Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware infection?


  • Please log in to reply
3 replies to this topic

#1 po6pwn

po6pwn

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 AM

Posted 26 July 2017 - 09:01 PM

Hey, 
So I recently purchased a new laptop and I was careful not to download any suspicious files or visit any shady websites after my previous incidents with malware. However I did end up torrenting a couple of old games the other days to LAN with my friends. I did run Malwarebytes and HitmanPro after I was done with the games and they both came up negative. I took this as a sign as of no infection.

However, earlier today I was playing a game of PUBG and the game began to stutter and the frame rate dropped, I considered this was just because the game is in alpha and thought nothing more about it. However when i switched to another game later, I got violent freezes, 10-15 seconds of screen freeze with the cursor still moving but the rest of the system unresponsive. I checked the processes and nothing seemed to be out of the blue. Temperatures of GPU and CPU looked fine too. But i was still experiencing these freezes.

Could this be a malware infection or just some one-time freak occurrence? I'm freaking out because I just got this system and don't really want to mess it up so soon. 

P.S. Both Malwarebytes and HitmanPro came up with 0 threats. 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 PM

Posted 28 July 2017 - 10:31 AM

Probably not malware but we can run these.

Skip TddsKiller

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 po6pwn

po6pwn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 AM

Posted 28 July 2017 - 12:08 PM

I’ve run and copied all the logs as instructed down below. This particular file keeps coming up “shadow-keylogger.en.softonic.com”, even in a previous scan I had run. I cleaned it but it seems to have come back.

 

MiniToolBox by Farbar  Version: 17-06-2016

Ran by Armaan (administrator) on 28-07-2017 at 21:40:43

Running from "D:\Downloads"

Microsoft Windows 10 Pro  (X64)

Model: EXIGO V2 Manufacturer: AZOM

Boot Mode: Normal

***************************************************************************

 

========================= Flush DNS: ===================================

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

========================= IP Configuration: ================================

 

Intel® Dual Band Wireless-AC 8260 = Wi-Fi (Connected)

VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)

Killer E2400 Gigabit Ethernet Controller = Ethernet (Media disconnected)

TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global

set interface interface="Ethernet (Kernel Debugger)" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="VirtualBox Host-Only Network" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Tunngle" forwarding=enabled advertise=enabled metric=1 nud=enabled ignoredefaultroutes=disabled

add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : po6pwn

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : domain.name

 

Ethernet adapter Tunngle:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle) #2

   Physical Address. . . . . . . . . : 00-FF-3E-03-77-12

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Ethernet adapter Ethernet:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Killer E2400 Gigabit Ethernet Controller

   Physical Address. . . . . . . . . : 80-FA-5B-3B-95-6F

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Ethernet adapter VirtualBox Host-Only Network:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter

   Physical Address. . . . . . . . . : 0A-00-27-00-00-0F

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::b8a2:9f5d:dc2:c823%15(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :

   DHCPv6 IAID . . . . . . . . . . . : 722075687

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BC-D4-18-80-FA-5B-3B-95-6F

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                       fec0:0:0:ffff::2%1

                                       fec0:0:0:ffff::3%1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Wireless LAN adapter Local Area Connection* 1:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : E4-A7-A0-C4-5E-B5

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . : domain.name

   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 8260

   Physical Address. . . . . . . . . : E4-A7-A0-C4-5E-B4

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::30e9:30f0:bc05:7137%12(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : 28 July 2017 20:57:15

   Lease Expires . . . . . . . . . . : 31 July 2017 21:04:31

   Default Gateway . . . . . . . . . : fe80::bac1:a2ff:fe3a:8654%12

                                       192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 182757280

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BC-D4-18-80-FA-5B-3B-95-6F

   DNS Servers . . . . . . . . . . . : 192.168.1.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter Local Area Connection* 12:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3c49:5f2:9537:1555(Preferred)

   Link-local IPv6 Address . . . . . : fe80::3c49:5f2:9537:1555%6(Preferred)

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 83886080

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-BC-D4-18-80-FA-5B-3B-95-6F

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  UnKnown

Address:  192.168.1.1

 

Name:    google.com

Addresses:  2404:6800:4007:801::200e

                 216.58.220.46

 

 

Pinging google.com [216.58.220.46] with 32 bytes of data:

Reply from 216.58.220.46: bytes=32 time=11ms TTL=58

Reply from 216.58.220.46: bytes=32 time=12ms TTL=58

 

Ping statistics for 216.58.220.46:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 11ms, Maximum = 12ms, Average = 11ms

Server:  UnKnown

Address:  192.168.1.1

 

Name:    yahoo.com

Addresses:  2001:4998:58:c02::a9

                 2001:4998:c:a06::2:4008

                 2001:4998:44:204::a7

                 206.190.36.45

                 98.139.180.149

                 98.138.253.109

 

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=254ms TTL=49

Reply from 98.138.253.109: bytes=32 time=252ms TTL=49

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 252ms, Maximum = 254ms, Average = 253ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

  5...00 ff 3e 03 77 12 ......TAP-Win32 Adapter V9 (Tunngle) #2

  2...80 fa 5b 3b 95 6f ......Killer E2400 Gigabit Ethernet Controller

 15...0a 00 27 00 00 0f ......VirtualBox Host-Only Ethernet Adapter

 16...e4 a7 a0 c4 5e b5 ......Microsoft Wi-Fi Direct Virtual Adapter

 12...e4 a7 a0 c4 5e b4 ......Intel® Dual Band Wireless-AC 8260

  1...........................Software Loopback Interface 1

  6...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7     45

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331

      192.168.1.0    255.255.255.0         On-link       192.168.1.7    301

      192.168.1.7  255.255.255.255         On-link       192.168.1.7    301

    192.168.1.255  255.255.255.255         On-link       192.168.1.7    301

     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281

     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281

   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331

        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281

        224.0.0.0        240.0.0.0         On-link       192.168.1.7    301

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331

  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281

  255.255.255.255  255.255.255.255         On-link       192.168.1.7    301

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  6    331 ::/0                     On-link

 12    301 ::/0                     fe80::bac1:a2ff:fe3a:8654

  1    331 ::1/128                  On-link

  6    331 2001::/32                On-link

  6    331 2001:0:9d38:90d7:3c49:5f2:9537:1555/128

                                    On-link

 15    281 fe80::/64                On-link

 12    301 fe80::/64                On-link

  6    331 fe80::/64                On-link

 12    301 fe80::30e9:30f0:bc05:7137/128

                                    On-link

  6    331 fe80::3c49:5f2:9537:1555/128

                                    On-link

 15    281 fe80::b8a2:9f5d:dc2:c823/128

                                    On-link

  1    331 ff00::/8                 On-link

 15    281 ff00::/8                 On-link

 12    301 ff00::/8                 On-link

  6    331 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)

Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)

x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

x64-Catalog9 13 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (07/28/2017 04:54:54 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (07/27/2017 06:58:22 PM) (Source: Application Error) (User: )

Description: Faulting application name: taskhostw.exe, version: 10.0.15063.0, time stamp: 0x521b5eb7

Faulting module name: InputService.dll, version: 10.0.15063.447, time stamp: 0x09735b78

Exception code: 0xc0000005

Fault offset: 0x000000000002899d

Faulting process id: 0x2b8c

Faulting application start time: 0xtaskhostw.exe0

Faulting application path: taskhostw.exe1

Faulting module path: taskhostw.exe2

Report Id: taskhostw.exe3

Faulting package full name: taskhostw.exe4

Faulting package-relative application ID: taskhostw.exe5

 

Error: (07/27/2017 05:26:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: PO6PWN)

Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (07/27/2017 04:39:24 PM) (Source: Application Error) (User: )

Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x48feaf5a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x67934c29

Faulting process id: 0x2e40

Faulting application start time: 0xhl.exe0

Faulting application path: hl.exe1

Faulting module path: hl.exe2

Report Id: hl.exe3

Faulting package full name: hl.exe4

Faulting package-relative application ID: hl.exe5

 

Error: (07/27/2017 04:13:20 PM) (Source: Application Error) (User: )

Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x48feaf5a

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x0aa916f3

Faulting process id: 0x1d08

Faulting application start time: 0xhl.exe0

Faulting application path: hl.exe1

Faulting module path: hl.exe2

Report Id: hl.exe3

Faulting package full name: hl.exe4

Faulting package-relative application ID: hl.exe5

 

Error: (07/27/2017 04:06:11 PM) (Source: Application Hang) (User: )

Description: The program hl.exe version 1.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: 2528

 

Start Time: 01d306c36125e4d7

 

Termination Time: 6

 

Application Path: D:\Program Files Redone\Counter Strike 1.6\hl.exe

 

Report Id: 55f4f690-6729-4ba5-9f75-b2e322b2c402

 

Faulting package full name:

 

Faulting package-relative application ID:

 

Error: (07/27/2017 04:00:15 PM) (Source: Application Error) (User: )

Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x48feaf5a

Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbbe

Exception code: 0xc0000417

Fault offset: 0x0008ae6e

Faulting process id: 0x39c8

Faulting application start time: 0xhl.exe0

Faulting application path: hl.exe1

Faulting module path: hl.exe2

Report Id: hl.exe3

Faulting package full name: hl.exe4

Faulting package-relative application ID: hl.exe5

 

Error: (07/27/2017 03:54:11 PM) (Source: Application Error) (User: )

Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x48feaf5a

Faulting module name: steam.dll_unloaded, version: 2.0.0.0, time stamp: 0x4a0fe93e

Exception code: 0xc0000005

Fault offset: 0x0000d1a0

Faulting process id: 0xeb8

Faulting application start time: 0xhl.exe0

Faulting application path: hl.exe1

Faulting module path: hl.exe2

Report Id: hl.exe3

Faulting package full name: hl.exe4

Faulting package-relative application ID: hl.exe5

 

Error: (07/27/2017 03:11:12 PM) (Source: Application Error) (User: )

Description: Faulting application name: Blur.exe, version: 0.0.0.0, time stamp: 0x562b029a

Faulting module name: Blur.exe, version: 0.0.0.0, time stamp: 0x562b029a

Exception code: 0xc0000005

Fault offset: 0x00730df4

Faulting process id: 0x9b4

Faulting application start time: 0xBlur.exe0

Faulting application path: Blur.exe1

Faulting module path: Blur.exe2

Report Id: Blur.exe3

Faulting package full name: Blur.exe4

Faulting package-relative application ID: Blur.exe5

 

Error: (07/27/2017 03:09:57 PM) (Source: Application Error) (User: )

Description: Faulting application name: Blur.exe, version: 0.0.0.0, time stamp: 0x562b029a

Faulting module name: Blur.exe, version: 0.0.0.0, time stamp: 0x562b029a

Exception code: 0xc0000005

Fault offset: 0x00445a05

Faulting process id: 0xe0

Faulting application start time: 0xBlur.exe0

Faulting application path: Blur.exe1

Faulting module path: Blur.exe2

Report Id: Blur.exe3

Faulting package full name: Blur.exe4

Faulting package-relative application ID: Blur.exe5

 

 

System errors:

=============

Error: (07/28/2017 04:50:21 PM) (Source: Service Control Manager) (User: )

Description: The CldFlt service failed to start due to the following error:

%%50 = The request is not supported.

 

 

Error: (07/27/2017 11:08:12 PM) (Source: DCOM) (User: PO6PWN)

Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

 

Error: (07/27/2017 11:08:12 PM) (Source: DCOM) (User: PO6PWN)

Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

 

Error: (07/27/2017 07:05:51 PM) (Source: Service Control Manager) (User: )

Description: The CldFlt service failed to start due to the following error:

%%50 = The request is not supported.

 

 

Error: (07/27/2017 07:02:55 PM) (Source: DCOM) (User: PO6PWN)

Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

 

Error: (07/27/2017 07:02:54 PM) (Source: DCOM) (User: PO6PWN)

Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

 

Error: (07/27/2017 07:02:54 PM) (Source: DCOM) (User: PO6PWN)

Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

 

Error: (07/27/2017 03:56:45 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (07/27/2017 03:56:28 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (07/27/2017 03:56:25 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

 

 

Microsoft Office Sessions:

=========================

Error: (07/28/2017 04:54:54 PM) (Source: SideBySide)(User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL1

 

Error: (07/27/2017 06:58:22 PM) (Source: Application Error)(User: )

Description: taskhostw.exe10.0.15063.0521b5eb7InputService.dll10.0.15063.44709735b78c0000005000000000002899d2b8c01d306c2e2200917c:\windows\system32\taskhostw.exeC:\Windows\system32\InputService.dllb866ac5f-f8c3-4a54-bde1-b8db51006dd2

 

Error: (07/27/2017 05:26:59 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: PO6PWN)

Description: Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

 

Error: (07/27/2017 04:39:24 PM) (Source: Application Error)(User: )

Description: hl.exe1.1.1.148feaf5aunknown0.0.0.000000000c000000567934c292e4001d306c8c8e19534D:\Program Files Redone\Counter Strike 1.6\hl.exeunknownf577bed4-a59c-4851-a423-2d5115dacc8a

 

Error: (07/27/2017 04:13:20 PM) (Source: Application Error)(User: )

Description: hl.exe1.1.1.148feaf5aunknown0.0.0.000000000c00000050aa916f31d0801d306c4af352b17D:\Program Files Redone\Counter Strike 1.6\hl.exeunknown73086704-f163-4677-ae41-e2d1e427dcd3

 

Error: (07/27/2017 04:06:11 PM) (Source: Application Hang)(User: )

Description: hl.exe1.1.1.1252801d306c36125e4d76D:\Program Files Redone\Counter Strike 1.6\hl.exe55f4f690-6729-4ba5-9f75-b2e322b2c402

 

Error: (07/27/2017 04:00:15 PM) (Source: Application Error)(User: )

Description: hl.exe1.1.1.148feaf5aMSVCR100.dll10.0.30319.14ba1dbbec00004170008ae6e39c801d306c342ce817eD:\Program Files Redone\Counter Strike 1.6\hl.exeD:\Program Files Redone\Counter Strike 1.6\MSVCR100.dll1a4a2523-70c5-4493-ba0b-20f711fc9755

 

Error: (07/27/2017 03:54:11 PM) (Source: Application Error)(User: )

Description: hl.exe1.1.1.148feaf5asteam.dll_unloaded2.0.0.04a0fe93ec00000050000d1a0eb801d306c26f74ca0eD:\Program Files Redone\Counter Strike 1.6\hl.exesteam.dll0c873724-4486-4f70-b159-842b94af25ab

 

Error: (07/27/2017 03:11:12 PM) (Source: Application Error)(User: )

Description: Blur.exe0.0.0.0562b029aBlur.exe0.0.0.0562b029ac000000500730df49b401d306bc54f86cdeD:\Program Files Redone\Blur\Blur.exeD:\Program Files Redone\Blur\Blur.exe5f586c6c-f8b0-42c8-be2c-b4f082f2dff4

 

Error: (07/27/2017 03:09:57 PM) (Source: Application Error)(User: )

Description: Blur.exe0.0.0.0562b029aBlur.exe0.0.0.0562b029ac000000500445a05e001d306babe194030D:\Program Files Redone\Blur\Blur.exeD:\Program Files Redone\Blur\Blur.exe3518c316-a612-4d88-afd4-3f8a4945d218

 

 

CodeIntegrity Errors:

===================================

  Date: 2017-07-28 21:38:39.911

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2017-07-28 21:38:39.909

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2017-07-28 21:38:39.630

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2017-07-28 21:38:39.628

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2017-07-28 21:38:38.462

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2017-07-28 21:38:38.459

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2017-07-28 17:05:40.832

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2017-07-28 17:05:40.830

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2017-07-27 20:14:38.710

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2017-07-27 20:14:38.708

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

=========================== Installed Programs ============================

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.2.0.211 - Adobe Systems Incorporated)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)

Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)

Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_Origami_is1) (Version: 1.0 - R.G. Origami, Seraph1)

Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.76 - NVIDIA Corporation) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)

Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version: 1.51 - Ubisoft)

Blur (HKLM-x32\...\Blur_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

CheVolume 0.4.1.1 (HKLM-x32\...\CheVolume 0.4.1.1) (Version:  - WellWeWeb)

Control Center 5.0001.0.90 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0001.0.90 - )

Control Center 5.0001.0.90 (HKLM-x32\...\{F5EFDD28-E07A-4B85-8385-557D9B8F38DD}) (Version: 5.0001.0.90 - Default Company Name) Hidden

Discord (HKCU\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)

Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)

Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)

Google Chrome (HKLM\...\{45F0FC91-285A-3BAE-B25D-8DB4C87FD755}) (Version: 59.0.3071.115 - Google, Inc.)

Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

Grand Theft Auto: Vice City (HKLM\...\Steam App 12110) (Version:  - Rockstar Games)

Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)

H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)

HITMAN™ (HKLM\...\Steam App 236870) (Version:  - Io-Interactive)

Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)

Intel® Chipset Device Software (HKLM-x32\...\{b23c55fa-5271-4d64-ba8f-6718be55b9a7}) (Version: 10.1.1.33 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)

Intel® Wireless Bluetooth® (HKLM-x32\...\{45F6F2A9-6176-4431-8907-09474B534B34}) (Version: 19.01.1627.3533 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{12415e07-c869-4438-9d99-b55261706671}) (Version: 19.1.0 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)

iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)

Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

Killer Bandwidth Control Filter Driver (HKLM\...\{2F3F0CA0-3953-47F8-B623-A870842B5464}) (Version: 1.1.61.1724 - Rivet Networks) Hidden

Killer E240x Drivers (HKLM\...\{BF5EA3B5-95E6-4D31-8AB0-261F24B0DD7E}) (Version: 1.1.61.1724 - Rivet Networks) Hidden

Killer Network Manager (HKLM\...\{B638C4BB-71EE-4A7E-AEDA-B3D495CF28EA}) (Version: 1.1.61.1724 - Rivet Networks) Hidden

Killer Performance Suite (HKLM-x32\...\{AA9D52AC-7156-4244-A65E-0E4A43C42DB4}) (Version: 1.1.61.1724 - Rivet Networks)

Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)

Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)

Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Middle-earth™: Shadow of Mordor™ (HKLM\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)

Mr.President! (HKLM\...\Steam App 507010) (Version:  - Game Developer X)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)

NVIDIA 3D Vision Driver 384.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.76 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)

NVIDIA Graphics Driver 384.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.76 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.7.0.81 - NVIDIA Corporation) Hidden

NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden

NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden

Oracle VM VirtualBox 5.1.24 (HKLM\...\{6487D3C0-8C39-4585-A44C-64DC40F22CB7}) (Version: 5.1.24 - Oracle Corporation)

Orwell (HKLM\...\Steam App 491950) (Version:  - Osmotic Studios)

Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)

PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden

PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)

PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server) (HKLM\...\Steam App 622590) (Version:  - )

PornTime (HKLM-x32\...\{6450E6AC-0E02-4E24-A13E-EE7DC5F1CFAF}_is1) (Version: 0.3.8.5 - PornTime)

qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)

Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21288 - Realtek Semiconduct Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)

SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0380 - NVIDIA Corporation) Hidden

Shower With Your Dad Simulator 2015: Do You Still Shower With Your Dad (HKLM\...\Steam App 359050) (Version:  - marbenx)

Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.18 - Creative Technology Limited)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.31 - Synaptics Incorporated)

Synaptics WBF USB Fingerprint Reader (HKLM\...\{28303E4F-8C2B-408C-B0C2-7EAA74564665}) (Version: 5.5.204.24 - Synaptics Incorporated)

Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)

TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)

The Stanley Parable (HKLM\...\Steam App 221910) (Version:  - Galactic Cafe)

Thunderbolt™ Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation)

Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)

Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)

Uplay (HKLM-x32\...\Uplay) (Version: 36.0 - Ubisoft)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)

VLC Streamer 5.31 (HKLM-x32\...\VLC Streamer_is1) (Version:  - Hobbyist Software)

Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)

WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )

Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

 

========================= Memory info: ===================================

 

Percentage of memory in use: 47%

Total physical RAM: 16303.08 MB

Available physical RAM: 8551.86 MB

Total Virtual: 18735.08 MB

Available Virtual: 9581.52 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:118.69 GB) (Free:69.95 GB) NTFS

2 Drive d: () (Fixed) (Total:931.5 GB) (Free:389.75 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\PO6PWN

 

Administrator            armaa                    Armaan                  

DefaultAccount           Guest                   

 

 

**** End of log ****

 

21:41:37.0179 0x3b0c  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02

21:41:37.0179 0x3b0c  UEFI system

21:41:42.0295 0x3b0c  ============================================================

21:41:42.0295 0x3b0c  Current date / time: 2017/07/28 21:41:42.0295

21:41:42.0297 0x3b0c  SystemInfo:

21:41:42.0297 0x3b0c 

21:41:42.0297 0x3b0c  OS Version: 10.0.15063 ServicePack: 0.0

21:41:42.0297 0x3b0c  Product type: Workstation

21:41:42.0297 0x3b0c  ComputerName: PO6PWN

21:41:42.0298 0x3b0c  UserName: Armaan

21:41:42.0298 0x3b0c  Windows directory: C:\Windows

21:41:42.0298 0x3b0c  System windows directory: C:\Windows

21:41:42.0298 0x3b0c  Running under WOW64

21:41:42.0298 0x3b0c  Processor architecture: Intel x64

21:41:42.0298 0x3b0c  Number of processors: 8

21:41:42.0298 0x3b0c  Page size: 0x1000

21:41:42.0298 0x3b0c  Boot type: Normal boot

21:41:42.0298 0x3b0c  CodeIntegrityOptions = 0x00000001

21:41:42.0298 0x3b0c  ============================================================

21:41:42.0346 0x3b0c  KLMD registered as C:\Windows\system32\drivers\61611189.sys

21:41:42.0346 0x3b0c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19

21:41:42.0758 0x3b0c  System UUID: {5674334F-8747-9524-1792-DDED21D47944}

21:41:43.0070 0x3b0c  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:41:43.0070 0x3b0c  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:41:43.0073 0x3b0c  ============================================================

21:41:43.0073 0x3b0c  \Device\Harddisk0\DR0:

21:41:43.0074 0x3b0c  GPT partitions:

21:41:43.0074 0x3b0c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {CD27CB2E-CD13-4473-8E9F-3116DF79D12E}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000

21:41:43.0074 0x3b0c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C1D1053D-DEA7-4422-9F48-6D51662A33E7}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x31800

21:41:43.0074 0x3b0c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {249E2DA4-20D9-4028-9F01-738F4B64100E}, Name: Microsoft reserved partition, StartLBA 0x113000, BlocksNum 0x8000

21:41:43.0074 0x3b0c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C265095F-D27F-4DE4-9E59-CE46D028E1E1}, Name: Basic data partition, StartLBA 0x11B000, BlocksNum 0xED61000

21:41:43.0074 0x3b0c  MBR partitions:

21:41:43.0074 0x3b0c  \Device\Harddisk1\DR1:

21:41:43.0074 0x3b0c  GPT partitions:

21:41:43.0074 0x3b0c  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {57625D72-5375-4D71-92C3-DB64FFED1B33}, Name: Microsoft reserved partition, StartLBA 0x800, BlocksNum 0x8000

21:41:43.0074 0x3b0c  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E473D4D7-18EA-400B-B597-A9E442C9A083}, Name: Basic data partition, StartLBA 0x8800, BlocksNum 0x746FE000

21:41:43.0074 0x3b0c  MBR partitions:

21:41:43.0074 0x3b0c  ============================================================

21:41:43.0075 0x3b0c  C: <-> \Device\Harddisk0\DR0\Partition4

21:41:43.0076 0x3b0c  D: <-> \Device\Harddisk1\DR1\Partition2

21:41:43.0076 0x3b0c  ============================================================

21:41:43.0076 0x3b0c  Initialize success

21:41:43.0076 0x3b0c  ============================================================

21:41:44.0610 0x3334  ============================================================

21:41:44.0610 0x3334  Scan started

21:41:44.0610 0x3334  Mode: Manual;

21:41:44.0610 0x3334  ============================================================

21:41:44.0610 0x3334  KSN ping started

21:41:44.0947 0x3334  KSN ping finished: true

21:41:45.0293 0x3334  ================ Scan system memory ========================

21:41:45.0293 0x3334  Scan was interrupted by user!

21:41:45.0308 0x3334  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.332 ), 0x61100 ( enabled : updated )

21:41:45.0315 0x3334  Win FW state via NFP2: enabled ( trusted )

21:41:45.0533 0x3334  ============================================================

21:41:45.0533 0x3334  Scan finished

21:41:45.0533 0x3334  ============================================================

21:41:45.0537 0x341c  Detected object count: 0

21:41:45.0537 0x341c  Actual detected object count: 0

21:43:38.0213 0x20fc  Deinitialize success

 

# AdwCleaner 7.0.0.0 - Logfile created on Fri Jul 28 16:15:12 2017

# Updated on 2017/17/07 by Malwarebytes

# Database: 07-27-2017.2

# Running on Windows 10 Pro (X64)

# Mode: scan

# Support: https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

No malicious services found.

 

***** [ Folders ] *****

 

No malicious folders found.

 

***** [ Files ] *****

 

No malicious files found.

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

***** [ WMI ] *****

 

No malicious WMI found.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts found.

 

***** [ Tasks ] *****

 

No malicious tasks found.

 

***** [ Registry ] *****

 

No malicious registry entries found.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries.

 

***** [ Chromium (and derivatives) ] *****

 

SearchProvider found: Softonic EN - shadow-keylogger.en.softonic.com

SearchProvider found: torrentz.colorask.com - torrentz.colorask.com

 

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271

 

 

*************************

 

C:/AdwCleaner/AdwCleaner[C0].txt - [1230 B] - [2017/7/27 1:20:47]

C:/AdwCleaner/AdwCleaner[S0].txt - [1199 B] - [2017/7/27 1:20:10]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.4 (07.09.2017)

Operating System: Windows 10 Pro x64

Ran by Armaan (Administrator) on 28-07-2017 at 21:48:38.08

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 4

 

Successfully deleted: C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)

Successfully deleted: C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)

Successfully deleted: C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File)

Successfully deleted: C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)

 

 

 

Registry: 0

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 28-07-2017 at 21:49:43.90

End of JRT log

 

C:\$Recycle.Bin\S-1-5-21-2890481376-1290147495-3485235637-1001\$R5UYU4L\www.sxehackslovers.blogspot.com\r-aimbot.exe               Win32/GameHack.QW potentially unsafe application      

C:\Users\Armaan\AppData\Local\Google\Chrome\User Data\Default\File System\032\t\00\00000001         Win32/GameHack.QW potentially unsafe application       



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 PM

Posted 28 July 2017 - 12:55 PM

There is a Keylogger installed on here.. Repost this info with the FRST log from this Guide, in a NEW topic.. We need a deeper look.. Start with step 6..

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users