Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Crazy Popups Nonstop!

This is a discussion on Crazy Popups Nonstop! within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I am getting like 15 ad windows and tabs popping up every 20 seconds on all three of my browsers


Closed Thread
 
Thread Tools Search this Thread
Old 05-06-2017, 07:56 PM   #1
Registered Member
 
Join Date: May 2017
Posts: 7
OS: Win10



I am getting like 15 ad windows and tabs popping up every 20 seconds on all three of my browsers (chrome / opera / firefox). It slows them down a lot and I could barely make this post. Please help!

I also can't install some programs (like notepad++) as they give an error.

I tried scanning with malwarebytes, super antispyware, and spybot and they all said I was clean...

I have access to a Windows 10 install DVD.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.953
Run by Eagleheart at 19:32:31 on 2017-05-06
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.4087.1319 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Windows\SysWOW64\nalserv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Windows\SysWOW64\nlssrv32.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
C:\Program Files\Avid\Cloud Client Services\AssetDeliveryService.exe
C:\Program Files\Avid\Cloud Client Services\ProjectSyncService.exe
C:\Program Files\Avid\Cloud Client Services\TransportClient.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\InputMethod\CHS\ChsIME.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\ProgramData\{E39C195D-5437-AEF6-E760-32D15EAA0A04}\67D4855E-D07F-32F5-F3B5-C59E6BD3F961.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Avid\Application Manager\AvidApplicationManager.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Windows\System32\InstallAgent.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files (x86)\Avid\Application Manager\AvidAppManHelper.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
svchost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\Users\EAGLEH~1\AppData\Local\Temp\nse13F0.tmp\PEV.DAT
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uSearch Bar = Google
uSearch Page = Google
uProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = wscript,
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
uRun: [Google Update] C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [Spotify Web Helper] "C:\Users\Eagleheart\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Eagleheart\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [Dropbox Update] "C:\Users\Eagleheart\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN47N3933Q05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
uRun: [need] "C:\Program Files (x86)\gigas\commonality.exe"
uRun: [kareem] "C:\Program Files (x86)\gigas\commonality.exe"
uRun: [spheres] "C:\Program Files (x86)\smee\spheres.exe"
uRun: [quickens] "C:\Program Files (x86)\gigas\commonality.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [AppManHelper] C:\Program Files (x86)\Avid\Application Manager\AvidAppManHelper.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [BestCleaner] "C:\Program Files (x86)\BestCleaner\BestCleaner.exe"
mRun: [shylock] "C:\Program Files (x86)\gigas\commonality.exe"
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
mRunOnce: [DeleteOnReboot] C:\Users\EAGLEH~1\AppData\Local\Temp\DeleteOnReboot.bat
mRunOnce: [LaunchWUApp] C:\AMD\WU-CCC2\ccc2_install\LaunchWLApp.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\AVIDAP~1.LNK - C:\Windows\Installer\{A59C0B17-6673-46E6-9E00-BB25E755A299}\NewShortcut1_E1E0FF1FC1474601A40EFEF248F11D43.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 82.163.143.176 82.163.142.178
TCP: NameServer = 192.168.29.1
TCP: Interfaces\{47cf5da3-1ff6-4ef7-8883-ed4c7e18c55f} : NameServer = 82.163.143.176 82.163.142.178
TCP: Interfaces\{47cf5da3-1ff6-4ef7-8883-ed4c7e18c55f} : DHCPNameServer = 192.168.29.1
TCP: Interfaces\{47cf5da3-1ff6-4ef7-8883-ed4c7e18c55f}\F42716E676560284F6573756 : DHCPNameServer = 192.168.29.1
TCP: Interfaces\{49ac9920-1b02-49f6-8a4f-d7bd48859b77} : NameServer = 82.163.143.176 82.163.142.178
TCP: Interfaces\{49ac9920-1b02-49f6-8a4f-d7bd48859b77} : DHCPNameServer = 82.163.143.176
TCP: Interfaces\{93200016-ad91-4fee-9b07-be40c576044a} : NameServer = 82.163.143.176 82.163.142.178
TCP: Interfaces\{93200016-ad91-4fee-9b07-be40c576044a} : DHCPNameServer = 82.163.143.176
TCP: Interfaces\{b11b382c-d1e7-4a40-80c5-10bf9282c46d} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{C00E5376-78AD-4525-B01C-2B76BDF8A052} : DHCPNameServer = 7.254.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\ProgramData\Hotfresh\Roundfresh.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mWinlogon: Userinit = wscript,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [DigidesignMMERefresh] C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
x64-Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [mollison] "C:\Program Files (x86)\gigas\commonality.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [StartCN] "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} -
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.com┬*-┬*This website is for sale!┬*-┬*spywareinfo Resources and Information.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eagleheart\AppData\Roaming\Mozilla\Firefox\Profiles\8orza2nr.default-1479765709963\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Eagleheart\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Eagleheart\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Eagleheart\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\WINDOWS\System32\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2012-4-18 55856]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\WINDOWS\System32\drivers\vsflt53.sys [2013-8-30 141920]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-8-27 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 cbfs3;cbfs3;C:\WINDOWS\System32\drivers\cbfs3.sys [2013-6-27 352008]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AdaptiveSleepService;AdaptiveSleepService;C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2016-11-21 155016]
R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-12-9 753240]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2227312]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2016-4-22 305176]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 AvidAssetDeliveryService;Avid Asset Delivery Service;C:\Program Files\Avid\Cloud Client Services\AssetDeliveryService.exe [2015-7-23 6748936]
R2 AvidProjectSyncService;Avid Project Sync Service;C:\Program Files\Avid\Cloud Client Services\ProjectSyncService.exe [2015-7-23 6651656]
R2 AvidTransportClient;Avid Transport Client;C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [2015-7-23 6526728]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_e4ff5c;CDPUserSvc_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 cpuz135;cpuz135;C:\WINDOWS\System32\drivers\cpuz135_x64.sys [2012-5-27 21992]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\System32\drivers\diginet.sys [2015-10-13 21520]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-15 86016]
R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]
R2 NalServ;Nalpeiron Control Service;C:\Windows\SysWOW64\nalserv.exe [2012-6-29 135168]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-6-29 66560]
R2 OneSyncSvc_e4ff5c;Sync Host_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2015-8-10 19552672]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-3-31 1646056]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2016-11-5 1153368]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-1 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2016-12-27 671696]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\WINDOWS\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
S2 Hotfresh;Hotfresh;C:\ProgramData\\Hotfresh\\Hotfresh.exe shuz -f "C:\ProgramData\\Hotfresh\\Hotfresh.dat" -l -a --> C:\ProgramData\\Hotfresh\\Hotfresh.exe shuz -f C:\ProgramData\\Hotfresh\\Hotfresh.dat [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-10-1 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-12-30 131912]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 digiSPTIService64;digiSPTIService64;C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe [2015-9-18 190464]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\WINDOWS\System32\drivers\evolve.sys [2013-9-7 21656]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-22 1432400]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-5-27 135584]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 hidkmdf;KMDF Driver;C:\WINDOWS\System32\drivers\hidkmdf.sys [2016-12-27 32480]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\WINDOWS\System32\drivers\hitmanpro37.sys [2016-11-4 54736]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\drivers\LEqdUsb.sys [2011-9-1 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\drivers\LHidEqd.sys [2011-9-1 15128]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2012-1-18 351520]
S3 LVUVC64;@oem55.inf,%PID_0824_DD%(UVC);Logitech Webcam C160(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2012-1-18 4758176]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-11-4 192216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_e4ff5c;MessagingService_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-10-8 2078216]
S3 paeusbaudio;paeusbaudio;C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [2015-10-13 260096]
S3 paeusbaudiodsp;paeusbaudiodsp;C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [2015-10-13 62464]
S3 paeusbaudioks;paeusbaudioks;C:\WINDOWS\System32\drivers\paeusbaudioks_x64.sys [2015-10-13 46080]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_e4ff5c;Contact Data_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-10-1 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-14 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-1 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TesSafe;TesSafe;C:\WINDOWS\System32\TesSafe.sys [2013-8-2 159160]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-12 745368]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_e4ff5c;User Data Storage_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UserDataSvc_e4ff5c;User Data Access_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WacHidRouterPro;Wacom Hid Router Pro;C:\WINDOWS\System32\drivers\wachidrouter.sys [2016-12-27 119448]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [2016-12-27 33960]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-3-14 719872]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-4-12 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_e4ff5c;Windows Push Notifications User Service_e4ff5c;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-14 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-5 43520]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\drivers\xusb22.sys [2016-7-16 95744]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-1-10 822624]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2017-05-07 01:52:00 -------- d-----w- C:\ProgramData\{F5C5B8F0-426E-0F5B-D86A-E08D30CDDC0F}
2017-05-07 01:52:00 -------- d-----w- C:\ProgramData\{E39C195D-5437-AEF6-E760-32D15EAA0A04}
2017-05-07 01:51:55 -------- d-----w- C:\ProgramData\{25ac6690-612c-1}
2017-05-07 01:51:55 -------- d-----w- C:\ProgramData\{115450ef-012c-0}
2017-04-14 16:35:41 -------- d-----w- C:\ProgramData\6ba54107-4d71-0
2017-04-14 16:35:40 -------- d-----w- C:\ProgramData\6ba54107-28d5-1
2017-04-14 10:34:18 -------- d-----w- C:\ProgramData\6ba54107-5337-0
2017-04-14 10:34:18 -------- d-----w- C:\ProgramData\6ba54107-36a5-1
2017-04-14 04:34:18 -------- d-----w- C:\ProgramData\6ba54107-4963-1
2017-04-14 04:34:18 -------- d-----w- C:\ProgramData\6ba54107-0b77-0
2017-04-13 19:45:51 -------- d-----w- C:\ProgramData\{4e4a7fdd-512c-0}
2017-04-13 19:45:51 -------- d-----w- C:\ProgramData\{0fbb199b-312c-1}
2017-04-12 14:25:03 6667520 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2017-04-12 14:23:59 7655424 ----a-w- C:\WINDOWS\System32\mos.dll
2017-04-12 14:22:59 2187616 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-04-12 14:21:59 775168 ----a-w- C:\WINDOWS\System32\GamePanel.exe
2017-04-12 14:21:59 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2017-04-12 14:21:59 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll
2017-04-12 14:21:58 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2017-04-12 14:21:58 584192 ----a-w- C:\WINDOWS\System32\UIRibbonRes.dll
2017-04-12 14:21:58 45056 ----a-w- C:\WINDOWS\System32\atmlib.dll
.
==================== Find3M ====================
.
2017-05-06 21:24:07 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2017-04-01 18:52:38 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-04-01 18:52:38 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-03-28 07:10:34 484584 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2017-03-28 07:10:28 315744 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2017-03-28 06:36:11 142176 ----a-w- C:\WINDOWS\System32\acmigration.dll
2017-03-28 06:36:08 343904 ----a-w- C:\WINDOWS\System32\invagent.dll
2017-03-28 06:36:05 565088 ----a-w- C:\WINDOWS\System32\devinv.dll
2017-03-28 06:36:05 1617760 ----a-w- C:\WINDOWS\System32\appraiser.dll
2017-03-28 06:36:05 1294688 ----a-w- C:\WINDOWS\System32\aeinv.dll
2017-03-28 06:35:59 379232 ----a-w- C:\WINDOWS\System32\atmfd.dll
2017-03-28 06:32:26 198856 ----a-w- C:\WINDOWS\System32\wscapi.dll
2017-03-28 06:29:11 2213248 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-03-28 06:28:05 7786336 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-03-28 06:28:03 773720 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2017-03-28 06:26:23 573280 ----a-w- C:\WINDOWS\System32\AppVCatalog.dll
2017-03-28 06:26:21 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2017-03-28 06:26:20 754528 ----a-w- C:\WINDOWS\System32\AppVOrchestration.dll
2017-03-28 06:26:11 218520 ----a-w- C:\WINDOWS\System32\LsaIso.exe
2017-03-28 06:22:07 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2017-03-28 06:21:27 167848 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2017-03-28 06:20:43 2717184 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2017-03-28 06:20:11 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2017-03-28 06:20:04 1181024 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2017-03-28 06:19:26 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2017-03-28 06:18:07 1705976 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2017-03-28 06:15:53 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2017-03-28 06:12:54 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2017-03-28 06:11:30 360040 ----a-w- C:\WINDOWS\System32\SystemSettingsAdminFlows.exe
2017-03-28 06:11:14 1860288 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2017-03-28 06:11:11 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2017-03-28 06:11:09 402784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2017-03-28 06:10:53 178528 ----a-w- C:\WINDOWS\System32\CloudExperienceHostUser.dll
2017-03-28 06:10:44 1157008 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2017-03-28 06:10:42 146776 ----a-w- C:\WINDOWS\System32\CloudExperienceHostCommon.dll
2017-03-28 06:10:41 7220184 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2017-03-28 06:10:29 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2017-03-28 06:09:48 97128 ----a-w- C:\WINDOWS\System32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-03-28 06:09:40 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2017-03-28 06:09:22 2446704 ----a-w- C:\WINDOWS\System32\msxml6.dll
2017-03-28 06:09:18 682816 ----a-w- C:\WINDOWS\System32\wer.dll
2017-03-28 06:08:48 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2017-03-28 06:08:43 1267504 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2017-03-28 06:08:39 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2017-03-28 06:07:35 263472 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2017-03-28 0647 92512 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2017-03-28 06:05:31 4260576 ----a-w- C:\WINDOWS\System32\mfcore.dll
2017-03-28 06:05:29 8168512 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2017-03-28 06:05:17 1702392 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll
2017-03-28 06:05:15 1848584 ----a-w- C:\WINDOWS\System32\mfsrcsnk.dll
2017-03-28 06:05:14 1988048 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2017-03-28 06:05:14 1072248 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2017-03-28 06:05:11 1302136 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll
2017-03-28 06:05:07 1504056 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2017-03-28 06:04:59 277344 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys
2017-03-28 06:04:58 1431232 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2017-03-28 06:04:54 1276760 ----a-w- C:\WINDOWS\System32\ole32.dll
2017-03-28 06:04:53 136032 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
2017-03-28 06:04:39 116568 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2017-03-28 06:04:38 5721808 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2017-03-28 06:04:32 975744 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2017-03-28 06:04:31 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2017-03-28 06:04:31 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2017-03-28 06:04:30 160088 ----a-w- C:\WINDOWS\System32\CloudExperienceHostBroker.dll
2017-03-28 06:04:17 1600632 ----a-w- C:\WINDOWS\System32\sppobjs.dll
2017-03-28 06:02:55 576408 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-03-28 06:02:48 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2017-03-28 06:02:01 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2017-03-28 06:00:09 1569184 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2017-03-28 06:00:05 628552 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2017-03-28 05:59:05 2533728 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2017-03-28 05:59:01 4023008 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2017-03-28 05:58:59 1851688 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2017-03-28 05:58:53 981888 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2017-03-28 05:58:53 1360464 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2017-03-28 05:58:53 1344448 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2017-03-28 05:58:52 1277856 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2017-03-28 05:58:50 1202936 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2017-03-28 05:58:45 387872 ----a-w- C:\WINDOWS\System32\wmpps.dll
2017-03-28 05:58:44 372440 ----a-w- C:\WINDOWS\System32\Windows.Media.MediaControl.dll
2017-03-28 05:58:27 961192 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2017-03-28 05:53:54 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2017-03-28 05:53:54 1414728 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2017-03-28 05:52:00 306800 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.MediaControl.dll
2017-03-28 05:48:07 5685760 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-03-28 05:44:50 7216640 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-03-28 05:42:28 95232 ----a-w- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2017-03-28 05:42:06 51712 ----a-w- C:\WINDOWS\SysWow64\usoapi.dll
2017-03-28 05:41:51 372736 ----a-w- C:\WINDOWS\System32\RDXTaskFactory.dll
2017-03-28 05:41:51 26112 ----a-w- C:\WINDOWS\SysWow64\odbcconf.dll
2017-03-28 05:41:49 299008 ----a-w- C:\WINDOWS\System32\rdpinit.exe
2017-03-28 05:41:47 415744 ----a-w- C:\WINDOWS\System32\rdpshell.exe
2017-03-28 05:40:58 49664 ----a-w- C:\WINDOWS\SysWow64\XblAuthManagerProxy.dll
2017-03-28 05:40:53 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2017-03-28 05:40:19 224256 ----a-w- C:\WINDOWS\SysWow64\ExSMime.dll
2017-03-28 05:39:48 141824 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
2017-03-28 05:39:17 40960 ----a-w- C:\WINDOWS\SysWow64\TokenBrokerUI.dll
2017-03-28 05:38:36 70656 ----a-w- C:\WINDOWS\SysWow64\XblAuthTokenBrokerExt.dll
2017-03-28 05:38:26 119808 ----a-w- C:\WINDOWS\System32\UserDataTimeUtil.dll
2017-03-28 05:38:05 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
.
============= FINISH: 19:36:21.99 ===============
Attached Files
File Type: txt attach.txt (20.8 KB, 29 views)
Natacat is offline  
Sponsored Links
Advertisement
 
Old 05-07-2017, 01:25 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Program Files (x86)\gigas\commonality.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
  • Please repeat for the following file:

    C:\Program Files (x86)\smee\spheres.exe
------------------------------------------------------

Check for additional security risks:
  • Please download CKScannerę by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-07-2017, 07:55 PM   #3
Registered Member
 
Join Date: May 2017
Posts: 7
OS: Win10



Thank you for the help!

Neither of those two files were on my computer, but the names sound familiar so I think I already deleted them trying to fix this problem when I saw them in task manager but it didn't.

Here is the CKScanner log:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\game data\castle crashers\data\sounds\sound_frost_crackle.xma
c:\game data\don't starve\data\levels\textures\noise_cracked.tex
c:\game data\don't starve\data\scripts\components\wisecracker.lua
c:\game data\knucklecracker\creeper world 3\cw3.exe
c:\game data\knucklecracker\creeper world 3\unins000.dat
c:\game data\knucklecracker\creeper world 3\unins000.exe
c:\game data\knucklecracker\creeper world 3\cw3_data\level0
c:\game data\knucklecracker\creeper world 3\cw3_data\level1
c:\game data\knucklecracker\creeper world 3\cw3_data\level2
c:\game data\knucklecracker\creeper world 3\cw3_data\level3
c:\game data\knucklecracker\creeper world 3\cw3_data\level4
c:\game data\knucklecracker\creeper world 3\cw3_data\level5
c:\game data\knucklecracker\creeper world 3\cw3_data\level6
c:\game data\knucklecracker\creeper world 3\cw3_data\level7
c:\game data\knucklecracker\creeper world 3\cw3_data\maindata
c:\game data\knucklecracker\creeper world 3\cw3_data\playerconnectionconfigfile
c:\game data\knucklecracker\creeper world 3\cw3_data\resources.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets0.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets1.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets2.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets2.assets.ress
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets3.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets4.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets5.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets6.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets7.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\sharedassets8.assets
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\assembly-csharp-firstpass.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\assembly-csharp.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\assembly-unityscript-firstpass.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\assembly-unityscript.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\boo.lang.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\mono.security.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\mscorlib.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\system.core.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\system.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\system.xml.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\unityengine.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\managed\unityscript.lang.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\mono.dll
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\browscap.ini
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\config
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\1.0\defaultwsdlhelpgenerator.aspx
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\1.0\machine.config
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\2.0\defaultwsdlhelpgenerator.aspx
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\2.0\machine.config
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\2.0\settings.map
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\2.0\web.config
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\2.0\browsers\compat.browser
c:\game data\knucklecracker\creeper world 3\cw3_data\mono\etc\mono\mconfig\config.xml
c:\game data\knucklecracker\creeper world 3\cw3_data\resources\unity default resources
c:\game data\knucklecracker\creeper world 3\cw3_data\resources\unity_builtin_extra
c:\game data\talonsoft\ja2\data\editor\crackwall.sti
c:\game data\talonsoft\ja2\multiplayer\servers\sxl2n-0q826-mlewx-bap0x-w5q8x\shadetables\cracks.sha
c:\game data\wargaming\world of tanks\res\audio\objects_ice_crack.fsb
c:\games\fallout\fallout 3 (game of the year edition)\crack\prophet.nfo
c:\games\jedi knight\jedi academy\crack\jasp.exe
c:\games\mass effect\crackfix\masseffect.exe
c:\games\mass effect\crackfix\readme.txt
c:\games\zeus\crack\setup.bat
c:\games\zeus\crack\setup.pif
c:\games\zeus\crack\setup.reg
c:\games\zeus\crack\zeus.exe
c:\games\zeus\crack\zeus.ico
c:\games\zeus\crack\zeusmap.inf
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\autodesk\3ds max 2013\maps\substance\textures\cracked_plaster.sbsar
c:\program files\autodesk\autodesk_3ds_max_2013_efgkjs_win_64bit\x64\max\autodesk\3ds max 2013\maps\substance\textures\cracked_plaster.sbsar
c:\program files\autodesk\maya2013\brushes\fun\cracks.mel
c:\program files\autodesk\maya2013\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2013\presets\nparticles\examples\crackegg.ma
c:\program files\autodesk\maya2013\presets\nparticles\examples\.mayaswatches\crackegg.ma.swatch
c:\program files\autodesk\maya2013\resources\l10n\ja_jp\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2013\resources\l10n\zh_cn\scripts\crackshatter.res.mel
c:\program files\autodesk\maya2013\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2013\scripts\others\crackshatter.res.mel
c:\program files\common files\avid\audio\plug-ins\eqiii.aaxplugin\contents\factory presets\eq 3.0\snare\emphasize crack 2.tfx
c:\program files\common files\avid\audio\plug-ins\eqiii.aaxplugin\contents\factory presets\eq 3.0\snare\emphasize crack.tfx
c:\program files\common files\avid\audio\plug-ins\eqiii.aaxplugin\contents\factory presets\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\program files\common files\avid\audio\plug-ins\eqiii.aaxplugin\contents\factory presets\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\program files\presonus\studio one 3\presets\presonus\fat channel\drum\snare crackalak.dsppreset
c:\program files (x86)\adobe\adobe dreamweaver cs5.5\configuration\taglibraries\html\keygen.vtm
c:\program files (x86)\adobe\adobe flash catalyst cs5.5\plugins\com.adobe.thermo.core_1.5.0.308731\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
c:\program files (x86)\common files\adobe\adobe contribute cs5.1\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl
c:\program files (x86)\common files\adobe\adobe contribute cs5.1\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h
c:\program files (x86)\common files\avid\audio\plug-ins\eqiii.aaxplugin\contents\factory presets\eq 3.0\snare\emphasize crack 2.tfx
c:\program files (x86)\common files\avid\audio\plug-ins\eqiii.aaxplugin\contents\factory presets\eq 3.0\snare\emphasize crack.tfx
c:\program files (x86)\common files\avid\audio\plug-ins\eqiii.aaxplugin\contents\factory presets\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\program files (x86)\common files\avid\audio\plug-ins\eqiii.aaxplugin\contents\factory presets\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\program files (x86)\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\program files (x86)\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\steam\steamapps\common\a valley without wind 2\runtimedata\logic\chunkslices\exteriorveryhillywithoverhangsandsmallburrows\ch-crackinthehill.txt
c:\program files (x86)\steam\steamapps\common\audiosurf 2\audiosurf2_data\cache\ash\1573122501cracktheriddlemp3.asa
c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\dsfixkeys.ini
c:\program files (x86)\steam\steamapps\common\defenders of ardania\graphic\environment\underworld\textures\crack.dds
c:\program files (x86)\steam\steamapps\common\defenders of ardania\graphic\terrain\textures\grass\cracked_grass_01.dds
c:\program files (x86)\steam\steamapps\common\defenders of ardania\graphic\terrain\textures\grass\cracked_grass_02.dds
c:\program files (x86)\steam\steamapps\common\defenders of ardania\graphic\terrain\textures\ground\crack_ground_01.dds
c:\program files (x86)\steam\steamapps\common\defenders of ardania\graphic\terrain\textures\ground\crack_ground_02.dds
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\floor_cracks_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\floor_cracks_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\pillar_cracked00_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\pillar_cracked00_nrm02_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked00_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked01_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\space pirates and zombies\game\data\images\ships_zombie\eggs\zombieegg_large_cracks_01.spz
c:\program files (x86)\steam\steamapps\common\space pirates and zombies\game\data\images\ships_zombie\eggs\zombieegg_medium_cracks_01.spz
c:\program files (x86)\steam\steamapps\common\space pirates and zombies\game\data\images\ships_zombie\eggs\zombieegg_small_cracks_01.spz
c:\program files (x86)\steam\steamapps\common\space pirates and zombies\game\data\images\ships_zombie\eggs\zombieegg_station_cracks_01.spz
c:\program files (x86)\steam\steamapps\common\space pirates and zombies\game\data\images\ships_zombie\eggs\zombieegg_tiny_cracks_01.spz
c:\program files (x86)\steam\steamapps\common\the stanley parable\thestanleyparable\materials\overlays\tile_crack_stain001a.vmt
c:\program files (x86)\steam\steamapps\common\the stanley parable\thestanleyparable\materials\overlays\tile_crack_stain001a.vtf
c:\program files (x86)\steam\steamapps\common\tryst\data\meshes\campaign\mission02\textures\terrain_crackeddirt01.dds
c:\program files (x86)\steam\steamapps\common\tryst\data\meshes\campaign\mission05\textures\terrain_crack_snow02_d.dds
c:\program files (x86)\steam\steamapps\common\tryst\data\meshes\multiplayer\2v2\textures\terrain_crackeddirt01.dds
c:\program files (x86)\steam\steamapps\common\tryst\data\meshes\multiplayer\3v3\textures\cracked_ground.dds
c:\program files (x86)\steam\steamapps\common\tryst\data\meshes\multiplayer\4v4\textures\4x4_sandcracks_d.dds
c:\program files (x86)\steam\steamapps\common\tryst\data\meshes\multiplayer\4v4\textures\4x4_sandcracks_n.dds
c:\program files (x86)\steam\steamapps\common\vessel\vesselkeys.ini
c:\users\eagleheart\desktop\game installers\bastion\bastion.v1.0r12.multi5.cracked.read.nfo-theta.txt
c:\users\eagleheart\desktop\game installers\dragon age origins\update 1.05\crack\daorigins.exe
c:\users\eagleheart\documents\bioware\dragon age\packages\core\override\ter_cracked01_d.dds
c:\users\eagleheart\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\users\eagleheart\documents\pro tools\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\users\eagleheart\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\users\eagleheart\documents\pro tools\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\users\eagleheart\music\itunes\itunes media\mobile applications\trivia crack 2.0.ipa
c:\users\public\videos\shows\steven universe\season 3\steven universe s03e18 - crack the whip.mp4
c:\_downloads\the elder scrolls iv oblivion+expansions\si_kotn\crack\oblivion.exe
hosts 127.0.0.1 3dns.adobe.com
hosts 127.0.0.1 3dns-1.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-4.adobe.com
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com
hosts 127.0.0.1 activate.wip2.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 activate.wip4.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-1.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 ereg.wip.adobe.com
hosts 127.0.0.1 ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 ereg.wip4.adobe.com
hosts 127.0.0.1 hl2rcv.adobe.com
hosts 127.0.0.1 wip.adobe.com
hosts 127.0.0.1 wip1.adobe.com
hosts 127.0.0.1 wip2.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 www.wip.adobe.com
hosts 127.0.0.1 www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com
hosts 127.0.0.1 www.wip3.adobe.com
hosts 127.0.0.1 Adobe: Creative, marketing and document management solutions
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 ood.opsource.net
scanner sequence 3.ZZ.11.BAAPE0
----- EOF -----
Natacat is offline  
Sponsored Links
Advertisement
 
Old 05-08-2017, 05:54 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Unfortunately, you are running illegal copies of some applications, Adobe among others. That is against the rules on this forum.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-08-2017, 09:17 PM   #5
Registered Member
 
Join Date: May 2017
Posts: 7
OS: Win10



Oh, really? I don't use Adobe except Reader. My brother gave me this computer a few years ago. He must have been using it. I don't want illegal copies of anything on my computer. I'll remove that and anything else.

Can you still help? I guess I could reinstall Windows to fix things.

Thank you for the help either way!
Natacat is offline  
Old 05-09-2017, 07:18 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You will have to uninstall the following applications:

Quote:
Adobe Content Viewer
Adobe Creative Cloud
Adobe Creative Suite 5.5 Master Collection
Adobe Digital Editions 2.0
Adobe Photoshop CC 2017
Adobe Refresh Manager
Adobe Story
Avid Application Manager
Avid Cloud Client Services
Avid Effects
Avid Pro Tools First
Digidesign Audio Drivers 8.0
Digidesign Pro Tools Creative Collection 8.0
Digidesign Pro Tools LE 8.0
Dragon Age: Origins
Oblivion
------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-13-2017, 11:48 PM   #7
Registered Member
 
Join Date: May 2017
Posts: 7
OS: Win10



Sorry for the late response.

If you need to know, the problem has not gone away after the adwcleaner clean. Also, when I start up the computer it is just a black screen with a minimized window with no explorer.exe automatically opening.

The AdwCleaner crashed the first time, so I'll attach the first log from when it crashed.

# AdwCleaner v6.046 - Logfile created 09/05/2017 at 21:10:54
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-09.1 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : Eagleheart - CERBERUS
# Running from : C:\Users\Eagleheart\Downloads\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[!] Folder not deleted: C:\Program Files (x86)\YouKu


***** [ Files ] *****

[-] File deleted: C:\Users\Eagleheart\Downloads\SysInfo.exe
[-] File deleted: C:\TOSTACK
[-] File deleted: C:\Users\Eagleheart\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\Eagleheart\AppData\Roaming\Main.dat
[-] File deleted: C:\Users\Eagleheart\AppData\Roaming\agent.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
[-] Key deleted: HKU\S-1-5-21-2490903834-601027030-513250754-1000\Software\mtHotfresh
[#] Key deleted on reboot: HKCU\Software\mtHotfresh
[-] Key deleted: HKLM\SOFTWARE\mtHotfresh
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\mtHotfresh
[-] Key deleted: [x64] HKLM\SOFTWARE\pcv-var
[-] Data restored: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{47cf5da3-1ff6-4ef7-8883-ed4c7e18c55f} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{49ac9920-1b02-49f6-8a4f-d7bd48859b77} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{93200016-ad91-4fee-9b07-be40c576044a} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{47cf5da3-1ff6-4ef7-8883-ed4c7e18c55f} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{49ac9920-1b02-49f6-8a4f-d7bd48859b77} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{93200016-ad91-4fee-9b07-be40c576044a} [NameServer]
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BestCleaner]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [BestCleaner]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [DailyBee]
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Hotfresh.exe
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hotfresh.exe


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9810 Bytes] - [04/11/2016 23:13:26]
C:\AdwCleaner\AdwCleaner[C2].txt - [6099 Bytes] - [09/05/2017 21:10:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [9862 Bytes] - [04/11/2016 23:11:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [9942 Bytes] - [09/05/2017 20:48:37]
C:\AdwCleaner\AdwCleaner[S2].txt - [6558 Bytes] - [09/05/2017 2110]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6391 Bytes] ##########

Oh, and I have to attach the FRST txt also since I am way over the character amount limit on the forum even with just posting these two.

I attached the Addition.txt and also a photo of what the screen looks like after starting up before I run explorer.exe!
Attached Thumbnails
Click image for larger version

Name:	Startup.jpg
Views:	65
Size:	24.6 KB
ID:	306233  
Attached Files
File Type: txt Addition.txt (157.2 KB, 16 views)
File Type: txt AdwCleaner[S1].txt (9.7 KB, 13 views)
File Type: txt FRST.txt (103.6 KB, 16 views)
Natacat is offline  
Old 05-15-2017, 05:47 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Natacat. I will fix your startup issue later.

You haven't uninstalled those applications listed previously.

Quote:
Adobe Content Viewer
Adobe Creative Cloud
Adobe Creative Suite 5.5 Master Collection
Adobe Digital Editions 2.0
Adobe Photoshop CC 2017
Adobe Refresh Manager
Adobe Story
Avid Application Manager
Avid Cloud Client Services
Avid Effects
Avid Pro Tools First
Digidesign Audio Drivers 8.0
Digidesign Pro Tools Creative Collection 8.0
Digidesign Pro Tools LE 8.0
Dragon Age: Origins
Oblivion
------------------------------------------------------

Your Windows 10 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts > Change User Account Control settings and set it back to Always Notify.

------------------------------------------------------

Also, it appears you disabled WindowsDefender using msconfig. Why?

You will also have to remove the other disabled malware entries using msconfig so I can remove them properly.

Quote:
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "mollison"
HKLM\...\StartupApproved\Run32: => "shylock"
HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\StartupApproved\StartupFolder: => "donati.lnk"
HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\StartupApproved\Run: => "quickens"
HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\StartupApproved\Run: => "kareem"
HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\StartupApproved\Run: => "need"
HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\StartupApproved\Run: => "spheres"
Once all the above is done, run FRST again and attach both logs.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-16-2017, 10:42 PM   #9
Registered Member
 
Join Date: May 2017
Posts: 7
OS: Win10



Here are the logs! I wasn't sure how to access those malware entries, but I re-enabled everything in the startup tab of task manager. I had turned some things off before to try and make my computer faster when it starts up.
Attached Files
File Type: txt FRST.txt (123.3 KB, 17 views)
File Type: txt Addition.txt (155.9 KB, 16 views)
Natacat is offline  
Old 05-17-2017, 08:16 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Natacat.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please attach this log to your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-17-2017, 10:42 PM   #11
Registered Member
 
Join Date: May 2017
Posts: 7
OS: Win10



Here it is. It finished instantly!
Attached Files
File Type: txt SystemLook.txt (1.22 MB, 31 views)
Natacat is offline  
Old 05-18-2017, 07:09 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Natacat. It appears you missed uninstalling Adobe Creative Cloud from Programs and Features.

Please do that before proceeding with the next steps.

------------------------------------------------------

Why is your Windows Firewall still disabled? If you aren't going to have it enabled, it is pointless for me to clean your machine.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2490903834-601027030-513250754-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Eagleheart\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    Task: {0931AB9E-A7E0-4E25-84F2-BDB642A71F1C} - \{5F2B752A-1AFE-4EF3-A62A-93B9ACDA9600} -> No File <==== ATTENTION
    Task: {0FD056E2-C456-4D16-B5E7-900B593A4F75} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
    Task: {10826F65-0C15-4B10-94EE-9D574B0321B0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {10C6EDF1-E0B7-4A11-AB00-F0D9E6DB0051} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
    Task: {155ADFD1-0D13-4D86-A35F-F93BD7522E07} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {18CF1CCA-4960-46E3-BA4D-196B75CD27A6} - \{A9B69069-81CD-44B1-8508-91BA7DA7BA96} -> No File <==== ATTENTION
    Task: {1AC7A069-2119-41BC-90E3-B02B2BC5C3D1} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
    Task: {1D211D58-BE1F-4051-8083-9A2E3CEBFE7B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
    Task: {202CAD23-78AE-4CFF-84FF-CADC4128BC69} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
    Task: {21739744-3611-40D0-A73D-DE17B0AC0581} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2490903834-601027030-513250754-1000Core1d2b2478ac05a7c => C:\Users\Eagleheart\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
    Task: {2364F0D6-4218-4B73-8765-087F51123E7B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
    Task: {266AB0EA-2CE5-4991-802A-DAB10D73E859} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
    Task: {32D759B6-A05E-4DD2-B883-459196260949} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
    Task: {33AF863C-BD30-4DF1-AF13-64E80D31B50E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {35CC5B19-A8D0-479F-ABB5-1AC7144F8A70} - \{CC1C59EF-6752-4E49-A2C3-3E241D2E00A9} -> No File <==== ATTENTION
    Task: {36E4EC70-9B91-4E00-9A56-2AD374CAC5ED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
    Task: {4393BFBB-65C0-46EA-8F13-4BB7A39D0D93} - \Da7899232578992325 -> No File <==== ATTENTION
    Task: {4C05DFAB-D857-480F-88D2-00EC55439A07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
    Task: {4E00C81D-B7DE-45A0-9A1A-A8A8F0F9BD3D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
    Task: {530D1763-ED55-4CB5-BDD4-61C1A50ADDA2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
    Task: {5373655A-529A-4D7E-840F-92FC15D90AF8} - \{8F797D8E-C49A-42FA-9DEA-D900FEB28CF1} -> No File <==== ATTENTION
    Task: {55ACDA2C-4BE9-4751-AB24-54C610238DA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2490903834-601027030-513250754-1000UA1d2b2478ae8e29f => C:\Users\Eagleheart\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
    Task: {5F99C70B-990D-40AE-B05E-3BEFDC93D855} - \{2364562E-A267-4E1D-871F-05B841DD47E8} -> No File <==== ATTENTION
    Task: {6AE239F5-88AC-407D-9DC8-15D674B7BCE1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {6ED983C1-0CA0-47F7-8E54-70E6B1507DBA} - \HPCustParticipation HP Officejet 4630 series -> No File <==== ATTENTION
    Task: {75F9F4DE-4D4E-43F7-B959-D0CD7E6DA74A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
    Task: {76312ECD-169E-44FD-A32E-FCC3AB66B854} - \{79050447-0979-090E-7D11-04050E7D110A} -> No File <==== ATTENTION 
    Task: {83985955-88F0-4992-A624-091EB1F68EAD} - \{732E6750-E078-42B8-96C5-6F8A541E1D3A} -> No File <==== ATTENTION
    Task: {89E2AE95-08B2-4B5F-91A5-EF6AB2285893} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {96698335-A124-440C-B32F-A328E46DBFF2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {99447BB3-6219-43BD-8869-AAF3AE59F540} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {9BFB1508-C191-430B-B637-B7EC4BFB895C} - System32\Tasks\{8EEEC68B-3945-7120-2A08-3BB75A26BD34} => C:\ProgramData\{E39C195D-5437-AEF6-E760-32D15EAA0A04}\67D4855E-D07F-32F5-F3B5-C59E6BD3F961.exe [2017-05-06] () <==== ATTENTION
    Task: {9EB7AD8C-1EC8-4DEF-95D5-74A70E914282} - System32\Tasks\{DDFA03C2-DC66-DB0E-0641-A56B563C7E1B} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\5f0dd30b\fb6e9cc.dll" <==== ATTENTION
    Task: {A5DC79DC-1735-4B20-8CF5-985AB4DC60FF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {A9647A04-8F0E-4F06-9E3A-754DA7F4886B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {BEEF3768-990C-45D3-8F8D-BACCDE795257} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {C07C34FC-3AE2-4F57-95C0-E967F8DD57BD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {CA46866B-77E0-4BF0-B2CD-F23191F43DA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {CE2B5AD9-79CB-47C4-A527-12E6F2871845} - \Alarm -> No File <==== ATTENTION
    Task: {D0AC696F-651F-4847-B290-54B6821C8682} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {D9FEDBD7-2FA1-4C73-BC95-4C58291C3E42} - \78992325 -> No File <==== ATTENTION
    Task: {E0F4F344-B437-4F2F-BDF3-00D012845951} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {E6C5D419-D257-4C35-B6F1-A6E6E1E9E651} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {EA33E3F7-0102-4F7F-86AF-105D24AFE17F} - \{88E5AAE7-C443-4146-BC14-480B72AE23B5} -> No File <==== ATTENTION 
    Task: {EDC7AE9D-5B57-4BC9-A79B-1F5B77FF5D96} - \{839718C7-2BAA-40BD-901F-CA2CFE3E3AF8} -> No File <==== ATTENTION
    Task: {F97865E8-EBC4-4ED1-9643-A6B73E7AA280} - \SidebarExecute -> No File <==== ATTENTION
    Task: {FBC0C74D-DCD4-4DAE-8C2C-78A5BA2C5A6E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData:3C57C1A196058FD7 [217]
    AlternateDataStreams: C:\Windows:netNLSPreferences [0]
    AlternateDataStreams: C:\Windows:nlsPreferences [0]
    AlternateDataStreams: C:\Users\All Users:3C57C1A196058FD7 [217]
    AlternateDataStreams: C:\ProgramData\Application Data:3C57C1A196058FD7 [217]
    AlternateDataStreams: C:\ProgramData\Microsoft:rwdpOSF1HkKLQBav0TVYtAH [2582]
    AlternateDataStreams: C:\ProgramData\Microsoft:tt9niR9brVczMGCG78E [2362]
    AlternateDataStreams: C:\Users\Eagleheart\AppData\Local\JiASNOinSms:ziVVoGRXujXhsJgZfK3UtpAaYrJI [2336]
    AlternateDataStreams: C:\Users\Eagleheart\AppData\Local\Temp:X5uw0v55g2gJVRAzOsPG7JUTaY0 [654]
    AlternateDataStreams: C:\Users\Eagleheart\AppData\Local\Temporary Internet Files:0EF876gGr8n4fF06ZMts [2614]
    AlternateDataStreams: C:\Users\Eagleheart\AppData\Local\xxbMW75Dg5U:IIBBsGFcdHtOTvkuRx8NFwojyB [2202]
    FirewallRules: [{606DD27B-E698-40F5-9571-80628DD3BE6B}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{7D628ADA-F330-4BC0-9177-560469668552}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{A5359580-8CD0-421B-94ED-BC90D4588E8E}] => (Allow) C:\Users\Eagleheart\AppData\Local\ddnow.exe
    FirewallRules: [{06C574FA-EC82-40DE-B1CF-24F6BD215688}] => (Allow) C:\Users\Eagleheart\AppData\Local\Temp\DU6JEC66O\installer.exe
    FirewallRules: [{BF7AD126-DB3E-42CD-918A-72D7E3E0C191}] => (Allow) C:\Users\Eagleheart\AppData\Local\37561192.exe
    FirewallRules: [{91FFDC6C-F20E-4D4B-8236-5C4A4F018A65}] => (Allow) C:\Program Files (x86)\gigas\commonality.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud
    C:\Users\Eagleheart\AppData\Local\Temp\DeleteOnReboot.bat
    C:\ProgramData\hash.dat
    HKLM\...\Run: [mollison] => "C:\Program Files (x86)\gigas\commonality.exe"
    HKLM-x32\...\Run: [shylock] => "C:\Program Files (x86)\gigas\commonality.exe"
    HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    HKLM\...\Winlogon: [Userinit] wscript, <==== ATTENTION
    HKLM-x32\...\Winlogon: [Userinit] wscript, <==== ATTENTION
    HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\Run: [need] => "C:\Program Files (x86)\gigas\commonality.exe"
    HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\Run: [kareem] => "C:\Program Files (x86)\gigas\commonality.exe"
    HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\Run: [spheres] => "C:\Program Files (x86)\smee\spheres.exe"
    HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\Run: [quickens] => "C:\Program Files (x86)\gigas\commonality.exe"
    HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\MountPoints2: {3088c4bd-d09a-11e2-8a45-002421dde1a7} - "H:\OblivionLauncher.exe" 
    HKU\S-1-5-21-2490903834-601027030-513250754-1000\...\MountPoints2: {64cc759f-32a2-11e7-a957-002421dde1a7} - "D:\OblivionLauncher.exe" 
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
    S2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe -s [X]
    S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe" [X]
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-11-05] ()
    U3 idsvc; no ImagePath
    2017-05-16 21:58 - 2017-05-16 21:58 - 00000000 ___RD C:\Users\Eagleheart\Creative Cloud Files
    2017-05-06 19:31 - 2017-05-06 19:31 - 00688992 ____R (Swearware) C:\Users\Eagleheart\Desktop\dds.scr
    2017-05-06 19:23 - 2017-05-06 19:23 - 05660059 _____ (Swearware) C:\Users\Eagleheart\Downloads\ComboFix.exe
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Creative Cloud" /f
    Reg: reg delete HKU\S-1-5-21-2490903834-601027030-513250754-1000\\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v "donati.lnk" /f
    Hosts:
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-19-2017, 12:57 AM   #13
Registered Member
 
Join Date: May 2017
Posts: 7
OS: Win10



I had already uninstalled Adobe Creative Cloud from Programs and Features before running that scan. It's not there anymore. Is there some better way to clear it out since it's still showing?

------------------------------------------------------

I have no idea why Windows Firewall was disabled. I just enabled it.

------------------------------------------------------

Here is the fixlog attached!
Attached Files
File Type: txt Fixlog.txt (43.6 KB, 13 views)
Natacat is offline  
Old 05-20-2017, 08:21 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Natacat. How is the machine behaving now?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java 7 Update 45 (64-bit)
Java 7 Update 51


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > https://java.com/en/

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-05-2017, 09:04 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, Natacat? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Surge protector going crazy
Hello guys, I really didnt know where else to post this, sorry if its the wrong place. First of all, heres the evidence: https://www.youtube.com/watch?v=OmRkwnVJlNM Hear those clicks?, thats my surge protector going crazy. Only happens when I am on the Heroes of the Storm home screens,...
siiimmm Other Hardware Support 4 03-24-2017 08:29 PM
Win32/Zperm virus & popups.
My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns. I also have the issue of various popups while browsing the internet in Firefox (Its the only...
SnowBum Virus/Trojan/Spyware Help 11 01-04-2017 12:28 PM
Mozilla Firefox popups
Hello :wave: I'm getting some popups in firefox the few past days. I don't know how this happened. I've already scanned my notebook (full scan) with Malwarebytes Anti-Malware and Microsoft Security Essentials, but my notebook was clean. Its always the same popup that comes on the bottom of my...
IanHanssens Mozilla/Firefox Browsers 1 12-12-2012 05:09 AM
Dell keyboard going crazy
Dear all, My dell keyboard is going crazy!!! I type the letter a and all sorts of letters come quickly like crazy.... Some letters are not working at all. I bought it from a friend of mine. It was working fine when he had it. It was working fine after I washed it too. But this morning it is...
Acer2000 Other Hardware Support 12 10-30-2012 03:10 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:06 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts