Hello, today after updating adwcleaner to the new version, has detected some PUPs (I leave you the registry of the scan and the cleaning). After reboot, I ran adwcleaner again and the PUPs are still there.

I have researched a bit about these addresses, and it seems that they are the default addresses that the router from my internet company provides. Each time I clean them, when I reconnect to my internet and re-run adwcleaner they reappear (if I do not connect to my router they do not appear).

On the other hand, I have another computer with the same addresses and adwcleaner does not detect any problem. I have also installed Malwarebytes and do not detect it as a threat.

So I ask you: Is it possible that it is a false positive ?, Why in my other computer it does not detect anything to me ?, Is it a problem of my router? please help.

Ah, one last thing, I also ran the version 7.0.1.0 of adwcleaner and it did not show me any problem. Maybe it's because of the update?

Thanks in advance.

 

# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 03 18:35:51 2017 # Updated on 2017/29/08 by Malwarebytes # Database: 09-01-2017.2 # Running on Windows 8.1 (X64) # Mode: scan # Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Data] - HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | DhcpNameServer [80.58.61.250 80.58.61.254] PUP.Optional.Legacy, [Data] - HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | DhcpNameServer [80.58.61.250 80.58.61.254] PUP.Optional.Legacy, [Data] - HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{376979E4-ABDE-4CE2-8509-FC1434758CDD} | DhcpNameServer [80.58.61.250 80.58.61.254]

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1581 B] - [2017/9/3 18:33:49] C:/AdwCleaner/AdwCleaner[S0].txt - [1447 B] - [2017/9/3 18:27:2]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########


# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 03 18:36:04 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 8.1 (X64) # Mode: clean # Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Data] - HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters|DhcpNameServer [80.58.61.250 80.58.61.254] Deleted: [Data] - HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters|DhcpNameServer [80.58.61.250 80.58.61.254] Deleted: [Data] - HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{376979E4-ABDE-4CE2-8509-FC1434758CDD}|DhcpNameServer [80.58.61.250 80.58.61.254]

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1581 B] - [2017/9/3 18:33:49] C:/AdwCleaner/AdwCleaner[S0].txt - [1447 B] - [2017/9/3 18:27:2] C:/AdwCleaner/AdwCleaner[S1].txt - [1484 B] - [2017/9/3 18:35:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

 

Re: Is this a false positive?

It looks like your PC's DHCP IP's have been altered maliciously not too long ago. Which it would make sense why one PC detects it, and another doesn't. Default addresses can be hijacked and used for malicious intents. It is hard to say whether it is a false positive or not. You could always reset your PCs IP's and router to see if that solves the problem. 

Re: Is this a false positive?

It looks like your PC's DHCP IP's have been altered maliciously not too long ago. Which it would make sense why one PC detects it, and another doesn't. Default addresses can be hijacked and used for malicious intents. It is hard to say whether it is a false positive or not. You could always reset your PCs IP's and router to see if that solves the problem. 


JoshRoss, 2017-09-04 12:22:20 (UTC)

I just reseted my router but im not sure how to reset my PCs IP's. Anyways, When i tried to reconnect to my wifi after clean with adwcleaner and reset only my router, the PUP's reappeared.

Re: Is this a false positive?

This could be a worm (Network virus). And you might need to reflash your routers software. Check your network settings or network device and see if there are static IP's in place. Could you try disconnecting from the network, cleaning up your PC with Malwarebytes and Adwcleaner, restart PC and see if the issue persists? If it doesn't, try connecting to a different network and see if it happens then.

Re: Is this a false positive?

This could be a worm (Network virus). And you might need to reflash your routers software. Check your network settings or network device and see if there are static IP's in place. Could you try disconnecting from the network, cleaning up your PC with Malwarebytes and Adwcleaner, restart PC and see if the issue persists? If it doesn't, try connecting to a different network and see if it happens then.


JoshRoss, 2017-09-05 08:17:46 (UTC)

Ok disconnected my PC from the network and cleaned with Malwarebytes and adwcleaner, this last detected the same PUPs and when i restarted the PUPs have not returned.

Also, i connected the PCto another network and adwcleaner dont detect anything.

That means that the problem is the router? But in this case, why adwcleaner dont detect anything in my other computer?

Re: Is this a false positive?

Ports, applications, accessibility. Maybe your other device is used a lot less, you haven't messed with any ports or have any applications that require forwarding. Honestly, very weird issue, I would need to investigate the files. Can you scan your PC With Farbar MiniToolBox and Malwarebytes JRT? Post the logs that you get.

Re: Is this a false positive?

Ports, applications, accessibility. Maybe your other device is used a lot less, you haven't messed with any ports or have any applications that require forwarding. Honestly, very weird issue, I would need to investigate the files. Can you scan your PC With Farbar MiniToolBox and Malwarebytes JRT? Post the logs that you get.


JoshRoss, 2017-09-06 13:16:38 (UTC)

MiniToolBox by Farbar  Version: 17-06-2016
Ran by AlejandroPC (administrator) on 07-09-2017 at 14:45:06
Running from "C:\Users\AlejandroPC\Desktop"
Microsoft Windows 8.1  (X64)
Model: G551JK Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configuraci�n IP de Windows

Se vaci� correctamente la cach� de resoluci�n de DNS.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Qualcomm Atheros AR946x Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# Configuraci¢n de IPv4
# ----------------------------------
pushd interface ipv4

reset


popd
# Fin de la configuraci¢n de IPv4



Configuraci¢n IP de Windows

   Nombre de host. . . . . . . . . : Alejandro
   Sufijo DNS principal  . . . . . : 
   Tipo de nodo. . . . . . . . . . : h¡brido
   Enrutamiento IP habilitado. . . : no
   Proxy WINS habilitado . . . . . : no
   Lista de b£squeda de sufijos DNS: homestation

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Descripci¢n . . . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Direcci¢n f¡sica. . . . . . . . . . . . . : 12-E2-30-D7-63-E1
   DHCP habilitado . . . . . . . . . . . . . : s¡
   Configuraci¢n autom tica habilitada . . . : s¡

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : homestation
   Descripci¢n . . . . . . . . . . . . . . . : Qualcomm Atheros AR946x Wireless Network Adapter
   Direcci¢n f¡sica. . . . . . . . . . . . . : 40-E2-30-D7-63-E1
   DHCP habilitado . . . . . . . . . . . . . : s¡
   Configuraci¢n autom tica habilitada . . . : s¡
   V¡nculo: direcci¢n IPv6 local. . . : fe80::79a2:ae6f:7c13:8b14%6(Preferido) 
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.34(Preferido) 
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Concesi¢n obtenida. . . . . . . . . . . . : jueves, 7 de septiembre de 2017 14:43:35
   La concesi¢n expira . . . . . . . . . . . : viernes, 8 de septiembre de 2017 2:43:36
   Puerta de enlace predeterminada . . . . . : fe80::6af9:56ff:fe31:e1e0%6
                                       192.168.1.1
   Servidor DHCP . . . . . . . . . . . . . . : 192.168.1.1
   IAID DHCPv6 . . . . . . . . . . . . . . . : 104915504
   DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-1C-50-DF-AD-78-24-AF-CB-6F-DA
   Servidores DNS. . . . . . . . . . . . . . : 80.58.61.250
                                       80.58.61.254
   NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : SWDL.WDS
   Descripci¢n . . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Direcci¢n f¡sica. . . . . . . . . . . . . : 78-24-AF-CB-6F-DA
   DHCP habilitado . . . . . . . . . . . . . : s¡
   Configuraci¢n autom tica habilitada . . . : s¡

Adaptador de t£nel isatap.homestation:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : homestation
   Descripci¢n . . . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP habilitado . . . . . . . . . . . . . : no
   Configuraci¢n autom tica habilitada . . . : s¡
Servidor:  250.red-80-58-61.staticip.rima-tde.net
Address:  80.58.61.250

Nombre:  google.com
Addresses:  2a00:1450:4003:801::200e
	  216.58.211.238


Haciendo ping a google.com [216.58.211.206] con 32 bytes de datos:
Respuesta desde 216.58.211.206: bytes=32 tiempo=48ms TTL=54
Respuesta desde 216.58.211.206: bytes=32 tiempo=42ms TTL=54

Estad¡sticas de ping para 216.58.211.206:
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    M¡nimo = 42ms, M ximo = 48ms, Media = 45ms
Servidor:  250.red-80-58-61.staticip.rima-tde.net
Address:  80.58.61.250

Nombre:  yahoo.com
Addresses:  2001:4998:44:204::a7
	  2001:4998:58:c02::a9
	  2001:4998:c:a06::2:4008
	  98.139.180.149
	  206.190.36.45
	  98.138.253.109


Haciendo ping a yahoo.com [98.138.253.109] con 32 bytes de datos:
Respuesta desde 98.138.253.109: bytes=32 tiempo=201ms TTL=47
Respuesta desde 98.138.253.109: bytes=32 tiempo=204ms TTL=47

Estad¡sticas de ping para 98.138.253.109:
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    M¡nimo = 201ms, M ximo = 204ms, Media = 202ms

Haciendo ping a 127.0.0.1 con 32 bytes de datos:
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128

Estad¡sticas de ping para 127.0.0.1:
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    M¡nimo = 0ms, M ximo = 0ms, Media = 0ms
===========================================================================
ILista de interfaces
  7...12 e2 30 d7 63 e1 ......Microsoft Wi-Fi Direct Virtual Adapter
  6...40 e2 30 d7 63 e1 ......Qualcomm Atheros AR946x Wireless Network Adapter
  3...78 24 af cb 6f da ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Tabla de enrutamiento
===========================================================================
Rutas activas:
Destino de red        M scara de red   Puerta de enlace   Interfaz  M‚trica
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.34     25
        127.0.0.0        255.0.0.0      En v¡nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      En v¡nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      En v¡nculo         127.0.0.1    306
      192.168.1.0    255.255.255.0      En v¡nculo      192.168.1.34    281
     192.168.1.34  255.255.255.255      En v¡nculo      192.168.1.34    281
    192.168.1.255  255.255.255.255      En v¡nculo      192.168.1.34    281
        224.0.0.0        240.0.0.0      En v¡nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      En v¡nculo      192.168.1.34    281
  255.255.255.255  255.255.255.255      En v¡nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      En v¡nculo      192.168.1.34    281
===========================================================================
Rutas persistentes:
  Ninguno

IPv6 Tabla de enrutamiento
===========================================================================
Rutas activas:
 Cuando destino de red m‚trica      Puerta de enlace
  6   4121 ::/0                     fe80::6af9:56ff:fe31:e1e0
  1    306 ::1/128                  En v¡nculo
  6    281 fe80::/64                En v¡nculo
  6    281 fe80::79a2:ae6f:7c13:8b14/128
                                    En v¡nculo
  1    306 ff00::/8                 En v¡nculo
  6    281 ff00::/8                 En v¡nculo
===========================================================================
Rutas persistentes:
  Ninguno
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/03/2017 07:18:53 PM) (Source: Windows Search Service Profile Notification) (User: )
Description: No se pueden quitar los datos indizados del servicio Windows Search del usuario '<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2017-09-03T17:18:53.000000000Z'/><EventRecordID>17</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Alejandro</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>41006C0065006A0061006E00640072006F005C00410064006D0069006E006900730074007200610064006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' como respuesta a la eliminación del perfil de usuario. Código de error %2.

%3.


System errors:
=============
Error: (09/07/2017 09:40:00 AM) (Source: Service Control Manager) (User: )
Description: El servicio DriverMFTService se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/07/2017 09:40:00 AM) (Source: Service Control Manager) (User: )
Description: El servicio ExpressCache se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/07/2017 09:40:00 AM) (Source: Service Control Manager) (User: )
Description: El servicio Intel(R) Dynamic Application Loader Host Interface Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/07/2017 09:40:00 AM) (Source: Service Control Manager) (User: )
Description: El servicio AtherosSvc se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: El servicio Intel(R) Capability Licensing Service Interface terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: El servicio Intel(R) HD Graphics Control Panel Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: El servicio NVIDIA Streamer Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: El servicio NVIDIA Network Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: El servicio Intel(R) ME Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


Microsoft Office Sessions:
=========================
Error: (09/03/2017 07:18:53 PM) (Source: Windows Search Service Profile Notification)(User: )
Description: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2017-09-03T17:18:53.000000000Z'/><EventRecordID>17</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Alejandro</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>41006C0065006A0061006E00640072006F005C00410064006D0069006E006900730074007200610064006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>


CodeIntegrity Errors:
===================================
  Date: 2017-09-05 08:32:26.136
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-04 17:02:24.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.19 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
ExpressCache (HKLM\...\{44EAE7F6-8BBF-4C3F-A573-3CD5A3C067FA}) (Version: 1.3.110.0 - Condusiv Technologies)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Malwarebytes versión 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x64 es-ES) (HKLM\...\Mozilla Firefox 55.0.3 (x64 es-ES)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 333.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.23 - ASUS)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.330 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Windows Driver Package - ASUS (ATP) Mouse  (07/02/2014 1.0.0.228) (HKLM\...\7504488B89E0121B0737D63957491C9CD2633065) (Version: 07/02/2014 1.0.0.228 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 8075.18 MB
Available physical RAM: 6764.07 MB
Total Virtual: 9995.18 MB
Available Virtual: 8603.8 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:343.45 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:342.48 GB) (Free:342.35 GB) NTFS
4 Drive f: () (Fixed) (Total:195.31 GB) (Free:195.19 GB) NTFS

========================= Users: ========================================

Cuentas de usuario de \\ALEJANDRO

Administrador            AlejandroPC              Invitado                 
Se ha completado el comando correctamente.

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

03-09-2017 17:34:38 Configurado MediaStory
06-09-2017 19:05:30 JRT Pre-Junkware Removal
06-09-2017 19:17:13 JRT Pre-Junkware Removal
06-09-2017 19:51:40 JRT Pre-Junkware Removal

**** End of log ****

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64 
Ran by AlejandroPC (Administrator) on 07/09/2017 at 14:50:12,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/09/2017 at 14:51:01,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Re: Is this a false positive?

The fact that this is Spanish(Maybe?) makes it very VERY difficult to read.... Any way you could turn it into English? On the first glance noticed some things that MIGHT be potential issues, unsure, cause..... I am not yet used to reading the logs, and different language doesn't help the issue :)

Re: Is this a false positive?

The fact that this is Spanish(Maybe?) makes it very VERY difficult to read.... Any way you could turn it into English? On the first glance noticed some things that MIGHT be potential issues, unsure, cause..... I am not yet used to reading the logs, and different language doesn't help the issue :)


JoshRoss, 2017-09-07 14:26:07 (UTC)

Of course sorry.

If you see something that is not translated, tell me.

MiniToolBox by Farbar  Version: 17-06-2016
Ran by AlejandroPC (administrator) on 07-09-2017 at 14:45:06
Running from "C:\Users\AlejandroPC\Desktop"
Microsoft Windows 8.1  (X64)
Model: G551JK Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP configuration

Succesfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Qualcomm Atheros AR946x Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)


# ----------------------------------
# Ipv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 Configuration



Windows IP Configuration

   Host Name. . . . . . . . . . : Alejandro
   Primary DNS Suffix . . . . . : 
   Node Type. . . . . . . . . . : Hybrid
   IP routing enabled . . . . . : no
   WINS Proxy Enabled . . . . . : no
   DNS suffix search list . . . : homestation

Wireless LAN Adapter Local Area Connection * 3:

   State of the media. . . . . . . . . . . . : disconnected
   Connection-Specific DNS Suffix. . . . . . : 
   Description . . . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . . . . . : 12-E2-30-D7-63-E1
   DHCP enabled. . . . . . . . . . . . . . . : yes
   automatic configuration enabled . . . . . : yes

Wi-Fi wireless LAN adapter:

   Connection-Specific DNS Suffix. . : homestation
   Description . . . . . . . . . . . . . . . : Qualcomm Atheros AR946x Wireless Network Adapter
   Physical Address. . . . . . . . . . . . . : 40-E2-30-D7-63-E1
   DHCP enabled. . . . . . . . . . . . . . . : yes
   Configuraci¢n autom tica habilitada . . . : yes
   Link: local IPv6 address. . . : fe80::79a2:ae6f:7c13:8b14%6(Preferred) 
   IPv4 address. . . . . . . . . . . . . . : 192.168.1.34(Preferred) 
   subnet mask. . .  . . . . . . . . . . . . : 255.255.255.0
   lease obtained. . . . . . . . . . . . : Thursday, 7 September 2017 14:43:35
   Lease expires . . . . . . . . . . . : Friday, 8 September 2017 2:43:36
   Default Gateway. . . . . . . .  . . . . . : fe80::6af9:56ff:fe31:e1e0%6
                                       192.168.1.1
   DHCP server. . . . . . . . . . . . . . . : 192.168.1.1
   IAID DHCPv6 . . . . . . . . . . . . . . . : 104915504
   DHCPv6 client DUID. . . . . . . . . . : 00-01-00-01-1C-50-DF-AD-78-24-AF-CB-6F-DA
   DNS server. . . . . . . . . . . . . . . . : 80.58.61.250
                                       80.58.61.254
   NetBIOS over TCP / IP. . . . . . . . . . . : enabled

Ethernet Adapter:

   State of the media. . . . . . . . . . . . : disconnected
   Connection-Specific DNS Suffix. . . . . . : SWDL.WDS
   Description . . . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . . . . . : 78-24-AF-CB-6F-DA
   DHCP enabled.   . . . . . . . . . . . . . : yes
   automatic configuration enabled . . . . . : yes

tenel Adapter isatap.homestation:

   State of the media. . . . . . . . . . . . : medios desconectados
   Connection-Specific DNS Suffix. . . . . . : homestation
   Description . . . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP enabled. . . . . . . . . . . . . . . : no
   automatic configuration enabled . . . . . : yes
Server:  250.red-80-58-61.staticip.rima-tde.net
Address:  80.58.61.250

Name:  google.com
Addresses:  2a00:1450:4003:801::200e
	  216.58.211.238


Pinging google.com [216.58.211.206] with 32 bytes of data:
Reply from 216.58.211.206: bytes=32 Time=48ms TTL=54
Reply from 216.58.211.206: bytes=32 Time=42ms TTL=54

Ping statistics for 216.58.211.206:
    Packets: Sent = 2, Received = 2, Lost = 0
    (0% losts),
Aproximate round trip time in mili-seconds:
    Minimum = 42ms, Maximum = 48ms, Average = 45ms
Server:  250.red-80-58-61.staticip.rima-tde.net
Address:  80.58.61.250

Name:  yahoo.com
Addresses:  2001:4998:44:204::a7
	  2001:4998:58:c02::a9
	  2001:4998:c:a06::2:4008
	  98.139.180.149
	  206.190.36.45
	  98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 Time=201ms TTL=47
Reply from 98.138.253.109: bytes=32 Time=204ms TTL=47

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0
    (0% losts),
Aproximate round trip time in mili-seconds:
    Minimum = 201ms, Maximum = 204ms, Average = 202ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 Time<1m TTL=128
Reply from 127.0.0.1: bytes=32 Time<1m TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0
    (0% losts),
Aproximate round trip time in mili-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Ilist Interfaces
  7...12 e2 30 d7 63 e1 ......Microsoft Wi-Fi Direct Virtual Adapter
  6...40 e2 30 d7 63 e1 ......Qualcomm Atheros AR946x Wireless Network Adapter
  3...78 24 af cb 6f da ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Routing Table
===========================================================================
Active Routes:
Network Destination       NetMask         Gateway         Interface    Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.34     25
        127.0.0.0        255.0.0.0       On-link         127.0.0.1      306
        127.0.0.1  255.255.255.255       On-link         127.0.0.1      306
  127.255.255.255  255.255.255.255       On-link         127.0.0.1      306
      192.168.1.0    255.255.255.0       On-link      192.168.1.34      281
     192.168.1.34  255.255.255.255       On-link      192.168.1.34      281
    192.168.1.255  255.255.255.255       On-link      192.168.1.34      281
        224.0.0.0        240.0.0.0       On-link         127.0.0.1      306
        224.0.0.0        240.0.0.0       On-link      192.168.1.34      281
  255.255.255.255  255.255.255.255       On-link         127.0.0.1      306
  255.255.255.255  255.255.255.255       On-link      192.168.1.34      281
===========================================================================
Persistent Routes:
  None

IPv6 Routing Table
===========================================================================
Active Routes:
 When network metric destination    Gateway
  6   4121 ::/0                     fe80::6af9:56ff:fe31:e1e0
  1    306 ::1/128                  On-link
  6    281 fe80::/64                On-link
  6    281 fe80::79a2:ae6f:7c13:8b14/128
                                    On-link
  1    306 ff00::/8                 On-link
  6    281 ff00::/8                 On-link
===========================================================================
persistent routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/03/2017 07:18:53 PM) (Source: Windows Search Service Profile Notification) (User: )
Description: Can not remove indexed data from user's Windows Search service 
'<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2017-09-03T17:18:53.000000000Z'/><EventRecordID>17</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Alejandro</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>41006C0065006A0061006E00640072006F005C00410064006D0069006E006900730074007200610064006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' in response to the deletion of the user profile. Error code% 2.

%3.


System errors:
=============
Error: (09/07/2017 09:40:00 AM) (Source: Service Control Manager) (User: )
Description: The DriverMFTService service terminated unexpectedly. This has happened 1 times.

Error: (09/07/2017 09:40:00 AM) (Source: Service Control Manager) (User: )
Description: The ExpressCache service terminated unexpectedly. This has happened 1 times.

Error: (09/07/2017 09:40:00 AM) (Source: Service Control Manager) (User: )
Description: The Intel (R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. This has happened 1 times.

Error: (09/07/2017 09:40:00 AM) (Source: Service Control Manager) (User: )
Description: The AtherosSvc service terminated unexpectedly. This has happened 1 times.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Service Font Cache 3.0.0.0 terminated unexpectedly. This has been repeated 1 times. The following corrective action will be taken in 0 milliseconds: Restart service.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: The Intel Capability Licensing Service Interface service terminated unexpectedly. This has been repeated 1 times. The following corrective action will be taken in 0 milliseconds: Restart service.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: The Intel (R) HD Graphics Control Service service terminated unexpectedly. This has happened 1 times.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. This has happened 1 times.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description:The NVIDIA Network Service service terminated unexpectedly. This has happened 1 times.

Error: (09/07/2017 09:39:59 AM) (Source: Service Control Manager) (User: )
Description: The Intel (R) ME Service service was terminated unexpectedly. This has happened 1 times.

Microsoft Office Sessions:
=========================
Error: (09/03/2017 07:18:53 PM) (Source: Windows Search Service Profile Notification)(User: )
Description: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2017-09-03T17:18:53.000000000Z'/><EventRecordID>17</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Alejandro</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>41006C0065006A0061006E00640072006F005C00410064006D0069006E006900730074007200610064006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>


CodeIntegrity Errors:
===================================
  Date: 2017-09-05 08:32:26.136
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-04 17:02:24.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.19 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
ExpressCache (HKLM\...\{44EAE7F6-8BBF-4C3F-A573-3CD5A3C067FA}) (Version: 1.3.110.0 - Condusiv Technologies)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Malwarebytes versión 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x64 es-ES) (HKLM\...\Mozilla Firefox 55.0.3 (x64 es-ES)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 333.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.23 - ASUS)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.330 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Windows Driver Package - ASUS (ATP) Mouse  (07/02/2014 1.0.0.228) (HKLM\...\7504488B89E0121B0737D63957491C9CD2633065) (Version: 07/02/2014 1.0.0.228 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 8075.18 MB
Available physical RAM: 6764.07 MB
Total Virtual: 9995.18 MB
Available Virtual: 8603.8 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:343.45 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:342.48 GB) (Free:342.35 GB) NTFS
4 Drive f: () (Fixed) (Total:195.31 GB) (Free:195.19 GB) NTFS

========================= Users: ========================================

User accounts of \\ALEJANDRO

Administrador            AlejandroPC              Invitado                 
Command completed successfully.

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

03-09-2017 17:34:38 Configurado MediaStory
06-09-2017 19:05:30 JRT Pre-Junkware Removal
06-09-2017 19:17:13 JRT Pre-Junkware Removal
06-09-2017 19:51:40 JRT Pre-Junkware Removal

**** End of log ****

 

Re: Is this a false positive?

Seems like all of your network devices are out of date. Including Nvidia streaming service which could be a cause, since it does have light exploits to DNS changing. Adwcleaner -> Update your drivers to the latest, if you can Boot Windows "safe mode with networking" and update everything there. Let me know if that solves the issue. Also, farbar flushed your DNS so you should be good for now.