ComboFix 17-01-13.01 - Eag 01/14/2017 1:51.2.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8156.6543 [GMT -6:00]
Running from: c:\users\Eag\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2016-12-14 to 2017-01-14 )))))))))))))))))))))))))))))))
.
.
2017-01-14 07:53 . 2017-01-14 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-14 07:10 . 2017-01-14 07:21 -------- d-----w- C:\AdwCleaner
2017-01-11 19:13 . 2011-08-30 05:25 14173184 ----a-w- c:\windows\system32\shell32.dll
2017-01-11 18:55 . 2017-01-11 18:55 -------- d-----w- c:\windows\system32\SPReview
2017-01-11 18:55 . 2017-01-11 18:55 -------- d-----w- c:\windows\system32\EventProviders
2017-01-11 18:47 . 2017-01-11 18:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2017-01-11 06:13 . 2017-01-11 06:13 -------- d-----w- c:\program files (x86)\Microsoft XNA
2017-01-10 16:08 . 2017-01-10 16:08 -------- d-----w- c:\programdata\Blizzard Entertainment
2017-01-10 16:01 . 2017-01-10 16:02 -------- d-----w- c:\programdata\Battle.net
2017-01-10 09:28 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A881BDE-0B0B-4074-824F-FCAAE1B6D17B}\mpengine.dll
2017-01-09 16:50 . 2017-01-09 16:50 -------- d--h--w- c:\programdata\CanonBJ
2017-01-09 16:50 . 2014-03-18 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDCB.DLL
2017-01-09 16:50 . 2014-03-18 11:00 102912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPCB.DLL
2017-01-09 16:50 . 2014-03-18 11:00 406016 ----a-w- c:\windows\system32\CNMLMCB.DLL
2017-01-09 16:50 . 2014-02-04 21:29 316928 ----a-w- c:\windows\system32\CNC_CBC.dll
2017-01-09 16:50 . 2014-02-04 21:29 105984 ----a-w- c:\windows\system32\CNC_CBI.dll
2017-01-09 16:50 . 2014-01-21 19:16 369664 ----a-w- c:\windows\system32\CNC_CBL.dll
2017-01-09 16:50 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2017-01-08 21:30 . 2017-01-08 21:30 -------- d-----w- c:\program files (x86)\Microsoft.NET
2017-01-08 20:17 . 2017-01-08 20:17 -------- d-----w- c:\program files\Common Files\AV
2017-01-08 20:00 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2017-01-08 20:00 . 2017-01-11 06:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2017-01-08 19:59 . 2017-01-08 23:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2017-01-08 07:38 . 2017-01-08 05:45 -------- d-----w- c:\windows\Panther
2017-01-08 06:15 . 2017-01-11 05:14 -------- d-----w- c:\programdata\Stardock
2017-01-08 06:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2017-01-08 06:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2017-01-08 06:01 . 2017-01-14 07:48 -------- d-----w- c:\program files (x86)\Steam
2017-01-08 06:01 . 2017-01-08 23:54 -------- d-----w- c:\program files (x86)\Common Files\Steam
2017-01-08 06:01 . 2016-10-26 22:29 485032 ------w- c:\windows\system32\MpSigStub.exe
2017-01-08 06:00 . 2017-01-11 18:52 -------- d-----w- c:\windows\system32\MRT
2017-01-08 06:00 . 2017-01-08 06:00 -------- d-----w- c:\windows\Migration
2017-01-08 05:56 . 2017-01-08 05:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2017-01-08 05:55 . 2017-01-08 05:55 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-01-08 05:55 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-01-08 05:55 . 2017-01-08 05:55 -------- d-----w- c:\programdata\Oracle
2017-01-08 05:55 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2017-01-08 05:55 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2017-01-08 05:55 . 2016-06-25 16:03 304128 ----a-w- c:\windows\system32\EOSNotify.exe
2017-01-08 05:55 . 2017-01-11 19:07 -------- d-sh--w- c:\windows\Installer
2017-01-08 05:55 . 2017-01-08 05:55 -------- d-----w- c:\program files\Java
2017-01-08 05:55 . 2017-01-08 05:56 -------- d-----w- c:\program files (x86)\Google
2017-01-08 05:52 . 2016-12-20 20:33 82544 ----a-w- c:\windows\system32\RtNicProp64.dll
2017-01-08 05:52 . 2016-12-20 20:33 116304 ----a-w- c:\windows\system32\RTNUninst64.dll
2017-01-08 05:52 . 2016-12-20 20:33 1037832 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2017-01-08 05:52 . 2017-01-08 05:52 -------- d-----w- c:\program files (x86)\Realtek
2017-01-08 05:52 . 2017-01-08 05:52 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2017-01-08 05:51 . 2017-01-08 05:51 -------- d-----w- c:\program files (x86)\Intel
2017-01-08 05:51 . 2016-08-18 18:46 53248 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2017-01-08 05:51 . 2017-01-08 05:51 -------- d-----w- C:\Intel
2017-01-08 05:45 . 2017-01-08 22:00 -------- d-----w- c:\users\Eag
2017-01-08 05:45 . 2017-01-08 05:45 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-11 18:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2017-01-11 18:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-12-20 2876704]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-29 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2016-08-18 299504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-23 587288]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-12-12 1853376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-01-14 01:54:51
ComboFix-quarantined-files.txt 2017-01-14 07:54
ComboFix2.txt 2017-01-14 07:14
.
Pre-Run: 198,790,823,936 bytes free
Post-Run: 198,370,770,944 bytes free
.
- - End Of File - - 5AFB4A6543B890B98561A6DBD22286D8
5C616939100B85E558DA92B899A0FC36
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8156.6543 [GMT -6:00]
Running from: c:\users\Eag\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2016-12-14 to 2017-01-14 )))))))))))))))))))))))))))))))
.
.
2017-01-14 07:53 . 2017-01-14 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-14 07:10 . 2017-01-14 07:21 -------- d-----w- C:\AdwCleaner
2017-01-11 19:13 . 2011-08-30 05:25 14173184 ----a-w- c:\windows\system32\shell32.dll
2017-01-11 18:55 . 2017-01-11 18:55 -------- d-----w- c:\windows\system32\SPReview
2017-01-11 18:55 . 2017-01-11 18:55 -------- d-----w- c:\windows\system32\EventProviders
2017-01-11 18:47 . 2017-01-11 18:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2017-01-11 06:13 . 2017-01-11 06:13 -------- d-----w- c:\program files (x86)\Microsoft XNA
2017-01-10 16:08 . 2017-01-10 16:08 -------- d-----w- c:\programdata\Blizzard Entertainment
2017-01-10 16:01 . 2017-01-10 16:02 -------- d-----w- c:\programdata\Battle.net
2017-01-10 09:28 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A881BDE-0B0B-4074-824F-FCAAE1B6D17B}\mpengine.dll
2017-01-09 16:50 . 2017-01-09 16:50 -------- d--h--w- c:\programdata\CanonBJ
2017-01-09 16:50 . 2014-03-18 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDCB.DLL
2017-01-09 16:50 . 2014-03-18 11:00 102912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPCB.DLL
2017-01-09 16:50 . 2014-03-18 11:00 406016 ----a-w- c:\windows\system32\CNMLMCB.DLL
2017-01-09 16:50 . 2014-02-04 21:29 316928 ----a-w- c:\windows\system32\CNC_CBC.dll
2017-01-09 16:50 . 2014-02-04 21:29 105984 ----a-w- c:\windows\system32\CNC_CBI.dll
2017-01-09 16:50 . 2014-01-21 19:16 369664 ----a-w- c:\windows\system32\CNC_CBL.dll
2017-01-09 16:50 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2017-01-08 21:30 . 2017-01-08 21:30 -------- d-----w- c:\program files (x86)\Microsoft.NET
2017-01-08 20:17 . 2017-01-08 20:17 -------- d-----w- c:\program files\Common Files\AV
2017-01-08 20:00 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2017-01-08 20:00 . 2017-01-11 06:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2017-01-08 19:59 . 2017-01-08 23:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2017-01-08 07:38 . 2017-01-08 05:45 -------- d-----w- c:\windows\Panther
2017-01-08 06:15 . 2017-01-11 05:14 -------- d-----w- c:\programdata\Stardock
2017-01-08 06:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2017-01-08 06:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2017-01-08 06:01 . 2017-01-14 07:48 -------- d-----w- c:\program files (x86)\Steam
2017-01-08 06:01 . 2017-01-08 23:54 -------- d-----w- c:\program files (x86)\Common Files\Steam
2017-01-08 06:01 . 2016-10-26 22:29 485032 ------w- c:\windows\system32\MpSigStub.exe
2017-01-08 06:00 . 2017-01-11 18:52 -------- d-----w- c:\windows\system32\MRT
2017-01-08 06:00 . 2017-01-08 06:00 -------- d-----w- c:\windows\Migration
2017-01-08 05:56 . 2017-01-08 05:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2017-01-08 05:55 . 2017-01-08 05:55 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-01-08 05:55 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-01-08 05:55 . 2017-01-08 05:55 -------- d-----w- c:\programdata\Oracle
2017-01-08 05:55 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2017-01-08 05:55 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2017-01-08 05:55 . 2016-06-25 16:03 304128 ----a-w- c:\windows\system32\EOSNotify.exe
2017-01-08 05:55 . 2017-01-11 19:07 -------- d-sh--w- c:\windows\Installer
2017-01-08 05:55 . 2017-01-08 05:55 -------- d-----w- c:\program files\Java
2017-01-08 05:55 . 2017-01-08 05:56 -------- d-----w- c:\program files (x86)\Google
2017-01-08 05:52 . 2016-12-20 20:33 82544 ----a-w- c:\windows\system32\RtNicProp64.dll
2017-01-08 05:52 . 2016-12-20 20:33 116304 ----a-w- c:\windows\system32\RTNUninst64.dll
2017-01-08 05:52 . 2016-12-20 20:33 1037832 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2017-01-08 05:52 . 2017-01-08 05:52 -------- d-----w- c:\program files (x86)\Realtek
2017-01-08 05:52 . 2017-01-08 05:52 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2017-01-08 05:51 . 2017-01-08 05:51 -------- d-----w- c:\program files (x86)\Intel
2017-01-08 05:51 . 2016-08-18 18:46 53248 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2017-01-08 05:51 . 2017-01-08 05:51 -------- d-----w- C:\Intel
2017-01-08 05:45 . 2017-01-08 22:00 -------- d-----w- c:\users\Eag
2017-01-08 05:45 . 2017-01-08 05:45 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-11 18:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2017-01-11 18:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-12-20 2876704]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-29 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2016-08-18 299504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-23 587288]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]
R2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-12-12 1853376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-01-14 01:54:51
ComboFix-quarantined-files.txt 2017-01-14 07:54
ComboFix2.txt 2017-01-14 07:14
.
Pre-Run: 198,790,823,936 bytes free
Post-Run: 198,370,770,944 bytes free
.
- - End Of File - - 5AFB4A6543B890B98561A6DBD22286D8
5C616939100B85E558DA92B899A0FC36