Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

taskeng.exe after login

This is a discussion on taskeng.exe after login within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I am having an issue with two taskeng.exe windows popping up immediatly and going away instantly. I posted this issue


Closed Thread
 
Thread Tools Search this Thread
Old 08-31-2016, 06:39 AM   #1
Registered Member
 
Join Date: Aug 2016
Posts: 12
OS: Windows 7 Pro



I am having an issue with two taskeng.exe windows popping up immediatly and going away instantly. I posted this issue to microsoft support however they had me run dir /s /a C:\windows\Tasks > 0 & notepad 0 and one of lines read as 08/28/2016 11:23 AM <DIR> ImCleanDisabled. The tech said that it could be redirecting malware.



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18427
Run by ThatGuyDGAF at 7:30:24 on 2016-08-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.32708.28315 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
C:\Windows\SysWOW64\muachost.exe
C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
A:\Program Files (x86)\MSI\Live Update\Live Update.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
A:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
A:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
A:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
A:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\ThatGuyDGAF\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Users\ThatGuyDGAF\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe
A:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
A:\Program Files (x86)\Steam\Steam.exe
A:\Program Files (x86)\Steam\bin\steamwebhelper.exe
A:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Windows\system32\taskhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
A:\Program Files (x86)\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
mWinlogon: Userinit = userinit.exe
uRun: [Advanced SystemCare 9] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
mRun: [Live Update] A:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Kraken71ChromaHelper] C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe /start
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoSimpleNetIDList = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{D402C876-9624-4A53-BEDE-0837C956509A} : DHCPNameServer = 209.18.47.62 209.18.47.61
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ThatGuyDGAF\AppData\Roaming\Mozilla\Firefox\Profiles\qb3yqbgi.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/#gws_rd=ssl
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2016-8-28 1469952]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2016-8-28 31712]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2016-8-27 20464]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2016-8-28 27552]
R2 AdvancedSystemCareService9;Advanced SystemCare Service 9;C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [2016-8-28 452384]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 GamingApp_Service;GamingApp_Service;C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [2016-8-30 39888]
R2 GamingHotkey_Service;GamingHotkey_Service;C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2016-8-30 2019792]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-8-30 1163712]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2014-3-11 260360]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-20 154584]
R2 MBAMScheduler;MBAMScheduler;A:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-8-28 1514464]
R2 MBAMService;MBAMService;A:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-8-28 1136608]
R2 MSI_ActiveX_Service;MSI_ActiveX_Service;C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [2016-8-30 54200]
R2 MSI_LiveUpdate_Service;MSI Live Update Service;A:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2016-8-30 2227152]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-8-30 1879488]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-8-30 2521024]
R2 Razer Chroma SDK Service;Razer Chroma SDK Service;C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [2016-8-18 69744]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-11-4 188072]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2016-8-31 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2016-8-31 130880]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-8-30 424384]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2015-2-12 139992]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2016-8-28 444656]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2016-8-28 511952]
R3 I2cHkBurn;I2cHkBurn;C:\Windows\System32\drivers\I2cHkBurn.sys [2016-8-30 41760]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2016-8-27 383984]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2016-8-27 795120]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-8-28 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-8-28 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-8-28 64896]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-8-30 26560]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-8-30 3632576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2016-8-30 56384]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2016-6-22 51736]
R3 rzmpos;rzmpos;C:\Windows\System32\drivers\rzmpos.sys [2016-6-22 47632]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2016-6-22 203280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2016-8-28 2960672]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2016-8-28 1409032]
S3 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2016-8-28 249320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-8-28 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-1-31 887232]
S3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [2009-8-12 28984]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C;D:\NTIOLib_X64.sys [2011-6-28 11888]
S3 Origin Client Service;Origin Client Service;A:\Program Files (x86)\Origin\OriginClientService.exe [2016-8-30 2122248]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-8-14 1310448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2016-8-30 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2016-8-30 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2016-8-30 1255736]
.
=============== Created Last 30 ================
.
2016-08-31 12:50:18 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2016-08-31 12:50:18 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2016-08-31 12:50:18 322560 ----a-w- C:\Windows\System32\aaclient.dll
2016-08-31 12:50:18 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2016-08-31 12:50:18 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2016-08-31 12:50:17 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2016-08-31 12:50:17 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2016-08-31 12:50:17 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2016-08-31 12:50:17 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2016-08-31 12:50:17 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2016-08-31 10:27:00 130880 ----a-w- C:\Windows\System32\drivers\rzpnk.sys
2016-08-31 10:26:55 37184 ----a-w- C:\Windows\System32\drivers\rzpmgrk.sys
2016-08-31 10:25:06 -------- d-----w- C:\Program Files\Razer Chroma SDK
2016-08-31 10:25:06 -------- d-----w- C:\Program Files (x86)\Razer Chroma SDK
2016-08-31 10:23:59 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\Razer
2016-08-31 02:48:00 133056 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2016-08-31 02:47:59 45344 ----a-w- C:\Windows\System32\vulkaninfo.exe
2016-08-31 02:47:59 40224 ----a-w- C:\Windows\SysWow64\vulkaninfo.exe
2016-08-31 02:47:59 130848 ----a-w- C:\Windows\System32\vulkan-1.dll
2016-08-31 02:47:59 129824 ----a-w- C:\Windows\SysWow64\vulkan-1.dll
2016-08-31 02:47:59 -------- d-----w- C:\Program Files (x86)\VulkanRT
2016-08-30 2330 -------- d-----w- C:\Windows\SysWow64\Wat
2016-08-30 2330 -------- d-----w- C:\Windows\System32\Wat
2016-08-30 22:55:47 7168 ----a-w- C:\Windows\System32\kbdgeoqw.dll
2016-08-30 22:55:47 7168 ----a-w- C:\Windows\System32\KBDAZEL.DLL
2016-08-30 22:55:47 69120 ----a-w- C:\Windows\SysWow64\nlsbres.dll
2016-08-30 22:55:47 69120 ----a-w- C:\Windows\System32\nlsbres.dll
2016-08-30 22:55:47 6656 ----a-w- C:\Windows\SysWow64\kbdgeoqw.dll
2016-08-30 22:55:47 6656 ----a-w- C:\Windows\SysWow64\KBDAZEL.DLL
2016-08-30 22:55:09 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2016-08-30 22:55:09 22528 ----a-w- C:\Windows\System32\icaapi.dll
2016-08-30 22:53:43 96768 ----a-w- C:\Windows\System32\fsutil.exe
2016-08-30 22:53:43 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2016-08-30 22:53:43 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2016-08-30 22:53:43 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2016-08-30 22:53:43 2565632 ----a-w- C:\Windows\System32\esent.dll
2016-08-30 22:53:43 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2016-08-30 22:53:43 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2016-08-30 22:53:43 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2016-08-30 22:53:43 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2016-08-30 22:49:12 -------- d-----w- C:\Windows\SysWow64\LiveUpdate
2016-08-30 22:46:02 -------- d-----w- C:\Program Files\MSI Kombustor 3
2016-08-30 22:45:56 11248 ----a-w- C:\Windows\acpimof.dll
2016-08-30 22:43:41 -------- d-----w- C:\NVIDIA
2016-08-30 20:36:03 -------- d-s---w- C:\Windows\System32\CompatTel
2016-08-30 20:36:03 -------- d-----w- C:\Windows\System32\appraiser
2016-08-30 15:14:59 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2016-08-30 15:14:59 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2016-08-30 15:14:59 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2016-08-30 15:14:59 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2016-08-30 15:14:59 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2016-08-30 15:14:59 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2016-08-30 15:14:59 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2016-08-30 15:11:03 396800 ----a-w- C:\Windows\System32\webio.dll
2016-08-30 15:11:03 316416 ----a-w- C:\Windows\SysWow64\webio.dll
2016-08-30 15:10:48 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2016-08-30 15:10:46 165888 ----a-w- C:\Windows\System32\charmap.exe
2016-08-30 15:10:46 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2016-08-30 15:10:43 3218944 ----a-w- C:\Windows\System32\win32k.sys
2016-08-30 15:10:43 20352 ----a-w- C:\Windows\System32\kdusb.dll
2016-08-30 15:10:43 19328 ----a-w- C:\Windows\System32\kd1394.dll
2016-08-30 15:10:43 17792 ----a-w- C:\Windows\System32\kdcom.dll
2016-08-30 14:03:06 -------- d--h--w- C:\Program Files\Common Files\EAInstaller
2016-08-30 13:41:09 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Roaming\Origin
2016-08-30 13:41:07 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\Origin
2016-08-30 13:40:44 -------- d-----w- C:\ProgramData\Origin
2016-08-30 13:40:43 -------- d-----w- C:\ProgramData\Electronic Arts
2016-08-29 13:59:00 647680 ----a-w- C:\Windows\System32\d3d10level9.dll
2016-08-29 13:59:00 603648 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2016-08-29 13:57:52 525312 ----a-w- C:\Windows\System32\catsrvut.dll
2016-08-29 03:39:13 82432 ----a-w- C:\Windows\SysWow64\davclnt.dll
2016-08-29 03:38:54 497664 ----a-w- C:\Windows\System32\drivers\afd.sys
2016-08-29 03:38:54 118272 ----a-w- C:\Windows\System32\drivers\tdx.sys
2016-08-29 03:38:21 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2016-08-29 03:38:21 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2016-08-29 03:07:10 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2016-08-29 0351 95744 ----a-w- C:\Windows\System32\synceng.dll
2016-08-29 0351 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2016-08-29 0351 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2016-08-29 0351 59392 ----a-w- C:\Windows\System32\browcli.dll
2016-08-29 0351 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2016-08-29 0351 136704 ----a-w- C:\Windows\System32\browser.dll
2016-08-29 0330 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2016-08-29 0330 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2016-08-29 0330 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2016-08-29 0330 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2016-08-29 0330 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2016-08-29 02:50:01 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2016-08-29 02:50:01 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-08-29 02:48:17 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2016-08-29 02:48:17 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2016-08-29 02:48:17 8856 ----a-w- C:\Windows\System32\icardres.dll
2016-08-29 02:48:17 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2016-08-29 02:48:17 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2016-08-29 02:48:17 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2016-08-29 02:48:15 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2016-08-29 02:48:15 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2016-08-29 02:38:32 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\Macromedia
2016-08-29 02:36:59 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2016-08-29 02:32:49 193536 ----a-w- C:\Windows\System32\notepad.exe
2016-08-29 02:32:49 193536 ----a-w- C:\Windows\notepad.exe
2016-08-29 02:32:49 179712 ----a-w- C:\Windows\SysWow64\notepad.exe
2016-08-29 02:29:53 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-08-29 02:29:44 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-08-29 02:29:44 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-08-29 02:29:44 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-08-29 02:29:44 -------- d-----w- C:\ProgramData\Malwarebytes
2016-08-29 02:23:58 -------- d-----w- C:\17c39c808cc9ef32bf09f34450ad8f6a
2016-08-28 22:54:21 142336 ----a-w- C:\Windows\System32\poqexec.exe
2016-08-28 22:54:21 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2016-08-28 22:27:54 -------- d-----w- C:\49dd0777aa29d35e1423
2016-08-28 18:59:07 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Roaming\OBS
2016-08-28 18:13:58 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Roaming\NVIDIA
2016-08-28 18:11:13 -------- d-----w- C:\Program Files (x86)\Overwolf
2016-08-28 18:11:13 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf
2016-08-28 18:11:10 -------- d-----w- C:\ProgramData\Overwolf
2016-08-28 18:05:20 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\Overwolf
2016-08-28 17:59:29 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\Ubisoft Game Launcher
2016-08-28 17:54:35 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\Steam
2016-08-28 17:54:35 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\CEF
2016-08-28 17:53:58 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2016-08-28 17:38:49 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-08-28 17:38:49 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-08-28 17:38:11 -------- d-----w- C:\Windows\System32\DAX2
2016-08-28 17:35:47 444656 ----a-w- C:\Windows\System32\drivers\asmtxhci.sys
2016-08-28 17:28:36 27424 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2016-08-28 17:27:41 90608 ----a-w- C:\Windows\System32\NicInstD.dll
2016-08-28 17:27:41 80848 ----a-w- C:\Windows\System32\e1dmsg.dll
2016-08-28 17:27:41 511952 ----a-w- C:\Windows\System32\drivers\e1d62x64.sys
2016-08-28 17:27:41 125728 ----a-w- C:\Windows\System32\NicCo4.dll
2016-08-28 17:27:32 31712 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
2016-08-28 17:27:32 1469952 ----a-w- C:\Windows\System32\drivers\iaStorA.sys
2016-08-28 17:26:48 181304 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
2016-08-28 17:23:26 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Roaming\ProductData
2016-08-28 17:23:25 -------- d-----w- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-08-28 17:23:24 -------- d-----w- C:\Program Files (x86)\Common Files\IObit
2016-08-28 17:23:22 -------- d-----w- C:\Program Files (x86)\IObit
2016-08-28 17:23:11 -------- d-----w- C:\Windows\IObit
2016-08-28 17:23:11 -------- d-----w- C:\ProgramData\ProductData
2016-08-28 17:22:59 27552 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2016-08-28 17:22:59 -------- d-----w- C:\ProgramData\IObit
2016-08-28 17:22:58 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Roaming\IObit
2016-08-28 17:22:36 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\Programs
2016-08-28 17:20:18 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\Mozilla
2016-08-28 17:20:13 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-28 05:51:50 -------- d-----w- C:\Windows\Panther
2016-08-28 04:08:32 -------- d-----w- C:\72f6987d2d0faf88aa98eb
2016-08-28 04:08:13 -------- d-----w- C:\039ee18a0401433fb7c88ec4
2016-08-28 03:56:36 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-08-28 03:41:46 -------- d-----w- C:\Windows\System32\SPReview
2016-08-28 03:41:42 -------- d-----w- C:\Windows\System32\EventProviders
2016-08-28 03:26:52 -------- d-----w- C:\Users\ThatGuyDGAF\AppData\Local\NVIDIA
2016-08-28 03:20:50 -------- d-----w- C:\Windows\Migration
2016-08-28 03:18:11 -------- d-----w- C:\Windows\System32\MRT
2016-08-28 03:15:27 304128 ----a-w- C:\Windows\System32\EOSNotify.exe
2016-08-28 03:10:31 -------- d-----w- C:\Program Files (x86)\Common Files\PostureAgent
2016-08-28 03:10:08 -------- d-----w- C:\Users\ThatGuyDGAF\Intel
2016-08-28 03:07:23 20464 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2016-08-28 03:07:18 795120 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2016-08-28 03:07:18 383984 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2016-08-28 03:07:07 -------- d-----w- C:\Intel
2016-08-28 0331 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2016-08-28 03:05:03 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2016-08-28 03:04:59 403256 ----a-r- C:\Windows\System32\PROUnstl.exe
2016-08-28 03:04:11 16896 ----a-w- C:\Windows\AsTaskSched.dll
2016-08-28 03:04:11 -------- d-----w- C:\Windows\MEI
2016-08-28 03:04:08 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2016-08-28 03:04:08 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2016-08-28 03:04:08 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2016-08-28 03:03:48 -------- d-----w- C:\Windows\SysWow64\RTCOM
2016-08-28 03:03:48 -------- d-----w- C:\Program Files\Realtek
2016-08-28 03:03:04 -------- d-----w- C:\Program Files (x86)\Realtek
2016-08-28 03:03:02 -------- d--h--w- C:\Program Files (x86)\Temp
2016-08-28 03:02:41 -------- d-sh--w- C:\Windows\Installer
2016-08-28 03:02:41 -------- d-----w- C:\ProgramData\Package Cache
2016-08-17 08:39:32 101488 ----a-w- C:\Windows\SysWow64\RzChromaSDK.dll
2016-08-17 08:39:22 108656 ----a-w- C:\Windows\System32\RzChromaSDK64.dll
2016-08-12 02:59:52 48768 ----a-w- C:\Windows\SysWow64\RzAPIChromaSDK.dll
.
==================== Find3M ====================
.
2016-08-30 22:54:55 950272 ----a-w- C:\Windows\System32\perftrack.dll
2016-08-28 17:37:58 5085952 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2016-08-28 03:57:26 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2016-08-28 03:56:36 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-08-28 03:42:47 175616 ----a-w- C:\Windows\System32\msclmd.dll
2016-08-28 03:42:47 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2016-08-25 21:10:08 6385720 ----a-w- C:\Windows\System32\nvcpl.dll
2016-08-25 21:10:08 2475064 ----a-w- C:\Windows\System32\nvsvc64.dll
2016-08-25 21:10:06 1764408 ----a-w- C:\Windows\System32\nvsvcr.dll
2016-08-25 21:10:06 1362368 ----a-w- C:\Windows\System32\nvvsvc.exe
2016-08-25 21:10:05 81856 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2016-08-25 21:10:05 71224 ----a-w- C:\Windows\System32\nvshext.dll
2016-08-25 21:10:05 548408 ----a-w- C:\Windows\System32\nv3dappshext.dll
2016-08-25 21:10:05 393784 ----a-w- C:\Windows\System32\nvmctray.dll
2016-08-22 15:18:03 7320235 ----a-w- C:\Windows\System32\nvcoproc.bin
2016-08-02 06:47:38 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-08-02 06:47:27 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-08-02 06:32:37 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-08-02 06:31:55 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-08-02 06:31:49 417792 ----a-w- C:\Windows\System32\html.iec
2016-08-02 06:31:32 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-08-02 06:31:14 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-08-02 06:19:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-08-02 06:19:01 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-08-02 06:18:44 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-08-02 06:18:32 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-08-02 06:11:45 969216 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-08-02 06:03:48 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-08-02 06:00:28 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-08-02 05:51:57 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-08-02 05:51:49 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-08-02 05:51:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51:03 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-08-02 05:50:11 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-08-02 05:41:43 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-08-02 05:41:24 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-08-02 05:37:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-08-02 05:36:40 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-08-02 05:29:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:23:24 2868224 ----a-w- C:\Windows\System32\wininet.dll
2016-08-02 05:21:20 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-08-02 05:14:32 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-08-02 05:14:02 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-08-02 04:56:28 2393088 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-07-26 19:24:24 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-07-26 03:18:24 15816 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
2016-07-08 15:37:53 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-07-08 15:37:53 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-07-08 15:17:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-07-08 15:17:01 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-07-08 15:03:44 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-07-08 14:57:09 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-07-08 14:56:37 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-07-08 14:56:34 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-07-08 14:55:51 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-07-08 14:55:06 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-07-08 14:50:51 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-06-26 00:35:09 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-26 00:27:39 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-06-26 00:27:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-06-26 00:27:26 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-06-26 00:27:25 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-06-26 00:27:25 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-06-26 00:27:07 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-25 19:54:03 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-06-25 19:53:05 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-06-25 19:53:04 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-06-25 19:41:53 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-06-22 1738 1730328 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2016-06-22 1734 203280 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2016-06-22 1732 47632 ----a-w- C:\Windows\System32\drivers\rzmpos.sys
2016-06-22 1724 51736 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
2016-06-22 1329 268800 ----a-w- C:\Windows\System32\centel.dll
2016-06-17 18:24:29 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-06-17 18:24:29 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-06-17 18:24:29 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-06-17 18:24:28 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-06-17 18:24:28 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-06-17 18:24:28 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-06-14 20:01:27 1377800 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2016-06-14 20:01:27 1316184 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2016-06-14 20:01:07 1767944 ----a-w- C:\Windows\System32\nvspcap64.dll
2016-06-14 20:01:07 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2016-06-14 20:01:07 112216 ----a-w- C:\Windows\System32\NvRtmpStreamer64.dll
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-06-13 01:43:10 161752 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2016-06-13 01:43:10 110040 ----a-w- C:\Windows\SysWow64\rzvirtualdev.dll
2016-06-13 01:43:08 99288 ----a-w- C:\Windows\SysWow64\RzBTLE.dll
2016-06-13 01:43:08 97752 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2016-06-13 01:43:08 554968 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2016-06-13 01:43:08 1409496 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2016-06-13 01:43:08 123352 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2016-06-07 09:35:08 222664 ----a-w- C:\Windows\System32\OpenCL.dll
2016-06-07 09:35:08 212032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2016-06-07 09:30:02 1590336 ----a-w- C:\Windows\System32\nvhdagenco64.dll
2016-06-07 09:29:42 1580488 ----a-w- C:\Windows\System32\nvdispgenco6436839.dll
2016-06-07 09:29:36 1931328 ----a-w- C:\Windows\System32\nvdispco6436839.dll
.
============= FINISH: 7:30:35.29 ===============

Attached Files
File Type: txt attach.txt (12.2 KB, 34 views)
ThatGuyWithFace is offline  
Sponsored Links
Advertisement
 
Old 09-01-2016, 05:54 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

Let me know your intentions for an antivirus program, and/or if you need a suggestion.

------------------------------------------------------

Advanced SystemCare

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-01-2016, 06:40 AM   #3
Registered Member
 
Join Date: Aug 2016
Posts: 12
OS: Windows 7 Pro



Is malware bytes still good and i was wondering if driver booster should be deleted as well as it is from iobit
ThatGuyWithFace is offline  
Sponsored Links
Advertisement
 
Old 09-01-2016, 06:47 AM   #4
Registered Member
 
Join Date: Aug 2016
Posts: 12
OS: Windows 7 Pro



Is malware bytes still good and i was wondering if driver booster should be deleted as well, as it is from iobit


# AdwCleaner v6.010 - Logfile created 01/09/2016 at 07:42:14
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-31.4 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : ThatGuyDGAF - THATPCDGAF
# Running from : A:\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Users\THATGU~1\AppData\Local\Temp\Utils.dll


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [815 Bytes] - [01/09/2016 07:42:14]
C:\AdwCleaner\AdwCleaner[S0].txt - [1175 Bytes] - [01/09/2016 07:42:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [960 Bytes] ##########
ThatGuyWithFace is offline  
Old 09-01-2016, 06:58 AM   #5
Registered Member
 
Join Date: Aug 2016
Posts: 12
OS: Windows 7 Pro



I was not able to just copy and paste the FRST.txt because it was too long so i just attached it instead.
Attached Files
File Type: txt Addition.txt (31.8 KB, 37 views)
File Type: txt FRST.txt (300.2 KB, 37 views)
ThatGuyWithFace is offline  
Old 09-01-2016, 07:02 AM   #6
Registered Member
 
Join Date: Aug 2016
Posts: 12
OS: Windows 7 Pro



i was wondering if MSE is a good antivirus
ThatGuyWithFace is offline  
Old 09-01-2016, 10:22 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello ThatGuyWithFace. You shouldn't need Driver Booster, even though it may be clean. Yes, please uninstall DriverBooster.

And yes, Security Essentials is a good, free AV.

Did you create a user.js file in Firefox?

------------------------------------------------------

When the taskeng.exe comes up, can you read what it says in the command window?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-01-2016, 02:09 PM   #8
Registered Member
 
Join Date: Aug 2016
Posts: 12
OS: Windows 7 Pro



i dont believe i did create a user.js file unless by accident and i found that driver booster has found updates that my device manager was not finding. Unforunatley the taskeng.exe windows go away to quickly to be read.
ThatGuyWithFace is offline  
Old 09-01-2016, 02:10 PM   #9
Registered Member
 
Join Date: Aug 2016
Posts: 12
OS: Windows 7 Pro



just looked up what a user.js file is, and no i did not create one.
ThatGuyWithFace is offline  
Old 09-02-2016, 07:57 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ThatGuyWithFace.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

Quote:
Running from A:\Downloads
Please note that tools are best Run from the Desktop. Save to the Desktop and then Run from the Desktop.

Easier to find and perform specialized functions which may be required. Thanks.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {4CE78AA3-C419-4397-8A0E-FC5B10B58226} - System32\Tasks\Driver Booster Scheduler => A:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-07-28] (IObit)
    Task: {B0BE0B56-9FF2-42D5-9AFD-53CECC866991} - System32\Tasks\Driver Booster SkipUAC (ThatGuyDGAF) => A:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-07-28] (IObit)
    FirewallRules: [{4F219935-5507-40EA-B31B-59F5CB74244A}] => (Allow) A:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{D261D328-7847-4DE2-AFC5-6F7D4F8ABFDA}] => (Allow) A:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{7A67548A-4198-40DD-B946-28340886E168}] => (Allow) A:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{5C1F8533-6F91-442E-BF4C-B47E6CFC9494}] => (Allow) A:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{119A684F-0669-4FEE-B145-3CD988502ADC}] => (Allow) A:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    FirewallRules: [{F266CD70-84E5-46AB-B783-B9B4CBE2A01E}] => (Allow) A:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-4095265240-2533902484-3307954904-1000\...\MountPoints2: {03c82c49-6d45-11e6-941f-806e6f6e6963} - D:\DVDSetup.exe
    HKU\S-1-5-21-4095265240-2533902484-3307954904-1000\...\MountPoints2: {2e35a4f1-6cdb-11e6-8dc4-806e6f6e6963} - D:\DVDSetup.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF user.js: detected! => C:\Users\ThatGuyDGAF\AppData\Roaming\Mozilla\Firefox\Profiles\qb3yqbgi.default\user.js [2016-08-28]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :regfind
    taskeng.exe
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-02-2016, 08:39 PM   #11
Registered Member
 
Join Date: Aug 2016
Posts: 12
OS: Windows 7 Pro



Here are the requested .txt files.
Attached Files
File Type: txt Fixlog.txt (5.4 KB, 37 views)
File Type: txt SystemLook.txt (2.4 KB, 37 views)
ThatGuyWithFace is offline  
Old 09-04-2016, 12:53 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ThatGuyWithFace. Sorry for the late reply. Somehow I didn't get notification of your last post.

I can't find the root of the taskeng.exe error. We'll have to look closer.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-22-2016, 04:21 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ctrl+Alt+Del @ Login Screen Not Working
This is complicated. At first, I wasn't using the Ctrl+Alt+Del to login to Win10 Welcome screen. But, no users were showing up, so I booted into Safe Mode so I could change the login screen to use the Ctrl+Alt+Del to see if the Users would show up at the login screen - they did. Problem now is that...
Terrae Windows 10 Support 43 09-29-2015 06:30 PM
Successful login redirects back to login page after satellite upgrade
I sure hope someone here can help me. I'm getting desperate! I have a website account with fatcow. I created the website with Dreamweaver software and uploaded it to fatcow via port 21. My internet connection was via xplornet and I had no access problems. I upgraded to xplornet's new g4...
myras Protocols and Routing 25 05-03-2012 11:25 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:27 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts