Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware changing DNS Server to 192.168.0.1 (referred from malware forum)


  • Please log in to reply
4 replies to this topic

#1 luigi13579

luigi13579

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 01 April 2017 - 03:11 PM

Hi,
 
 
I've downloaded some malware that's changing my DNS server to 192.168.0.1. You can see more details there (including logs that may be useful).
 
A basic overview:
 

Hi,

 

Basically, I think I carelessly dowloaded a fake version of the Andy Android emulator. Avira seemed to catch it, identifying it as 'PUA/InstallCore (Cloud)' (which I don't think is right), quarantining it. I was running Windows 10 Home with Firefox at that time. Thinking I'd dodged a bullet, I then started experiencing some strange behaviour, making me believe it must have gotten through. One thing I can remember is an error about my connection not being private. Other family members experienced similar behaviour. Failing to fix the issue and not understanding the nature of the virus (router infecting rootkit?), I backed up my stuff and re-installed Windows to try to solve the problem (on this machine at least).

 

On the fresh install of Windows 10, using Chrome, the problem persisted. It then dawned on me to check the internet settings in the console, and with info from web searches, identified the above issue. I'm presuming the Android devices using the router are also infected. I'm not sure how to deal with them either, but this site is strictly about PCs it seems. Any advice here (even somewhere else to go) would be much appreciated.

 

My ISP is Virgin Media (UK). Their DNSs are 192.168.4.100 (primary) and 192.168.8.100 (secondary).

 

Thanks in advance for any assistance you can offer.

 

Make/Model: Clevo W251EFQ / W270EFQ

Wireless

~3 metres away from router I'd say

Internet is cable I think

Router Make/Model is Virgin Media SuperHub (NETGEAR VMDG480 apparently)

 

MTB:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Lewis (administrator) on 01-04-2017 at 20:50:44
Running from "C:\Users\Lewis\Desktop"
Microsoft Windows 10 Home  (X64)
Model: W251EFQ/W270EFQ Manufacturer: CLEVO CO.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Centrino® Wireless-N 135 Driver = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-TP82FB6
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-90-F5-DA-5E-F3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 0C-D2-92-0C-C0-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 135
   Physical Address. . . . . . . . . : 0C-D2-92-0C-C0-6A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ac1a:a70a:bd98:b104%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 01 April 2017 18:41:10
   Lease Expires . . . . . . . . . . : 02 April 2017 20:50:21
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 51171986
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-6E-D9-7A-00-90-F5-DA-5E-F3
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 0C-C0-6F-00-00-00
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{3DA22E23-5D5C-4EE5-8E25-1DEFACBAD2E2}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4d5:1ca9:ae93:fa8f(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::4d5:1ca9:ae93:fa8f%7(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-6E-D9-7A-00-90-F5-DA-5E-F3
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  routerlogin.net
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2a00:1450:4009:815::200e
 172.217.23.46
 
 
Pinging google.com [172.217.23.46] with 32 bytes of data:
Reply from 172.217.23.46: bytes=32 time=27ms TTL=54
Reply from 172.217.23.46: bytes=32 time=25ms TTL=54
 
Ping statistics for 172.217.23.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 25ms, Maximum = 27ms, Average = 26ms
Server:  routerlogin.net
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=163ms TTL=46
Reply from 206.190.36.45: bytes=32 time=164ms TTL=46
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 163ms, Maximum = 164ms, Average = 163ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...00 90 f5 da 5e f3 ......Realtek PCIe GBE Family Controller
  6...0c d2 92 0c c0 6b ......Microsoft Wi-Fi Direct Virtual Adapter
  4...0c d2 92 0c c0 6a ......Intel® Centrino® Wireless-N 135
  5...0c c0 6f 00 00 00 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  7...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    281
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:4137:9e76:4d5:1ca9:ae93:fa8f/128
                                    On-link
  4    281 fe80::/64                On-link
  7    306 fe80::/64                On-link
  7    306 fe80::4d5:1ca9:ae93:fa8f/128
                                    On-link
  4    281 fe80::ac1a:a70a:bd98:b104/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [363872] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/01/2017 06:03:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: ntdll.dll, version: 10.0.10240.17184, time stamp: 0x580ee916
Exception code: 0xc0000374
Fault offset: 0x00000000000eaa2c
Faulting process id: 0x1198
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (04/01/2017 06:03:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.10240.17113, time stamp: 0x57cf96e2
Faulting module name: ProtectionManagement.dll, version: 4.8.10240.17184, time stamp: 0x580ef6b9
Exception code: 0xc0000005
Fault offset: 0x000000000000ed0e
Faulting process id: 0x58c
Faulting application start time: 0xwmiprvse.exe0
Faulting application path: wmiprvse.exe1
Faulting module path: wmiprvse.exe2
Report Id: wmiprvse.exe3
Faulting package full name: wmiprvse.exe4
Faulting package-relative application ID: wmiprvse.exe5
 
Error: (04/01/2017 06:03:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.10240.17113, time stamp: 0x57cf96e2
Faulting module name: ProtectionManagement.dll, version: 4.8.10240.17184, time stamp: 0x580ef6b9
Exception code: 0xc0000005
Fault offset: 0x000000000000ed0e
Faulting process id: 0x1730
Faulting application start time: 0xwmiprvse.exe0
Faulting application path: wmiprvse.exe1
Faulting module path: wmiprvse.exe2
Report Id: wmiprvse.exe3
Faulting package full name: wmiprvse.exe4
Faulting package-relative application ID: wmiprvse.exe5
 
Error: (04/01/2017 05:44:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.10240.17113, time stamp: 0x57cf96e2
Faulting module name: ProtectionManagement.dll, version: 4.8.10240.17184, time stamp: 0x580ef6b9
Exception code: 0xc0000005
Fault offset: 0x000000000000ed0e
Faulting process id: 0xfac
Faulting application start time: 0xwmiprvse.exe0
Faulting application path: wmiprvse.exe1
Faulting module path: wmiprvse.exe2
Report Id: wmiprvse.exe3
Faulting package full name: wmiprvse.exe4
Faulting package-relative application ID: wmiprvse.exe5
 
Error: (04/01/2017 05:44:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.10240.17113, time stamp: 0x57cf96e2
Faulting module name: ProtectionManagement.dll, version: 4.8.10240.17184, time stamp: 0x580ef6b9
Exception code: 0xc0000005
Fault offset: 0x000000000000ed0e
Faulting process id: 0x1368
Faulting application start time: 0xwmiprvse.exe0
Faulting application path: wmiprvse.exe1
Faulting module path: wmiprvse.exe2
Report Id: wmiprvse.exe3
Faulting package full name: wmiprvse.exe4
Faulting package-relative application ID: wmiprvse.exe5
 
Error: (04/01/2017 05:24:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-TP82FB6)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/01/2017 05:24:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/01/2017 05:24:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {019de894-c7a2-4399-8a51-be92775b9ba7}
 
Error: (04/01/2017 04:58:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-TP82FB6)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/01/2017 04:58:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (04/01/2017 06:03:34 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Storage Spaces SMP service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/01/2017 05:24:44 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/01/2017 05:24:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/01/2017 05:24:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/01/2017 05:24:31 PM) (Source: DCOM) (User: DESKTOP-TP82FB6)
Description: App
 
Error: (04/01/2017 05:24:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/01/2017 05:24:28 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (04/01/2017 05:24:28 PM) (Source: Service Control Manager) (User: )
Description: The Elan Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/01/2017 05:24:28 PM) (Source: Service Control Manager) (User: )
Description: The VIA Karaoke digital mixer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/01/2017 05:24:28 PM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/01/2017 06:03:33 PM) (Source: Application Error)(User: )
Description: svchost.exe10.0.10240.16384559f38cbntdll.dll10.0.10240.17184580ee916c000037400000000000eaa2c119801d2ab09db7d555dC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll9e859978-eb75-43cf-82e8-922234c99264
 
Error: (04/01/2017 06:03:28 PM) (Source: Application Error)(User: )
Description: wmiprvse.exe10.0.10240.1711357cf96e2ProtectionManagement.dll4.8.10240.17184580ef6b9c0000005000000000000ed0e58c01d2ab09e236b00cC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Defender\ProtectionManagement.dll9347b74b-1b24-4038-9fcd-aebf9df7a3de
 
Error: (04/01/2017 06:03:12 PM) (Source: Application Error)(User: )
Description: wmiprvse.exe10.0.10240.1711357cf96e2ProtectionManagement.dll4.8.10240.17184580ef6b9c0000005000000000000ed0e173001d2ab09cf209f7eC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Defender\ProtectionManagement.dll372b895d-37a7-4297-a5c8-590af328aa86
 
Error: (04/01/2017 05:44:42 PM) (Source: Application Error)(User: )
Description: wmiprvse.exe10.0.10240.1711357cf96e2ProtectionManagement.dll4.8.10240.17184580ef6b9c0000005000000000000ed0efac01d2ab074348ff6bC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Defender\ProtectionManagement.dlld5fbd9c0-d42e-428f-a83f-dceb6decf1e9
 
Error: (04/01/2017 05:44:26 PM) (Source: Application Error)(User: )
Description: wmiprvse.exe10.0.10240.1711357cf96e2ProtectionManagement.dll4.8.10240.17184580ef6b9c0000005000000000000ed0e136801d2ab072ffe91f6C:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Defender\ProtectionManagement.dllbdef1f07-a64e-4fc2-85ee-efcb943ac0a4
 
Error: (04/01/2017 05:24:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-TP82FB6)
Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App-2144927141
 
Error: (04/01/2017 05:24:17 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (04/01/2017 05:24:12 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {019de894-c7a2-4399-8a51-be92775b9ba7}
 
Error: (04/01/2017 04:58:22 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-TP82FB6)
Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App-2144927141
 
Error: (04/01/2017 04:58:09 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
 
=========================== Installed Programs ============================
 
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{BC5A9829-B67F-4E3A-83EE-0CDBDB6FBA1C}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
ELAN Touchpad 15.10.5.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.10.5.2 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
RogueKiller version 12.10.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.2.0 - Adlice Software)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 64%
Total physical RAM: 3986.83 MB
Available physical RAM: 1418.57 MB
Total Virtual: 5394.83 MB
Available Virtual: 3132.77 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:358.03 GB) (Free:335.44 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-TP82FB6
 
Administrator            DefaultAccount           Guest                    
Lewis                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
31-03-2017 21:14:49 Windows Update
31-03-2017 21:15:14 Windows Update
01-04-2017 15:58:07 Restore Point Created by FRST
01-04-2017 16:24:13 Restore Point Created by FRST
 
**** End of log ****


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:14 PM

Posted 01 April 2017 - 04:35 PM

Your router is 192.168.0.1, this isn't a malicious setting unless your router is infected. It just means your router is redirecting your DNS.

 

Your ISP settings are

 

Primary DNS: 194.168.4.100

Secondary DNS: 194.168.8.100

 

(not 192)

 

Check the DNS configuration on your router by entering 192.168.0.1 in your browser address bar and pressing enter, look for network settings. If it asks for a username/password to log in look on the underside of your router.

 

You will probably be able to change your DNS settings there, if you need to.

 

Should you have difficulty with that try resetting your router. You may need to record and re-enter your ISP username and password to reconnect the router to the internet. (from the router interface in your browser)


Edited by TsVk!, 01 April 2017 - 04:36 PM.


#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:14 PM

Posted 01 April 2017 - 05:31 PM

Please see page 17-18 of the manual here.



#4 luigi13579

luigi13579
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 01 April 2017 - 06:00 PM

I see. I've probably been worrying over nothing. Thanks for the assistance.



#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:14 PM

Posted 01 April 2017 - 06:02 PM

You're welcome.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users