Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

mpckpt.sys removal

This is a discussion on mpckpt.sys removal within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I've been fighting with an infection of MPC cleaner for about a week now. Using a few tools (Norton Power


Closed Thread
 
Thread Tools Search this Thread
Old 07-30-2016, 08:17 AM   #1
Registered Member
 
Join Date: Jul 2016
Posts: 5
OS: Windows 7 Enterprise x64 SP1



I've been fighting with an infection of MPC cleaner for about a week now.
Using a few tools (Norton Power Eraser, Spyhunter, Adwcleaner) i've managed to get most of it removed.

The only infection left is mpckpt, and nothing i've tried seems to be able to remove it.

I was reading another related thread, and it appears you guys might be able to help.
https://www.techsupportforum.com/foru...e-1113401.html

Thank you for your help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18347 BrowserJavaVersion: 11.77.2
Run by dhudson at 8:12:32 on 2016-07-30
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.32643.28586 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\HALAN\WinControl 2000\WinControl.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\MOZILL~1\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [WinControl] C:\Program Files (x86)\HALAN\WinControl 2000\WinControl.exe
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
uRun: [Pidgin] "C:\Program Files (x86)\Pidgin\pidgin.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [AsioReg] REGSVR32 /S CTASIO.DLL
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
Trusted Zone: lsi-controls.net
Trusted Zone: lsi-industries.com
Trusted Zone: lynxpdx.com
Trusted Zone: virticus.com
Trusted Zone: virticus.info
TCP: NameServer = 10.129.8.1
TCP: Interfaces\{0D6A0639-22C6-4FDA-8024-9E9CEA3C9311} : DHCPNameServer = 10.129.8.1
TCP: Interfaces\{D29F7DCE-B1C9-4B7C-A1C0-81D0B9D4A4AE} : DHCPNameServer = 10.129.8.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-Run: [CNAP2 Launcher] C:\Windows\System32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 file_tracker;file_tracker;C:\Windows\System32\drivers\file_tracker.sys [2015-3-10 296736]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2015-3-10 126752]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-24 20024]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2015-3-10 1328928]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2015-3-10 248096]
R1 FortiFilter;Fortinet NDIS6 Packet Filter Service;C:\Windows\System32\drivers\FortiFilter.sys [2014-12-11 25312]
R1 FortiShield;FortiShield;C:\Windows\System32\drivers\FortiShield.sys [2015-10-6 72064]
R1 MPCKpt;MPCKpt;C:\Windows\System32\drivers\MPCKpt.sys [2016-7-26 60136]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2015-3-21 98208]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2015-3-10 3992568]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2016-2-21 149440]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2016-7-18 144560]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-10-1 330136]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2016-3-29 21184]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-3-21 290520]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-5-18 327064]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-7-10 754784]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-8-20 6847712]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-3-11 5495056]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-7-6 856728]
R3 ft_vnic;Fortinet network virtual adapter;C:\Windows\System32\drivers\ftvnic.sys [2016-2-6 16928]
R3 GeneStor;Genesys Logic Storage Driver;C:\Windows\System32\drivers\GeneStor.sys [2015-7-9 115704]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-24 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-24 791608]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-11-15 133816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 pppop;PPPoP WAN Adapter;C:\Windows\System32\drivers\pppop64.sys [2015-7-23 54024]
S1 FortiFW;FortiFW;C:\Windows\System32\drivers\fortifw2.sys [2015-10-6 37248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 TrueCryptSystemFavorites;TrueCrypt System Favorites;C:\Windows\SysWOW64\TrueCrypt.exe [2015-3-13 1516496]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-5-20 1916416]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2015-3-10 15768]
S3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]
S3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2016-7-10 120416]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2016-7-28 22704]
S3 fortiapd;fortiapd;C:\Windows\System32\drivers\fortiapd.sys [2015-10-6 17792]
S3 Fortips;Fortips;C:\Windows\System32\drivers\fortips.sys [2015-10-6 145792]
S3 fortisniff;fortisniff;C:\Windows\System32\drivers\fortisniff2.sys [2015-10-6 38272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-6-14 114688]
S3 libusbK;libusbK USB Driver 12/25/2013 - 3.0.6.0;C:\Windows\System32\drivers\libusbK.sys [2015-3-10 47200]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-9 19456]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTWlanU.sys [2015-3-9 2890456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2016-7-10 213088]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2015-3-9 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-9 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-3-9 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service;C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2016-3-22 56552]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-3-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-4-30 23200]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2016-07-30 15:00:19 -------- d-----w- C:\FRST
2016-07-30 14:11:14 110080 ----a-r- C:\Users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2016-07-30 14:11:14 110080 ----a-r- C:\Users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2016-07-30 14:11:14 -------- d-----w- C:\sh4ldr
2016-07-30 13:49:41 144 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-30 13:34:32 -------- d-----w- C:\Users\dhudson\AppData\Local\NPE
2016-07-30 13:34:31 -------- d-----w- C:\ProgramData\Norton
2016-07-30 13:33:44 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E8D5ACC-E29B-40E8-87D6-003F2FAC2D53}\mpengine.dll
2016-07-30 13:28:35 -------- d-----w- C:\Program Files\Registrar Registry Manager
2016-07-29 15:32:14 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2016-07-29 15:32:04 -------- d-----w- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-07-29 15:32:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2016-07-29 03:39:32 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-07-29 03:39:30 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF016C99-95CD-4C46-84B9-DAF7076D7F52}\gapaengine.dll
2016-07-28 23:15:30 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2016-07-28 23:09:10 -------- d-----w- C:\ProgramData\Innovative Solutions
2016-07-28 23:09:09 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions
2016-07-28 23:09:07 -------- d-----w- C:\Users\dhudson\AppData\Local\Innovative Solutions
2016-07-27 15:10:56 -------- d-sh--w- C:\$RECYCLE.BIN
2016-07-27 14:54:02 98816 ----a-w- C:\Windows\sed.exe
2016-07-27 14:54:02 256000 ----a-w- C:\Windows\PEV.exe
2016-07-27 14:54:02 208896 ----a-w- C:\Windows\MBR.exe
2016-07-27 02:12:30 -------- d-----w- C:\Users\dhudson\AppData\Local\CEF
2016-07-26 15:17:47 -------- d-----w- C:\Program Files (x86)\winrule
2016-07-26 15:16:10 -------- d-----w- C:\AdwCleaner
2016-07-26 15:14:12 60136 ------w- C:\Windows\System32\drivers\MPCKpt.sys
2016-07-26 15:14:04 -------- d-----w- C:\Users\dhudson\AppData\Roaming\Desktop
2016-07-26 15:13:18 -------- d-----w- C:\Windows\System32\SSL
2016-07-26 15:12:35 815312 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2016-07-26 15:12:35 392136 ---h--w- C:\Program Files (x86)\Mozilla Firefox\fir?f??.b?t.exe
2016-07-21 14:34:11 -------- d-----w- C:\Users\dhudson\AppData\Roaming\uTorrent
2016-07-21 14:32:56 -------- d-----w- C:\Users\dhudson\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-07-18 17:44:44 -------- d-----w- C:\Program Files\EpsonNet
2016-07-18 17:44:42 466944 ----a-w- C:\Windows\System32\esxw2ud.dll
2016-07-18 17:44:42 144560 ----a-w- C:\Windows\System32\escsvc64.exe
2016-07-15 19:01:13 -------- d-----w- C:\Users\dhudson\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2016-07-10 15:24:11 213088 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2016-07-10 15:24:11 120416 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2016-07-10 15:23:41 144664 ----a-w- C:\Windows\SysWow64\secman.dll
2016-07-10 15:23:41 -------- d-----w- C:\Users\dhudson\AppData\Roaming\Samsung
2016-07-10 15:23:34 -------- d-----w- C:\Program Files (x86)\Samsung
2016-07-07 02:38:54 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2016-07-07 02:38:54 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2016-07-07 02:38:32 -------- d-----w- C:\Program Files\SAMSUNG
2016-07-07 02:38:01 -------- d-----w- C:\ProgramData\Samsung
2016-07-07 02:31:01 -------- d-----w- C:\Users\dhudson\AppData\Local\oneClickRoot
2016-07-07 02:31:01 -------- d-----w- C:\Users\dhudson\AppData\Local\AWSToolkit
2016-07-07 02:30:53 -------- d-----w- C:\Program Files (x86)\One Click Root
2016-07-07 02:28:34 -------- d-----w- C:\Users\dhudson\AppData\Roaming\One Click Root
.
==================== Find3M ====================
.
2016-07-27 19:25:34 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-07-13 05:23:15 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-13 05:23:15 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-06 16:58:26 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-06 16:50:13 1204224 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-03 13:05:46 1413120 ----a-w- C:\Windows\System32\appraiser.dll
2016-05-27 1326 569856 ----a-w- C:\Windows\System32\generaltel.dll
2016-05-27 1326 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-05-27 1326 276480 ----a-w- C:\Windows\System32\invagent.dll
2016-05-27 1326 265216 ----a-w- C:\Windows\System32\centel.dll
2016-05-23 03:04:22 683520 ----a-w- C:\Windows\System32\termsrv.dll
2016-05-22 1329 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-05-20 22:27:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-05-20 22:27:02 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-05-20 22:14:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-05-20 22:10:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-05-20 22:09:21 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-05-20 22:09:13 417792 ----a-w- C:\Windows\System32\html.iec
2016-05-20 22:09:03 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-05-20 22:08:46 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-05-20 22:02:50 6051328 ----a-w- C:\Windows\System32\jscript9.dll
2016-05-20 21:57:57 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-05-20 21:57:20 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-05-20 21:57:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-05-20 21:56:44 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-05-20 21:55:35 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-05-20 21:54:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-05-20 21:54:44 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-05-20 21:54:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-05-20 21:45:27 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-05-20 21:44:11 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-05-20 21:43:35 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-05-20 21:33:22 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-05-20 21:27:58 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-05-20 21:14:05 4610048 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-05-20 21:08:42 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-05-20 21:07:52 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-05-20 21:07:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-05-20 2148 2131968 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-05-20 20:46:53 2597888 ----a-w- C:\Windows\System32\wininet.dll
2016-05-20 20:42:45 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-16 23:22:36 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-05-16 23:19:32 706280 ----a-w- C:\Windows\System32\winload.efi
2016-05-16 23:19:31 5546216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-05-16 23:19:30 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-16 23:19:30 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-16 23:18:39 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-05-16 23:18:39 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-05-16 23:17:39 1732888 ----a-w- C:\Windows\System32\ntdll.dll
2016-05-16 23:16:18 1314136 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-05-16 21:23:50 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-05-16 21:23:46 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-05-16 21:23:46 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-05-16 21:23:02 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-16 21:19:53 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-05-16 21:19:01 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-05-16 21:16:17 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-16 21:15:43 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-16 21:15:40 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-16 21:14:58 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-05-16 21:14:55 112640 ----a-w- C:\Windows\System32\smss.exe
2016-05-16 21:14:20 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-05-16 21:10:29 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-05-16 21:10:28 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-05-16 21:10:27 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-05-16 21:10:26 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-05-16 21:09:40 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-05-16 21:09:32 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-05-16 21:09:32 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-16 21:09:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-16 21:09:32 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-05-13 22:15:24 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-13 22:09:34 98816 ----a-w- C:\Windows\System32\wudriver.dll
2016-05-13 22:09:34 3156480 ----a-w- C:\Windows\System32\wucltux.dll
2016-05-13 22:09:34 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2016-05-13 22:09:19 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-05-13 22:09:16 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-13 22:09:13 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-05-13 22:09:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-13 22:07:23 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2016-05-13 21:54:26 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-13 21:53:00 37888 ----a-w- C:\Windows\System32\wuapp.exe
2016-05-13 21:52:49 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2016-05-13 21:50:05 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-05-13 21:50:05 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2016-05-13 21:49:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-05-13 21:38:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2016-05-13 21:38:30 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2016-05-13 21:27:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-12 17:15:04 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-05-12 17:15:03 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-05-12 17:14:58 373760 ----a-w- C:\Windows\System32\polstore.dll
2016-05-12 17:14:57 862208 ----a-w- C:\Windows\System32\oleaut32.dll
2016-05-12 17:14:48 502272 ----a-w- C:\Windows\System32\IPSECSVC.DLL
2016-05-12 17:14:46 96256 ----a-w- C:\Windows\System32\gpapi.dll
2016-05-12 17:14:46 794624 ----a-w- C:\Windows\System32\gpsvc.dll
2016-05-12 17:14:46 793088 ----a-w- C:\Windows\System32\gpprefcl.dll
.
============= FINISH: 8:13:15.74 ===============
Attached Files
File Type: txt dds.txt (26.2 KB, 31 views)
File Type: txt attach.txt (47.0 KB, 30 views)
Scapponian is offline  
Sponsored Links
Advertisement
 
Old 07-31-2016, 08:12 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Who instructed you to run ComboFix? As stated in the disclaimer you had to pass when running ComboFix, it is not intended for unsupervised use.

As you also should have read here in Step 2 of our First Steps thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

I need to see ComboFix.txt.

Go Start > Run and copy/paste the following into the Run box and click OK:

C:\ComboFix.txt

Please post the ComboFix.txt log here for review.

------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-31-2016, 08:42 AM   #3
Registered Member
 
Join Date: Jul 2016
Posts: 5
OS: Windows 7 Enterprise x64 SP1



ComboFix was something I ran long before I came across this forum.
Attached is the CF log.


CKScanner output:
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\git\usr\bin\ssh-keygen.exe
c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\shadow_wall_2_cracked.dds
c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked.nif
c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked_diff.dds
scanner sequence 3.KI.11.QCAPLZ
----- EOF -----

ComboFix 16-07-25.01 - dhudson 07/31/2016 8:20.2.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.32643.28940 [GMT -7:00]
Running from: d:\temp\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-06-28 to 2016-07-31 )))))))))))))))))))))))))))))))
.
.
2016-07-31 15:33 . 2016-07-31 15:33 -------- d-----w- c:\users\nabil\AppData\Local\temp
2016-07-31 15:33 . 2016-07-31 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-31 09:30 . 2016-07-31 09:30 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0B4DC6D-1100-4E11-9F44-8583D31FD5A3}\offreg.1012.dll
2016-07-31 09:29 . 2016-06-21 22:04 12007136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0B4DC6D-1100-4E11-9F44-8583D31FD5A3}\mpengine.dll
2016-07-31 09:28 . 2016-06-21 22:04 12007136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-07-31 05:10 . 2016-07-31 05:10 -------- d-----w- c:\users\nabil\AppData\Local\VirtualStore
2016-07-30 15:00 . 2016-07-30 15:09 -------- d-----w- C:\FRST
2016-07-30 14:11 . 2016-07-30 14:11 110080 ----a-r- c:\users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2016-07-30 14:11 . 2016-07-30 14:11 110080 ----a-r- c:\users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2016-07-30 14:11 . 2016-07-30 14:11 -------- d-----w- C:\sh4ldr
2016-07-30 13:49 . 2016-07-30 13:49 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-30 13:34 . 2016-07-30 13:55 -------- d-----w- c:\users\dhudson\AppData\Local\NPE
2016-07-30 13:34 . 2016-07-30 13:34 -------- d-----w- c:\programdata\Norton
2016-07-30 13:28 . 2016-07-30 14:00 -------- d-----w- c:\program files\Registrar Registry Manager
2016-07-29 15:32 . 2016-07-29 15:32 -------- d-----w- c:\program files (x86)\Enigma Software Group
2016-07-29 15:32 . 2016-07-30 14:11 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-07-29 15:32 . 2016-07-29 15:32 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2016-07-29 03:39 . 2016-05-12 02:50 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF016C99-95CD-4C46-84B9-DAF7076D7F52}\gapaengine.dll
2016-07-28 23:15 . 2016-07-28 23:15 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-28 23:09 . 2016-07-29 16:16 -------- d-----w- c:\programdata\Innovative Solutions
2016-07-28 23:09 . 2016-07-28 23:09 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2016-07-28 23:09 . 2016-07-28 23:09 -------- d-----w- c:\users\dhudson\AppData\Local\Innovative Solutions
2016-07-27 02:12 . 2016-07-27 02:12 -------- d-----w- c:\users\dhudson\AppData\Local\CEF
2016-07-26 15:17 . 2016-07-28 23:12 -------- d-----w- c:\program files (x86)\winrule
2016-07-26 15:16 . 2016-07-30 14:05 -------- d-----w- C:\AdwCleaner
2016-07-26 15:14 . 2016-07-26 15:14 60136 ------w- c:\windows\system32\drivers\MPCKpt.sys
2016-07-26 15:14 . 2016-07-27 02:12 -------- d-----w- c:\users\dhudson\AppData\Roaming\Desktop
2016-07-26 15:13 . 2016-07-26 15:14 -------- d-----w- c:\windows\system32\SSL
2016-07-26 15:12 . 2016-06-28 18:16 392136 ---h--w-.exe c:\progra~2\MOZILL~1\FIRFBT~1.EXE
2016-07-26 15:12 . 2016-05-23 22:54 815312 ---h--w-.exe c:\progra~2\INTERN~1\IPLRBT~1.EXE
2016-07-21 14:34 . 2016-07-29 19:18 -------- d-----w- c:\users\dhudson\AppData\Roaming\uTorrent
2016-07-21 03:56 . 2016-07-21 03:56 -------- d-----w- c:\users\nabil\AppData\Roaming\Epson
2016-07-19 03:34 . 2016-07-19 03:34 -------- d-----w- c:\users\dhudson\AppData\Roaming\Epson
2016-07-18 17:44 . 2016-07-18 17:44 -------- d-----w- c:\program files\EpsonNet
2016-07-18 17:44 . 2014-02-25 07:00 466944 ----a-w- c:\windows\system32\esxw2ud.dll
2016-07-18 17:44 . 2012-05-17 07:00 144560 ----a-w- c:\windows\system32\escsvc64.exe
2016-07-15 19:01 . 2016-07-15 19:01 -------- d-----w- c:\users\dhudson\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2016-07-10 15:24 . 2016-01-08 08:51 213088 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2016-07-10 15:24 . 2016-01-08 08:51 120416 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2016-07-10 15:23 . 2016-07-18 17:29 -------- d-----w- c:\users\dhudson\AppData\Roaming\Samsung
2016-07-10 15:23 . 2016-03-31 18:18 144664 ----a-w- c:\windows\SysWow64\secman.dll
2016-07-10 15:23 . 2016-07-18 17:29 -------- d-----w- c:\program files (x86)\Samsung
2016-07-07 02:38 . 2014-12-03 02:01 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2016-07-07 02:38 . 2014-12-03 02:01 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2016-07-07 02:38 . 2016-07-07 02:38 -------- d-----w- c:\program files\SAMSUNG
2016-07-07 02:38 . 2016-07-10 15:24 -------- d-----w- c:\programdata\Samsung
2016-07-07 02:31 . 2016-07-07 02:31 -------- d-----w- c:\users\dhudson\AppData\Local\oneClickRoot
2016-07-07 02:31 . 2016-07-07 02:31 -------- d-----w- c:\users\dhudson\AppData\Local\AWSToolkit
2016-07-07 02:30 . 2016-07-07 02:30 -------- d-----w- c:\program files (x86)\One Click Root
2016-07-07 02:28 . 2016-07-07 02:28 -------- d-----w- c:\users\dhudson\AppData\Roaming\One Click Root
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-27 19:25 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe
2016-07-13 05:23 . 2015-03-19 15:56 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-13 05:23 . 2015-03-19 15:56 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-05 01:53 . 2015-03-10 01:20 142482544 ----a-w- c:\windows\system32\MRT.exe
2016-06-06 16:58 . 2016-06-15 04:38 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-06-06 16:50 . 2016-06-15 04:38 1204224 ----a-w- c:\windows\system32\aeinv.dll
2016-06-03 13:05 . 2016-06-15 04:38 1413120 ----a-w- c:\windows\system32\appraiser.dll
2016-05-27 13:06 . 2016-06-15 04:38 569856 ----a-w- c:\windows\system32\generaltel.dll
2016-05-27 13:06 . 2016-06-15 04:38 544256 ----a-w- c:\windows\system32\devinv.dll
2016-05-27 13:06 . 2016-06-15 04:38 276480 ----a-w- c:\windows\system32\invagent.dll
2016-05-27 13:06 . 2016-06-15 04:38 265216 ----a-w- c:\windows\system32\centel.dll
2016-05-23 23:37 . 2016-06-15 04:38 394960 ----a-w- c:\windows\system32\iedkcs32.dll
2016-05-23 03:04 . 2015-03-10 01:12 683520 ----a-w- c:\windows\system32\termsrv.dll
2016-05-22 13:06 . 2016-06-15 04:38 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-05-21 17:28 . 2016-06-15 04:38 25802752 ----a-w- c:\windows\system32\mshtml.dll
2016-05-20 22:27 . 2016-06-15 04:38 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-05-20 22:27 . 2016-06-15 04:38 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-05-20 22:14 . 2016-06-15 04:38 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-05-20 22:10 . 2016-06-15 04:38 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-05-20 22:09 . 2016-06-15 04:38 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-05-20 22:09 . 2016-06-15 04:38 417792 ----a-w- c:\windows\system32\html.iec
2016-05-20 22:09 . 2016-06-15 04:38 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-05-20 22:08 . 2016-06-15 04:38 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-05-20 22:08 . 2016-06-15 04:38 2895360 ----a-w- c:\windows\system32\iertutil.dll
2016-05-20 22:02 . 2016-06-15 04:38 6051328 ----a-w- c:\windows\system32\jscript9.dll
2016-05-20 22:00 . 2016-06-15 04:38 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-05-20 21:59 . 2016-06-15 04:38 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-05-20 21:57 . 2016-06-15 04:38 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-05-20 21:57 . 2016-06-15 04:38 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-05-20 21:57 . 2016-06-15 04:38 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-05-20 21:56 . 2016-06-15 04:38 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-05-20 21:56 . 2016-06-15 04:38 615936 ----a-w- c:\windows\system32\ieui.dll
2016-05-20 21:55 . 2016-06-15 04:38 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-05-20 21:54 . 2016-06-15 04:38 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-05-20 21:54 . 2016-06-15 04:38 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-05-20 21:54 . 2016-06-15 04:38 817664 ----a-w- c:\windows\system32\jscript.dll
2016-05-20 21:54 . 2016-06-15 04:38 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-05-20 21:45 . 2016-06-15 04:38 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-05-20 21:44 . 2016-06-15 04:38 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-05-20 21:43 . 2016-06-15 04:38 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-05-20 21:41 . 2016-06-15 04:38 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-05-20 21:33 . 2016-06-15 04:38 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-05-20 21:32 . 2016-06-15 04:38 107520 ----a-w- c:\windows\system32\inseng.dll
2016-05-20 21:28 . 2016-06-15 04:38 199680 ----a-w- c:\windows\system32\msrating.dll
2016-05-20 21:27 . 2016-06-15 04:38 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-05-20 21:27 . 2016-06-15 04:38 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-05-20 21:25 . 2016-06-15 04:38 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-05-20 21:22 . 2016-06-15 04:38 152064 ----a-w- c:\windows\system32\occache.dll
2016-05-20 21:14 . 2016-06-15 04:38 4610048 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-05-20 21:11 . 2016-06-15 04:38 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-05-20 21:11 . 2016-06-15 04:38 15420928 ----a-w- c:\windows\system32\ieframe.dll
2016-05-20 21:09 . 2016-06-15 04:38 725504 ----a-w- c:\windows\system32\ie4uinit.exe
2016-05-20 21:08 . 2016-06-15 04:38 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-05-20 21:08 . 2016-06-15 04:38 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-05-20 21:07 . 2016-06-15 04:38 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-05-20 21:07 . 2016-06-15 04:38 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-05-20 21:06 . 2016-06-15 04:38 2131968 ----a-w- c:\windows\system32\inetcpl.cpl
2016-05-20 20:46 . 2016-06-15 04:38 2597888 ----a-w- c:\windows\system32\wininet.dll
2016-05-20 20:42 . 2016-06-15 04:38 2121216 ----a-w- c:\windows\SysWow64\wininet.dll
2016-05-20 20:34 . 2016-06-15 04:38 1544192 ----a-w- c:\windows\system32\urlmon.dll
2016-05-20 20:23 . 2016-06-15 04:38 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-05-18 16:10 . 2016-06-15 04:38 312832 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-05-18 16:09 . 2016-06-15 04:38 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-05-16 23:14 . 2016-07-05 01:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-05-13 22:15 . 2016-06-15 04:38 382184 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 22:09 . 2016-06-15 04:38 41472 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 22:09 . 2016-06-15 04:38 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 22:09 . 2016-06-15 04:38 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 22:09 . 2016-06-15 04:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-05-13 21:54 . 2016-06-15 04:38 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-05-13 21:50 . 2016-06-15 04:38 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-05-13 21:49 . 2016-06-15 04:38 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-05-13 21:49 . 2016-06-15 04:38 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-05-13 21:27 . 2016-06-15 04:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-05-12 17:15 . 2016-06-15 04:38 105472 ----a-w- c:\windows\system32\winipsec.dll
2016-05-12 17:15 . 2016-06-15 04:38 2048 ----a-w- c:\windows\system32\tzres.dll
2016-05-12 17:14 . 2016-06-15 04:38 373760 ----a-w- c:\windows\system32\polstore.dll
2016-05-12 17:14 . 2016-06-15 04:38 502272 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-05-12 17:14 . 2016-06-15 04:38 96256 ----a-w- c:\windows\system32\gpapi.dll
2016-05-12 17:14 . 2016-06-15 04:38 794624 ----a-w- c:\windows\system32\gpsvc.dll
2016-05-12 17:14 . 2016-06-15 04:38 793088 ----a-w- c:\windows\system32\gpprefcl.dll
2016-05-12 17:14 . 2016-06-15 04:38 75776 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2016-05-12 17:14 . 2016-06-15 04:38 32768 ----a-w- c:\windows\system32\gpscript.dll
2016-05-12 15:18 . 2016-06-15 04:38 70144 ----a-w- c:\windows\SysWow64\winipsec.dll
2016-05-12 15:18 . 2016-06-15 04:38 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-05-12 15:18 . 2016-06-15 04:38 274944 ----a-w- c:\windows\SysWow64\polstore.dll
2016-05-12 15:18 . 2016-06-15 04:38 591872 ----a-w- c:\windows\SysWow64\gpprefcl.dll
2016-05-12 15:18 . 2016-06-15 04:38 79360 ----a-w- c:\windows\SysWow64\gpapi.dll
2016-05-12 15:18 . 2016-06-15 04:38 44032 ----a-w- c:\windows\SysWow64\FwRemoteSvr.dll
2016-05-12 15:06 . 2016-06-15 04:38 25600 ----a-w- c:\windows\system32\gpscript.exe
2016-05-12 15:03 . 2016-06-15 04:38 3217408 ----a-w- c:\windows\system32\win32k.sys
2016-05-12 14:58 . 2016-06-15 04:38 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2016-05-12 14:58 . 2016-06-15 04:38 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-05-12 14:58 . 2016-06-15 04:38 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-05-12 14:57 . 2016-06-15 04:38 30720 ----a-w- c:\windows\SysWow64\gpscript.dll
2016-05-12 14:57 . 2016-06-15 04:38 24576 ----a-w- c:\windows\SysWow64\gpscript.exe
2016-05-12 02:50 . 2015-03-26 01:32 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-05-11 17:02 . 2016-06-15 04:38 296448 ----a-w- c:\windows\system32\ws2_32.dll
2016-05-11 17:02 . 2016-06-15 04:38 444928 ----a-w- c:\windows\system32\winhttp.dll
2016-05-11 17:02 . 2016-06-15 04:38 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2014-10-14 . 6A5B600AD0041E9AF564DE73B716F3D2 . 686592 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
[7] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
[7] 2014-07-17 . 4FC4C50985E5B840F4D72E57286887B8 . 681984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
[7] 2014-07-16 . F4D7114060C034134A440846F411BB7F . 686080 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2016-05-23 . 9B40F8C21CE8CDD39C3B618AF77986DC . 683520 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-05-18 05:06 1741096 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-05-18 05:06 1741096 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-05-18 05:06 1741096 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinControl"="c:\program files (x86)\HALAN\WinControl 2000\WinControl.exe" [2000-10-07 480768]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2015-03-10 1516496]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2010-10-15 226784]
"Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2016-01-01 58680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-25 290688]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-19 47104]
"AsioReg"="CTASIO.DLL" [2010-03-19 47104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"LocalAccountTokenFilterPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrueCryptSystemFavorites]
@="Service"
.
R1 FortiFW;FortiFW;c:\windows\system32\drivers\FortiFW2.sys;c:\windows\SYSNATIVE\drivers\FortiFW2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R2 TrueCryptSystemFavorites;TrueCrypt System Favorites;c:\windows\SysWOW64\TrueCrypt.exe;c:\windows\SysWOW64\TrueCrypt.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys;c:\windows\SYSNATIVE\drivers\fortiapd.sys [x]
R3 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys;c:\windows\SYSNATIVE\drivers\fortips.sys [x]
R3 fortisniff;fortisniff;c:\windows\system32\drivers\fortisniff2.sys;c:\windows\SYSNATIVE\drivers\fortisniff2.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusbK;libusbK USB Driver 12/25/2013 - 3.0.6.0;c:\windows\system32\DRIVERS\libusbK.sys;c:\windows\SYSNATIVE\DRIVERS\libusbK.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 file_tracker;file_tracker;c:\windows\system32\DRIVERS\file_tracker.sys;c:\windows\SYSNATIVE\DRIVERS\file_tracker.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S1 FortiFilter;Fortinet NDIS6 Packet Filter Service;c:\windows\system32\DRIVERS\FortiFilter.sys;c:\windows\SYSNATIVE\DRIVERS\FortiFilter.sys [x]
S1 FortiShield;FortiShield;c:\windows\system32\drivers\FortiShield.sys;c:\windows\SYSNATIVE\drivers\FortiShield.sys [x]
S1 MPCKpt;MPCKpt;c:\windows\system32\DRIVERS\MPCKpt.sys;c:\windows\SYSNATIVE\DRIVERS\MPCKpt.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe;c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys;c:\windows\SYSNATIVE\DRIVERS\ftvnic.sys [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys;c:\windows\SYSNATIVE\DRIVERS\pppop64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-17 23:43 1245848 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-19 05:23]
.
2016-07-31 c:\windows\Tasks\EPSON XP-420 Series Update {5E01AAD5-D941-4849-AE15-91AEAA55E285}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSNAE.EXE [2016-07-18 08:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2014-09-09 20:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2014-09-09 20:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2014-09-09 20:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2010-10-15 226784]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-01-22 13667032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
Trusted Zone: lsi-controls.net
Trusted Zone: lsi-industries.com
Trusted Zone: lynxpdx.com
Trusted Zone: virticus.com
Trusted Zone: virticus.info
TCP: DhcpNameServer = 10.129.8.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-07-31 08:36:50
ComboFix-quarantined-files.txt 2016-07-31 15:36
.
Pre-Run: 47,362,916,352 bytes free
Post-Run: 48,772,476,928 bytes free
.
- - End Of File - - 3D4BBDE82D721A7016A5B489AD4F9CC4
F2634EFAB9E22A7870007C2453CEFE38
Attached Files
File Type: txt ComboFix.txt (31.1 KB, 26 views)
Scapponian is offline  
Sponsored Links
Advertisement
 
Old 07-31-2016, 09:35 AM   #4
Registered Member
 
Join Date: Jul 2016
Posts: 5
OS: Windows 7 Enterprise x64 SP1



ssh-keygen is not a key generator for cracking. It is used for generating ssh hash strings.
Scapponian is offline  
Old 07-31-2016, 09:59 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Scapponian. So it is.

Quote:
Running from: d:\temp\ComboFix.exe
Please note that tools are best Run from the Desktop. Save to the Desktop and then Run from the Desktop.

Easier to find and perform specialized functions which may be required. Thanks.

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

We suggest uninstalling SpyHunter via Programs and Features in your Control Panel.

If you decide to uninstall it, also delete this Folder if it still exists:

C:\Program Files\Enigma Software Group

Let me know if you uninstalled those.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    c:\windows\system32\DRIVERS\MPCKpt.sys

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
  • Please repeat for the following file:

    c:\windows\system32\termsrv.dll
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-31-2016, 12:34 PM   #6
Registered Member
 
Join Date: Jul 2016
Posts: 5
OS: Windows 7 Enterprise x64 SP1



Spyhunter is now uninstalled.

mpckpt.sys
https://www.virustotal.com/en/file/3...7c7a/analysis/

termsrv.dll
https://www.virustotal.com/en/file/b...9bac/analysis/
Scapponian is offline  
Old 07-31-2016, 01:03 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Scapponian.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
https://www.techsupportforum.com/forums/f50/mpckpt-sys-removal-1148857.html#post7167921

Collect::
C:\Windows\System32\drivers\MPCKpt.sys
c:\windows\SYSNATIVE\DRIVERS\MPCKpt.sys

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll | c:\windows\system32\termsrv.dll

ClearJavaCache::

File::
c:\users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
c:\users\dhudson\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
c:\windows\system32\drivers\EsgScanner.sys
c:\progra~2\MOZILL~1\FIRFBT~1.EXE
c:\progra~2\INTERN~1\IPLRBT~1.EXE

Folder::
C:\sh4ldr
c:\users\dhudson\AppData\Local\NPE
c:\programdata\Norton
c:\program files\Registrar Registry Manager
c:\program files (x86)\Enigma Software Group
c:\program files (x86)\Common Files\Wise Installation Wizard
c:\programdata\Innovative Solutions
c:\program files (x86)\Common Files\Innovative Solutions
c:\users\dhudson\AppData\Local\Innovative Solutions
c:\users\dhudson\AppData\Local\CEF
c:\program files (x86)\winrule

DirLook::
c:\users\dhudson\AppData\Roaming\Desktop
c:\windows\system32\SSL

Driver::
MPCKpt
SpyHunter 4 Service
EsgScanner
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-31-2016, 08:04 PM   #8
Registered Member
 
Join Date: Jul 2016
Posts: 5
OS: Windows 7 Enterprise x64 SP1



That did it. All clean.


Your help was much appreciated.

Thank You
Scapponian is offline  
Old 08-01-2016, 02:58 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Scapponian. You're welcome. However, you didn't follow all the instructions.

Absence of symptoms does not mean your machine is clean. I need to the the ComboFix.txt log.

I also need for that file to be sent for analysis. There should be a zip named Files_for_submission.zip in the same location as ComboFix is located.

Please submit it to this site ==> Submit a Malware Sample

and include this link in the message:

http://www.techsupportforum.com/forums/f50/mpckpt-sys-removal-1148857.html#post7167985


Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-20-2016, 06:45 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote Malware Removal as a Viable Business Idea?
I just had this idea, and this forum happened to have an open tab, so on impulse, here it is: Recently I just got a refresher course on malware removal after taking a computer infected with the FBI/DOJ Moneypak virus. What a mess. Anyways, during the course of this project, due to the fact...
BFGoodrich General Computer Security 1 06-24-2014 02:55 AM
A Challenge?
Any help with this would be really appreciated! So, -I kept getting directed to the wrong (avast tells me malicious) websites when I clicked a link with Bing or Google, has been happening for a couple weeks, with increased frequency -10 days or so ago, found out it might be this "misdirect...
needhelp1234222 Resolved HJT Threads 22 06-26-2012 09:55 PM
MS removal tool - cant start in recovery console
Hi, I got this particular virus close to a week ago and have had no success whatsoever in remedying the situation. I was simply browsing the internet (at a motel 6 on an unsecured network) when I received a "Tamper Alert" from my anti virus software (Symantec). I was receiving close to 100...
gregluck Resolved HJT Threads 20 05-26-2011 01:35 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:12 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts