Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
HKUS Removal Assistance requested
Message
<blockquote data-quote="Surefire" data-source="post: 587898" data-attributes="member: 58631"><p>ComboFix 17-01-13.01 - Eag 01/14/2017 1:51.2.4 - x64 MINIMAL</p><p>Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8156.6543 [GMT -6:00]</p><p>Running from: c:\users\Eag\Downloads\ComboFix.exe</p><p>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p> * Created a new restore point</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2016-12-14 to 2017-01-14 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2017-01-14 07:53 . 2017-01-14 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2017-01-14 07:10 . 2017-01-14 07:21 -------- d-----w- C:\AdwCleaner</p><p>2017-01-11 19:13 . 2011-08-30 05:25 14173184 ----a-w- c:\windows\system32\shell32.dll</p><p>2017-01-11 18:55 . 2017-01-11 18:55 -------- d-----w- c:\windows\system32\SPReview</p><p>2017-01-11 18:55 . 2017-01-11 18:55 -------- d-----w- c:\windows\system32\EventProviders</p><p>2017-01-11 18:47 . 2017-01-11 18:47 -------- d-sh--w- c:\windows\system32\%APPDATA%</p><p>2017-01-11 06:13 . 2017-01-11 06:13 -------- d-----w- c:\program files (x86)\Microsoft XNA</p><p>2017-01-10 16:08 . 2017-01-10 16:08 -------- d-----w- c:\programdata\Blizzard Entertainment</p><p>2017-01-10 16:01 . 2017-01-10 16:02 -------- d-----w- c:\programdata\Battle.net</p><p>2017-01-10 09:28 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A881BDE-0B0B-4074-824F-FCAAE1B6D17B}\mpengine.dll</p><p>2017-01-09 16:50 . 2017-01-09 16:50 -------- d--h--w- c:\programdata\CanonBJ</p><p>2017-01-09 16:50 . 2014-03-18 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDCB.DLL</p><p>2017-01-09 16:50 . 2014-03-18 11:00 102912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPCB.DLL</p><p>2017-01-09 16:50 . 2014-03-18 11:00 406016 ----a-w- c:\windows\system32\CNMLMCB.DLL</p><p>2017-01-09 16:50 . 2014-02-04 21:29 316928 ----a-w- c:\windows\system32\CNC_CBC.dll</p><p>2017-01-09 16:50 . 2014-02-04 21:29 105984 ----a-w- c:\windows\system32\CNC_CBI.dll</p><p>2017-01-09 16:50 . 2014-01-21 19:16 369664 ----a-w- c:\windows\system32\CNC_CBL.dll</p><p>2017-01-09 16:50 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll</p><p>2017-01-08 21:30 . 2017-01-08 21:30 -------- d-----w- c:\program files (x86)\Microsoft.NET</p><p>2017-01-08 20:17 . 2017-01-08 20:17 -------- d-----w- c:\program files\Common Files\AV</p><p>2017-01-08 20:00 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe</p><p>2017-01-08 20:00 . 2017-01-11 06:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy</p><p>2017-01-08 19:59 . 2017-01-08 23:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2</p><p>2017-01-08 07:38 . 2017-01-08 05:45 -------- d-----w- c:\windows\Panther</p><p>2017-01-08 06:15 . 2017-01-11 05:14 -------- d-----w- c:\programdata\Stardock</p><p>2017-01-08 06:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe</p><p>2017-01-08 06:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe</p><p>2017-01-08 06:01 . 2017-01-14 07:48 -------- d-----w- c:\program files (x86)\Steam</p><p>2017-01-08 06:01 . 2017-01-08 23:54 -------- d-----w- c:\program files (x86)\Common Files\Steam</p><p>2017-01-08 06:01 . 2016-10-26 22:29 485032 ------w- c:\windows\system32\MpSigStub.exe</p><p>2017-01-08 06:00 . 2017-01-11 18:52 -------- d-----w- c:\windows\system32\MRT</p><p>2017-01-08 06:00 . 2017-01-08 06:00 -------- d-----w- c:\windows\Migration</p><p>2017-01-08 05:56 . 2017-01-08 05:56 -------- d-----w- c:\program files (x86)\Common Files\Java</p><p>2017-01-08 05:55 . 2017-01-08 05:55 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll</p><p>2017-01-08 05:55 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe</p><p>2017-01-08 05:55 . 2017-01-08 05:55 -------- d-----w- c:\programdata\Oracle</p><p>2017-01-08 05:55 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe</p><p>2017-01-08 05:55 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe</p><p>2017-01-08 05:55 . 2016-06-25 16:03 304128 ----a-w- c:\windows\system32\EOSNotify.exe</p><p>2017-01-08 05:55 . 2017-01-11 19:07 -------- d-sh--w- c:\windows\Installer</p><p>2017-01-08 05:55 . 2017-01-08 05:55 -------- d-----w- c:\program files\Java</p><p>2017-01-08 05:55 . 2017-01-08 05:56 -------- d-----w- c:\program files (x86)\Google</p><p>2017-01-08 05:52 . 2016-12-20 20:33 82544 ----a-w- c:\windows\system32\RtNicProp64.dll</p><p>2017-01-08 05:52 . 2016-12-20 20:33 116304 ----a-w- c:\windows\system32\RTNUninst64.dll</p><p>2017-01-08 05:52 . 2016-12-20 20:33 1037832 ----a-w- c:\windows\system32\drivers\Rt64win7.sys</p><p>2017-01-08 05:52 . 2017-01-08 05:52 -------- d-----w- c:\program files (x86)\Realtek</p><p>2017-01-08 05:52 . 2017-01-08 05:52 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information</p><p>2017-01-08 05:51 . 2017-01-08 05:51 -------- d-----w- c:\program files (x86)\Intel</p><p>2017-01-08 05:51 . 2016-08-18 18:46 53248 ----a-w- c:\windows\system32\drivers\USB3Ver.dll</p><p>2017-01-08 05:51 . 2017-01-08 05:51 -------- d-----w- C:\Intel</p><p>2017-01-08 05:45 . 2017-01-08 22:00 -------- d-----w- c:\users\Eag</p><p>2017-01-08 05:45 . 2017-01-08 05:45 -------- d-----w- C:\Recovery</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2017-01-11 18:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll</p><p>2017-01-11 18:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Steam"="c:\program files (x86)\Steam\steam.exe" [2016-12-20 2876704]</p><p>"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-29 1011200]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2016-08-18 299504]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-23 587288]</p><p>"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</p><p>BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe</p><p>.</p><p>R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]</p><p>R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]</p><p>R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]</p><p>R2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]</p><p>R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]</p><p>R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]</p><p>R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]</p><p>R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]</p><p>R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]</p><p>R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]</p><p>R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]</p><p>R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]</p><p>R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]</p><p>R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]</p><p>S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]</p><p>S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]</p><p>.</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-12-12 1853376]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>TCP: DhcpNameServer = 192.168.1.1</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Notify-SDWinLogon - SDWinLogon.dll</p><p>AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe</p><p>AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe</p><p>AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe</p><p>AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe</p><p>.</p><p>.</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Completion time: 2017-01-14 01:54:51</p><p>ComboFix-quarantined-files.txt 2017-01-14 07:54</p><p>ComboFix2.txt 2017-01-14 07:14</p><p>.</p><p>Pre-Run: 198,790,823,936 bytes free</p><p>Post-Run: 198,370,770,944 bytes free</p><p>.</p><p>- - End Of File - - 5AFB4A6543B890B98561A6DBD22286D8</p><p>5C616939100B85E558DA92B899A0FC36</p></blockquote><p></p>
[QUOTE="Surefire, post: 587898, member: 58631"] ComboFix 17-01-13.01 - Eag 01/14/2017 1:51.2.4 - x64 MINIMAL Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8156.6543 [GMT -6:00] Running from: c:\users\Eag\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2016-12-14 to 2017-01-14 ))))))))))))))))))))))))))))))) . . 2017-01-14 07:53 . 2017-01-14 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-01-14 07:10 . 2017-01-14 07:21 -------- d-----w- C:\AdwCleaner 2017-01-11 19:13 . 2011-08-30 05:25 14173184 ----a-w- c:\windows\system32\shell32.dll 2017-01-11 18:55 . 2017-01-11 18:55 -------- d-----w- c:\windows\system32\SPReview 2017-01-11 18:55 . 2017-01-11 18:55 -------- d-----w- c:\windows\system32\EventProviders 2017-01-11 18:47 . 2017-01-11 18:47 -------- d-sh--w- c:\windows\system32\%APPDATA% 2017-01-11 06:13 . 2017-01-11 06:13 -------- d-----w- c:\program files (x86)\Microsoft XNA 2017-01-10 16:08 . 2017-01-10 16:08 -------- d-----w- c:\programdata\Blizzard Entertainment 2017-01-10 16:01 . 2017-01-10 16:02 -------- d-----w- c:\programdata\Battle.net 2017-01-10 09:28 . 2016-12-30 22:43 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A881BDE-0B0B-4074-824F-FCAAE1B6D17B}\mpengine.dll 2017-01-09 16:50 . 2017-01-09 16:50 -------- d--h--w- c:\programdata\CanonBJ 2017-01-09 16:50 . 2014-03-18 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDCB.DLL 2017-01-09 16:50 . 2014-03-18 11:00 102912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPCB.DLL 2017-01-09 16:50 . 2014-03-18 11:00 406016 ----a-w- c:\windows\system32\CNMLMCB.DLL 2017-01-09 16:50 . 2014-02-04 21:29 316928 ----a-w- c:\windows\system32\CNC_CBC.dll 2017-01-09 16:50 . 2014-02-04 21:29 105984 ----a-w- c:\windows\system32\CNC_CBI.dll 2017-01-09 16:50 . 2014-01-21 19:16 369664 ----a-w- c:\windows\system32\CNC_CBL.dll 2017-01-09 16:50 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll 2017-01-08 21:30 . 2017-01-08 21:30 -------- d-----w- c:\program files (x86)\Microsoft.NET 2017-01-08 20:17 . 2017-01-08 20:17 -------- d-----w- c:\program files\Common Files\AV 2017-01-08 20:00 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe 2017-01-08 20:00 . 2017-01-11 06:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2017-01-08 19:59 . 2017-01-08 23:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2017-01-08 07:38 . 2017-01-08 05:45 -------- d-----w- c:\windows\Panther 2017-01-08 06:15 . 2017-01-11 05:14 -------- d-----w- c:\programdata\Stardock 2017-01-08 06:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2017-01-08 06:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2017-01-08 06:01 . 2017-01-14 07:48 -------- d-----w- c:\program files (x86)\Steam 2017-01-08 06:01 . 2017-01-08 23:54 -------- d-----w- c:\program files (x86)\Common Files\Steam 2017-01-08 06:01 . 2016-10-26 22:29 485032 ------w- c:\windows\system32\MpSigStub.exe 2017-01-08 06:00 . 2017-01-11 18:52 -------- d-----w- c:\windows\system32\MRT 2017-01-08 06:00 . 2017-01-08 06:00 -------- d-----w- c:\windows\Migration 2017-01-08 05:56 . 2017-01-08 05:56 -------- d-----w- c:\program files (x86)\Common Files\Java 2017-01-08 05:55 . 2017-01-08 05:55 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2017-01-08 05:55 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe 2017-01-08 05:55 . 2017-01-08 05:55 -------- d-----w- c:\programdata\Oracle 2017-01-08 05:55 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2017-01-08 05:55 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2017-01-08 05:55 . 2016-06-25 16:03 304128 ----a-w- c:\windows\system32\EOSNotify.exe 2017-01-08 05:55 . 2017-01-11 19:07 -------- d-sh--w- c:\windows\Installer 2017-01-08 05:55 . 2017-01-08 05:55 -------- d-----w- c:\program files\Java 2017-01-08 05:55 . 2017-01-08 05:56 -------- d-----w- c:\program files (x86)\Google 2017-01-08 05:52 . 2016-12-20 20:33 82544 ----a-w- c:\windows\system32\RtNicProp64.dll 2017-01-08 05:52 . 2016-12-20 20:33 116304 ----a-w- c:\windows\system32\RTNUninst64.dll 2017-01-08 05:52 . 2016-12-20 20:33 1037832 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2017-01-08 05:52 . 2017-01-08 05:52 -------- d-----w- c:\program files (x86)\Realtek 2017-01-08 05:52 . 2017-01-08 05:52 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2017-01-08 05:51 . 2017-01-08 05:51 -------- d-----w- c:\program files (x86)\Intel 2017-01-08 05:51 . 2016-08-18 18:46 53248 ----a-w- c:\windows\system32\drivers\USB3Ver.dll 2017-01-08 05:51 . 2017-01-08 05:51 -------- d-----w- C:\Intel 2017-01-08 05:45 . 2017-01-08 22:00 -------- d-----w- c:\users\Eag 2017-01-08 05:45 . 2017-01-08 05:45 -------- d-----w- C:\Recovery . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-01-11 18:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2017-01-11 18:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2016-12-20 2876704] "SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-29 1011200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2016-08-18 299504] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-23 587288] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x] R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x] R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x] R2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x] R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-12-12 1853376] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Notify-SDWinLogon - SDWinLogon.dll AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2017-01-14 01:54:51 ComboFix-quarantined-files.txt 2017-01-14 07:54 ComboFix2.txt 2017-01-14 07:14 . Pre-Run: 198,790,823,936 bytes free Post-Run: 198,370,770,944 bytes free . - - End Of File - - 5AFB4A6543B890B98561A6DBD22286D8 5C616939100B85E558DA92B899A0FC36 [/QUOTE]
Insert quotes…
Verification
Post reply
Top