Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes keeps detecting "Trojan.Agent" have had Trojan.Coinminer twice


  • Please log in to reply
19 replies to this topic

#1 junkbaggage

junkbaggage

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:49 PM

Posted 22 September 2017 - 11:06 AM

Hi there, 

 

I've been having trouble with Trojans lately. A week ago I seemed to pick up a virus called Trojan.Coinminer as detected by Windows Defender. Windows 'removed' it, but a few days later it was only detected again, and I think a third time in a background scan. It hasn't come up since two days ago, but with a scan from malwarebytes, Trojan.Agent is now coming up repeatedly. 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 22 September 2017 - 11:13 AM

Hello, A Trojan is named as it drops off other infections while it was there.

We should run a few other tools and see.

Skip the TDSS for now...

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:49 PM

Posted 22 September 2017 - 11:22 AM

Do I post this all at once?



#4 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:49 PM

Posted 22 September 2017 - 11:43 AM

MiniToolBox
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Amanda (administrator) on 22-09-2017 at 12:22:37
Running from "C:\Users\Amanda\Desktop"
Microsoft Windows 10 Home  (X64)
Model: 500-589c Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
LogMeIn Hamachi Virtual Ethernet Adapter = Hamachi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Broadcom BCM43142 802.11 bgn Wi-Fi Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi 2" nexthop=25.0.0.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Hamachi 2" forwarding=enabled advertise=enabled metric=9000 nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Hamachi" forwarding=enabled advertise=enabled metric=9000 nud=enabled ignoredefaultroutes=disabled
set subinterface interface= subinterface=ethernet_32768 mtu=1404
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : AmandaPC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hitronhub.home
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : LogMeIn Hamachi Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 7A-79-19-33-6C-9B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1933:6c9b(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::953a:cbd1:dddb:76c7%17(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.51.108.155(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : September 22, 2017 11:57:46 AM
   Lease Expires . . . . . . . . . . : September 22, 2018 11:57:45 AM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 50483442
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-A4-1C-85-34-64-A9-11-DA-FA
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hitronhub.home
   Description . . . . . . . . . . . : Broadcom BCM43142 802.11 bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 38-B1-DB-E6-DE-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 3A-B1-DB-E6-DE-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : hitronhub.home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 34-64-A9-11-DA-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2607:fea8:d60:6d3::3(Preferred) 
   Lease Obtained. . . . . . . . . . : September 22, 2017 11:57:35 AM
   Lease Expires . . . . . . . . . . : September 28, 2017 3:54:37 PM
   IPv6 Address. . . . . . . . . . . : 2607:fea8:d60:6d3:1cec:85a5:9342:1a69(Preferred) 
   IPv6 Address. . . . . . . . . . . : fd00:6477:7d62:e872:1cec:85a5:9342:1a69(Preferred) 
   Temporary IPv6 Address. . . . . . : 2607:fea8:d60:6d3:1c0f:9a29:6f6f:8cab(Preferred) 
   Temporary IPv6 Address. . . . . . : fd00:6477:7d62:e872:1c0f:9a29:6f6f:8cab(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1cec:85a5:9342:1a69%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.23(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : September 22, 2017 11:57:34 AM
   Lease Expires . . . . . . . . . . : September 29, 2017 11:57:33 AM
   Default Gateway . . . . . . . . . : fe80::6677:7dff:fe62:e872%13
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 221537449
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-A4-1C-85-34-64-A9-11-DA-FA
   DNS Servers . . . . . . . . . . . : 2607:fea8:d60:6d3:6677:7dff:fe62:e872
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{C3914252-C334-4ADB-BF30-C851558A6FB6}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.hitronhub.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hitronhub.home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 8:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:18b8:35b8:9c14:dcbf(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::18b8:35b8:9c14:dcbf%8(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 134217728
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-A4-1C-85-34-64-A9-11-DA-FA
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  hitronhub.home
Address:  2607:fea8:d60:6d3:6677:7dff:fe62:e872
 
