Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Themida protection driver removal help

This is a discussion on Themida protection driver removal help within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hey guys, Karlos has been helping me on this thread below to solve my Bsod's he has instructed me that


 
 
Thread Tools Search this Thread
Old 04-22-2016, 10:20 PM   #1
Registered Member
 
Join Date: Apr 2016
Posts: 8
OS: Windows 10



Hey guys,

Karlos has been helping me on this thread below to solve my Bsod's he has instructed me that I need to remove Themida protection driver and to follow the instructions for this forum.

(other thread)
https://www.techsupportforum.com/foru...ml#post7010386


(dds info)

KDDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by Kyle at 15:14:30 on 2016-04-23
Microsoft Windows 10 Education 10.0.10586.0.1252.44.2057.18.16314.12864 [GMT 10:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus *Enabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371}
SP: Bitdefender Antispyware *Enabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
C:\Program Files (x86)\D-Link\DWA-192\ALPBCSVC.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Riot Games\LolScreenSaver\service\service.exe
C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
C:\Windows\runSW.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Speech2Go Voice Package\IvonaVoiceService_x86.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
C:\Windows\SwUSB.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\SysWOW64\muachost.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Users\Kyle\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Kyle\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\WTFast\WTFast.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnria_nmhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MSI\Live Update\Live Update.exe
C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
C:\Program Files (x86)\Black Desert Online\Black Desert Online Launcher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Black Desert Online\DGCefBrowser.exe
C:\Program Files (x86)\Black Desert Online\DGCefBrowser.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe\HxTsr.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = %11%\blank.htm
mStart Page = about:blank
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Dragon Web Extension For Internet Explorer: {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
uRun: [OneDrive] "C:\Users\Kyle\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [f.lux] "C:\Users\Kyle\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [WTFast Tray] "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly
mRun: [Corsair Utility Engine] "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe" --autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
mRun: [Live Update] C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{12e85daf-b27d-4449-beeb-75d9f201abd1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1e1280ca-27f3-412f-8693-545a58359363} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1e1280ca-27f3-412f-8693-545a58359363}\4586560275167656E6562702E4564777F627B60235 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{ebb0e45b-03e8-41df-8aa1-fed68255a6c6} : DHCPNameServer = 192.168.42.129
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\syswow64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\syswow64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Dragon Web Extension For Internet Explorer: {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [SVLoadSense] c:\Program Files (x86)\SAVITECH\SVLoadSense\SVLoadSense.exe
x64-Run: [SS2UILauncher] C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe /noUI
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\WINDOWS\System32\drivers\avc3.sys [2016-4-1 1622512]
R0 gzflt;gzflt;C:\WINDOWS\System32\drivers\gzflt.sys [2016-4-20 160032]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
R0 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 anodlwf;ANOD Network Security Filter driver;C:\WINDOWS\System32\drivers\anodlwfx.sys [2016-4-1 15872]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2016-4-1 118608]
R1 BDVEDISK;BDVEDISK;C:\WINDOWS\System32\drivers\bdvedisk.sys [2016-4-1 87912]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2016-4-19 936728]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [2016-4-19 1360016]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2016-4-2 2829552]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 D-Link DWA-192_PBC_WPS;D-Link DWA-192_PBC_WPS Service;C:\Program Files (x86)\D-Link\DWA-192\ALPBCSVC.exe [2016-4-1 65536]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 DragonLoggerService;Dragon Logger service;C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [2014-11-4 151616]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2014-11-4 339008]
