Jump to content

Pretty sure im infected.


Recommended Posts

  • Replies 120
  • Created
  • Last Reply

Top Posters In This Topic

take your time. the morning is really the only time i get to myself. Am is my only time i get thats "free" .i just generally do what i can when i can as i can . so i dont expect you to plug a usb into your brain and just know what is going on . take all the time you need ron. thanks bud.

Link to post
Share on other sites

  • Root Admin

Okay, well let's start by another round of different cleaning. Then the last part will be to get me new logs. Please do not copy/paste to the forum. Please attach all logs in txt format.

 

STEP 01

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double-click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 02
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 03
Let's clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed.
  • Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look at the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up, click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore.

STEP 04

Please visit this web page and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

STEP 05

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

 

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

ComboFix 16-08-21.02 - BeanDip 23/08/2016   1:46.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8191.6779 [GMT -4:00]
Running from: c:\users\BeanDip\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-07-23 to 2016-08-23  )))))))))))))))))))))))))))))))
.
.
2016-08-23 05:35 . 2016-08-23 05:38    --------    d-----w-    C:\AdwCleaner
2016-08-23 05:35 . 2016-08-23 05:35    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCAE73E6-7EA2-469D-9168-FD35B5F8DDF5}\offreg.960.dll
2016-08-23 05:34 . 2016-08-02 22:36    11847048    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCAE73E6-7EA2-469D-9168-FD35B5F8DDF5}\mpengine.dll
2016-08-21 22:01 . 2016-08-02 22:36    11847048    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-08-17 01:38 . 2016-07-08 15:32    2048    ----a-w-    c:\windows\system32\tzres.dll
2016-08-17 01:38 . 2016-07-08 15:16    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2016-08-12 09:27 . 2016-08-02 10:12    1167568    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B778EA70-8C06-4DFC-BC60-30332B4465DC}\gapaengine.dll
2016-08-12 03:20 . 2016-08-12 03:20    --------    d-----w-    c:\users\BeanDip\matrixcache
2016-08-10 16:17 . 2016-07-08 15:37    95464    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2016-08-10 16:15 . 2016-07-08 15:01    3218944    ----a-w-    c:\windows\system32\win32k.sys
2016-08-09 08:46 . 2016-08-11 07:08    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-08-09 08:45 . 2016-08-09 08:45    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2016-08-09 08:45 . 2016-03-10 18:09    64896    ----a-w-    c:\windows\system32\drivers\mwac.sys
2016-08-09 08:45 . 2016-03-10 18:08    140672    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2016-08-09 08:45 . 2016-03-10 18:08    27008    ----a-w-    c:\windows\system32\drivers\mbam.sys
2016-08-09 07:59 . 2016-08-09 07:59    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2016-08-09 07:59 . 2016-08-09 07:59    --------    d-----r-    c:\program files (x86)\Skype
2016-08-04 06:13 . 2016-08-04 07:57    --------    d-----w-    c:\users\BeanDip\crandor
2016-08-04 06:12 . 2016-08-04 06:12    --------    d-----w-    c:\program files (x86)\Crandor
2016-08-03 07:26 . 2016-08-03 07:26    --------    d-----w-    c:\program files (x86)\Tweaking.com
2016-08-03 07:13 . 2016-08-02 10:12    1167568    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-08-03 03:06 . 2016-08-03 03:06    --------    d-----w-    c:\program files\HitmanPro
2016-08-03 01:42 . 2015-07-16 19:11    7077376    ----a-w-    c:\windows\system32\mstscax.dll
2016-08-03 01:42 . 2015-07-11 13:15    429568    ----a-w-    c:\windows\system32\wksprt.exe
2016-08-03 01:42 . 2015-07-16 19:12    856064    ----a-w-    c:\windows\SysWow64\rdvidcrl.dll
2016-08-03 01:42 . 2015-07-16 19:12    53248    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2016-08-03 01:42 . 2015-07-16 19:12    6131200    ----a-w-    c:\windows\SysWow64\mstscax.dll
2016-08-03 01:42 . 2015-07-16 19:11    62976    ----a-w-    c:\windows\system32\tsgqec.dll
2016-08-03 01:42 . 2015-07-16 19:11    1057792    ----a-w-    c:\windows\system32\rdvidcrl.dll
2016-08-03 01:41 . 2014-12-11 17:47    87040    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2016-08-02 10:09 . 2016-08-02 10:09    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2016-08-02 10:08 . 2016-08-02 10:09    --------    d-----w-    c:\program files\Microsoft Security Client
2016-08-02 06:22 . 2016-08-02 06:38    --------    d-----w-    c:\users\BeanDip\AppData\Roaming\Geek Uninstaller
2016-08-01 23:36 . 2016-08-01 23:36    --------    d-----w-    c:\program files\Jagex
2016-08-01 17:24 . 2016-08-01 17:24    --------    d-s---w-    c:\windows\system32\CompatTel
2016-08-01 17:24 . 2016-08-01 17:24    --------    d-----w-    c:\windows\system32\appraiser
2016-08-01 09:24 . 2013-10-02 01:10    44544    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2016-08-01 09:24 . 2013-10-02 04:38    3072    ----a-w-    c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2016-08-01 09:24 . 2013-10-02 02:22    56832    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2016-08-01 09:24 . 2013-10-02 02:11    13824    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-08-01 09:24 . 2013-10-02 02:08    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-08-01 09:24 . 2013-10-02 01:48    56832    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2016-08-01 09:24 . 2013-10-02 01:48    18944    ----a-w-    c:\windows\system32\wksprtPS.dll
2016-08-01 09:24 . 2013-10-02 00:14    50176    ----a-w-    c:\windows\SysWow64\MsRdpWebAccess.dll
2016-08-01 09:24 . 2013-10-02 00:14    17920    ----a-w-    c:\windows\SysWow64\wksprtPS.dll
2016-08-01 09:24 . 2013-10-01 23:31    1147392    ----a-w-    c:\windows\system32\mstsc.exe
2016-08-01 09:24 . 2013-10-01 22:34    1068544    ----a-w-    c:\windows\SysWow64\mstsc.exe
2016-08-01 09:21 . 2016-06-29 16:19    12007136    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6973A0C-7420-424D-B633-68B00877A312}\mpengine.dll
2016-08-01 09:14 . 2015-12-16 18:55    69120    ----a-w-    c:\windows\system32\nlsbres.dll
2016-08-01 09:13 . 2015-07-22 17:53    635392    ----a-w-    c:\windows\SysWow64\tdh.dll
2016-08-01 09:12 . 2015-10-29 17:50    6656    ----a-w-    c:\windows\system32\shimeng.dll
2016-08-01 09:03 . 2016-01-21 00:51    73664    ----a-w-    c:\windows\system32\drivers\disk.sys
2016-08-01 09:00 . 2016-03-09 18:59    169984    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2016-08-01 09:00 . 2016-03-09 18:54    18432    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-08-01 09:00 . 2016-03-09 18:54    353280    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-08-01 09:00 . 2016-03-09 18:54    275456    ----a-w-    c:\windows\system32\InkEd.dll
2016-08-01 09:00 . 2016-03-09 18:54    2104320    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-08-01 09:00 . 2016-03-09 18:38    126464    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2016-08-01 09:00 . 2016-03-09 18:35    16384    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2016-08-01 09:00 . 2016-03-09 18:34    1416192    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2016-08-01 09:00 . 2016-03-09 18:34    274944    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-08-01 09:00 . 2016-03-09 18:34    216064    ----a-w-    c:\windows\SysWow64\InkEd.dll
2016-08-01 09:00 . 2014-10-30 02:03    165888    ----a-w-    c:\windows\system32\charmap.exe
2016-08-01 09:00 . 2014-10-30 01:45    155136    ----a-w-    c:\windows\SysWow64\charmap.exe
2016-08-01 08:32 . 2016-08-01 08:32    --------    d-----w-    c:\windows\.jagex_cache_32
2016-07-31 20:51 . 2016-08-20 22:01    --------    d-----w-    c:\windows\system32\catroot2
2016-07-31 20:31 . 2016-07-31 20:31    --------    d-----w-    c:\windows\SysWow64\wbem\Performance
2016-07-31 08:57 . 2016-07-31 09:05    --------    d-----w-    c:\users\BeanDip\AppData\Local\ElevatedDiagnostics
2016-07-29 09:37 . 2016-07-29 10:46    --------    d-----w-    c:\users\BeanDip\AppData\Local\Google
2016-07-29 09:08 . 2016-08-02 06:43    --------    d-----w-    c:\users\BeanDip\AppData\Local\Discord
2016-07-29 09:05 . 2016-07-29 09:05    --------    d-----w-    c:\programdata\SquirrelMachineInstalls
2016-07-29 09:05 . 2016-08-02 06:43    --------    d-----w-    c:\users\BeanDip\AppData\Roaming\discord
2016-07-29 09:05 . 2016-07-29 09:08    --------    d-----w-    c:\users\BeanDip\AppData\Local\SquirrelTemp
2016-07-28 05:57 . 2016-07-28 05:57    --------    d-----w-    c:\program files (x86)\Microsoft LifeCam
2016-07-28 05:57 . 2016-07-28 05:57    --------    d-----w-    c:\program files\Microsoft LifeCam
2016-07-28 05:32 . 2016-06-26 00:27    756736    ----a-w-    c:\windows\system32\win32spl.dll
2016-07-28 05:32 . 2016-06-26 00:27    38912    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\winprint.dll
2016-07-28 05:32 . 2016-06-26 00:27    344576    ----a-w-    c:\windows\system32\ntprint.dll
2016-07-28 05:32 . 2016-06-26 00:27    970240    ----a-w-    c:\windows\system32\localspl.dll
2016-07-28 05:32 . 2016-06-26 00:27    22528    ----a-w-    c:\windows\system32\inetppui.dll
2016-07-28 05:32 . 2016-06-26 00:27    166400    ----a-w-    c:\windows\system32\inetpp.dll
2016-07-28 05:32 . 2016-06-25 19:54    497152    ----a-w-    c:\windows\SysWow64\win32spl.dll
2016-07-28 05:32 . 2016-06-25 19:53    297472    ----a-w-    c:\windows\SysWow64\ntprint.dll
2016-07-28 05:32 . 2016-06-25 19:53    48640    ----a-w-    c:\windows\system32\wpnpinst.exe
2016-07-28 05:32 . 2016-06-25 19:53    61952    ----a-w-    c:\windows\system32\ntprint.exe
2016-07-28 05:32 . 2016-06-25 19:41    61952    ----a-w-    c:\windows\SysWow64\ntprint.exe
2016-07-27 10:28 . 2016-08-03 05:19    --------    d-----w-    c:\program files (x86)\Diablo II
2016-07-27 07:27 . 2015-08-07 00:04    572024    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2016-07-27 04:33 . 2016-07-27 04:33    97856    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-11 07:24 . 2016-06-22 06:34    28272    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2016-08-10 16:20 . 2013-07-26 17:52    147640136    -c--a-w-    c:\windows\system32\MRT.exe
2016-07-28 23:41 . 2013-07-26 16:45    796352    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-28 23:41 . 2013-07-26 16:45    142528    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-26 18:24 . 2010-11-21 03:27    504488    ------w-    c:\windows\system32\MpSigStub.exe
2016-07-15 18:15 . 2016-07-21 06:45    46016    ----a-w-    c:\windows\system32\nvhdap64.dll
2016-07-15 18:15 . 2016-07-21 06:45    214592    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2016-07-15 18:15 . 2016-07-10 01:55    1579976    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2016-07-11 02:13 . 2016-07-21 06:49    1887800    ----a-w-    c:\windows\system32\NvCamera64.dll
2016-07-11 02:13 . 2016-07-21 06:49    1595840    ----a-w-    c:\windows\SysWow64\NvCamera32.dll
2016-07-11 02:13 . 2016-07-21 06:45    8742360    ----a-w-    c:\windows\SysWow64\nvptxJitCompiler.dll
2016-07-11 02:13 . 2016-07-21 06:45    694672    ----a-w-    c:\windows\system32\nvfatbinaryLoader.dll
2016-07-11 02:13 . 2016-07-21 06:45    583736    ----a-w-    c:\windows\SysWow64\nvfatbinaryLoader.dll
2016-07-11 02:13 . 2016-07-21 06:45    1939000    ----a-w-    c:\windows\system32\nvdispco6436881.dll
2016-07-11 02:13 . 2016-07-21 06:45    1571776    ----a-w-    c:\windows\system32\nvdispgenco6436881.dll
2016-07-11 02:13 . 2016-07-21 06:45    10656112    ----a-w-    c:\windows\system32\nvptxJitCompiler.dll
2016-07-10 23:17 . 2016-07-10 01:57    81856    ----a-w-    c:\windows\system32\nv3dappshextr.dll
2016-07-10 23:17 . 2016-07-10 01:57    547896    ----a-w-    c:\windows\system32\nv3dappshext.dll
2016-06-29 22:44 . 2016-07-10 01:55    1922616    ----a-w-    c:\windows\system32\nvdispco6436869.dll
2016-06-29 22:44 . 2016-07-10 01:55    1571776    ----a-w-    c:\windows\system32\nvdispgenco6436869.dll
2016-06-14 20:01 . 2014-06-08 06:01    1316184    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2016-06-14 20:01 . 2013-10-30 03:15    1377800    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2016-06-14 20:01 . 2015-11-23 00:43    112216    ----a-w-    c:\windows\system32\NvRtmpStreamer64.dll
2016-06-14 20:01 . 2014-06-08 06:01    1756424    ----a-w-    c:\windows\system32\nvspbridge64.dll
2016-06-14 20:01 . 2013-10-30 03:15    1767944    ----a-w-    c:\windows\system32\nvspcap64.dll
2016-06-14 15:21 . 2016-07-28 05:28    2560    ----a-w-    c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2016-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-26 23:41]
.
2016-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-29 09:35]
.
2016-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-29 09:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 1340192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{167C17DC-D419-4CB1-8708-C2B99676E031}: NameServer = 8.8.4.4,8.8.8.8,192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@DACL=(02 0010)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@DACL=(02 0010)
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.mfp]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.spl]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.swf]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{31CAF6E4-D6AA-4090-A050-A5AC8972E9EF}]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@DACL=(02 0010)
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@DACL=(02 0010)
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@DACL=(02 0010)
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@DACL=(02 0010)
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@DACL=(02 0010)
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@DACL=(02 0010)
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@DACL=(02 0010)
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@DACL=(02 0010)
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@DACL=(02 0010)
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@DACL=(02 0010)
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@DACL=(02 0010)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@DACL=(02 0010)
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@DACL=(02 0010)
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@DACL=(02 0010)
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@DACL=(02 0010)
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-08-23  02:02:18
ComboFix-quarantined-files.txt  2016-08-23 06:02
.
Pre-Run: 423,294,640,128 bytes free
Post-Run: 422,975,184,896 bytes free
.
- - End Of File - - 3A9277CEF9450345D26703469C90BCBC
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

  • Root Admin

The current logs appear to only be showing events that happened a couple weeks ago.

How is the computer running now?

What specific issue if any are you still having?

Please run MSCONFIG and set your system back to NORMAL.

Please read the following article concerning the use of MSCONFIG
Msconfig Is Not A Startup Manager


Thanks

 

Link to post
Share on other sites

still dropping net at night. and im glad u posted the msconfig thing but i knew this already and have had autoruns on and off of my system for over a year now lol. not sure what else to say or do. this is very confusing. could it be a hardware issue? :/ ive updateded all my pcie realtek Ethernet etc. maybe a flaw in router setup? let me know if you think theres anything else that can be done. everyone seems to be just as confused on all ends. 

 

Edited by leaftwisted
Link to post
Share on other sites

  • Root Admin

The issue of it only dropping at night is the oddity. It could be your ISP but let's go ahead and try the following hard reset of your router. 

Please review the following website and read it before continuing and then do a Hard Reset back to Factory Defaults for your router.
This information is only for resetting the router DO NOT erase, install, or update the firmware, just reset your router to factory defaults.

Reset And Reboot

Hard reset or 30/30/30

 

Link to post
Share on other sites

  • Root Admin

Well at this point I would have to really believe you need to contact your ISP provider and work with them on this. There does not appear to be anything on the computer to account for losing your connection at some specific time of the evening yet it's okay at other times. It would seem to really be an issue on their end.

You could possibly look at this as well as a possible fix from poster @David H. Lipman

 

One can apply a clam-shell torroidal line filter on the POTS line before the DSL Modem.       Torroidal Line Filter.JPG

Open the clam-shell, wrap the POTs around the body once and then close the clam-shell.

Line Noise Filter 2.jpgTelephone-NoiseFilter.JPG

 

Since the 2 or 3 pairs of copper transmission lines are equally "choked" by the torroid, external RF noise will be filtered out but not the DSL QA modulated signal

Link to post
Share on other sites

Hi leaftwisted:

I believe your nightly bandwidth degradation is due to noise generated by some device not too far from you that is turned-on overnight.  Digital Subscriber Line ( DSL ) uses an encoding called Quadrature Amplitude Modulation ( QAM ) and uses twisted pair copper wires as a transmission line.  The wires are twisted such that both wires will get an equal amount of noise and thus cancel each other out.  Much like the concept of why a projectile is more accurate when rotating ( Example: Football, Bullet ).  However it is not fool proof and noise can be induced that will cause a disruption in QAM and thus degrades the DSL bandwidth.  It can be a wired Telephone that uses Radio to communicate to a base unit, a an electric motor and some kinds of lights.  The objective is to literally "choke" the noise out of the line.  Since the twisted pair telephone lines will be equally wrapped around the ferrite core, the noise induced on the line will be "choked" ( filtered out ) before the signal reaches your DSL Modem.  The pictures Ron posted show such a torroidal line noise filter used with a Westell DSL Modem.

They are not hard to implement but may be hard to find if you have never used or seen them before so I am supplying some examples.

NOTE:  These simple devices can also be used with Audio Amplifiers where a neighbour's transmitter or a Police Cruiser radio induces noise where you sometimes hear their conversation on your Stereo or TV.

They are very commonly used.  If you look at some audio cables or power supply cables you will see a "barrel" on the wire at the end that connects into the device.  In the case of an electrical device that creates noise, it can be placed on the power chord just after the power connector on the device to reduce its noise transmission.

 

Edited by David H. Lipman
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.