Name:    google.com
Addresses:  2607:f8b0:400b:809::200e
 172.217.1.174
 
 
Pinging google.com [2607:f8b0:400b:809::200e] with 32 bytes of data:
Reply from 2607:f8b0:400b:809::200e: time=15ms 
Reply from 2607:f8b0:400b:809::200e: time=11ms 
 
Ping statistics for 2607:f8b0:400b:809::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 15ms, Average = 13ms
Server:  hitronhub.home
Address:  2607:fea8:d60:6d3:6677:7dff:fe62:e872
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 206.190.36.45
 98.138.253.109
 98.139.180.149
 
 
Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Reply from 2001:4998:44:204::a7: time=60ms 
Reply from 2001:4998:44:204::a7: time=56ms 
 
Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 60ms, Average = 58ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...7a 79 19 33 6c 9b ......LogMeIn Hamachi Virtual Ethernet Adapter #2
  6...38 b1 db e6 de 77 ......Broadcom BCM43142 802.11 bgn Wi-Fi Adapter
 11...3a b1 db e6 de 77 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...34 64 a9 11 da fa ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
  8...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1    25.51.108.155   9256
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.23     35
         25.0.0.0        255.0.0.0         On-link     25.51.108.155   9256
    25.51.108.155  255.255.255.255         On-link     25.51.108.155   9256
   25.255.255.255  255.255.255.255         On-link     25.51.108.155   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.23    291
     192.168.0.23  255.255.255.255         On-link      192.168.0.23    291
    192.168.0.255  255.255.255.255         On-link      192.168.0.23    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     25.51.108.155   9256
        224.0.0.0        240.0.0.0         On-link      192.168.0.23    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     25.51.108.155   9256
  255.255.255.255  255.255.255.255         On-link      192.168.0.23    291
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    291 ::/0                     fe80::6677:7dff:fe62:e872
 17   9015 ::/0                     2620:9b::1900:1
  1    331 ::1/128                  On-link
  8    331 2001::/32                On-link
  8    331 2001:0:5ef5:79fb:18b8:35b8:9c14:dcbf/128
                                    On-link
 13    291 2607:fea8:d60:6d3::/64   On-link
 13    291 2607:fea8:d60:6d3::/64   fe80::6677:7dff:fe62:e872
 13    291 2607:fea8:d60:6d3::3/128 On-link
 13    291 2607:fea8:d60:6d3:1c0f:9a29:6f6f:8cab/128
                                    On-link
 13    291 2607:fea8:d60:6d3:1cec:85a5:9342:1a69/128
                                    On-link
 17    271 2620:9b::/96             On-link
 17    271 2620:9b::1933:6c9b/128   On-link
 13    291 fc00::/7                 fe80::6677:7dff:fe62:e872
 13    291 fd00:6477:7d62:e872::/64 On-link
 13    291 fd00:6477:7d62:e872:1c0f:9a29:6f6f:8cab/128
                                    On-link
 13    291 fd00:6477:7d62:e872:1cec:85a5:9342:1a69/128
                                    On-link
 17    271 fe80::/64                On-link
 13    291 fe80::/64                On-link
  8    331 fe80::/64                On-link
  8    331 fe80::18b8:35b8:9c14:dcbf/128
                                    On-link
 13    291 fe80::1cec:85a5:9342:1a69/128
                                    On-link
 17    271 fe80::953a:cbd1:dddb:76c7/128
                                    On-link
  1    331 ff00::/8                 On-link
 17    271 ff00::/8                 On-link
 13    291 ff00::/8                 On-link
  8    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0   9000 ::/0                     2620:9b::1900:1
  0 4294967295 2620:9b::/96             On-link
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/22/2017 11:59:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: DTHtml.exe, version: 1.2.21.6, time stamp: 0x56bd247e
Faulting module name: MSVCR80.dll, version: 8.0.50727.9268, time stamp: 0x573d297f
Exception code: 0xc000000d
Fault offset: 0x00014584
Faulting process id: 0x123c
Faulting application start time: 0xDTHtml.exe0
Faulting application path: DTHtml.exe1
Faulting module path: DTHtml.exe2
Report Id: DTHtml.exe3
Faulting package full name: DTHtml.exe4
Faulting package-relative application ID: DTHtml.exe5
 
Error: (09/22/2017 11:56:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: notepad.exe, version: 10.0.14393.0, time stamp: 0x5789986a
Faulting module name: ntdll.dll, version: 10.0.14393.1715, time stamp: 0x59b0d03e
Exception code: 0xc0000409
Fault offset: 0x000000000009644f
Faulting process id: 0x2188
Faulting application start time: 0xnotepad.exe0
Faulting application path: notepad.exe1
Faulting module path: notepad.exe2
Report Id: notepad.exe3
Faulting package full name: notepad.exe4
Faulting package-relative application ID: notepad.exe5
 
Error: (09/22/2017 11:30:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: DTHtml.exe, version: 1.2.21.6, time stamp: 0x56bd247e
Faulting module name: MSVCR80.dll, version: 8.0.50727.9268, time stamp: 0x573d297f
Exception code: 0xc000000d
Fault offset: 0x00014584
Faulting process id: 0x370
Faulting application start time: 0xDTHtml.exe0
Faulting application path: DTHtml.exe1
Faulting module path: DTHtml.exe2
Report Id: DTHtml.exe3
Faulting package full name: DTHtml.exe4
Faulting package-relative application ID: DTHtml.exe5
 
Error: (09/22/2017 11:24:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
Error: (09/22/2017 11:24:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
 
Error: (09/22/2017 11:24:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/22/2017 11:24:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/21/2017 07:05:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: winhost.exe, version: 0.0.0.0, time stamp: 0x567ecc69
Faulting module name: winhost.exe, version: 0.0.0.0, time stamp: 0x567ecc69
Exception code: 0xc0000005
Fault offset: 0x000028f8
Faulting process id: 0x28c8
Faulting application start time: 0xwinhost.exe0
Faulting application path: winhost.exe1
Faulting module path: winhost.exe2
Report Id: winhost.exe3
Faulting package full name: winhost.exe4
Faulting package-relative application ID: winhost.exe5
 
Error: (09/21/2017 01:40:57 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/21/2017 12:02:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: DTHtml.exe, version: 1.2.21.6, time stamp: 0x56bd247e
Faulting module name: MSVCR80.dll, version: 8.0.50727.9268, time stamp: 0x573d297f
Exception code: 0xc000000d
Fault offset: 0x00014584
Faulting process id: 0x1558
Faulting application start time: 0xDTHtml.exe0
Faulting application path: DTHtml.exe1
Faulting module path: DTHtml.exe2
Report Id: DTHtml.exe3
Faulting package full name: DTHtml.exe4
Faulting package-relative application ID: DTHtml.exe5
 
 
System errors:
=============
Error: (09/22/2017 11:58:06 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/22/2017 11:58:05 AM) (Source: Service Control Manager) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (09/22/2017 11:58:05 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (09/22/2017 11:57:35 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (09/22/2017 11:56:42 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/22/2017 11:28:56 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/21/2017 11:25:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/21/2017 12:01:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (09/21/2017 12:00:25 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (09/21/2017 11:59:24 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (09/22/2017 11:59:45 AM) (Source: Application Error)(User: )
Description: DTHtml.exe1.2.21.656bd247eMSVCR80.dll8.0.50727.9268573d297fc000000d00014584123c01d333bbaa8ca94aC:\Program Files (x86)\Hewlett-Packard\HP My Display\DTHtml.exeC:\WINDOWS\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\MSVCR80.dll4394f1cb-3c19-408a-952d-ec9c5d6980b5
 
Error: (09/22/2017 11:56:49 AM) (Source: Application Error)(User: )
Description: notepad.exe10.0.14393.05789986antdll.dll10.0.14393.171559b0d03ec0000409000000000009644f218801d3332e2ac4ab89C:\WINDOWS\notepad.exeC:\WINDOWS\SYSTEM32\ntdll.dll7396841e-2008-48b0-9750-a6be4be3d4e7
 
Error: (09/22/2017 11:30:06 AM) (Source: Application Error)(User: )
Description: DTHtml.exe1.2.21.656bd247eMSVCR80.dll8.0.50727.9268573d297fc000000d0001458437001d333b78c6dd257C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTHtml.exeC:\WINDOWS\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\MSVCR80.dll923c6acf-4a10-41a9-b320-b5fc4bf62d6a
 
Error: (09/22/2017 11:24:45 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifestc:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe
 
Error: (09/22/2017 11:24:44 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifestc:\program files (x86)\steam\steamapps\common\grim dawn\crashreporter.exe
 
Error: (09/22/2017 11:24:24 AM) (Source: SideBySide)(User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest
 
Error: (09/22/2017 11:24:24 AM) (Source: SideBySide)(User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest
 
Error: (09/21/2017 07:05:50 PM) (Source: Application Error)(User: )
Description: winhost.exe0.0.0.0567ecc69winhost.exe0.0.0.0567ecc69c0000005000028f828c801d3332e2415becfC:\WINDOWS\TEMP\winhost.exeC:\WINDOWS\TEMP\winhost.exe4ec25187-64a8-49d9-9016-e8155e8d528e
 
Error: (09/21/2017 01:40:57 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (09/21/2017 12:02:45 PM) (Source: Application Error)(User: )
Description: DTHtml.exe1.2.21.656bd247eMSVCR80.dll8.0.50727.9268573d297fc000000d00014584155801d332f2f03642d6C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTHtml.exeC:\WINDOWS\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\MSVCR80.dlle5aa8776-e0c4-4917-acb4-f9505b687355
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
AMD Catalyst Install Manager (HKLM\...\{E08F7E64-DA6E-5F46-CA3D-22B0B9D774DD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Amnesia: A Machine for Pigs (HKLM\...\Steam App 239200) (Version:  - The Chinese Room)
Amnesia: The Dark Descent (HKLM\...\Steam App 57300) (Version:  - Frictional Games)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.28 - NVIDIA Corporation) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock (HKLM\...\Steam App 7670) (Version:  - 2K Boston)
BioShock Remastered (HKLM\...\Steam App 409710) (Version:  - 2K Boston)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM\...\Steam App 261640) (Version:  - 2K Australia)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Connect (HKLM-x32\...\Connect) (Version: 1.4.14232.0 - Cisco Consumer Products LLC)
Creativerse (HKLM\...\Steam App 280790) (Version:  - Playful Corporation)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5529 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5529 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4505 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3317 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3317 - CyberLink Corp.)
Dead Island Definitive Edition (HKLM\...\Steam App 383150) (Version:  - Techland)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Discord (HKCU\...\Discord) (Version: 0.0.298 - Discord Inc.)
Divinity: Original Sin 2 (HKLM\...\Steam App 435150) (Version:  - Larian Studios)
Dying Light (HKLM\...\Steam App 239140) (Version:  - Techland)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)
Gaming Mouse Driver (HKLM-x32\...\{2F9C99E1-A1D2-4ADB-AFA0-3A1ED9471811}) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Grim Dawn (HKLM\...\Steam App 219990) (Version:  - Crate Entertainment)
Hammerwatch (HKLM\...\Steam App 239070) (Version:  - Crackshell)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{198B2800-6C16-4F2A-BC52-EA0F7FD67095}) (Version: 1.3.0.0 - Hewlett-Packard)
HP My Display (HKLM-x32\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.21.006 - Portrait Displays, Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minion (HKCU\...\{Minion}}_is1) (Version: 3.0 - Good Game Mods LLC)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.9 - Black Tree Gaming)
Northgard (HKLM\...\Steam App 466560) (Version:  - Shiro Games)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.28 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.28 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.2 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Penumbra: Black Plague (HKLM\...\Steam App 22120) (Version:  - Frictional Games)
Penumbra: Overture (HKLM\...\Steam App 22180) (Version:  - Frictional Games)
Penumbra: Requiem (HKLM\...\Steam App 22140) (Version:  - Frictional Games)
Pivot Software (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
PowerLine Utility (HKLM-x32\...\{A0384ECE-2017-4EA8-86C7-513ACB936BDF}) (Version: 1.1.830 - TP-LINK)
qBittorrent 3.3.4 (HKLM-x32\...\qBittorrent) (Version: 3.3.4 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 3.02.002 - Portrait Displays, Inc.) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SOMA (HKLM\...\Steam App 282140) (Version:  - Frictional Games)
Spotify (HKCU\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.5 - SteelSeries ApS)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Forest (HKLM\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Silent Age (HKLM\...\Steam App 352520) (Version:  - House On Fire)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.34.18.1020 - Electronic Arts Inc.)
Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version:  - Iron Lore Entertainment)
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1-2) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 16%
Total physical RAM: 10185.63 MB
Available physical RAM: 8530.85 MB
Total Virtual: 10585.63 MB
Available Virtual: 8911.09 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:1842.91 GB) (Free:1177 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:18.19 GB) (Free:2.32 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\AMANDAPC
 
Administrator            Amanda                   DefaultAccount           
Guest                    
 
 
**** End of log ****
 
 
 
 
ADWCLEANER
 
# AdwCleaner 7.0.2.1 - Logfile created on Fri Sep 22 16:25:57 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-20-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C1].txt - [1844 B] - [2015/9/29 20:36:36]
C:/AdwCleaner/AdwCleaner[C2].txt - [1066 B] - [2016/1/2 16:24:56]
C:/AdwCleaner/AdwCleaner[C3].txt - [1066 B] - [2016/1/2 17:34:11]
C:/AdwCleaner/AdwCleaner[C4].txt - [2703 B] - [2016/9/2 22:12:31]
C:/AdwCleaner/AdwCleaner[C5].txt - [3063 B] - [2016/9/23 15:49:9]
C:/AdwCleaner/AdwCleaner[C6].txt - [3802 B] - [2016/11/19 15:5:48]
C:/AdwCleaner/AdwCleaner[C7].txt - [3939 B] - [2016/11/19 15:48:59]
C:/AdwCleaner/AdwCleaner[S10].txt - [975 B] - [2016/1/2 17:31:43]
C:/AdwCleaner/AdwCleaner[S11].txt - [975 B] - [2016/1/2 17:32:59]
C:/AdwCleaner/AdwCleaner[S12].txt - [662 B] - [2016/1/2 17:37:12]
C:/AdwCleaner/AdwCleaner[S13].txt - [662 B] - [2016/1/2 17:42:46]
C:/AdwCleaner/AdwCleaner[S14].txt - [662 B] - [2016/1/6 17:6:2]
C:/AdwCleaner/AdwCleaner[S15].txt - [662 B] - [2016/1/11 16:48:25]
C:/AdwCleaner/AdwCleaner[S16].txt - [662 B] - [2016/1/15 19:39:16]
C:/AdwCleaner/AdwCleaner[S17].txt - [662 B] - [2016/1/30 20:55:24]
C:/AdwCleaner/AdwCleaner[S18].txt - [2601 B] - [2016/8/21 14:29:2]
C:/AdwCleaner/AdwCleaner[S19].txt - [2675 B] - [2016/8/25 13:14:32]
C:/AdwCleaner/AdwCleaner[S1].txt - [3805 B] - [2015/9/29 20:35:57]
C:/AdwCleaner/AdwCleaner[S20].txt - [2749 B] - [2016/8/25 13:15:25]
C:/AdwCleaner/AdwCleaner[S21].txt - [2875 B] - [2016/9/2 22:12:9]
C:/AdwCleaner/AdwCleaner[S22].txt - [2956 B] - [2016/9/3 15:51:12]
C:/AdwCleaner/AdwCleaner[S23].txt - [3030 B] - [2016/9/3 15:51:42]
C:/AdwCleaner/AdwCleaner[S24].txt - [3172 B] - [2016/9/23 15:48:57]
C:/AdwCleaner/AdwCleaner[S25].txt - [3857 B] - [2016/11/19 15:4:42]
C:/AdwCleaner/AdwCleaner[S26].txt - [3900 B] - [2016/11/19 15:47:33]
C:/AdwCleaner/AdwCleaner[S27].txt - [4046 B] - [2016/11/19 15:55:34]
C:/AdwCleaner/AdwCleaner[S28].txt - [4121 B] - [2016/12/5 15:59:21]
C:/AdwCleaner/AdwCleaner[S29].txt - [3775 B] - [2017/1/2 18:26:18]
C:/AdwCleaner/AdwCleaner[S2].txt - [3445 B] - [2015/9/29 20:38:54]
C:/AdwCleaner/AdwCleaner[S30].txt - [3795 B] - [2017/1/10 14:34:11]
C:/AdwCleaner/AdwCleaner[S31].txt - [3520 B] - [2017/2/2 1:26:49]
C:/AdwCleaner/AdwCleaner[S3].txt - [4955 B] - [2015/10/3 15:47:38]
C:/AdwCleaner/AdwCleaner[S4].txt - [2838 B] - [2015/10/20 12:34:16]
C:/AdwCleaner/AdwCleaner[S5].txt - [662 B] - [2015/10/25 17:48:27]
C:/AdwCleaner/AdwCleaner[S6].txt - [661 B] - [2015/12/26 2:10:58]
C:/AdwCleaner/AdwCleaner[S7].txt - [974 B] - [2016/1/2 16:7:1]
C:/AdwCleaner/AdwCleaner[S8].txt - [661 B] - [2016/1/2 16:35:50]
C:/AdwCleaner/AdwCleaner[S9].txt - [974 B] - [2016/1/2 17:29:14]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S31].txt ##########
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by Amanda (Administrator) on 2017-09-22 at 12:29:01.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-09-22 at 12:32:12.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
ESET ONLINE SCANNER
 
C:\Users\Amanda\AppData\LocalLow\Oracle\Java\jre1.8.0_91\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application
C:\Users\Amanda\Downloads\Maintenance\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Amanda\Downloads\Maintenance\ccsetup526.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Amanda\Downloads\Maintenance\ccsetup529.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Amanda\Downloads\Maintenance\dfsetup221.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\wmsvr.exe NSIS/TrojanDownloader.Agent.NWO trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\BjIhIWsdsu\rdsvc.exe a variant of Win32/Kryptik.FWWV trojan
Autostart locations a variant of Win32/Kryptik.FWWV trojan error - password-protected file
 
Malwarebytes Anti-Malware Scanner

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2017-09-22
Scan Time: 3:43 PM
Logfile: malwa.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.09.22.06
Rootkit Database: v2017.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Amanda
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308653
Time Elapsed: 22 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by junkbaggage, 22 September 2017 - 03:19 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 22 September 2017 - 01:21 PM

After ESET update your Malwarebytes and scan
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:49 PM

Posted 22 September 2017 - 02:42 PM

updated, scanning with malwarebytes.



#7 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:49 PM

Posted 22 September 2017 - 03:20 PM

All done. Everything is posted. Malwarebytes found no problems lol. ESET had another opinion. 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 22 September 2017 - 04:06 PM

Ok, Did ESET remove what found?

How is it now. No more Trojans...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:49 PM

Posted 22 September 2017 - 04:07 PM

You told me not to remove what it found 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 22 September 2017 - 04:09 PM

Ok I had no log to review .. Remove the findings.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 22 September 2017 - 04:13 PM

Back after 7 pm eastern
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:49 PM

Posted 22 September 2017 - 04:18 PM

Well, now i have to wait another 3 hours for this. Also, there's an infected file that is password protected, and unable to take action.

#13 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:49 PM

Posted 22 September 2017 - 06:11 PM

Uh oh, this time it looks like it's not picking up the threats, so far...

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:49 PM

Posted 23 September 2017 - 08:37 AM

Post the log please...


The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. To view the log file, Show hidden files and folders must be enabled. New logs are appended to the existing log files when multiple scans are run. 

The path to the log file is the following: C:\users\%userprofile%\appdata\local\temp\log.txt 
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 junkbaggage

junkbaggage
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:49 PM

Posted 23 September 2017 - 08:41 AM

12:35:48 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=fa594f129ccf2c43b60354a32b008701
# end=init
# utc_time=2017-09-22 16:35:47
# local_time=2017-09-22 12:35:47 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=10.0.14393 NT 
12:35:51 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=fa594f129ccf2c43b60354a32b008701
# end=init
# utc_time=2017-09-22 16:35:51
# local_time=2017-09-22 12:35:51 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=10.0.14393 NT 
12:37:38 Updating
12:37:38 Update Init
12:37:40 Update Download
12:41:33 esets_scanner_reload returned 0
12:41:33 g_uiModuleBuild: 34827
12:41:33 Update Finalize
12:41:33 Call m_esets_charon_send
12:41:33 Call m_esets_charon_destroy
12:41:33 Updated modules version: 34827
12:41:43 Call m_esets_charon_setup_create
12:41:43 Call m_esets_charon_create
12:41:43 m_esets_charon_create OK
12:41:43 Call m_esets_charon_start_send_thread
12:41:43 Call m_esets_charon_setup_set
12:41:43 m_esets_charon_setup_set OK
12:41:43 Scanner engine: 34827
15:36:58 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=fa594f129ccf2c43b60354a32b008701
# engine=34827
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-09-22 19:36:56
# local_time=2017-09-22 15:36:56 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=10.0.14393 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 36518030 0 0
# scanned=2
# found=8
# cleaned=0
# scan_time=10522
sh=6AC7946ADCF0E3887EFF4501C0A580E90509A1C4 ft=1 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application" ac=I fn="C:\Users\Amanda\AppData\LocalLow\Oracle\Java\jre1.8.0_91\java_sp.dll"
sh=F9D434EEC90359C58A2F49AC5E924B9C80FE9630 ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amanda\Downloads\Maintenance\ccsetup525.exe"
sh=78ED48A1EA106826D14EA14D0279639E3865B320 ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amanda\Downloads\Maintenance\ccsetup526.exe"
sh=347705A7CD4A4C20F0D4159FA1FF1589FA0FA9F5 ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amanda\Downloads\Maintenance\ccsetup529.exe"
sh=EF0A247E60AA7BA2F364B1A75BE2707AC48BC880 ft=1 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amanda\Downloads\Maintenance\dfsetup221.exe"
sh=C225E271C09E16439E77F9A1FB00C6AA131F0326 ft=1 fh=0000000000000000 vn="NSIS/TrojanDownloader.Agent.NWO trojan" ac=I fn="C:\Windows\wmsvr.exe"
sh=157DAE2BACABDB7F4603F32F6405A74587E5BF8C ft=1 fh=0000000000000000 vn="a variant of Win32/Kryptik.FWWV trojan" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\BjIhIWsdsu\rdsvc.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Kryptik.FWWV trojan (error - password-protected file)" ac=I fn="${Startup}"
15:41:37 Call m_esets_charon_send
15:41:37 Call m_esets_charon_destroy
15:41:38 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Amanda\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
17:10:00 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=fa594f129ccf2c43b60354a32b008701
# end=init
# utc_time=2017-09-22 21:09:59
# local_time=2017-09-22 17:09:59 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=10.0.14393 NT 
17:10:03 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=fa594f129ccf2c43b60354a32b008701
# end=init
# utc_time=2017-09-22 21:10:02
# local_time=2017-09-22 17:10:02 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=10.0.14393 NT 
17:10:19 Call m_esets_charon_setup_create
17:10:19 Call m_esets_charon_create
17:10:19 m_esets_charon_create OK
17:10:20 Call m_esets_charon_start_send_thread
17:10:20 Call m_esets_charon_setup_set
17:10:20 m_esets_charon_setup_set OK
17:10:23 Updating
17:10:23 Update Init
17:10:33 Call m_esets_charon_setup_create
17:10:33 Call m_esets_charon_create
17:10:33 m_esets_charon_setup_set ERROR
17:10:33 Update Download
17:10:58 esets_scanner_reload returned 0
17:10:59 g_uiModuleBuild: 34829
17:10:59 Update Finalize
17:10:59 Call m_esets_charon_send
17:10:59 Call m_esets_charon_destroy
17:10:59 Updated modules version: 34829
17:11:09 Call m_esets_charon_setup_create
17:11:09 Call m_esets_charon_create
17:11:09 m_esets_charon_setup_set ERROR
17:11:09 Scanner engine: 34829
21:07:06 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=fa594f129ccf2c43b60354a32b008701
# engine=34829
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-09-23 01:07:05
# local_time=2017-09-22 21:07:05 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=10.0.14393 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 36537839 0 0
# scanned=2
# found=4
# cleaned=0
# scan_time=14165
sh=C225E271C09E16439E77F9A1FB00C6AA131F0326 ft=1 fh=0000000000000000 vn="NSIS/TrojanDownloader.Agent.NWO trojan" ac=I fn="C:\Windows\wmsvr.exe"
sh=157DAE2BACABDB7F4603F32F6405A74587E5BF8C ft=1 fh=0000000000000000 vn="a variant of Win32/Kryptik.FWWV trojan" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\BjIhIWsdsu\rdsvc.exe"
sh=157DAE2BACABDB7F4603F32F6405A74587E5BF8C ft=1 fh=0000000000000000 vn="a variant of Win32/Kryptik.FWWV trojan" ac=I fn="C:\Windows\Temp\winhost.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Kryptik.FWWV trojan (error - password-protected file)" ac=I fn="${Startup}"
21:45:38 Call m_esets_charon_send
21:45:38 Call m_esets_charon_destroy
21:45:40 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Amanda\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
21:45:44 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=fa594f129ccf2c43b60354a32b008701
# end=init
# utc_time=2017-09-23 01:45:43
# local_time=2017-09-22 21:45:43 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=10.0.14393 NT 
21:45:49 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=fa594f129ccf2c43b60354a32b008701
# end=init
# utc_time=2017-09-23 01:45:47
# local_time=2017-09-22 21:45:47 (-0500, Eastern Daylight Time)
# country="Canada"
# osver=10.0.14393 NT 
21:46:24 Call m_esets_charon_setup_create
21:46:24 Call m_esets_charon_create
21:46:24 m_esets_charon_create OK
21:46:24 Call m_esets_charon_start_send_thread
21:46:24 Call m_esets_charon_setup_set
21:46:24 m_esets_charon_setup_set OK
21:46:26 Updating
21:46:26 Update Init
21:46:37 Call m_esets_charon_setup_create
21:46:37 Call m_esets_charon_create
21:46:37 m_esets_charon_setup_set ERROR
21:46:37 Update Download
21:47:01 esets_scanner_reload returned 0
21:47:01 g_uiModuleBuild: 34831
21:47:01 Update Finalize
21:47:01 Call m_esets_charon_send
21:47:01 Call m_esets_charon_destroy
21:47:01 Updated modules version: 34831
21:47:11 Call m_esets_charon_setup_create
21:47:11 Call m_esets_charon_create
21:47:11 m_esets_charon_setup_set ERROR
21:47:11 Scanner engine: 34831
01:34:50 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=fa594f129ccf2c43b60354a32b008701
# engine=34831
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-09-23 05:34:49
# local_time=2017-09-23 01:34:49 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=10.0.14393 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 36553903 0 0
# scanned=2
# found=5
# cleaned=5
# scan_time=13666
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Amanda\AppData\LocalLow\Oracle\Java\jre1.8.0_91\java_sp.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Amanda\Downloads\Maintenance\ccsetup525.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Amanda\Downloads\Maintenance\ccsetup526.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Amanda\Downloads\Maintenance\ccsetup529.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Amanda\Downloads\Maintenance\dfsetup221.exe"
09:28:16 Call m_esets_charon_send
09:28:17 Call m_esets_charon_destroy

I ended up scanning again last night, and it found 3 items, I think. I don't think I have the log for that. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users