Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Computer Acting Strange, High CPU, many connections, Thanks in advance for Help!!

This is a discussion on Computer Acting Strange, High CPU, many connections, Thanks in advance for Help!! within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Please tell me what you would like me to run, which log to get, etc. Thanks so much for your


Closed Thread
 
Thread Tools Search this Thread
Old 11-07-2015, 06:29 AM   #1
Registered Member
 
Join Date: Nov 2015
Posts: 4
OS: Win 7 Pro



Please tell me what you would like me to run, which log to get, etc.

Thanks so much for your help!!
VSTICKETS is offline  
Sponsored Links
Advertisement
 
Old 11-07-2015, 01:55 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



https://www.techsupportforum.com/foru...lp-305963.html
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-09-2015, 07:34 AM   #3
Registered Member
 
Join Date: Nov 2015
Posts: 4
OS: Win 7 Pro



FF - prefs.js: network.proxy.ssl_port - 29842
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Soda PDF 6\np-previewer.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\RyanTix\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
.
---- FIREFOX POLICIES ----
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2015-4-25 567216]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2015-4-25 24496]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2015-4-25 22128]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-5-5 2780856]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HP DS Service;HP DS Service;C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2011-10-17 13824]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2015-4-25 7168]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2015-2-12 262920]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2015-2-16 417288]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2015-2-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2015-4-29 72216]
R2 Soda PDF 6 Creator;Soda PDF 6 Creator;C:\Program Files (x86)\Soda PDF 6\creator-ws.exe [2014-8-27 621408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-4-25 410768]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2012-4-20 97880]
R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2015-4-26 2725376]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-10-3 215296]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-10-3 70912]
R3 Soda PDF 6;Soda PDF 6;C:\Program Files (x86)\Soda PDF 6\ws.exe [2014-8-27 1655136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2015-3-17 216576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2015-5-7 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2015-4-25 30528]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2015-4-25 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-10-14 114688]
S3 LULU Software CrashHandler;LULU Software CrashHandler;C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [2014-8-27 744800]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2015-5-14 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-4-26 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-4-26 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-4-26 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-4-26 1255736]
.
=============== Created Last 30 ================
.
2015-11-08 10:32:47 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9429D6C-127E-42AF-8B88-E0BD788F4191}\offreg.4184.dll
2015-11-07 13:29:05 -------- d-sh--w- C:\$RECYCLE.BIN
2015-11-07 13:25:17 98816 ----a-w- C:\Windows\sed.exe
2015-11-07 13:25:17 256000 ----a-w- C:\Windows\PEV.exe
2015-11-07 13:25:17 208896 ----a-w- C:\Windows\MBR.exe
2015-11-07 00:01:53 11140960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9429D6C-127E-42AF-8B88-E0BD788F4191}\mpengine.dll
2015-10-16 08:58:56 189136 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2015-10-15 06:18:32 766464 ----a-w- C:\Windows\System32\generaltel.dll
2015-10-15 06:18:32 73216 ----a-w- C:\Windows\System32\acmigration.dll
2015-10-15 06:18:32 700416 ----a-w- C:\Windows\System32\invagent.dll
2015-10-15 06:18:32 503808 ----a-w- C:\Windows\System32\devinv.dll
2015-10-15 06:18:32 25432 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-10-15 06:18:32 1291264 ----a-w- C:\Windows\System32\appraiser.dll
2015-10-15 06:18:32 1163776 ----a-w- C:\Windows\System32\aeinv.dll
2015-10-14 09:59:56 5569472 ----a-w- C:\Windows\System32\ntoskrnl.exe
.
==================== Find3M ====================
.
2015-11-07 10:09:25 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-29 20:11:18 122400 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2015-10-29 20:11:17 35328 ----a-w- C:\Windows\System32\LMIport.dll
2015-10-29 20:11:17 107008 ----a-w- C:\Windows\System32\LMIinit.dll
2015-10-17 08:41:05 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-10-17 08:41:05 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-01 1849 692672 ----a-w- C:\Windows\System32\winload.efi
2015-10-01 18:04:11 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-10-01 18:00:59 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-10-01 18:00:43 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-10-01 18:00:43 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-10-01 18:00:06 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-10-01 18:00:06 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-10-01 17:50:35 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-10-01 17:00:54 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-09-29 03:13:50 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-09-29 03:11:19 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-09-29 03:11:19 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-09-29 03:11:19 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-09-29 03:11:19 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-09-29 03:11:06 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-09-29 03:11:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-09-29 03:11:01 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-09-29 03:11:01 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-09-29 03:10:59 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-09-29 03:10:56 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-09-29 03:10:55 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-09-29 03:10:53 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-09-29 03:10:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2015-09-29 03:10:47 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-09-29 03:10:47 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-09-29 03:10:47 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-09-29 03:10:30 112640 ----a-w- C:\Windows\System32\smss.exe
2015-09-29 03:10:25 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-09-29 03:09:59 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-09-29 03:09:53 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-09-29 03:05:56 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-09-29 03:05:36 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-09-29 03:05:01 3990976 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-09-29 03:05:01 3936192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-09-29 03:02:09 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-09-29 02:59:20 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-09-29 02:59:17 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-09-29 02:59:16 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-09-29 02:59:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-09-29 02:59:08 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-09-29 02:59:04 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-09-29 02:58:57 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-09-29 02:58:57 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-09-29 02:58:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-09-29 02:58:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-09-29 02:58:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-09-29 02:57:53 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-09-29 02:57:53 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-09-29 02:57:52 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-09-29 02:53:44 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-09-29 02:53:28 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-09-29 01:50:29 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-09-29 01:49:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-09-29 01:49:31 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-09-29 01:43:29 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-09-29 01:43:27 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-09-29 01:40:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-09-29 01:40:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-29 01:40:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-29 01:40:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-09-25 18:07:19 98816 ----a-w- C:\Windows\System32\wudriver.dll
2015-09-25 18:07:19 3168768 ----a-w- C:\Windows\System32\wucltux.dll
2015-09-25 18:07:19 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2015-09-25 1854 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-09-25 1844 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-09-25 1840 37888 ----a-w- C:\Windows\System32\wuapp.exe
2015-09-25 17:59:08 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-09-25 17:59:08 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-09-25 17:58:25 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-09-16 04:36:53 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-09-16 04:36:43 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-09-16 04:22:21 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-09-16 04:21:39 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-09-16 04:21:33 417792 ----a-w- C:\Windows\System32\html.iec
2015-09-16 04:21:27 585728 ----a-w- C:\Windows\System32\vbscript.dll
2015-09-16 04:21:17 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-09-16 04:09:30 5990912 ----a-w- C:\Windows\System32\jscript9.dll
2015-09-16 04:08:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-09-16 04:08:38 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-09-16 04:08:23 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-09-16 04:01:30 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-09-16 03:50:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-09-16 03:45:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-09-16 03:33:26 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-09-16 03:33:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-09-16 03:32:33 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-09-16 03:32:24 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-09-16 03:31:57 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-09-16 03:28:33 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-09-16 03:26:47 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-09-16 03:23:01 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-09-16 03:22:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-09-16 03:11:12 2487808 ----a-w- C:\Windows\System32\wininet.dll
2015-09-16 03:10:46 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
.
============= FINISH: 8:31:45.23 ===============
Attached Files
File Type: txt attach.txt (4.2 KB, 17 views)
VSTICKETS is offline  
Sponsored Links
Advertisement
 
Old 11-09-2015, 10:30 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears you didn't post the entire DDS.txt log in your last reply. The top half is missing.

Press the Windows "logo" key and "R" key then copy/paste the following into the Run box and click OK:

%temp%\dds.txt

A text file should open. Please copy/paste all the contents of that file in your next reply.

------------------------------------------------------

Who instructed you to run ComboFix? As stated in the disclaimer you had to pass when running ComboFix, it is not intended for unsupervised use.

As you also should have read here in Step 2 of our First Steps thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix.txt

A text file should open. Please copy/paste the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-09-2015, 10:33 AM   #5
Registered Member
 
Join Date: Nov 2015
Posts: 4
OS: Win 7 Pro



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18057 BrowserJavaVersion: 11.65.2
Run by RyanTix at 8:31:39 on 2015-11-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.65453.57370 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Soda PDF 6\creator-ws.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\OBroker.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Soda PDF 6\ws.exe
C:\Users\RyanTix\Documents\TB\Automatick TM\AutomatickTM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Tickpro\TicketMaster Spinner Bot with LiveNation-update\TicketMaster Spinner Bot.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uProxyServer = 104.251.91.113:29842
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
BHO: Soda PDF 6 Helper: {ACEC6276-3D7B-4AA9-BE79-23520A23026D} - C:\Program Files (x86)\Soda PDF 6\creator-ie-helper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
TB: Soda PDF 6 Toolbar: {35251526-B7A4-44E4-8B2E-FD62AE267B82} - C:\Program Files (x86)\Soda PDF 6\creator-ie-plugin.dll
TB: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
uRun: [Dropbox Update] "C:\Users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_F9D5FAED6397588C0DB5E8C28DA2DACC] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\RyanTix\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\RyanTix\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3FA49138-AED4-4259-A325-619D4DD75A9B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{63235F66-C246-42A3-823A-778877255591} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 104.251.83.100
FF - prefs.js: network.proxy.ftp_port - 29842
FF - prefs.js: network.proxy.http - 104.251.83.100
FF - prefs.js: network.proxy.http_port - 29842
FF - prefs.js: network.proxy.socks - 104.251.83.100
FF - prefs.js: network.proxy.socks_port - 29842
FF - prefs.js: network.proxy.ssl - 104.251.83.100
FF - prefs.js: network.proxy.ssl_port - 29842
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Soda PDF 6\np-previewer.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\RyanTix\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
.
---- FIREFOX POLICIES ----
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2015-4-25 567216]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2015-4-25 24496]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2015-4-25 22128]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-5-5 2780856]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HP DS Service;HP DS Service;C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [2011-10-17 13824]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2015-4-25 7168]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2015-2-12 262920]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2015-2-16 417288]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2015-2-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2015-4-29 72216]
R2 Soda PDF 6 Creator;Soda PDF 6 Creator;C:\Program Files (x86)\Soda PDF 6\creator-ws.exe [2014-8-27 621408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-4-25 410768]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2012-4-20 97880]
R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2015-4-26 2725376]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-10-3 215296]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-10-3 70912]
R3 Soda PDF 6;Soda PDF 6;C:\Program Files (x86)\Soda PDF 6\ws.exe [2014-8-27 1655136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2015-3-17 216576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2015-5-7 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2015-4-25 30528]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2015-4-25 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-10-14 114688]
S3 LULU Software CrashHandler;LULU Software CrashHandler;C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [2014-8-27 744800]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2015-5-14 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-4-26 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-4-26 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-4-26 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-4-26 1255736]
.
=============== Created Last 30 ================
.
2015-11-08 10:32:47 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9429D6C-127E-42AF-8B88-E0BD788F4191}\offreg.4184.dll
2015-11-07 13:29:05 -------- d-sh--w- C:\$RECYCLE.BIN
2015-11-07 13:25:17 98816 ----a-w- C:\Windows\sed.exe
2015-11-07 13:25:17 256000 ----a-w- C:\Windows\PEV.exe
2015-11-07 13:25:17 208896 ----a-w- C:\Windows\MBR.exe
2015-11-07 00:01:53 11140960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9429D6C-127E-42AF-8B88-E0BD788F4191}\mpengine.dll
2015-10-16 08:58:56 189136 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2015-10-15 06:18:32 766464 ----a-w- C:\Windows\System32\generaltel.dll
2015-10-15 06:18:32 73216 ----a-w- C:\Windows\System32\acmigration.dll
2015-10-15 06:18:32 700416 ----a-w- C:\Windows\System32\invagent.dll
2015-10-15 06:18:32 503808 ----a-w- C:\Windows\System32\devinv.dll
2015-10-15 06:18:32 25432 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-10-15 06:18:32 1291264 ----a-w- C:\Windows\System32\appraiser.dll
2015-10-15 06:18:32 1163776 ----a-w- C:\Windows\System32\aeinv.dll
2015-10-14 09:59:56 5569472 ----a-w- C:\Windows\System32\ntoskrnl.exe
.
==================== Find3M ====================
.
2015-11-07 10:09:25 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-29 20:11:18 122400 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2015-10-29 20:11:17 35328 ----a-w- C:\Windows\System32\LMIport.dll
2015-10-29 20:11:17 107008 ----a-w- C:\Windows\System32\LMIinit.dll
2015-10-17 08:41:05 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-10-17 08:41:05 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-01 1849 692672 ----a-w- C:\Windows\System32\winload.efi
2015-10-01 18:04:11 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-10-01 18:00:59 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-10-01 18:00:43 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-10-01 18:00:43 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-10-01 18:00:06 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-10-01 18:00:06 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-10-01 17:50:35 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-10-01 17:00:54 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-09-29 03:13:50 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-09-29 03:11:19 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-09-29 03:11:19 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-09-29 03:11:19 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-09-29 03:11:19 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-09-29 03:11:06 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-09-29 03:11:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-09-29 03:11:01 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-09-29 03:11:01 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-09-29 03:10:59 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-09-29 03:10:56 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-09-29 03:10:55 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-09-29 03:10:53 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-09-29 03:10:53 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2015-09-29 03:10:47 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-09-29 03:10:47 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-09-29 03:10:47 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-09-29 03:10:30 112640 ----a-w- C:\Windows\System32\smss.exe
2015-09-29 03:10:25 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-09-29 03:09:59 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-09-29 03:09:53 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-09-29 03:05:56 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-09-29 03:05:36 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-09-29 03:05:01 3990976 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-09-29 03:05:01 3936192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-09-29 03:02:09 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-09-29 02:59:20 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-09-29 02:59:17 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-09-29 02:59:16 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-09-29 02:59:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-09-29 02:59:08 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-09-29 02:59:04 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-09-29 02:58:57 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-09-29 02:58:57 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-09-29 02:58:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-09-29 02:58:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-09-29 02:58:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-09-29 02:57:53 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-09-29 02:57:53 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-09-29 02:57:52 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-09-29 02:53:44 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-09-29 02:53:28 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-09-29 01:50:29 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-09-29 01:49:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-09-29 01:49:31 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-09-29 01:43:29 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-09-29 01:43:27 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-09-29 01:40:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-09-29 01:40:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-29 01:40:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-29 01:40:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-09-25 18:07:19 98816 ----a-w- C:\Windows\System32\wudriver.dll
2015-09-25 18:07:19 3168768 ----a-w- C:\Windows\System32\wucltux.dll
2015-09-25 18:07:19 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2015-09-25 1854 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-09-25 1844 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-09-25 1840 37888 ----a-w- C:\Windows\System32\wuapp.exe
2015-09-25 17:59:08 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-09-25 17:59:08 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-09-25 17:58:25 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-09-16 04:36:53 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-09-16 04:36:43 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-09-16 04:22:21 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-09-16 04:21:39 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-09-16 04:21:33 417792 ----a-w- C:\Windows\System32\html.iec
2015-09-16 04:21:27 585728 ----a-w- C:\Windows\System32\vbscript.dll
2015-09-16 04:21:17 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-09-16 04:09:30 5990912 ----a-w- C:\Windows\System32\jscript9.dll
2015-09-16 04:08:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-09-16 04:08:38 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-09-16 04:08:23 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-09-16 04:01:30 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-09-16 03:50:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-09-16 03:45:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-09-16 03:33:26 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-09-16 03:33:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-09-16 03:32:33 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-09-16 03:32:24 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-09-16 03:31:57 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-09-16 03:28:33 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-09-16 03:26:47 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-09-16 03:23:01 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-09-16 03:22:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-09-16 03:11:12 2487808 ----a-w- C:\Windows\System32\wininet.dll
2015-09-16 03:10:46 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
.
============= FINISH: 8:31:45.23 ===============
VSTICKETS is offline  
Old 11-09-2015, 10:34 AM   #6
Registered Member
 
Join Date: Nov 2015
Posts: 4
OS: Win 7 Pro



ComboFix 15-11-05.01 - RyanTix 11/07/2015 6:25.1.12 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.65453.60693 [GMT -7:00]
Running from: c:\users\RyanTix\Documents\123.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-10-07 to 2015-11-07 )))))))))))))))))))))))))))))))
.
.
2015-11-07 13:28 . 2015-11-07 13:28 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2015-11-07 13:28 . 2015-11-07 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-07 10:09 . 2015-11-07 10:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-11-07 00:01 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9429D6C-127E-42AF-8B88-E0BD788F4191}\mpengine.dll
2015-10-16 08:58 . 2015-10-16 08:58 189136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2015-10-15 06:18 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 06:18 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 06:18 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 06:18 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 06:18 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 06:18 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 06:18 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-10-14 09:59 . 2015-09-29 03:16 5569472 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-07 10:09 . 2015-07-07 22:40 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-10-30 12:40 . 2015-05-06 04:48 632432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-10-29 20:11 . 2015-04-29 19:03 122400 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2015-10-29 20:11 . 2015-04-29 19:03 35328 ----a-w- c:\windows\system32\LMIport.dll
2015-10-29 20:11 . 2015-04-29 19:03 107008 ----a-w- c:\windows\system32\LMIinit.dll
2015-10-17 08:41 . 2015-04-26 07:07 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-17 08:41 . 2015-04-26 07:07 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-15 09:02 . 2015-04-26 07:38 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-14 09:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-02 03:04 . 2015-09-09 13:57 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 13:57 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 13:57 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 13:57 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 13:57 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 13:57 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 13:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 13:57 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 13:57 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 13:57 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 13:57 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-09 13:57 2004480 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-09 13:57 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-09 13:57 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-09 13:57 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-09 13:57 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-09 13:57 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-09 13:57 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 13:57 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-15 14:55 . 2015-04-29 19:03 122752 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2015-08-15 14:55 . 2015-04-29 19:03 107368 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ACEC6276-3D7B-4AA9-BE79-23520A23026D}]
2014-08-28 03:39 38752 ----a-w- c:\program files (x86)\Soda PDF 6\creator-ie-helper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{35251526-B7A4-44E4-8B2E-FD62AE267B82}"= "c:\program files (x86)\Soda PDF 6\creator-ie-plugin.dll" [2014-08-28 479584]
.
[HKEY_CLASSES_ROOT\clsid\{35251526-b7a4-44e4-8b2e-fd62ae267b82}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{4255D129-EA58-4912-9C1E-95A57D3865B2}]
[HKEY_CLASSES_ROOT\PDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-06 04:52 329376 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-19 134512]
"GoogleChromeAutoLaunch_F9D5FAED6397588C0DB5E8C28DA2DACC"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-10-20 811848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe" [2012-03-15 286720]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-10-03 47616]
"Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2014-02-07 435712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-07 597040]
.
c:\users\RyanTix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\RyanTix\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 36711472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LULU Software CrashHandler;LULU Software CrashHandler;c:\program files (x86)\Soda PDF 6\crash-handler-ws.exe;c:\program files (x86)\Soda PDF 6\crash-handler-ws.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Soda PDF 6;Soda PDF 6;c:\program files (x86)\Soda PDF 6\ws.exe;c:\program files (x86)\Soda PDF 6\ws.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 Soda PDF 6 Creator;Soda PDF 6 Creator;c:\program files (x86)\Soda PDF 6\creator-ws.exe;c:\program files (x86)\Soda PDF 6\creator-ws.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-24 05:02 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-26 08:41]
.
2015-11-07 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000Core.job
- c:\users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:52]
.
2015-11-07 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1943265577-1131406837-4153604767-1000UA.job
- c:\users\RyanTix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 15:52]
.
2015-11-07 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job
- c:\users\RyanTix\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-10-29 19:59]
.
2015-11-07 c:\windows\Tasks\G2MUploadTask-S-1-5-21-1943265577-1131406837-4153604767-1000.job
- c:\users\RyanTix\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-10-29 19:59]
.
2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08 01:31]
.
2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08 01:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-06 04:52 358064 ----a-w- c:\users\RyanTix\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-10-30 12:41 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34 232712 ----a-w- c:\users\RyanTix\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2015-02-16 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 104.251.91.113:29842
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\RyanTix\AppData\Roaming\Mozilla\Firefox\Profiles\6x4bcklr.default-1431047896472\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 104.251.83.100
FF - prefs.js: network.proxy.ftp_port - 29842
FF - prefs.js: network.proxy.http - 104.251.83.100
FF - prefs.js: network.proxy.http_port - 29842
FF - prefs.js: network.proxy.socks - 104.251.83.100
FF - prefs.js: network.proxy.socks_port - 29842
FF - prefs.js: network.proxy.ssl - 104.251.83.100
FF - prefs.js: network.proxy.ssl_port - 29842
FF - prefs.js: network.proxy.type - 1
user_pref(extensions.autoDisableScopes,14);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-07 06:29:02
ComboFix-quarantined-files.txt 2015-11-07 13:29
.
Pre-Run: 62,720,905,216 bytes free
Post-Run: 62,332,891,136 bytes free
.
- - End Of File - - F599B7E8CA5D67F4B809660EE8EEE1D9
VSTICKETS is offline  
Old 11-09-2015, 01:52 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello VSTICKETS. I'm not seeing any sign of infection in your logs. Not all problems are caused by malware.

Are you using a proxy server?

Quote:
uProxyServer = 104.251.91.113:29842
------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

Let me know your intentions for an antivirus program, and/or if you need a suggestion.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.0.1024.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

AdwCleaner[C#].txt
MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-16-2015, 12:26 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Freezing/Stuttering while playing Diablo 3.
Hi, after 2 days of trying to fix this myself and doing all the research I could, I haven't found a fix, so I'm finally making a topic. Description of problem: During gameplay anywhere from every 3-30 seconds my screen will freeze for 0.5-3.0 seconds. These freezes are noticeably worse when...
HBDomo PC Gaming Support 9 09-05-2015 09:41 AM
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
CPU Fan Loud
I'm sorry if this is not the right place, but I have no idea where to put this. So, I've had this computer for about 2 years now, and recently the computer has been making some loud noises. Starting yesterday, the computer's been making very worrying buzzing noises. Through a variety of...
orionstar Overclocking 13 03-15-2011 05:59 AM
Windows 7 BSOD - Memory management
Been getting BSOD. Sometimes twice a night, sometimes none. This hass been for weeks. Sometimes I get stuck in a reboot loop, sometimes it wants to run Repair, sometimes it wants me to choose safe mode/no safe mode. Pulled out two 1GB sticks of old dell memory yesterday when it was stuck in a...
dj-anakin BSOD, App Crashes And Hangs 7 02-21-2011 03:27 PM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:42 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts