Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Computer Self Boots

This is a discussion on Computer Self Boots within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello, My computer has been self booting during the night without me setting it up to do so. I noticed


Closed Thread
 
Thread Tools Search this Thread
Old 01-27-2016, 07:01 AM   #1
Registered Member
 
Join Date: Sep 2012
Posts: 4
OS: Windows 7 64-bit



Hello,

My computer has been self booting during the night without me setting it up to do so. I noticed the issue when I first plugged in a couple of my external hard drives from when I used to use P2P sharing (nearly 5 years ago). I'm worried that my external hard drives are infected and if that has possibly spread to my gaming computer.

I've checked the BIOS to see if the PCIE setting was enabled and it is not. I'm very sorry if this turns out to be a hardware or BIOS issue.

Just in case: I'm running Windows 7 64-bit, Intel i5-4670, and a Asus Z-87 Pro Motherboard.

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18163 BrowserJavaVersion: 10.71.2
Run by Jonathan at 9:48:32 on 2016-01-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8131.4573 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\System32\svchost.exe -k utcsvc
G:\Hercules\drivers\amd64\HerculesDJControlMP3.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
G:\AutoDESK\Inventor 2015\Moldflow\bin\mitsijm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe
C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Jonathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
C:\Users\Jonathan\AppData\Local\MyComGames\MyComGames.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
G:\Hercules\HDJSeriesCPL.exe
C:\Windows\SysWOW64\WTClient.exe
C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
G:\Hercules\cpl2\HDJSeries2CPL.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Jonathan\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "C:\Users\Jonathan\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Jonathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Dropbox Update] "C:\Users\Jonathan\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [MyComGames] "C:\Users\Jonathan\AppData\Local\MyComGames\MyComGames.exe" -autostart
uRun: [Spotify] "C:\Users\Jonathan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [WTClient] WTClient.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOLIDW~1.LNK - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5D3E216B-DE68-4CD7-8306-C64AA082E8B3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5D3E216B-DE68-4CD7-8306-C64AA082E8B3}\84F4D454D214832323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5D3E216B-DE68-4CD7-8306-C64AA082E8B3}\86572736F596E6F597F627B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5D3E216B-DE68-4CD7-8306-C64AA082E8B3}\94F537169646F5249494949494453484 : DHCPNameServer = 162.150.8.16 68.87.66.234
TCP: Interfaces\{5D3E216B-DE68-4CD7-8306-C64AA082E8B3}\C45736B69734861627D637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CA7317F0-8FDC-4D9E-85CD-168C2447EB7F} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\msosb.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\btvstack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\athbttray.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Hercules DJ Series TrayAgent] C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe /boot
x64-Run: [Andy] C:\Program Files\Andy\HandyAndy.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-1-10 47512]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-29 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-29 274808]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-31 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-31 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-19 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 ngvss;ngvss;C:\Windows\System32\drivers\ngvss.sys [2015-7-20 115152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-1-29 1059656]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-1-29 449992]
R2 AdAppMgrSvc;Autodesk Application Manager Service;C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2015-1-21 599944]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2014-1-19 927232]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-6 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-29 90968]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-29 150672]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-11-29 232064]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2014-2-7 31192]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-8-7 146600]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-9-7 2787512]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HerculesDJControlMP3;Hercules DJ Control MP3;G:\Hercules\drivers\amd64\HerculesDJControlMP3.EXE [2014-3-24 50688]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-1-19 169432]
R2 mitsijm2015;Autodesk Simulation Moldflow MITSI 2015 Job Manager;G:\AutoDESK\Inventor 2015\Moldflow\bin\mitsijm.exe [2013-10-11 968480]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 124568]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-9-4 1721800]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-9-4 18974152]
R2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2015;C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [2015-11-10 238848]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-7-20 273824]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-11-29 327296]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-11-29 36480]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-7-20 4047768]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-11-29 341120]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-11-29 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-11-29 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-11-29 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-11-29 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-11-29 281728]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-11-29 551552]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-1-19 496400]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-19 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-19 786416]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-9-4 21448]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-9-4 40392]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\System32\drivers\PTSimBus.sys [2014-1-20 32128]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2014-1-19 23680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S2 Update ClearThink;Update ClearThink;"C:\Program Files (x86)\ClearThink\updateClearThink.exe" --> C:\Program Files (x86)\ClearThink\updateClearThink.exe [?]
S2 Util ClearThink;Util ClearThink;"C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe" --> C:\Program Files (x86)\ClearThink\bin\utilClearThink.exe [?]
S3 Bulk;HDJBulk;C:\Windows\System32\drivers\HDJBulk.sys [2014-3-24 296240]
S3 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [2015-10-14 69448]
S3 CoordinatorServiceHost;DTSInterops;C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [2015-11-11 81400]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-1-21 1357104]
S3 HDJMidi;DJ Control MP3 e2 MIDI;C:\Windows\System32\drivers\HDJMidi.sys [2014-3-24 276272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-1-13 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-8-14 178760]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\System32\drivers\PTSimHid.sys [2014-1-20 22912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-29 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-29 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2016-01-27 14:42:35 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53156E82-4572-4D98-AF67-5048FA93E06D}\offreg.1036.dll
2016-01-26 22:12:30 11154520 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53156E82-4572-4D98-AF67-5048FA93E06D}\mpengine.dll
2016-01-25 16:55:02 11154520 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-01-22 14:18:07 -------- d-----w- C:\Users\Jonathan\AppData\Local\Apps
2016-01-22 14:08:47 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D287F44-BC7D-4EF5-8909-CF7EB4BC7AD1}\gapaengine.dll
2016-01-18 08:00:30 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-01-17 15:23:10 -------- d-----w- C:\ProgramData\Simpoe
2016-01-17 15:22:28 -------- d-----w- C:\ProgramData\COSMOS Applications
2016-01-17 15:22:26 -------- d-----w- C:\ProgramData\SOLIDWORKS Flow Simulation
2016-01-17 15:21:32 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\help_images_otherUI
2016-01-17 05:56:58 -------- d-----w- C:\ProgramData\SOLIDWORKS
2016-01-17 05:56:58 -------- d-----w- C:\Program Files\Common Files\SOLIDWORKS Shared
2016-01-17 05:55:44 -------- d-----w- C:\SOLIDWORKS Data (2)
2016-01-17 05:47:56 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\DassaultSystemes
2016-01-17 05:47:56 -------- d-----w- C:\Users\Jonathan\AppData\Local\DassaultSystemes
2016-01-17 05:47:56 -------- d-----w- C:\ProgramData\DassaultSystemes
2016-01-17 05:47:52 -------- d-----w- C:\Users\Jonathan\AppData\Local\TempSWBackupDirectory
2016-01-17 05:44:14 -------- d-----w- C:\Users\Jonathan\AppData\Local\SolidWorks
2016-01-16 05:15:04 -------- d-----w- C:\Program Files\SOLIDWORKS Corp
2016-01-16 05:14:46 -------- d-----w- C:\Program Files (x86)\Common Files\SOLIDWORKS Shared
2016-01-16 05:14:28 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8
2016-01-16 05:14:04 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2016-01-16 05:13:54 -------- d-----w- C:\Program Files (x86)\MSECache
2016-01-16 05:13:45 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2016-01-16 04:56:51 -------- d-----w- C:\SOLIDWORKS Data
2016-01-16 04:55:37 -------- d-----w- C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager
2016-01-16 04:54:48 -------- d-----w- C:\Windows\SolidWorks
2016-01-16 04:54:48 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\SOLIDWORKS
2016-01-13 17:11:59 3211264 ----a-w- C:\Windows\System32\win32k.sys
2016-01-13 17:10:36 879104 ----a-w- C:\Windows\System32\advapi32.dll
2016-01-11 23:56:41 7168 ----a-w- C:\Windows\System32\kbdgeoqw.dll
2016-01-11 23:56:41 7168 ----a-w- C:\Windows\System32\KBDAZEL.DLL
2016-01-11 23:56:41 69120 ----a-w- C:\Windows\SysWow64\nlsbres.dll
2016-01-11 23:56:41 69120 ----a-w- C:\Windows\System32\nlsbres.dll
2016-01-11 23:56:41 6656 ----a-w- C:\Windows\SysWow64\kbdgeoqw.dll
2016-01-11 23:56:41 6656 ----a-w- C:\Windows\SysWow64\KBDAZEL.DLL
2016-01-11 17:15:17 241664 ----a-w- C:\Windows\System32\els.dll
2016-01-11 17:15:17 179712 ----a-w- C:\Windows\SysWow64\els.dll
2016-01-11 17:13:52 -------- d-----w- C:\Program Files\Common Files\AV
2016-01-11 17:13:52 -------- d-----w- C:\Program Files (x86)\Common Files\AV
.
==================== Find3M ====================
.
2016-01-21 16:58:11 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-01-21 16:58:11 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-30 19:08:35 5572544 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-12-30 19:08:34 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-12-30 19:08:34 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-12-30 19:05:33 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-12-30 19:02:28 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-12-30 19:02:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-12-30 19:02:28 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-12-30 19:02:17 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-12-30 19:02:13 210432 ----a-w- C:\Windows\System32\wdigest.dll
2015-12-30 19:02:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-12-30 19:01:56 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2015-12-30 19:01:56 135680 ----a-w- C:\Windows\System32\sspicli.dll
2015-12-30 19:01:55 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-12-30 19:01:55 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-12-30 19:01:14 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-12-30 19:01:12 344064 ----a-w- C:\Windows\System32\schannel.dll
2015-12-30 19:01:10 1214464 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-12-30 19:00:23 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2015-12-30 18:59:11 312320 ----a-w- C:\Windows\System32\ncrypt.dll
2015-12-30 18:59:07 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-12-30 18:59:02 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-12-30 18:58:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-12-30 18:58:00 1461248 ----a-w- C:\Windows\System32\lsasrv.dll
2015-12-30 18:57:55 729600 ----a-w- C:\Windows\System32\kerberos.dll
2015-12-30 18:57:55 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2015-12-30 18:55:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-12-30 18:55:45 43520 ----a-w- C:\Windows\System32\cryptbase.dll
2015-12-30 18:55:44 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-12-30 18:47:23 3993536 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-12-30 18:47:23 3938240 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-12-30 18:44:26 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-12-30 18:41:32 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-12-30 18:41:31 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-12-30 18:41:31 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-12-30 18:41:31 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-12-30 18:41:17 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-12-30 18:41:11 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-12-30 18:41:03 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-12-30 18:40:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-12-30 18:40:28 251392 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-12-30 18:39:38 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-12-30 18:39:35 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-12-30 18:39:32 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-12-30 18:39:17 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-12-30 18:38:56 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-12-30 18:38:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-12-30 17:57:51 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-12-30 17:50:50 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-12-30 17:49:09 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-12-30 17:44:49 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-12-30 17:43:39 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-12-30 17:42:48 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-12-30 17:42:41 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-12-30 17:41:07 30720 ----a-w- C:\Windows\System32\lsass.exe
2015-12-30 17:41:00 112640 ----a-w- C:\Windows\System32\smss.exe
2015-12-30 17:32:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-12-30 17:32:53 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-12-30 17:32:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-12-30 17:32:51 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-12-30 17:30:55 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-12-30 17:30:40 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-12-30 17:30:40 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-30 17:30:40 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-12-30 17:30:40 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-12-12 18:31:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-12-12 18:30:59 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-12-12 18:16:29 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-12-12 18:15:46 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-12-12 18:15:40 417792 ----a-w- C:\Windows\System32\html.iec
2015-12-12 18:15:09 571904 ----a-w- C:\Windows\System32\vbscript.dll
2015-12-12 18:14:59 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-12-12 18:07:27 6051328 ----a-w- C:\Windows\System32\jscript9.dll
2015-12-12 18:02:34 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-12-12 18:02:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-12-12 18:02:19 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-12-12 17:55:26 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-12-12 17:49:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-12-12 17:44:06 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-12-12 17:37:41 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-12-12 17:37:39 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-12-12 17:37:05 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-12-12 17:36:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-12-12 17:36:04 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-12-12 17:27:24 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-12-12 17:27:04 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-12-12 17:21:12 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-12-12 17:20:50 2123264 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-12-12 17:14:57 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-12-12 17:09:47 4610560 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-12-12 1702 2487808 ----a-w- C:\Windows\System32\wininet.dll
2015-12-12 17:00:20 2050560 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-12-12 17:00:09 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-12-12 16:41:25 2011136 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-12-11 18:57:53 1164800 ----a-w- C:\Windows\System32\aeinv.dll
2015-12-10 00:58:16 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2015-12-09 03:39:31 301728 ------w- C:\Windows\System32\MpSigStub.exe
2015-12-08 21:54:13 902144 ----a-w- C:\Windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54:13 815616 ----a-w- C:\Windows\SysWow64\WMADMOE.DLL
.
============= FINISH: 9:48:42.08 ===============
Attached Files
File Type: txt attach.txt (10.8 KB, 31 views)
JoniiBoii is offline  
Sponsored Links
Advertisement
 
Old 01-29-2016, 12:53 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing any sign of infection in your logs so far.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, avast! and Security Essentials.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-31-2016, 08:19 PM   #3
Registered Member
 
Join Date: Sep 2012
Posts: 4
OS: Windows 7 64-bit



AdwCleaner:

# AdwCleaner v5.032 - Logfile created 31/01/2016 at 23:09:11
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jonathan - RAVEN
# Running from : C:\Users\Jonathan\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : Update ClearThink
[-] Service Deleted : Util ClearThink

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\ClearThink
[!] Folder Not Deleted : C:\Program Files (x86)\ClearThink

***** [ Files ] *****

[-] File Deleted : C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[!] Key Not Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update ClearThink
[!] Key Not Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util ClearThink
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKU\S-1-5-21-426444692-98117262-4091412012-1000\Software\InstallCore
[!] Key Not Deleted : HKU\S-1-5-21-426444692-98117262-4091412012-1000\Software\Optimizer Pro
[!] Key Not Deleted : HKU\S-1-5-21-426444692-98117262-4091412012-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3323 bytes] ##########


CKScanner:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\pharossystems\core\ctskmstr.exe
c:\program files (x86)\pharossystems\core\ctskmstr.exe.config
c:\steam library\steamapps\common\dark souls prepare to die edition\data\dsfixkeys.ini
scanner sequence 3.AB.11.TKAAI0
----- EOF -----


I see in the CKScanner file that it picked up the "Pharos System" and I just wanted to point out that particular program is what my university uses as a print management system. The Dark Souls dsfixkeys on the other hand is an add on that could be removed and I wouldn't miss it.

Finally: As I was uninstalling MS Security Essentials, I saw there was a setting for a scan at 2AM on Sundays. Could it be that Security Essentials was waking up my computer to run a scan?
JoniiBoii is offline  
Sponsored Links
Advertisement
 
Old 02-01-2016, 06:01 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello JoniiBoii. Not sure if MSE would be the reason for the reboots during the morning.

And, that dsfixkeys.ini file isn't a crack, so no worries there.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-14-2016, 03:02 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Need Help please!!!
I recently bought an hp mini 210-1199dx notebook from a pawnshop. it worked fine for about 3 days. now when i log on in normal mode i cannt browse the internet. IE says it cannot display the web page. I use wifi from my apartments. ive never had any problems from previous computers ive had using...
Sil_kisses Inactive Malware Help Topics 32 12-01-2012 06:40 AM
BSOD with new vegas
Hi, I usually played this game fine, it BSOD a couple of time during gameplay but they were always isoleted accidents. Now I've re installed it and Every time I go out of the first building it BSOD after the loading screen. I've done a memory check and it came out without errors. Can someone...
Eingya PC Gaming Support 2 11-21-2012 03:31 PM
~*~Mixed Bag of Problems~*~
Hi, everyone! I have had a lot of problems with my computer lately and I'm hoping someone would be able to help me out. The most pressing issue right now is that my e-mail is sending out Spam links when I'm not even on my computer. The first time it happened, I changed my password, but tonight the...
TabbyCat725 Virus/Trojan/Spyware Help 156 07-09-2012 07:50 PM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:06 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts