

Hi,
 
Thanks for your help.
 
I accidentally ran FRST while disconnected from WiFi the first time. I don't seem to be having a good time of it. The first time round, all the CHR commands succeeded and 0 out of 6 jobs were canceled.
 
The high CPU, Disk and Network % that I should have mentioned before are gone, but the DNS Server remains at 196.168.0.1
 
Fixlog.txt:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Lewis (01-04-2017 17:24:11) Run:2
Running from C:\Users\Lewis\Desktop
Loaded Profiles: Lewis (Available Profiles: Lewis)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key not found. 
HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp => key not found. 
wfpcapture => service not found.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::ac1a:a70a:bd98:b104%4
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::ac1a:a70a:bd98:b104%4
   IPv4 Address. . . . . . . . . . . : 192.168.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{3DA22E23-5D5C-4EE5-8E25-1DEFACBAD2E2}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4d5:1ca9:ae93:fa8f
   Link-local IPv6 Address . . . . . : fe80::4d5:1ca9:ae93:fa8f%7
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
Resetting , failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1393732 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4245122 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 818 B
NetworkService => 0 B
Lewis => 27329 B
 
RecycleBin => 6139 B
EmptyTemp: => 5.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:24:40 ====
 
 
 
 
 
RogueReport.txt:
 
RogueKiller V12.10.2.0 (x64) [Mar 27 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Lewis [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/01/2017 17:51:29 (Duration : 00:12:02)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPKT-22PK4T0 +++++
--- User ---
[MBR] 5bc7f289776798d986a0b80b92d4f07c
[BSP] 99374f5ed83451e15d65ac09703ebac4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 366620 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 751556608 | Size: 487 MB
3 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 752553984 | Size: 347945 MB
User = LL1 ... OK
User = LL2 ... OK


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 01 April 2017 - 01:32 PM

This is from the Fixlog.

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::ac1a:a70a:bd98:b104%4
IPv4 Address. . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1


Do you have any difficulties connecting to the Internet?

In the affirmative please download and run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (MTB.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
As this is not my forte I suggest you start a new topic in the Networking Forum.
https://www.bleepingcomputer.com/forums/f/21/networking/

Explain your problem. An expert in that field will be able to help your better than I can.

I will leave this topic open.

#5 luigi13579

luigi13579
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 01 April 2017 - 02:41 PM

I have no problems connecting to the internet.
 
Thanks anyway. I'll post a topic on the networking forum and see if they can take things further.


#6 luigi13579

luigi13579
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 01 April 2017 - 06:06 PM

Turns out I was worrying about nothing. Sorry about that. Thanks again for the help.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:24 AM

Posted 02 April 2017 - 06:52 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users