Tech Support Forum banner
Cancel

Unknown Virus

Jump to Latest Follow
Status
Not open for further replies.
1 - 18 of 18 Posts
C

· Registered
Joined
·
497 Posts
Discussion Starter · #1 ·
wasn't aware i even HAD a virus until it was pointed out to me by a person on this site. so according to the instructions, i need to put this thing here...and attach another thing.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 11.66.2
Run by keith at 9:01:40 on 2016-01-24
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.16279.13606 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Users\keith\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
C:\Program Files (x86)\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
C:\Program Files (x86)\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
C:\Program Files (x86)\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uLocal Page = %11%\blank.htm
mWinlogon: Userinit = wscript C:\WINDOWS\run.vbs,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
uRun: [OneDrive] "C:\Users\keith\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableLUA = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2bd898be-79f2-4096-8ba0-b5c6c2403d8b} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{d523f528-8871-4741-b4b5-21d83209c477} : DHCPNameServer = 192.168.200.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
IFEO: sethc.exe - C:\WINDOWS\System32\msconfig.exe
x64-mWinlogon: Userinit = wscript C:\WINDOWS\run.vbs,
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-IFEO: sethc.exe - C:\WINDOWS\System32\msconfig.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ldx2grfr.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2016-1-23 65224]
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2016-1-23 273784]
R0 ngvss;ngvss;C:\WINDOWS\System32\drivers\ngvss.sys [2016-1-23 147088]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2016-1-23 1065208]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2016-1-23 464256]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2016-1-23 28656]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2016-1-23 97648]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2016-1-23 155304]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-1-23 226440]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-11-13 1155192]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2015-11-12 2546184]
R2 Intel(R) ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-2-19 131544]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-11-12 417552]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-11-13 1872504]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-11-13 5544568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-11-13 410744]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-1-23 310904]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-1-23 5561368]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2016-1-23 25816]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-11-13 19576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-11-13 50472]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\WINDOWS\System32\drivers\rtwlanu.sys [2015-10-30 3764736]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
R3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2016-1-12 63840]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\drivers\xusb22.sys [2015-10-30 95744]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-1-23 1135416]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-1-14 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-1-31 887232]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 iumsvc;Intel(R) Update Manager;C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-1-17 174368]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-1-23 64216]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\WINDOWS\System32\drivers\nvstusb.sys [2015-11-13 469688]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 sdfhgdf;sdfhgdf;C:\WINDOWS\System32\drivers\sdfhgdf.sys [2016-1-23 23208]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-10-30 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-10-30 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
2016-01-24 08:40:47 -------- d--h--w- C:\$SysReset
2016-01-23 21:59:57 -------- d-----w- C:\WINDOWS\SysWow64\vbox
2016-01-23 21:59:57 -------- d-----w- C:\WINDOWS\System32\vbox
2016-01-23 20:51:55 147088 ----a-w- C:\WINDOWS\System32\drivers\ngvss.sys
2016-01-23 20:51:11 -------- d-----w- C:\Users\keith\AppData\Roaming\AVAST Software
2016-01-23 20:50:49 97648 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2016-01-23 20:50:49 93528 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2016-01-23 20:50:49 65224 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2016-01-23 20:50:49 28656 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2016-01-23 20:50:49 273784 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2016-01-23 20:50:49 155304 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2016-01-23 20:50:49 1065208 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2016-01-23 20:50:48 43112 ----a-w- C:\WINDOWS\avastSS.scr
2016-01-23 20:50:17 -------- d-----w- C:\Program Files\AVAST Software
2016-01-23 20:50:09 -------- d-----w- C:\ProgramData\AVAST Software
2016-01-23 15:00:48 -------- d-----w- C:\Program Files (x86)\execnowait
2016-01-23 15:00:14 -------- d-----w- C:\Users\keith\.VirtualBox
2016-01-23 14:59:11 -------- d-----w- C:\Users\keith\AppData\Local\CleanBrowserApp
2016-01-23 14:58:37 -------- d-----w- C:\Program Files (x86)\CleanBrowser
2016-01-23 14:31:52 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-01-23 14:31:40 64216 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-01-23 14:31:40 25816 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-01-23 14:31:40 109272 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-01-23 14:31:40 -------- d-----w- C:\ProgramData\Malwarebytes
2016-01-23 14:31:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-23 14:21:59 -------- d-----w- C:\Users\keith\AppData\Roaming\Store
2016-01-23 14:21:24 23208 ----a-w- C:\WINDOWS\System32\drivers\sdfhgdf.sys
2016-01-23 14:21:20 -------- d-----w- C:\ProgramData\Service1291
2016-01-23 14:21:20 -------- d-----w- C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-23 14:21:15 187904 ----a-w- C:\WINDOWS\rsrcs.dll
2016-01-23 14:14:58 -------- d-----w- C:\ProgramData\Avid
2016-01-23 14:10:56 -------- d-----w- C:\Users\keith\AppData\Roaming\Avid
2016-01-23 14:10:56 -------- d-----w- C:\Program Files\Avid
2016-01-23 14:10:56 -------- d-----w- C:\Program Files (x86)\Avid
2016-01-23 14:10:38 -------- d-----w- C:\Users\keith\AppData\Local\start
2016-01-23 13:23:14 12288 ----a-w- C:\WINDOWS\SysFix.exe
2016-01-23 13:17:46 12800 ----a-w- C:\WINDOWS\amdave64Win.exe
2016-01-23 04:26:16 1349 ----a-w- C:\WINDOWS\run.vbs
2016-01-23 03:02:20 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{876BAEE1-6B5D-40E7-91A0-2F1FE445DA12}\mpengine.dll
2016-01-22 02:31:33 -------- d-----w- C:\Users\keith\AppData\Local\Google
2016-01-22 01:41:55 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{838AF98B-AB5B-40B8-BD91-AA227294AE4F}\gapaengine.dll
2016-01-22 01:41:48 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-01-19 19:44:03 -------- d-----w- C:\Users\keith\AppData\Local\LogMeIn Hamachi
2016-01-19 19:44:03 -------- d-----w- C:\Users\keith\AppData\Local\LogMeIn
2016-01-19 19:44:03 -------- d-----w- C:\ProgramData\LogMeIn
2016-01-19 19:43:42 -------- d---a-w- C:\Program Files (x86)\LogMeIn Hamachi
2016-01-19 19:28:53 -------- d-----w- C:\Users\keith\AppData\Roaming\java
2016-01-19 19:28:52 -------- d-----w- C:\Users\keith\AppData\Roaming\.minecraft
2016-01-19 07:28:01 -------- d-----w- C:\Users\keith\AppData\Roaming\Origin
2016-01-19 07:26:53 -------- d-----w- C:\ProgramData\Origin
2016-01-19 07:26:40 -------- d---a-w- C:\Program Files (x86)\Origin
2016-01-18 23:46:59 -------- d---a-w- C:\Program Files (x86)\Sonic and Knuckles & Sonic 3
2016-01-18 23:23:25 -------- d-----w- C:\Users\keith\AppData\Local\Macromedia
2016-01-18 23:22:48 -------- d-----w- C:\Users\keith\AppData\Local\Adobe
2016-01-18 23:19:49 -------- d-----w- C:\Users\keith\.oracle_jre_usage
2016-01-18 23:19:47 97888 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2016-01-18 23:19:38 -------- d-----w- C:\ProgramData\Oracle
2016-01-17 06:44:41 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2016-01-16 07:04:07 -------- d-----w- C:\Users\keith\AppData\Roaming\LolClient
2016-01-15 23:42:10 -------- d-----w- C:\Users\keith\AppData\Local\Programs
2016-01-15 04:40:58 -------- d-----w- C:\Users\keith\AppData\Local\Risk_of_Rain
2016-01-15 02:47:27 -------- d-----w- C:\Program Files (x86)\Hearthstone
2016-01-14 11:39:17 -------- d-----w- C:\Windows.old
2016-01-14 11:37:29 -------- d-----w- C:\WINDOWS\System32\Microsoft
2016-01-14 11:36:39 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2016-01-14 11:36:39 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2016-01-14 11:36:39 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-01-14 11:36:37 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2016-01-14 11:36:37 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2016-01-14 11:36:37 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2016-01-14 08:46:05 -------- d-sh--we C:\ProgramData\Documents
2016-01-14 08:46:05 -------- d-sh--w- C:\Recovery
2016-01-14 08:44:28 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2016-01-14 08:44:28 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2016-01-14 08:43:33 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2016-01-14 08:41:59 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2016-01-14 08:41:54 -------- d-----w- C:\Program Files\NVIDIA Corporation
2016-01-14 08:41:54 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2016-01-14 08:41:48 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2016-01-14 08:41:48 -------- d-----w- C:\Program Files\Realtek
2016-01-14 08:41:32 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2016-01-14 06:29:11 -------- d-----w- C:\Users\keith\AppData\Local\PackageStaging
2016-01-14 05:10:58 -------- d-----w- C:\Users\keith\AppData\Roaming\NVIDIA
2016-01-14 05:04:27 -------- d-----w- C:\Users\keith\AppData\Local\Warframe
2016-01-14 03:08:21 -------- d-----w- C:\Users\keith\AppData\Roaming\DarkSoulsII
2016-01-14 01:21:46 -------- d-----w- C:\ProgramData\Riot Games
2016-01-14 01:20:45 467984 ----a-w- C:\WINDOWS\SysWow64\d3dx10_39.dll
2016-01-14 01:20:45 1493528 ----a-w- C:\WINDOWS\SysWow64\D3DCompiler_39.dll
2016-01-14 01:20:44 3851784 ----a-w- C:\WINDOWS\SysWow64\D3DX9_39.dll
2016-01-14 01:20:40 -------- d-----w- C:\Riot Games
2016-01-14 01:15:43 -------- d-----w- C:\Users\keith\AppData\Roaming\Riot Games
2016-01-14 00:33:06 -------- d-----w- C:\Users\keith\AppData\Local\Rockstar Games
2016-01-14 00:32:58 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2016-01-14 00:32:48 -------- d-----w- C:\Program Files\Rockstar Games
2016-01-13 19:27:49 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2016-01-13 19:27:48 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2016-01-13 19:27:48 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2016-01-13 19:27:48 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2016-01-13 19:27:47 0 ----a-w- C:\WINDOWS\SysWow64\SIntfNT.dll
2016-01-13 19:27:47 0 ----a-w- C:\WINDOWS\SysWow64\SIntf32.dll
2016-01-13 19:27:47 0 ----a-w- C:\WINDOWS\SysWow64\SIntf16.dll
2016-01-13 19:27:43 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2016-01-13 11:42:59 749056 ----a-w- C:\WINDOWS\System32\PhoneService.dll
2016-01-13 09:39:50 -------- d-----w- C:\Users\keith\AppData\Local\ActiveSync
2016-01-13 08:48:44 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2016-01-13 08:17:59 83736 ----a-w- C:\WINDOWS\System32\xinput1_2.dll
2016-01-12 20:50:02 40264 ----a-w- C:\WINDOWS\System32\nvhdap64.dll
2016-01-12 20:50:02 206152 ----a-w- C:\WINDOWS\System32\drivers\nvhda64v.sys
2016-01-12 20:50:02 1567560 ----a-w- C:\WINDOWS\System32\nvhdagenco6420103.dll
2016-01-12 20:49:50 63840 ----a-w- C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys
2016-01-12 20:49:50 1795952 ----a-w- C:\WINDOWS\System32\WdfCoInstaller01011.dll
2016-01-12 20:49:50 129312 ----a-w- C:\WINDOWS\System32\drivers\TeeDriverx64.sys
2016-01-12 19:56:40 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2016-01-12 19:56:39 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A6ECF08-6ACD-40AB-94DD-CABBB7F91F1B}\gapaengine.dll
2016-01-12 19:56:28 301728 ------w- C:\WINDOWS\System32\MpSigStub.exe
2016-01-12 19:55:15 -------- d-----w- C:\WINDOWS\System32\MRT
2016-01-12 18:09:10 -------- d---a-w- C:\Program Files (x86)\StarCraft II
2016-01-12 18:07:53 -------- d-----w- C:\Users\keith\AppData\Local\Blizzard Entertainment
2016-01-12 18:07:48 -------- d-----w- C:\Users\keith\AppData\Local\Battle.net
2016-01-12 18:07:48 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2016-01-12 18:07:13 -------- d---a-w- C:\Program Files (x86)\Battle.net
2016-01-12 18:06:59 -------- d-----w- C:\Users\keith\AppData\Roaming\Battle.net
2016-01-12 18:06:31 -------- d-----w- C:\ProgramData\Battle.net
2016-01-12 17:49:13 -------- d-----w- C:\Users\keith\AppData\Local\Steam
2016-01-12 17:49:13 -------- d-----w- C:\Users\keith\AppData\Local\CEF
2016-01-12 17:48:00 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2016-01-12 17:47:59 -------- d-----w- C:\Program Files (x86)\Steam
2016-01-12 17:47:10 -------- d-----w- C:\Users\keith\Tracing
2016-01-12 17:46:13 -------- d-----r- C:\Program Files (x86)\Skype
2016-01-12 17:43:39 -------- d-----r- C:\Users\keith\OneDrive
2016-01-12 17:43:32 -------- d-----w- C:\Users\keith\AppData\Local\MicrosoftEdge
2016-01-12 17:43:15 -------- d-----w- C:\Users\keith\AppData\Local\Comms
2016-01-12 17:42:06 -------- d-----w- C:\Users\keith\AppData\Local\Publishers
2016-01-12 17:42:01 -------- d-----r- C:\Users\keith\Searches
2016-01-12 17:42:01 -------- d-----r- C:\Users\keith\Contacts
2016-01-12 17:42:00 -------- d-----w- C:\Users\keith\AppData\Local\VirtualStore
2016-01-12 17:42:00 -------- d-----w- C:\Users\keith\AppData\Local\NVIDIA Corporation
2016-01-12 17:42:00 -------- d-----w- C:\Users\keith\AppData\Local\NVIDIA
2016-01-12 17:41:59 -------- d-----w- C:\Users\keith\AppData\Local\TileDataLayer
2016-01-12 17:41:59 -------- d-----w- C:\Users\keith\AppData\Local\Packages
2016-01-12 17:41:57 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-HOS1RG7_defaultuser0_HistoryPrediction.bin
2016-01-12 17:41:38 -------- d-----r- C:\Users\keith\Videos
2016-01-12 17:41:38 -------- d-----r- C:\Users\keith\Saved Games
2016-01-12 17:41:38 -------- d-----r- C:\Users\keith\Pictures
2016-01-12 17:41:38 -------- d-----r- C:\Users\keith\Music
2016-01-12 17:41:38 -------- d-----r- C:\Users\keith\Links
2016-01-12 17:41:38 -------- d-----r- C:\Users\keith\Downloads
2016-01-12 17:41:38 -------- d-----r- C:\Users\keith\Documents
2016-01-04 14:15:34 44544 ----a-w- C:\Users\keith\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
.
==================== Find3M ====================
.
2016-01-14 11:38:51 983464 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2016-01-05 02:51:20 7477600 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-01-05 02:51:19 1317640 ----a-w- C:\WINDOWS\System32\winload.efi
2016-01-05 02:51:19 1141496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-01-05 02:50:53 713568 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-01-05 02:50:44 1173344 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-01-05 02:50:11 671472 ----a-w- C:\WINDOWS\System32\advapi32.dll
2016-01-05 02:49:06 513888 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-01-05 02:48:22 499432 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2016-01-05 02:45:30 2587696 ----a-w- C:\WINDOWS\System32\msxml6.dll
2016-01-05 02:42:27 2026736 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2016-01-05 02:37:53 2544256 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-01-05 02:37:52 858952 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-01-05 02:37:52 848160 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2016-01-05 02:37:52 1299504 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll
2016-01-05 02:37:51 785088 ----a-w- C:\WINDOWS\System32\evr.dll
2016-01-05 02:37:50 245840 ----a-w- C:\WINDOWS\System32\mfps.dll
2016-01-05 02:37:47 234504 ----a-w- C:\WINDOWS\System32\mftranscode.dll
2016-01-05 02:36:37 808800 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2016-01-05 02:33:24 2180128 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-01-05 02:33:19 1118208 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-01-05 02:33:18 701384 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-01-05 02:33:18 652312 ----a-w- C:\WINDOWS\SysWow64\evr.dll
2016-01-05 02:33:17 709688 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2016-01-05 02:33:17 208176 ----a-w- C:\WINDOWS\SysWow64\mftranscode.dll
2016-01-05 02:33:16 116728 ----a-w- C:\WINDOWS\SysWow64\mfps.dll
2016-01-05 02:31:38 703840 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2016-01-05 02:27:02 1594408 ----a-w- C:\WINDOWS\System32\gdi32.dll
2016-01-05 02:24:13 796352 ----a-w- C:\WINDOWS\System32\generaltel.dll
2016-01-05 02:23:42 1309376 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-01-05 02:23:32 786696 ----a-w- C:\WINDOWS\System32\WMADMOD.DLL
2016-01-05 02:23:12 1804664 ----a-w- C:\WINDOWS\System32\WMALFXGFXDSP.dll
2016-01-05 02:23:10 119320 ----a-w- C:\WINDOWS\System32\MP3DMOD.DLL
2016-01-05 02:21:26 1371792 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2016-01-05 02:17:18 695752 ----a-w- C:\WINDOWS\SysWow64\WMADMOD.DLL
2016-01-05 02:16:58 100160 ----a-w- C:\WINDOWS\SysWow64\MP3DMOD.DLL
2016-01-05 01:59:10 22393856 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-01-05 01:57:09 76288 ----a-w- C:\WINDOWS\System32\RMSRoamingSecurity.dll
2016-01-05 01:57:06 43520 ----a-w- C:\WINDOWS\System32\usermgrcli.dll
2016-01-05 01:57:00 16986112 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2016-01-05 01:56:09 145920 ----a-w- C:\WINDOWS\System32\omadmclient.exe
2016-01-05 01:54:30 162816 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2016-01-05 01:53:00 148992 ----a-w- C:\WINDOWS\System32\wshom.ocx
2016-01-05 01:52:39 210432 ----a-w- C:\WINDOWS\System32\aepic.dll
2016-01-05 01:51:51 472576 ----a-w- C:\WINDOWS\System32\DscCore.dll
2016-01-05 01:51:09 248832 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2016-01-05 01:50:20 208896 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2016-01-05 01:50:17 638464 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2016-01-05 01:50:14 644096 ----a-w- C:\WINDOWS\System32\uReFS.dll
2016-01-05 01:49:34 1255936 ----a-w- C:\WINDOWS\System32\WMSPDMOE.DLL
2016-01-05 01:49:30 764928 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2016-01-05 01:49:25 1582080 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2016-01-05 01:49:16 13018624 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2016-01-05 01:49:15 167936 ----a-w- C:\WINDOWS\System32\ProximityCommon.dll
2016-01-05 01:48:52 1009152 ----a-w- C:\WINDOWS\System32\WMSPDMOD.DLL
2016-01-05 01:48:14 34816 ----a-w- C:\WINDOWS\SysWow64\usermgrcli.dll
2016-01-05 01:48:02 387072 ----a-w- C:\WINDOWS\System32\qdvd.dll
2016-01-05 01:47:41 305664 ----a-w- C:\WINDOWS\System32\ksproxy.ax
2016-01-05 01:47:25 628736 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll
2016-01-05 01:47:17 479232 ----a-w- C:\WINDOWS\System32\schannel.dll
2016-01-05 01:45:22 678912 ----a-w- C:\WINDOWS\System32\qedit.dll
2016-01-05 01:45:17 275968 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2016-01-05 01:44:16 125440 ----a-w- C:\WINDOWS\SysWow64\wshom.ocx
2016-01-05 01:43:59 604672 ----a-w- C:\WINDOWS\System32\vbscript.dll
2016-01-05 01:43:47 912384 ----a-w- C:\WINDOWS\System32\usermgr.dll
2016-01-05 01:43:38 584704 ----a-w- C:\WINDOWS\System32\winlogon.exe
2016-01-05 01:42:34 166912 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
2016-01-05 01:41:55 18677760 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-01-05 01:41:45 558592 ----a-w- C:\WINDOWS\SysWow64\uReFS.dll
2016-01-05 01:41:00 1070080 ----a-w- C:\WINDOWS\SysWow64\WMSPDMOE.DLL
2016-01-05 01:40:48 123392 ----a-w- C:\WINDOWS\SysWow64\ProximityCommon.dll
2016-01-05 01:40:28 890880 ----a-w- C:\WINDOWS\SysWow64\WMSPDMOD.DLL
2016-01-05 01:39:45 569856 ----a-w- C:\WINDOWS\SysWow64\qdvd.dll
2016-01-05 01:39:27 235008 ----a-w- C:\WINDOWS\SysWow64\ksproxy.ax
2016-01-05 01:39:26 3428864 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-01-05 01:39:12 498176 ----a-w- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
2016-01-05 01:38:55 389120 ----a-w- C:\WINDOWS\SysWow64\schannel.dll
2016-01-05 01:36:38 573440 ----a-w- C:\WINDOWS\SysWow64\qedit.dll
2016-01-05 01:36:11 503296 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2016-01-05 01:33:02 1674240 ----a-w- C:\WINDOWS\System32\quartz.dll
2016-01-05 01:30:15 2796032 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-01-05 01:29:50 3667456 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2016-01-05 01:28:41 4894720 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-01-05 01:28:32 1542656 ----a-w- C:\WINDOWS\SysWow64\quartz.dll
2016-01-05 01:28:31 7826432 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-01-05 01:25:44 5660160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-01-03 01:40:25 826872 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-01-03 01:40:25 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-12-18 22:08:18 194976 ----a-w- C:\WINDOWS\System32\drivers\VBoxNetLwf.sys
2015-12-18 22:08:18 117768 ----a-w- C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys
2015-11-19 13:49:04 16148 ----a-w- C:\WINDOWS\System32\WIN-RAHE4U6GL12_Administrator_HistoryPrediction.bin
2015-11-12 16:47:06 45680 ----a-w- C:\WINDOWS\System32\drivers\Hamdrv.sys
2015-10-30 09:06:56 84480 ----a-w- C:\WINDOWS\System32\rdpudd.dll
2015-10-30 09:03:16 6359040 ----a-w- C:\WINDOWS\System32\NlsData0009.dll
2015-10-30 09:03:16 5739520 ----a-w- C:\WINDOWS\System32\prm0009.dll
2015-10-30 09:03:16 2629632 ----a-w- C:\WINDOWS\System32\NlsLexicons0009.dll
2015-10-30 09:03:15 4847616 ----a-w- C:\WINDOWS\SysWow64\NlsData0009.dll
2015-10-30 09:03:15 2629632 ----a-w- C:\WINDOWS\SysWow64\NlsLexicons0009.dll
2015-10-30 09:02:01 12288 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2015-10-30 09:02:00 8704 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
.
============= FINISH: 9:04:56.49 ===============
 

Attachments

tekir06

· Registered
Joined
·
1,859 Posts
#2 ·
Hello cookiesnmilk,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

:arrowr: If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
:arrowr: First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
:arrowr: Please download to and run all requested tools from your Desktop.
:arrowr: Perform everything in the correct order. Sometimes one step requires the previous one.
:arrowr: If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
:arrowr: Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
:arrowr: Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
:arrowr: If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:arrowr: Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
:arrowr: My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the following and give me information abour your problem.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

:arrowr: Click the green 'Download now @bleepingcomputer' button.
:arrowr: Run AdwCleaner and select Scan
:arrowr: Once the Scan is done, select Cleaning
:arrowr: Once done it will ask to reboot, please allow the reboot.
:arrowr: On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
:arrowr: Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

:arrowr: Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
:arrowr: Make sure the Addition.txt button is ticked.
:arrowr: Press Scan button.
:arrowr: It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
:arrowr: The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
 
C

· Registered
Joined
·
497 Posts
Discussion Starter · #3 ·
# AdwCleaner v5.031 - Logfile created 26/01/2016 at 11:56:35
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : keith - DESKTOP-HOS1RG7
# Running from : C:\Users\keith\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\keith\AppData\Roaming\Store

***** [ Files ] *****

[-] File Deleted : C:\Users\keith\AppData\Roaming\Mozilla\Firefox\Profiles\ldx2grfr.default\invalidprefs.js
[-] File Deleted : C:\WINDOWS\SysNative\drivers\sdfhgdf.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : IIMTTXDPJVRWCVIT
[-] Task Deleted : NXKOR1
[-] Task Deleted : OUMFDJKMPLNMPKYJ

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKCU\Software\WTools
[-] Key Deleted : HKLM\SOFTWARE\DESKTOPPLAY
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule

***** [ Web browsers ] *****

[-] [C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M9D0E162F-6C6E-4211-B07D-2963723FCC50&SearchSource=58&CUI=&UM=8&UP=SP719C3474-1753-473C-A640-4AD4A485F5C1&D=012316&q={searchTerms}&SSPV=
[-] [C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\keith\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M9D0E162F-6C6E-4211-B07D-2963723FCC50&SearchSource=55&CUI=&UM=8&UP=SP719C3474-1753-473C-A640-4AD4A485F5C1&D=012316&SSPV=

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3175 bytes] ##########


your three logs as requested.
 

Attachments

tekir06

· Registered
Joined
·
1,859 Posts
#4 ·
Hello cookiesnmilk,

Thanks for the logs. it looks suspicious, harmful files and folders in your logs.
Let's start cleaning.

Please do the following instructions.

:arrowr: Open Notepad (Start > All Programs > Accessories > Notepad).
:arrowr: Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
:arrowr: Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code: 
start
CreateRestorePoint:
() C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe
() C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2597919880-2147225550-1814618610-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 sdfhgdf; system32\DRIVERS\sdfhgdf.sys [X]
2016-01-24 03:40 - 2016-01-24 03:40 - 00000000 ___HD C:\$SysReset
2016-01-23 10:01 - 2016-01-23 10:01 - 00003534 _____ C:\WINDOWS\System32\Tasks\Guuwowueruvx
2016-01-23 10:00 - 2016-01-23 10:00 - 00000000 ____D C:\Program Files (x86)\execnowait
2016-01-23 09:59 - 2016-01-24 08:47 - 00000000 ____D C:\Users\keith\AppData\Local\CleanBrowserApp
2016-01-23 09:58 - 2016-01-23 14:44 - 00000814 _____ C:\Users\keith\Desktop\CleanBrowser.lnk
2016-01-23 09:58 - 2016-01-23 10:00 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-01-23 09:37 - 2016-01-23 09:37 - 00003420 _____ C:\WINDOWS\System32\Tasks\Aserbo
2016-01-23 09:21 - 2016-01-23 10:29 - 00000000 ____D C:\ProgramData\Service1291
2016-01-23 09:21 - 2016-01-23 09:21 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-13 19:33 - 2016-01-21 20:57 - 00000080 _____ C:\Users\keith\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
Task: {1DC5DE8C-8BBA-4333-A24D-D030A6A6DA21} - System32\Tasks\Aserbo => C:\PROGRA~1\SHOPPE~1\Rakjhni.bat
Task: {3C834963-3AE5-4C08-9460-8F279C976F4E} - \bvxvbxxvaa -> No File <==== ATTENTION
Task: {42BBCD6E-D98C-498C-8755-762F13D59660} - \CIMT_daily_S-1-5-21-2597919880-2147225550-1814618610-1002 -> No File <==== ATTENTION
Task: {4A4E5B10-11BD-41E1-99DA-153321E9FA60} - \CIMT_S-1-5-21-2597919880-2147225550-1814618610-1002 -> No File <==== ATTENTION
Task: {64EA4739-E744-4C7C-9256-930BEED04751} - \AmiUpdXp -> No File <==== ATTENTION
Task: {984A0D8D-8C75-45EF-A277-D19BAFB3D936} - \SecurityApps2 -> No File <==== ATTENTION
Task: {A7DE2951-3F10-45EB-8FDC-D037EB6F1210} - System32\Tasks\Guuwowueruvx => C:\ProgramData\Guuwowueruvx\1.0.7.1\hojoovei.exe
Task: {AF1F89F6-E87B-4D4D-8DCD-604B1FFE9253} - \AKAJBNYC1 -> No File <==== ATTENTION
Task: {D0935B7B-C534-4421-94F4-CDD212146C50} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {DD97D105-E26A-4383-A3F9-FFA70D4517B9} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {EBB234F1-541C-41A3-AB65-64473F1A0FA4} - \Systemhi -> No File <==== ATTENTION
Task: {F5AAC3B9-79D7-4AB4-815E-AD70F3B58DFF} - \IBUpd -> No File <==== ATTENTION
2016-01-22 23:24 - 2016-01-22 23:24 - 00310784 _____ () C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe
EmptyTemp:
end
:arrowr: Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
:arrowr: Click the Fix button just once, and wait.
:arrowr: If you receive a message that a reboot is required, please make sure you allow it to restart normally.
:arrowr: The tool will complete its run after the restart.
:arrowr: When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
C

· Registered
Joined
·
497 Posts
Discussion Starter · #5 ·
when i save your txt file with the code you provided, it tells me

"This file contains characters in Unicode format which will be lost if you save this file as an ANSI encoded text file. to keep the Unicode information, click Cancel below and then select one of the Unicode options from the encoding drop down list. Continue?"
 
C

· Registered
Joined
·
497 Posts
Discussion Starter · #7 ·
Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by keith (2016-01-30 00:01:18) Run:1
Running from C:\Users\keith\Desktop
Loaded Profiles: keith (Available Profiles: keith)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
() C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe
() C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2597919880-2147225550-1814618610-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 sdfhgdf; system32\DRIVERS\sdfhgdf.sys [X]
2016-01-24 03:40 - 2016-01-24 03:40 - 00000000 ___HD C:\$SysReset
2016-01-23 10:01 - 2016-01-23 10:01 - 00003534 _____ C:\WINDOWS\System32\Tasks\Guuwowueruvx
2016-01-23 10:00 - 2016-01-23 10:00 - 00000000 ____D C:\Program Files (x86)\execnowait
2016-01-23 09:59 - 2016-01-24 08:47 - 00000000 ____D C:\Users\keith\AppData\Local\CleanBrowserApp
2016-01-23 09:58 - 2016-01-23 14:44 - 00000814 _____ C:\Users\keith\Desktop\CleanBrowser.lnk
2016-01-23 09:58 - 2016-01-23 10:00 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-01-23 09:37 - 2016-01-23 09:37 - 00003420 _____ C:\WINDOWS\System32\Tasks\Aserbo
2016-01-23 09:21 - 2016-01-23 10:29 - 00000000 ____D C:\ProgramData\Service1291
2016-01-23 09:21 - 2016-01-23 09:21 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-13 19:33 - 2016-01-21 20:57 - 00000080 _____ C:\Users\keith\AppData\Local???????????????????
Task: {1DC5DE8C-8BBA-4333-A24D-D030A6A6DA21} - System32\Tasks\Aserbo => C:\PROGRA~1\SHOPPE~1\Rakjhni.bat
Task: {3C834963-3AE5-4C08-9460-8F279C976F4E} - \bvxvbxxvaa -> No File <==== ATTENTION
Task: {42BBCD6E-D98C-498C-8755-762F13D59660} - \CIMT_daily_S-1-5-21-2597919880-2147225550-1814618610-1002 -> No File <==== ATTENTION
Task: {4A4E5B10-11BD-41E1-99DA-153321E9FA60} - \CIMT_S-1-5-21-2597919880-2147225550-1814618610-1002 -> No File <==== ATTENTION
Task: {64EA4739-E744-4C7C-9256-930BEED04751} - \AmiUpdXp -> No File <==== ATTENTION
Task: {984A0D8D-8C75-45EF-A277-D19BAFB3D936} - \SecurityApps2 -> No File <==== ATTENTION
Task: {A7DE2951-3F10-45EB-8FDC-D037EB6F1210} - System32\Tasks\Guuwowueruvx => C:\ProgramData\Guuwowueruvx\1.0.7.1\hojoovei.exe
Task: {AF1F89F6-E87B-4D4D-8DCD-604B1FFE9253} - \AKAJBNYC1 -> No File <==== ATTENTION
Task: {D0935B7B-C534-4421-94F4-CDD212146C50} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {DD97D105-E26A-4383-A3F9-FFA70D4517B9} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {EBB234F1-541C-41A3-AB65-64473F1A0FA4} - \Systemhi -> No File <==== ATTENTION
Task: {F5AAC3B9-79D7-4AB4-815E-AD70F3B58DFF} - \IBUpd -> No File <==== ATTENTION
2016-01-22 23:24 - 2016-01-22 23:24 - 00310784 _____ () C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe
EmptyTemp:
end
*****************

Error: (0) Failed to create a restore point.
[4460] C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe => process closed successfully.
C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe => No running process found
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2597919880-2147225550-1814618610-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
sdfhgdf => service removed successfully
C:\$SysReset => moved successfully
C:\WINDOWS\System32\Tasks\Guuwowueruvx => moved successfully
C:\Program Files (x86)\execnowait => moved successfully
C:\Users\keith\AppData\Local\CleanBrowserApp => moved successfully
C:\Users\keith\Desktop\CleanBrowser.lnk => moved successfully
C:\Program Files (x86)\CleanBrowser => moved successfully
C:\WINDOWS\System32\Tasks\Aserbo => moved successfully
C:\ProgramData\Service1291 => moved successfully
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully

=========== "C:\Users\keith\AppData\Local???????????????????" ==========

C:\Users\keith\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 => moved successfully

========= End -> "C:\Users\keith\AppData\Local???????????????????" ========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DC5DE8C-8BBA-4333-A24D-D030A6A6DA21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DC5DE8C-8BBA-4333-A24D-D030A6A6DA21}" => key removed successfully
C:\WINDOWS\System32\Tasks\Aserbo => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Aserbo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C834963-3AE5-4C08-9460-8F279C976F4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C834963-3AE5-4C08-9460-8F279C976F4E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxxvaa => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42BBCD6E-D98C-498C-8755-762F13D59660}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42BBCD6E-D98C-498C-8755-762F13D59660}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-2597919880-2147225550-1814618610-1002 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A4E5B10-11BD-41E1-99DA-153321E9FA60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A4E5B10-11BD-41E1-99DA-153321E9FA60}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-2597919880-2147225550-1814618610-1002 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64EA4739-E744-4C7C-9256-930BEED04751}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64EA4739-E744-4C7C-9256-930BEED04751}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{984A0D8D-8C75-45EF-A277-D19BAFB3D936}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{984A0D8D-8C75-45EF-A277-D19BAFB3D936}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityApps2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A7DE2951-3F10-45EB-8FDC-D037EB6F1210}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7DE2951-3F10-45EB-8FDC-D037EB6F1210}" => key removed successfully
C:\WINDOWS\System32\Tasks\Guuwowueruvx => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Guuwowueruvx" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF1F89F6-E87B-4D4D-8DCD-604B1FFE9253}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF1F89F6-E87B-4D4D-8DCD-604B1FFE9253}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AKAJBNYC1 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0935B7B-C534-4421-94F4-CDD212146C50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0935B7B-C534-4421-94F4-CDD212146C50}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD97D105-E26A-4383-A3F9-FFA70D4517B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD97D105-E26A-4383-A3F9-FFA70D4517B9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBB234F1-541C-41A3-AB65-64473F1A0FA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBB234F1-541C-41A3-AB65-64473F1A0FA4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Systemhi => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5AAC3B9-79D7-4AB4-815E-AD70F3B58DFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5AAC3B9-79D7-4AB4-815E-AD70F3B58DFF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
"C:\Program Files (x86)\CleanBrowser\BrowserHelper.exe" => not found.
EmptyTemp: => 1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:01:43 ====
 
tekir06

· Registered
Joined
·
1,859 Posts
#8 ·
Hello again,

Please do the following.

Launch Malwarebytes Anti-Malware

:arrowr: On the Dashboard, click the Scan Now button.
:arrowr: A check for database updates will be performed.
:arrowr: After the update check completes, a Threat Scan will begin.
:arrowr: When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
:arrowr: In most cases, a restart will be required and a prompt will be shown.
:arrowr: Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

 :arrowr: After the restart once you are back at your desktop, open MBAM once more.
:arrowr: Click on the History tab > Application Logs.
:arrowr: Double click on the scan log which shows the Date and time of the scan just performed.
:arrowr: Click Export.
:arrowr: Click Text file (*.txt)
:arrowr: In the Save File dialog box which appears, click on Desktop.
:arrowr: In the File name: box type a name for your scan log.
:arrowr: A message box named File Saved should appear stating "Your file has been successfully exported".
:arrowr: Click Ok
:arrowr: Attach that saved log to your next reply.
 
tekir06

· Registered
Joined
·
1,859 Posts
#10 ·
Hello

Thanks for the log. Malwarebytes did clean. Please do the below intructions. Then tell me How is the machine behaving now? What problems do you still have?

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

:arrowr: Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
:arrowr:Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
:arrowr: Click the blue Run ESET Online Scanner button
:arrowr: Tick the box next to YES, I accept the Terms of Use.
:arrowr: Click Start
:arrowr: When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
:arrowr: Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
:arrowr: Click on Advanced Settings
:arrowr: Make sure that the option Remove found threats is unticked.
:arrowr: Ensure these options are ticked

  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

:arrowr: Click Start
:arrowr: Wait for the scan to finish
:arrowr: When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
:arrowr: Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
:arrowr: Close the ESET online scan, and let me know how things are now.
 
C

· Registered
Joined
·
497 Posts
Discussion Starter · #11 ·
no threats found. yay. though I'm still getting this strange message whenever i open well... anything in the control panel.
telling me that my "built in administrator account can't access these settings" but then lets me in anyway.
 
C

· Registered
Joined
·
497 Posts
Discussion Starter · #13 ·
oh yeah, there's another thing that is happening and has been happening since this started. when i minimize a full-screen game i can't un-minimize it. this only happens if the game is in fullscreen mode, not Windowed-Fullscreen mode.

oh and here are your next set of logs.
 

Attachments

tekir06

· Registered
Joined
·
1,859 Posts
#14 ·
Hello cookiesnmilk,

"built in administrator account can't access these settings"
Click to expand...
I think, this message about UAC (User Account Control).

=========================================================

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features

========================================================

Please do the following instructions.

:arrowr: Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

:arrowr: Double-click FRST.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
:arrowr: Click the Fix button just once, and wait.
:arrowr: If you receive a message that a reboot is required, please make sure you allow it to restart normally.
:arrowr: The tool will complete its run after the restart.
:arrowr: When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

Attachments

C

· Registered
Joined
·
497 Posts
Discussion Starter · #15 ·
oops. uh.... sorry about the utorrent. thought i got rid of that. going to get rid of it now.

alright, here's your thing.

oh and something else i forgot to tell you. i started getting this message on startup.

(start message)
Windows Script Host

Script: C\WINDOWS\run.vbs
Line: 43
Char: 1
Error: The system cannot find the file specified.
Code: 80070002
Source: (null)

(end message)

unsure if telling you this is useful or not so i figured id report it anyway for safety. also removed Utorrent....again..... checked this time.
 

Attachments

tekir06

· Registered
Joined
·
1,859 Posts
#16 ·
Hello cookiesnmilk,

FRST tool can't create a restore point. This is because System Restore is disabled, turned off, or otherwise not working. Please check the system protection. If disabled, Please turn on. Look here

=========================================================

Please do the following instructions.

:arrowr: Open Notepad (Start > All Programs > Accessories > Notepad).
:arrowr: Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
:arrowr: Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.
Code: 
CreateRestorePoint:
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
EmptyTemp:
:arrowr: Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
:arrowr: Click the Fix button just once, and wait.
:arrowr: If you receive a message that a reboot is required, please make sure you allow it to restart normally.
:arrowr: The tool will complete its run after the restart.
:arrowr: When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

========================================================

Please re-run FRST tool and attach fresh FRST.txt and Addition.txt.
 
C

· Registered
Joined
·
497 Posts
Discussion Starter · #17 ·
here is your fixlog.

Restore point was successfully created.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
EmptyTemp: => 544.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:30:04 ====


also note, I'm starting to get the feeling I should just use the "reset everything" feature on win10 at this point. i mean, it's not getting worse, but it's not getting better either.
 
tekir06

· Registered
Joined
·
1,859 Posts
#18 ·
Hello,

My training on the cleaning malware. Therefore, I don't have much information about the issue. I can only say, the issue does not seem malware related. Because Your logs are clean. You can also ask for help from our Windows 10 forum about your problems.

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.


  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn on Automatic Updates in Windows 10

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.



  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
 
1 - 18 of 18 Posts
Status
Not open for further replies.
About this Discussion
17 Replies
2 Participants
Last post:
tekir06
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top