R2 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE;C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-4-3 416408]
R2 GamingApp_Service;GamingApp_Service;C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [2016-4-19 37328]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-4-15 1164856]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\WINDOWS\System32\IPROSetMonitor.exe [2015-5-7 272352]
R2 LGCoreTemp;Logitech CPU Core Tempurature;C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys [2015-6-22 14184]
R2 LogiRegistryService;Logitech Gaming Registry Service;C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2016-3-31 193656]
R2 LolScreenSaverService;League Screensaver;C:\Riot Games\LolScreenSaver\service\service.exe [2016-3-31 707072]
R2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
R2 MSI_LiveUpdate_Service;MSI Live Update Service;C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2016-4-19 1794000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-4-15 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-4-15 2522680]
R2 ProductAgentService;ProductAgentService;C:\Program Files\Bitdefender Agent\ProductAgentService.exe [2016-4-1 947640]
R2 RunSwUSB;RunSwUSB;C:\Windows\runSW.exe [2016-4-1 44760]
R2 S2Gvc32;S2Gvc32;C:\Program Files (x86)\Speech2Go Voice Package\IvonaVoiceService_x86.exe [2016-4-9 115200]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE;C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [2016-3-9 118424]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [2016-4-20 135176]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 WtfEngineDrv;WtfEngineDrv Service;C:\WINDOWS\System32\drivers\WtfEngineDrv.sys [2016-4-15 37872]
R3 CorsairVBusDriver;Corsair Bus;C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [2016-1-20 47840]
R3 CorsairVHidDriver;Corsair virtual device;C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [2016-1-20 21728]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\WINDOWS\System32\drivers\e1d65x64.sys [2015-6-18 530416]
R3 ladfGSS;Logitech USB Surround Filter Driver (LGS);C:\WINDOWS\System32\drivers\ladfGSS.sys [2016-3-6 45208]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\LGBusEnum.sys [2015-6-11 37408]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);C:\WINDOWS\System32\drivers\LGJoyXlCore.sys [2015-6-11 68384]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\WINDOWS\System32\drivers\LGVirHid.sys [2015-6-11 26912]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-4-15 28216]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-4-15 3634232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-4-15 56384]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2015-12-9 13512]
R3 semav6msr64;semav6msr64;C:\WINDOWS\System32\drivers\semav6msr64.sys [2016-4-3 21984]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S0 bdelam;bdelam;C:\WINDOWS\System32\drivers\bdelam.sys [2016-4-1 23568]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-3-23 327808]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 avckf;avckf;C:\WINDOWS\System32\drivers\avckf.sys [2016-4-1 806344]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-2-14 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 D_RtlWlanu;D-Link DWA Wireless AC USB Adapter;C:\WINDOWS\System32\drivers\D_rtwlanu.sys [2016-4-1 4635352]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-10-30 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 NTIOLib_MB;NTIOLib_MB;C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [2016-4-19 13808]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-4-13 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE;C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-4-3 416408]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-13 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-10-30 24576]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-14 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xhunter1;xhunter1;C:\Windows\xhunter1.sys [2016-4-15 36904]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-13 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\WINDOWS\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\WINDOWS\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\WINDOWS\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2016-04-23 03:44:39 -------- d--h--w- C:\OneDriveTemp
2016-04-21 06:43:37 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2016-04-21 06:39:56 -------- d-----w- C:\WINDOWS\System32\appmgmt
2016-04-20 10:00:39 453475 ----a-w- C:\ProgramData\1461146222.bdinstall.bin
2016-04-20 10:00:11 290032 ----a-w- C:\WINDOWS\System32\drivers\ignis.sys
2016-04-20 09:57:29 477272 ----a-w- C:\WINDOWS\System32\drivers\trufos.sys
2016-04-20 09:57:29 160032 ----a-w- C:\WINDOWS\System32\drivers\gzflt.sys
2016-04-20 09:57:29 -------- d-----w- C:\Program Files\Bitdefender
2016-04-19 10:23:25 11248 ----a-w- C:\WINDOWS\acpimof.dll
2016-04-19 10:20:55 -------- d-----w- C:\Program Files\MSI
2016-04-19 10:20:52 1692840 ----a-w- C:\WINDOWS\SysWow64\muachost.exe
2016-04-19 10:20:48 -------- d-----w- C:\Program Files (x86)\MSI
2016-04-19 10:20:48 -------- d-----w- C:\MSI
2016-04-19 10:10:49 -------- d-----w- C:\Program Files (x86)\GPU-Z
2016-04-19 10:04:32 -------- d-----w- C:\WINDOWS\SysWow64\directx
2016-04-19 10:04:20 -------- d-----w- C:\Program Files (x86)\RivaTuner Statistics Server
2016-04-19 09:08:43 -------- d-----w- C:\Program Files\ASUSTeKcomputer.Inc
2016-04-19 09:08:38 -------- d-----w- C:\Program Files (x86)\SAVITECH
2016-04-19 09:08:32 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2016-04-19 09:08:27 -------- d-----w- C:\Program Files (x86)\Realtek
2016-04-19 09:08:18 -------- d--h--w- C:\Program Files (x86)\Temp
2016-04-19 09:08:17 2825944 ----a-w- C:\WINDOWS\RtlExUpd.dll
2016-04-19 09:08:07 28672 ----a-w- C:\WINDOWS\SysWow64\AsIO.dll
2016-04-19 09:08:07 15232 ----a-w- C:\WINDOWS\SysWow64\drivers\AsIO.sys
2016-04-19 09:08:07 -------- d-----w- C:\Program Files (x86)\ASUS
2016-04-15 15:49:30 -------- d-----w- C:\Users\Kyle\AppData\Local\CrashDumps
2016-04-15 08:22:27 -------- d-----w- C:\Users\Kyle\AppData\Local\NVIDIA Corporation
2016-04-15 08:22:05 1767432 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2016-04-15 08:22:05 1756424 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2016-04-15 08:22:05 1373864 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2016-04-15 08:22:05 1316000 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2016-04-15 08:22:05 112032 ----a-w- C:\WINDOWS\System32\NvRtmpStreamer64.dll
2016-04-15 08:22:00 56384 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
2016-04-15 08:22:00 109632 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2016-04-15 08:22:00 100416 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2016-04-15 05:33:23 400088 ----a-w- C:\ProgramData\1460698369.bdinstall.bin
2016-04-15 05:30:10 68104 ----a-w- C:\ProgramData\1460698200.bdinstall.bin
2016-04-15 05:21:21 36904 ----a-w- C:\WINDOWS\xhunter1.sys
2016-04-14 21:15:28 -------- d-----w- C:\Users\Kyle\AppData\Local\AAA_Internet_Publishing,_
2016-04-14 21:15:27 37872 ----a-w- C:\WINDOWS\System32\drivers\WtfEngineDrv.sys
2016-04-14 21:15:25 -------- d---a-w- C:\Program Files (x86)\WTFast
2016-04-14 21:13:53 449133 ----a-w- C:\ProgramData\1460668245.bdinstall.bin
2016-04-14 11:38:10 -------- d-----w- C:\Users\Kyle\AppData\Local\BlackDesertOnline
2016-04-14 11:37:51 -------- d---a-w- C:\Program Files (x86)\Black Desert Online
2016-04-14 04:46:06 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Gyazo
2016-04-14 04:42:44 -------- d---a-w- C:\Program Files (x86)\Gyazo
2016-04-13 14:03:43 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Blender Foundation
2016-04-13 13:52:08 -------- d-----w- C:\Users\Kyle\AppData\Roaming\NVIDIA
2016-04-13 13:52:08 -------- d-----w- C:\Users\Kyle\.thumbnails
2016-04-13 13:51:58 -------- d-----w- C:\Program Files\Blender Foundation
2016-04-13 07:24:59 73872 ----a-w- C:\WINDOWS\SysWow64\srvcli.dll
2016-04-08 23:42:39 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Speech2Go
2016-04-08 23:25:23 -------- d---a-w- C:\Program Files (x86)\Speech2Go
2016-04-08 23:24:50 -------- d---a-w- C:\Program Files (x86)\Speech2Go Voice Package
2016-04-07 2339 452465 ----a-w- C:\ProgramData\1460070187.bdinstall.bin
2016-04-06 15:05:06 -------- d-----w- C:\ProgramData\Dumps
2016-04-06 14:54:11 -------- d-----w- C:\Users\Kyle\AppData\Local\FluxSoftware
2016-04-06 0419 467025 ----a-w- C:\ProgramData\1459915245.bdinstall.bin
2016-04-05 13:57:28 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Nuance
2016-04-05 13:57:06 -------- d-----w- C:\Users\Kyle\AppData\Roaming\FLEXnet
2016-04-05 13:56:40 -------- d---a-w- C:\Program Files (x86)\Common Files\IVA
2016-04-05 13:56:37 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance
2016-04-05 13:56:21 -------- d-----w- C:\ProgramData\Nuance
2016-04-05 13:56:21 -------- d-----w- C:\Program Files (x86)\Nuance
2016-04-05 13:46:51 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2016-04-05 13:44:07 -------- d-----w- C:\Program Files (x86)\IVONA
2016-04-05 05:36:17 -------- d-----r- C:\Program Files (x86)\Skype
2016-04-05 05:30:48 -------- d-----w- C:\Users\Kyle\AppData\Roaming\qBittorrent
2016-04-05 05:30:41 -------- d-----w- C:\Users\Kyle\AppData\Local\qBittorrent
2016-04-05 05:30:37 -------- d-----w- C:\Program Files (x86)\qBittorrent
2016-04-05 03:17:01 404752 ----a-w- C:\WINDOWS\System32\PROUnstl.exe
2016-04-05 03:16:18 316736 ----a-w- C:\WINDOWS\System32\PRONtObj.dll
2016-04-05 03:16:17 155192 ----a-w- C:\WINDOWS\System32\drivers\iANSW60e.sys
2016-04-04 08:28:45 -------- d---a-w- C:\Program Files (x86)\Naturalsoft
2016-04-04 08:28:30 -------- d-----w- C:\Users\Kyle\AppData\Local\Downloaded Installations
2016-04-04 05:44:52 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Blackboard
2016-04-04 05:44:52 -------- d-----w- C:\Users\Kyle\AppData\Local\Programs
2016-04-04 05:44:52 -------- d-----w- C:\Users\Kyle\AppData\Local\Blackboard
2016-04-04 05:28:04 110144 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2016-04-04 05:28:04 -------- d-----w- C:\Users\Kyle\.oracle_jre_usage
2016-04-04 05:27:58 -------- d-----w- C:\ProgramData\Oracle
2016-04-03 0902 -------- d-----w- C:\Users\Kyle\AppData\Local\Intel
2016-04-03 09:05:50 21984 ----a-w- C:\WINDOWS\System32\drivers\semav6msr64.sys
2016-04-03 09:05:50 -------- d---a-w- C:\Program Files (x86)\Intel Driver Update Utility
2016-04-02 23:37:44 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2016-04-02 05:21:47 -------- d-----w- C:\Users\Kyle\AppData\Local\ElevatedDiagnostics
2016-04-02 03:31:59 -------- d-----w- C:\Users\Kyle\AppData\Roaming\TS3Client
2016-04-02 03:31:56 -------- d---a-w- C:\Program Files\TeamSpeak 3 Client
2016-04-02 03:28:45 405218 ----a-w- C:\ProgramData\1459564336.bdinstall.bin
2016-04-02 02:32:38 -------- d-----w- C:\Users\Kyle\AppData\Roaming\LolClient
2016-04-02 02:32:31 -------- d-----w- C:\ProgramData\bdch
.
==================== Find3M ====================
.
2016-04-06 18:32:08 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-04-06 18:32:08 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-04-05 03:16:23 90608 ----a-w- C:\WINDOWS\System32\NicInstD.dll
2016-04-05 03:16:23 125728 ----a-w- C:\WINDOWS\System32\NicCo4.dll
2016-04-05 03:16:22 75288 ----a-w- C:\WINDOWS\System32\e1dmsg.dll
2016-04-05 03:16:22 530416 ----a-w- C:\WINDOWS\System32\drivers\e1d65x64.sys
2016-04-02 04:13:14 369912 ----a-w- C:\WINDOWS\System32\audiodg.exe
2016-04-02 04:10:46 730344 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll
2016-04-02 04:10:39 374008 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2016-04-02 04:10:25 770640 ----a-w- C:\WINDOWS\System32\iuilp.dll
2016-04-02 03:30:16 151040 ----a-w- C:\WINDOWS\System32\VEStoreEventHandlers.dll
2016-04-02 03:29:38 127488 ----a-w- C:\WINDOWS\System32\VEDataLayerHelpers.dll
2016-04-02 03:29:29 83968 ----a-w- C:\WINDOWS\SysWow64\VEDataLayerHelpers.dll
2016-04-02 03:26:25 630272 ----a-w- C:\WINDOWS\System32\PhoneProviders.dll
2016-04-02 03:25:58 239104 ----a-w- C:\WINDOWS\SysWow64\NotificationObjFactory.dll
2016-04-02 03:25:42 278528 ----a-w- C:\WINDOWS\System32\NotificationObjFactory.dll
2016-04-02 03:23:44 219648 ----a-w- C:\WINDOWS\SysWow64\VEEventDispatcher.dll
2016-04-02 03:23:05 285696 ----a-w- C:\WINDOWS\System32\VEEventDispatcher.dll
2016-04-02 03:21:17 498688 ----a-w- C:\WINDOWS\System32\tileobjserver.dll
2016-04-02 03:19:00 1054208 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2016-04-02 03:18:47 988160 ----a-w- C:\WINDOWS\System32\SharedStartModel.dll
2016-04-02 03:15:47 1090048 ----a-w- C:\WINDOWS\System32\RDXService.dll
2016-04-02 03:14:35 3994624 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-04-02 03:09:17 1832448 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2016-04-02 03:08:48 2193408 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll
2016-04-02 03:07:41 2158592 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-04-02 03:07:22 3575296 ----a-w- C:\WINDOWS\System32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-02 03:03:52 4774912 ----a-w- C:\WINDOWS\System32\actxprxy.dll
2016-04-02 03:00:39 1390080 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-04-01 16:26:45 209408 ----a-w- C:\WINDOWS\SysWow64\msclmd.dll
2016-04-01 16:26:44 230912 ----a-w- C:\WINDOWS\System32\msclmd.dll
2016-04-01 08:22:16 438418 ----a-w- C:\ProgramData\1459498692.bdinstall.bin
2016-04-01 06:46:25 15872 ----a-w- C:\WINDOWS\System32\drivers\anodlwfx.sys
2016-03-30 18:25:08 3721216 ----a-w- C:\WINDOWS\SysWow64\lol.scr
2016-03-29 10:23:38 277856 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2016-03-29 10:22:12 874968 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-03-29 10:22:12 1030416 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-03-29 10:20:20 7474016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-03-29 10:20:19 1317640 ----a-w- C:\WINDOWS\System32\winload.efi
2016-03-29 10:20:19 1141504 ----a-w- C:\WINDOWS\System32\winload.exe
2016-03-29 10:20:17 2656952 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-29 10:18:46 2152280 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2016-03-29 10:15:23 100232 ----a-w- C:\WINDOWS\System32\omadmapi.dll
2016-03-29 10:05:03 1152864 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2016-03-29 10:02:09 989536 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2016-03-29 10:02:02 334736 ----a-w- C:\WINDOWS\System32\policymanager.dll
2016-03-29 09:56:37 1297752 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2016-03-29 09:37:57 1862008 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-03-29 09:28:18 115040 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-03-29 09:28:16 696664 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-03-29 09:25:23 58400 ----a-w- C:\WINDOWS\System32\SensorsNativeApi.dll
2016-03-29 09:25:13 258912 ----a-w- C:\WINDOWS\System32\drivers\ufx01000.sys
2016-03-29 09:19:37 296488 ----a-w- C:\WINDOWS\SysWow64\policymanager.dll
2016-03-29 09:18:27 185184 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2016-03-29 09:17:08 300104 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-03-29 09:13:11 986976 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2016-03-29 09:11:53 605440 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-03-29 09:11:27 74424 ----a-w- C:\WINDOWS\System32\easinvoker.exe
2016-03-29 09:10:44 110584 ----a-w- C:\WINDOWS\System32\srvcli.dll
2016-03-29 09:09:54 78040 ----a-w- C:\WINDOWS\System32\wkscli.dll
2016-03-29 09:08:38 358752 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2016-03-29 09:08:30 261376 ----a-w- C:\WINDOWS\System32\LsaIso.exe
2016-03-29 08:44:53 502104 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-03-29 08:44:50 84832 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-03-29 08:41:44 51128 ----a-w- C:\WINDOWS\SysWow64\SensorsNativeApi.dll
2016-03-29 08:41:04 630632 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-03-29 08:32:59 253088 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2016-03-29 08:26:06 2403680 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2016-03-29 08:26:01 1089888 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2016-03-29 08:25:44 56320 ----a-w- C:\WINDOWS\SysWow64\wkscli.dll
2016-03-29 08:24:25 294752 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2016-03-29 08:21:40 378208 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2016-03-29 08:17:11 89088 ----a-w- C:\WINDOWS\System32\MapsCSP.dll
2016-03-29 08:16:55 26112 ----a-w- C:\WINDOWS\System32\drivers\xinputhid.sys
2016-03-29 08:07:26 92160 ----a-w- C:\WINDOWS\System32\policymanagerprecheck.dll
2016-03-29 08:07:14 92160 ----a-w- C:\WINDOWS\System32\SensorsNativeApi.V2.dll
2016-03-29 08:07:14 31232 ----a-w- C:\WINDOWS\System32\wsdchngr.dll
2016-03-29 08:07:09 34816 ----a-w- C:\WINDOWS\System32\dmenterprisediagnostics.dll
2016-03-29 0814 12800 ----a-w- C:\WINDOWS\System32\oleacchooks.dll
2016-03-29 0804 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2016-03-29 08:05:52 38912 ----a-w- C:\WINDOWS\apppatch\apppatch64\AcWinRT.dll
2016-03-29 08:02:38 118272 ----a-w- C:\WINDOWS\System32\fontsub.dll
2016-03-29 08:01:15 541304 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-03-29 08:00:51 69632 ----a-w- C:\WINDOWS\System32\fveskybackup.dll
2016-03-29 08:00:40 28672 ----a-w- C:\WINDOWS\System32\mapsupdatetask.dll
2016-03-29 08:00:23 76800 ----a-w- C:\WINDOWS\System32\NetCfgNotifyObjectHost.exe
2016-03-29 07:59:20 27648 ----a-w- C:\WINDOWS\System32\LicenseManagerShellext.exe
2016-03-29 07:58:17 69632 ----a-w- C:\WINDOWS\System32\wininetlui.dll
2016-03-29 07:57:59 95744 ----a-w- C:\WINDOWS\System32\samlib.dll
2016-03-29 07:57:44 58368 ----a-w- C:\WINDOWS\System32\browcli.dll
2016-03-29 07:57:42 199168 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2016-03-29 07:57:22 74752 ----a-w- C:\WINDOWS\System32\MosStorage.dll
2016-03-29 07:55:34 36352 ----a-w- C:\WINDOWS\System32\tbauth.dll
2016-03-29 07:55:29 83968 ----a-w- C:\WINDOWS\System32\drivers\serial.sys
2016-03-29 07:55:24 120320 ----a-w- C:\WINDOWS\System32\MapsBtSvc.dll
2016-03-29 07:54:03 147456 ----a-w- C:\WINDOWS\System32\mtxoci.dll
2016-03-29 07:53:25 116224 ----a-w- C:\WINDOWS\System32\FontProvider.dll
2016-03-29 07:52:04 26112 ----a-w- C:\WINDOWS\System32\TokenBrokerCookies.exe
2016-03-29 07:51:53 167936 ----a-w- C:\WINDOWS\System32\dafBth.dll
2016-03-29 07:51:06 87040 ----a-w- C:\WINDOWS\System32\tzautoupdate.dll
.
============= FINISH: 15:14:40.09 ===============
Attached Files
File Type: txt attach.txt (20.0 KB, 367 views)
ktasdalf is offline  
Sponsored Links
Advertisement
 
Old 04-23-2016, 09:20 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-23-2016, 10:06 AM   #3
Registered Member
 
Join Date: Apr 2016
Posts: 8
OS: Windows 10



Hi Chemist,

Cheers for the prompt reply and having a look for me, I've attached the requested items. Please let me know if there is anything else you need.

Regards

Ktasdalf

# AdwCleaner v5.112 - Logfile created 24/04/2016 at 02:56:47
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 10 Education (X64)
# Username : Kyle - DESKTOP-QGJP544
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d16fk4ms6rqz1v.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d22j4fzzszoii2.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dwq4do82y8xi7.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dwq4do82y8xi7.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
[-] File Deleted : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1846 bytes] - [24/04/2016 02:56:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [1861 bytes] - [24/04/2016 02:56:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1992 bytes] ##########
Attached Files
File Type: txt FRST.txt (118.7 KB, 24 views)
File Type: txt Addition.txt (39.4 KB, 21 views)
ktasdalf is offline  
Sponsored Links
Advertisement
 
Old 04-23-2016, 01:22 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Ktasdalf.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    HKU\S-1-5-21-2268760855-601986481-115109782-1001\...\MountPoints2: {0f1199c0-ea68-11e5-85ce-d878f96b4d4a} - "E:\setup.EXE" /AUTORUN
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-04-23] (Wellbia.com Co., Ltd.)
    S0 b06bdrv; System32\drivers\bxvbda.sys [X]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-23-2016, 07:35 PM   #5
Registered Member
 
Join Date: Apr 2016
Posts: 8
OS: Windows 10



Hi Chemist,

The following is the fixlog I received.

Regards

Ktasdalf

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Kyle (2016-04-24 12:32:13) Run:1
Running from D:\Downloads
Loaded Profiles: Kyle (Available Profiles: Kyle)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
HKU\S-1-5-21-2268760855-601986481-115109782-1001\...\MountPoints2: {0f1199c0-ea68-11e5-85ce-d878f96b4d4a} - "E:\setup.EXE" /AUTORUN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-04-23] (Wellbia.com Co., Ltd.)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
EmptyTemp:
end

*****************

Restore point was successfully created.
"HKU\S-1-5-21-2268760855-601986481-115109782-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f1199c0-ea68-11e5-85ce-d878f96b4d4a}" => key removed successfully
HKCR\CLSID\{0f1199c0-ea68-11e5-85ce-d878f96b4d4a} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
xhunter1 => service removed successfully
b06bdrv => service removed successfully
EmptyTemp: => 949.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:32:26 ====
ktasdalf is offline  
Old 04-23-2016, 07:58 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



------------------------------------------------------

I see you have P2P software ( qBitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java(TM) 8 Update 77 (64-bit)

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-25-2016, 07:50 AM   #7
Registered Member
 
Join Date: Apr 2016
Posts: 8
OS: Windows 10



Hi Chemist,

I have attached the mbm log. The Eset did not find anything so it did not produce a log. I have removed java then followed the link and completed the removal process via the settings in java. I have opted to keep the Qbittorrent as I do actually use it for legitimate means. I appreciate the candid honesty on
it and I do understand that whilst the program itself does not contain malicious code, the files I download with it could possibly.

Regards

Ktasdalf
Attached Files
File Type: txt Chemistscan.txt (1.0 KB, 21 views)
ktasdalf is offline  
Old 04-25-2016, 01:22 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ktasdalf. You're very welcome.

How is the machine behaving? It appears any remaining problems are beyond malware.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-25-2016, 01:37 PM   #9
Registered Member
 
Join Date: Apr 2016
Posts: 8
OS: Windows 10



Hi Chemist,

So far so good, I haven't had any blue screens as of yet. I've had a few instances where the machine reset however I think this may be due to the 2 cards running in SLI burning a bit too hot. Might have to opt for 1 980 ti instead of 2 GTX 970's.

I'll keep an eye on it though and should I have any issues I'll pop back onto the forums. Just quick note though I have really appreciated the prompt and accurate assistance you have provided. I've never been one to expect a free lunch, do you guys have a facility where I might make a donation? I would like to give you guys a small token of my appreciation.

Other then that, thank you again for the assistance.

Regards

Ktasdalf
ktasdalf is offline  
Old 04-26-2016, 06:08 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Ktasdalf. You're very welcome!

We do have another forum dear to our hearts, and they need our help.

Please read this and contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
ASUS TP550LA - Screen flickering when on battery after Win 8.1 to Win 10 upgrade
Hello, Thank you in advance for any ideas you can throw my way. I've been scouring Google in my spare time for a couple weeks without any success. I bought an ASUS TP550LA last year for my girlfriend to use for school. It came with Windows 8 home basic (64-bit) and worked properly using...
Dubz Driver Support 8 01-03-2016 11:11 AM
BSODs on new install
OS - Windows 7 x64 What was original installed OS on system? OEM came with Vista, later upgraded to Windows 7 x86, recently to Windows 7 x64 full retail version Age of system (hardware) Main system was purchased 2007, DVD drives, motherboard original equipment. Two new HDD, Seagate...
KelvinF BSOD, App Crashes And Hangs 3 03-21-2013 07:42 PM
no audio after installing XP Pro SP3 to IBM T60
Sound worked fine before installing XP Pro SP3......after instal, no audio. No audio after installing XP Pro SP3 (from disc) on an IBM/Lenovo T60 ThinkPad. IBM/Lenovo drivers from Lenovo Support site for "Audio Device on High Definition Audio Bus" are not recognized when trying to install...
Ray G Windows XP Support 19 11-20-2012 07:15 AM
0X000000F4
Hello- Randomly my HP Pavilion running XP crashes with: 0X000000F4 0X000000003 0X8ACC9298 .... Any Clues- I ran all hardware tests with no issues. Thanks, Jeff
jfuchs10 BSOD, App Crashes And Hangs 9 08-15-2012 07:52 AM
[SOLVED] PSU and GPU
I'm wanted to upgrade my PSU and GPU to start running mid-high end games on mid-high end settings. I have been looking over Newegg but i'm not sure which PSU and GPU's are decent and are.. Money efficiant i think? :) Can you reccomend from these or others that may be better? PSU ...
entrity RAM and Power Supply Support 12 04-06-2011 02:54 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:11 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts