Every time i open up my speakers they start repeating a small song on guitar.This doesnt allow me to have access to the audio of games,youtube etc.For some reason it doesnt affect Skype calls.Following the instructions i found on another thread in your website--> http://www.techsupportforum.com/forums/f100/virus-plays-random-audio-with-no-programs-open-654679.html
I decided to run combofix.The results are attached.I also run the tdsskiller.exe but it didnt find any threats.Then scanned with malwarebytes.Again no threats found.The music just keeps going on and on.Any help?
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18377 BrowserJavaVersion: 11.91.2
Run by user at 16:55:08 on 2016-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.2047.598 [GMT 3:00]
.
AV: ESET Smart Security 9.0.349.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 9.0.381.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\user\Downloads\esetonlinescanner_enu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_91\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_91\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\-hpdes~1.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: &Enviar para o OneNote - c:\progra~1\micros~2\office15\ONBttnIE.dll/105
IE: Clip bookmark - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office15\EXCEL.EXE/3000
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{03540190-7267-47B4-9ECB-B588BC973B6D} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\51.0.2704.103\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\m4entee6.default\
FF - plugin: c:\progra~1\micros~2\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.30.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1224194.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2015-11-16 71488]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2015-11-16 206312]
R1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\drivers\EpfwLWF.sys [2015-11-16 44608]
R2 ekbdflt;ekbdflt;c:\windows\system32\drivers\ekbdflt.sys [2015-11-16 111040]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2016-7-24 16432]
R3 NvStreamKms;NvStreamKms;c:\program files\nvidia corporation\nvstreamsrv\NvStreamKms.sys [2016-4-17 18576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-4-17 32912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2016-7-23 25632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2016-7-24 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-7-24 24448]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-7-24 53120]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-12-10 52224]
.
=============== Created Last 30 ================
.
2016-07-24 13:06:48 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-24 13:06:28 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-07-24 13:06:28 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-07-24 13:06:28 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-07-24 13:06:28 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-07-24 12:59:57 -------- d-sh--w- C:\$RECYCLE.BIN
2016-07-24 12:43:27 98816 ----a-w- c:\windows\sed.exe
2016-07-24 12:43:27 256000 ----a-w- c:\windows\PEV.exe
2016-07-24 12:43:27 208896 ----a-w- c:\windows\MBR.exe
2016-07-24 12:09:00 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9061a84-160b-4300-9e98-e2ea8bdeee4d}\offreg.3824.dll
2016-07-24 11:58:51 -------- d-----w- c:\users\user\appdata\roaming\Enigma Software Group
2016-07-24 11:58:37 -------- d-----w- C:\sh4ldr
2016-07-24 11:57:51 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-24 11:57:43 -------- d-----w- c:\program files\Enigma Software Group
2016-07-23 16:53:05 -------- d-----w- c:\users\user\appdata\local\Wondershare
2016-07-23 16:53:04 -------- d-----w- c:\program files\common files\Wondershare
2016-07-23 16:52:55 -------- d-----w- c:\users\user\appdata\roaming\Wondershare
2016-07-23 16:50:58 25632 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2016-07-23 16:50:55 -------- d-----w- c:\program files\Wondershare
2016-07-23 10:09:12 9507208 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9061a84-160b-4300-9e98-e2ea8bdeee4d}\mpengine.dll
2016-07-21 13:25:14 -------- d-----w- c:\users\user\appdata\local\Steam
2016-07-21 13:21:48 -------- d-----w- c:\program files\common files\Steam
2016-07-21 13:21:40 -------- d-----w- c:\program files\Steam
2016-07-20 16:53:40 -------- d-----w- c:\users\user\appdata\roaming\Awesomium
2016-07-20 14:40:10 3833776 ----a-w- c:\windows\system32\GameMon.des
2016-07-20 14:39:53 4682 ----a-w- c:\windows\system32\npptNT2.sys
2016-07-20 14:39:52 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2016-07-20 14:39:41 -------- d-----w- c:\program files\common files\INCA Shared
2016-07-19 19:41:03 -------- d-----w- c:\windows\EOONotify
2016-07-19 10:53:44 -------- d-----w- c:\program files\plaync
2016-07-19 10:49:51 -------- d-----w- c:\program files\NCWest
2016-07-14 09:56:22 19527360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2016-07-13 10:24:59 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2016-07-13 10:24:59 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-07-13 10:24:56 4608000 ----a-w- c:\windows\system32\jscript9.dll
2016-07-13 10:24:48 10948096 ----a-w- c:\program files\internet explorer\F12Resources.dll
2016-07-13 10:24:39 497664 ----a-w- c:\windows\system32\vbscript.dll
2016-07-13 09:17:14 -------- d-----w- C:\HoTroLoL
2016-07-05 19:43:42 -------- d-----w- c:\users\user\appdata\local\CrashRpt
2016-07-05 19:18:45 -------- d-----w- c:\program files\temp
2016-07-05 19:09:08 -------- d-----w- c:\program files\pack
2016-07-05 19:09:02 -------- d-----w- c:\program files\mark
2016-07-05 14:38:07 -------- d-----w- c:\program files\LocMt2
2016-06-30 11:55:40 226488 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2016-07-14 09:56:28 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-07-14 09:56:28 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-25 20:01:58 37096 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-06-25 19:54:03 497152 ----a-w- c:\windows\system32\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- c:\windows\system32\ntprint.dll
2016-06-25 19:53:45 779776 ----a-w- c:\windows\system32\localspl.dll
2016-06-25 19:53:44 126464 ----a-w- c:\windows\system32\inetpp.dll
2016-06-25 19:53:36 1004544 ----a-w- c:\windows\system32\aeinv.dll
2016-06-25 19:42:04 39424 ----a-w- c:\windows\system32\wpnpinst.exe
2016-06-25 19:41:53 61952 ----a-w- c:\windows\system32\ntprint.exe
2016-06-25 19:41:00 18944 ----a-w- c:\windows\system32\inetppui.dll
2016-06-25 19:40:49 29696 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
2016-06-22 13:06:13 208896 ----a-w- c:\windows\system32\centel.dll
2016-06-21 09:13:28 400552 ------w- c:\windows\system32\MpSigStub.exe
2016-06-17 18:23:24 468992 ----a-w- c:\windows\system32\generaltel.dll
2016-06-17 18:23:24 461312 ----a-w- c:\windows\system32\devinv.dll
2016-06-17 18:23:24 251392 ----a-w- c:\windows\system32\invagent.dll
2016-06-17 18:23:23 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-06-17 18:23:23 179712 ----a-w- c:\windows\system32\aepic.dll
2016-06-17 18:23:23 1288192 ----a-w- c:\windows\system32\appraiser.dll
2016-06-14 15:21:17 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-06-14 14:57:04 2398208 ----a-w- c:\windows\system32\win32k.sys
2016-06-10 19:09:24 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-06-10 19:09:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-06-10 18:54:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2016-06-10 18:53:30 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-06-10 18:53:13 341504 ----a-w- c:\windows\system32\html.iec
2016-06-10 18:41:52 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-06-10 18:41:44 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2016-06-10 18:41:22 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2016-06-10 18:35:42 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-06-10 18:27:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-10 18:09:13 2055680 ----a-w- c:\windows\system32\inetcpl.cpl
2016-06-10 18:09:07 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-06-10 17:45:19 2392576 ----a-w- c:\windows\system32\wininet.dll
2016-05-20 00:13:22 875712 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-05-20 00:13:22 536768 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-05-18 16:10:06 306688 ----a-w- c:\windows\system32\gdi32.dll
2016-05-13 21:54:26 308456 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 21:49:50 26112 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 21:49:48 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 21:27:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-05-12 15:22:37 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 15:22:37 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 14:56:15 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-05-12 14:52:25 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2016-05-12 14:52:17 313856 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-05-12 14:52:16 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-05-12 14:52:13 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-05-12 14:52:13 115712 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-05-12 14:52:10 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-05-12 14:51:38 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 14:51:38 22016 ----a-w- c:\windows\system32\lsass.exe
2016-05-12 14:51:37 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 13:04:55 370784 ----a-w- c:\windows\system32\drivers\cng.sys
2016-05-12 13:04:55 249352 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-05-11 15:19:26 206336 ----a-w- c:\windows\system32\ws2_32.dll
2016-05-11 15:19:25 351744 ----a-w- c:\windows\system32\winhttp.dll
2016-05-11 15:19:24 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2016-05-11 15:19:16 231424 ----a-w- c:\windows\system32\mswsock.dll
2016-05-11 15:01:19 26624 ----a-w- c:\windows\system32\netbtugc.exe
2016-05-11 14:52:27 188928 ----a-w- c:\windows\system32\drivers\netbt.sys
.
============= FINISH: 16:58:26,27 ===============
ComboFix 16-07-16.01 - user 24/07/2016 15:46:38.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.2047.747 [GMT 3:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.349.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.381.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F64F14C-12A4-4B88-B5B9-6FF328C8B4DA}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{32C754D9-A7E4-4BF0-9D82-0BC900E455F4}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3ED07E42-881B-4137-B778-E272335A7E04}.xps
c:\windows\TEMP\HP Support Framework\HPSF_Config1.dll
.
.
((((((((((((((((((((((((( Files Created from 2016-06-24 to 2016-07-24 )))))))))))))))))))))))))))))))
.
.
2016-07-24 12:55 . 2016-07-24 12:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-24 12:09 . 2016-07-24 12:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9061A84-160B-4300-9E98-E2EA8BDEEE4D}\offreg.3824.dll
2016-07-24 11:58 . 2016-07-24 11:58 -------- d-----w- c:\users\user\AppData\Roaming\Enigma Software Group
2016-07-24 11:58 . 2016-07-24 11:58 -------- d-----w- C:\sh4ldr
2016-07-24 11:57 . 2016-07-24 11:57 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-24 11:57 . 2016-07-24 11:57 -------- d-----w- c:\program files\Enigma Software Group
2016-07-23 16:53 . 2016-07-23 16:53 -------- d-----w- c:\users\user\AppData\Local\Wondershare
2016-07-23 16:53 . 2016-07-23 16:53 -------- d-----w- c:\program files\Common Files\Wondershare
2016-07-23 16:52 . 2016-07-24 11:36 -------- d-----w- c:\users\user\AppData\Roaming\Wondershare
2016-07-23 16:50 . 2015-02-02 11:45 25632 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2016-07-23 16:50 . 2016-07-23 16:50 -------- d-----w- c:\program files\Wondershare
2016-07-23 10:09 . 2016-06-29 09:19 9507208 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9061A84-160B-4300-9E98-E2EA8BDEEE4D}\mpengine.dll
2016-07-21 13:25 . 2016-07-21 13:25 -------- d-----w- c:\users\user\AppData\Local\Steam
2016-07-21 13:21 . 2016-07-21 13:21 -------- d-----w- c:\program files\Common Files\Steam
2016-07-21 13:21 . 2016-07-22 06:01 -------- d-----w- c:\program files\Steam
2016-07-20 16:53 . 2016-07-20 16:57 -------- d-----w- c:\users\user\AppData\Roaming\Awesomium
2016-07-20 14:40 . 2016-03-03 10:28 3833776 ----a-w- c:\windows\system32\GameMon.des
2016-07-20 14:39 . 2005-01-03 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2016-07-20 14:39 . 2003-07-18 21:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2016-07-20 14:39 . 2016-07-20 14:39 -------- d-----w- c:\program files\Common Files\INCA Shared
2016-07-19 19:41 . 2016-07-19 19:41 -------- d-----w- c:\windows\EOONotify
2016-07-19 10:53 . 2016-07-19 11:01 -------- d-----w- c:\program files\plaync
2016-07-19 10:49 . 2016-07-19 11:19 -------- d-----w- c:\program files\NCWest
2016-07-14 09:56 . 2016-07-14 09:56 19527360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2016-07-13 10:24 . 2016-06-10 18:52 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-07-13 10:24 . 2016-06-10 18:23 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2016-07-13 10:24 . 2016-06-10 18:14 4608000 ----a-w- c:\windows\system32\jscript9.dll
2016-07-13 10:24 . 2016-06-10 19:04 10948096 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2016-07-13 10:24 . 2016-06-10 18:53 497664 ----a-w- c:\windows\system32\vbscript.dll
2016-07-13 09:17 . 2016-07-13 09:17 -------- d-----w- C:\HoTroLoL
2016-07-05 19:43 . 2016-07-05 19:43 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2016-07-05 19:18 . 2016-07-05 19:18 -------- d-----w- c:\program files\temp
2016-07-05 19:09 . 2016-07-06 12:39 -------- d-----w- c:\program files\pack
2016-07-05 19:09 . 2016-07-06 12:39 -------- d-----w- c:\program files\mark
2016-07-05 14:38 . 2016-07-05 15:14 -------- d-----w- c:\program files\LocMt2
2016-06-30 11:55 . 2016-06-30 11:55 226488 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-14 09:56 . 2015-12-10 16:25 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-07-14 09:56 . 2015-12-10 16:25 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-21 09:13 . 2015-12-10 16:17 400552 ------w- c:\windows\system32\MpSigStub.exe
2016-06-14 15:21 . 2016-07-13 10:25 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-05-20 00:13 . 2016-05-20 00:13 875712 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-05-20 00:13 . 2016-05-20 00:13 536768 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-05-18 16:10 . 2016-06-15 06:23 306688 ----a-w- c:\windows\system32\gdi32.dll
2016-05-13 21:54 . 2016-06-15 06:25 308456 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 21:49 . 2016-06-15 06:25 26112 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 21:49 . 2016-06-15 06:25 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 21:49 . 2016-06-15 06:25 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 21:27 . 2016-06-15 06:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-05-12 15:22 . 2016-06-15 06:25 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 15:22 . 2016-06-15 06:25 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 15:18 . 2016-06-15 06:25 70144 ----a-w- c:\windows\system32\winipsec.dll
2016-05-12 15:18 . 2016-06-15 06:25 172032 ----a-w- c:\windows\system32\wdigest.dll
2016-05-12 15:18 . 2016-06-15 06:25 99840 ----a-w- c:\windows\system32\sspicli.dll
2016-05-12 15:18 . 2016-06-15 06:25 65536 ----a-w- c:\windows\system32\TSpkg.dll
2016-05-12 15:18 . 2016-06-15 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
2016-05-12 15:18 . 2016-06-15 06:25 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2016-05-12 15:18 . 2016-06-15 06:25 251392 ----a-w- c:\windows\system32\schannel.dll
2016-05-12 15:18 . 2016-06-15 06:25 141312 ----a-w- c:\windows\system32\rpchttp.dll
2016-05-12 15:18 . 2016-06-15 06:25 22016 ----a-w- c:\windows\system32\secur32.dll
2016-05-12 15:18 . 2016-06-15 06:25 274944 ----a-w- c:\windows\system32\polstore.dll
2016-05-12 15:18 . 2016-06-15 06:25 223232 ----a-w- c:\windows\system32\ncrypt.dll
2016-05-12 15:18 . 2016-06-15 06:25 260608 ----a-w- c:\windows\system32\msv1_0.dll
2016-05-12 15:18 . 2016-06-15 06:25 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-05-12 15:18 . 2016-06-15 06:25 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-05-12 15:18 . 2016-06-15 06:25 553472 ----a-w- c:\windows\system32\kerberos.dll
2016-05-12 15:18 . 2016-06-15 06:25 1062400 ----a-w- c:\windows\system32\lsasrv.dll
2016-05-12 15:18 . 2016-06-15 06:25 351744 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-05-12 15:18 . 2016-06-15 06:25 606720 ----a-w- c:\windows\system32\gpsvc.dll
2016-05-12 15:18 . 2016-06-15 06:25 79360 ----a-w- c:\windows\system32\gpapi.dll
2016-05-12 15:18 . 2016-06-15 06:25 44032 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2016-05-12 15:18 . 2016-06-15 06:25 17408 ----a-w- c:\windows\system32\credssp.dll
2016-05-12 15:18 . 2016-06-15 06:25 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-05-12 14:56 . 2016-06-15 06:25 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-05-12 14:52 . 2016-06-15 06:25 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2016-05-12 14:52 . 2016-06-15 06:25 313856 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-05-12 14:52 . 2016-06-15 06:25 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-05-12 14:52 . 2016-06-15 06:25 115712 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-05-12 14:52 . 2016-06-15 06:25 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-05-12 14:52 . 2016-06-15 06:25 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-05-12 14:51 . 2016-06-15 06:25 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 14:51 . 2016-06-15 06:25 22016 ----a-w- c:\windows\system32\lsass.exe
2016-05-12 14:51 . 2016-06-15 06:25 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 13:04 . 2016-06-15 06:25 370784 ----a-w- c:\windows\system32\drivers\cng.sys
2016-05-12 13:04 . 2016-06-15 06:25 249352 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-05-11 15:19 . 2016-06-15 06:24 206336 ----a-w- c:\windows\system32\ws2_32.dll
2016-05-11 15:19 . 2016-06-15 06:24 351744 ----a-w- c:\windows\system32\winhttp.dll
2016-05-11 15:19 . 2016-06-15 06:25 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2016-05-11 15:19 . 2016-06-15 06:24 231424 ----a-w- c:\windows\system32\mswsock.dll
2016-05-11 15:01 . 2016-06-15 06:24 26624 ----a-w- c:\windows\system32\netbtugc.exe
2016-05-11 14:52 . 2016-06-15 06:24 188928 ----a-w- c:\windows\system32\drivers\netbt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-06-14 10:38 1741104 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-06-14 10:38 1741104 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-06-14 10:38 1741104 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-06-28 26424960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-29 2585744]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-07-05 24204648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2016-01-29 1278920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-03-31 596504]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-12-10 280576]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2015-12-1 1192656]
Ðáñáêïëïýèçóç åéäïðïéÞóåùí ìåëÜíçò - HP Deskjet 3520 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN27C1561T05SZ;CONNECTION=USB;MONITOR=1; [2009-7-14 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 143144]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-05-23 324224]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [2016-07-24 797352]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 143144]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2016-07-24 19984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-06-10 102912]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2016-03-03 3833776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-04-02 71488]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-04-02 206312]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-11-16 146024]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-04-02 44608]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2015-11-16 111040]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2016-05-24 1982752]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-29 915600]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-07-04 29760]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-29 1706128]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2016-01-29 19775632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-01-29 426040]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2016-07-24 16432]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-29 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-01-29 32912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2015-02-02 25632]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESGIGUARD
*NewlyCreated* - ESGSCANNER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 08:22 1245848 ----a-w- c:\program files\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-10 09:56]
.
2016-07-24 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 16:26]
.
2016-07-24 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 16:26]
.
2016-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-10 15:55]
.
2016-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-10 15:55]
.
2016-07-21 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 07:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Clip bookmark - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&îáãùãÞ óôï Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m4entee6.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Steam App 570 - c:\program files\Steam\steam.exe
AddRemove-{79C54A05-F146-4EA0-8A70-D4EFE6181E52} - c:\program files\InstallShield Installation Information\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3843692468-4068903542-3892895194-1000\Software\G*e*n*i*e*"!\FM Genie Scout 15]
"GameDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015\\games"
"ShortlistDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015"
"SaveDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015\\"
"HistoryDir"="c:\\FM Genie Scout 15\\History Points"
"HistoryAutoTracking"=dword:00000000
"LangDB"="c:\\FM Genie Scout 15\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a615
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification2"=dword:00000000
"ShowQuickGuideNotification"=dword:00000000
"ShowShortlistGuideNotification"=dword:00000001
"ShowDonateNotification"=dword:00000000
"Version"=dword:00000202
"UniqueID"="15-FC80-0ABF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000006
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000000
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000001
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:000001fb
"GameLoadedCounter"=dword:0000000c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-07-24 15:59:18
ComboFix-quarantined-files.txt 2016-07-24 12:59
.
Pre-Run: 15 ÊáôÜëïãïé 387.832.877.056 äéáèÝóéìá byte
Post-Run: 19 ÊáôÜëïãïé 395.277.819.904 äéáèÝóéìá byte
.
- - End Of File - - F67C3FAC3909717C3238B4EBDC2104B1
3C27C0429156ADC19E0F46AF77CD22D7
I decided to run combofix.The results are attached.I also run the tdsskiller.exe but it didnt find any threats.Then scanned with malwarebytes.Again no threats found.The music just keeps going on and on.Any help?
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18377 BrowserJavaVersion: 11.91.2
Run by user at 16:55:08 on 2016-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.2047.598 [GMT 3:00]
.
AV: ESET Smart Security 9.0.349.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 9.0.381.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\user\Downloads\esetonlinescanner_enu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_91\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_91\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\-hpdes~1.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: &Enviar para o OneNote - c:\progra~1\micros~2\office15\ONBttnIE.dll/105
IE: Clip bookmark - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office15\EXCEL.EXE/3000
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{03540190-7267-47B4-9ECB-B588BC973B6D} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\51.0.2704.103\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\m4entee6.default\
FF - plugin: c:\progra~1\micros~2\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.30.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1224194.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2015-11-16 71488]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2015-11-16 206312]
R1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\drivers\EpfwLWF.sys [2015-11-16 44608]
R2 ekbdflt;ekbdflt;c:\windows\system32\drivers\ekbdflt.sys [2015-11-16 111040]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2016-7-24 16432]
R3 NvStreamKms;NvStreamKms;c:\program files\nvidia corporation\nvstreamsrv\NvStreamKms.sys [2016-4-17 18576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-4-17 32912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2016-7-23 25632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2016-7-24 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-7-24 24448]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-7-24 53120]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-12-10 52224]
.
=============== Created Last 30 ================
.
2016-07-24 13:06:48 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-24 13:06:28 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-07-24 13:06:28 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-07-24 13:06:28 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-07-24 13:06:28 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-07-24 12:59:57 -------- d-sh--w- C:\$RECYCLE.BIN
2016-07-24 12:43:27 98816 ----a-w- c:\windows\sed.exe
2016-07-24 12:43:27 256000 ----a-w- c:\windows\PEV.exe
2016-07-24 12:43:27 208896 ----a-w- c:\windows\MBR.exe
2016-07-24 12:09:00 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9061a84-160b-4300-9e98-e2ea8bdeee4d}\offreg.3824.dll
2016-07-24 11:58:51 -------- d-----w- c:\users\user\appdata\roaming\Enigma Software Group
2016-07-24 11:58:37 -------- d-----w- C:\sh4ldr
2016-07-24 11:57:51 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-24 11:57:43 -------- d-----w- c:\program files\Enigma Software Group
2016-07-23 16:53:05 -------- d-----w- c:\users\user\appdata\local\Wondershare
2016-07-23 16:53:04 -------- d-----w- c:\program files\common files\Wondershare
2016-07-23 16:52:55 -------- d-----w- c:\users\user\appdata\roaming\Wondershare
2016-07-23 16:50:58 25632 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2016-07-23 16:50:55 -------- d-----w- c:\program files\Wondershare
2016-07-23 10:09:12 9507208 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9061a84-160b-4300-9e98-e2ea8bdeee4d}\mpengine.dll
2016-07-21 13:25:14 -------- d-----w- c:\users\user\appdata\local\Steam
2016-07-21 13:21:48 -------- d-----w- c:\program files\common files\Steam
2016-07-21 13:21:40 -------- d-----w- c:\program files\Steam
2016-07-20 16:53:40 -------- d-----w- c:\users\user\appdata\roaming\Awesomium
2016-07-20 14:40:10 3833776 ----a-w- c:\windows\system32\GameMon.des
2016-07-20 14:39:53 4682 ----a-w- c:\windows\system32\npptNT2.sys
2016-07-20 14:39:52 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2016-07-20 14:39:41 -------- d-----w- c:\program files\common files\INCA Shared
2016-07-19 19:41:03 -------- d-----w- c:\windows\EOONotify
2016-07-19 10:53:44 -------- d-----w- c:\program files\plaync
2016-07-19 10:49:51 -------- d-----w- c:\program files\NCWest
2016-07-14 09:56:22 19527360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2016-07-13 10:24:59 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2016-07-13 10:24:59 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-07-13 10:24:56 4608000 ----a-w- c:\windows\system32\jscript9.dll
2016-07-13 10:24:48 10948096 ----a-w- c:\program files\internet explorer\F12Resources.dll
2016-07-13 10:24:39 497664 ----a-w- c:\windows\system32\vbscript.dll
2016-07-13 09:17:14 -------- d-----w- C:\HoTroLoL
2016-07-05 19:43:42 -------- d-----w- c:\users\user\appdata\local\CrashRpt
2016-07-05 19:18:45 -------- d-----w- c:\program files\temp
2016-07-05 19:09:08 -------- d-----w- c:\program files\pack
2016-07-05 19:09:02 -------- d-----w- c:\program files\mark
2016-07-05 14:38:07 -------- d-----w- c:\program files\LocMt2
2016-06-30 11:55:40 226488 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2016-07-14 09:56:28 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-07-14 09:56:28 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-25 20:01:58 37096 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-06-25 19:54:03 497152 ----a-w- c:\windows\system32\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- c:\windows\system32\ntprint.dll
2016-06-25 19:53:45 779776 ----a-w- c:\windows\system32\localspl.dll
2016-06-25 19:53:44 126464 ----a-w- c:\windows\system32\inetpp.dll
2016-06-25 19:53:36 1004544 ----a-w- c:\windows\system32\aeinv.dll
2016-06-25 19:42:04 39424 ----a-w- c:\windows\system32\wpnpinst.exe
2016-06-25 19:41:53 61952 ----a-w- c:\windows\system32\ntprint.exe
2016-06-25 19:41:00 18944 ----a-w- c:\windows\system32\inetppui.dll
2016-06-25 19:40:49 29696 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
2016-06-22 13:06:13 208896 ----a-w- c:\windows\system32\centel.dll
2016-06-21 09:13:28 400552 ------w- c:\windows\system32\MpSigStub.exe
2016-06-17 18:23:24 468992 ----a-w- c:\windows\system32\generaltel.dll
2016-06-17 18:23:24 461312 ----a-w- c:\windows\system32\devinv.dll
2016-06-17 18:23:24 251392 ----a-w- c:\windows\system32\invagent.dll
2016-06-17 18:23:23 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-06-17 18:23:23 179712 ----a-w- c:\windows\system32\aepic.dll
2016-06-17 18:23:23 1288192 ----a-w- c:\windows\system32\appraiser.dll
2016-06-14 15:21:17 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-06-14 14:57:04 2398208 ----a-w- c:\windows\system32\win32k.sys
2016-06-10 19:09:24 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-06-10 19:09:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-06-10 18:54:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2016-06-10 18:53:30 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-06-10 18:53:13 341504 ----a-w- c:\windows\system32\html.iec
2016-06-10 18:41:52 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-06-10 18:41:44 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2016-06-10 18:41:22 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2016-06-10 18:35:42 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-06-10 18:27:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-10 18:09:13 2055680 ----a-w- c:\windows\system32\inetcpl.cpl
2016-06-10 18:09:07 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-06-10 17:45:19 2392576 ----a-w- c:\windows\system32\wininet.dll
2016-05-20 00:13:22 875712 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-05-20 00:13:22 536768 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-05-18 16:10:06 306688 ----a-w- c:\windows\system32\gdi32.dll
2016-05-13 21:54:26 308456 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 21:49:50 26112 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 21:49:48 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 21:27:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-05-12 15:22:37 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 15:22:37 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 14:56:15 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-05-12 14:52:25 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2016-05-12 14:52:17 313856 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-05-12 14:52:16 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-05-12 14:52:13 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-05-12 14:52:13 115712 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-05-12 14:52:10 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-05-12 14:51:38 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 14:51:38 22016 ----a-w- c:\windows\system32\lsass.exe
2016-05-12 14:51:37 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 13:04:55 370784 ----a-w- c:\windows\system32\drivers\cng.sys
2016-05-12 13:04:55 249352 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-05-11 15:19:26 206336 ----a-w- c:\windows\system32\ws2_32.dll
2016-05-11 15:19:25 351744 ----a-w- c:\windows\system32\winhttp.dll
2016-05-11 15:19:24 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2016-05-11 15:19:16 231424 ----a-w- c:\windows\system32\mswsock.dll
2016-05-11 15:01:19 26624 ----a-w- c:\windows\system32\netbtugc.exe
2016-05-11 14:52:27 188928 ----a-w- c:\windows\system32\drivers\netbt.sys
.
============= FINISH: 16:58:26,27 ===============
ComboFix 16-07-16.01 - user 24/07/2016 15:46:38.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.2047.747 [GMT 3:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.349.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.381.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F64F14C-12A4-4B88-B5B9-6FF328C8B4DA}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{32C754D9-A7E4-4BF0-9D82-0BC900E455F4}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3ED07E42-881B-4137-B778-E272335A7E04}.xps
c:\windows\TEMP\HP Support Framework\HPSF_Config1.dll
.
.
((((((((((((((((((((((((( Files Created from 2016-06-24 to 2016-07-24 )))))))))))))))))))))))))))))))
.
.
2016-07-24 12:55 . 2016-07-24 12:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-24 12:09 . 2016-07-24 12:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9061A84-160B-4300-9E98-E2EA8BDEEE4D}\offreg.3824.dll
2016-07-24 11:58 . 2016-07-24 11:58 -------- d-----w- c:\users\user\AppData\Roaming\Enigma Software Group
2016-07-24 11:58 . 2016-07-24 11:58 -------- d-----w- C:\sh4ldr
2016-07-24 11:57 . 2016-07-24 11:57 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-24 11:57 . 2016-07-24 11:57 -------- d-----w- c:\program files\Enigma Software Group
2016-07-23 16:53 . 2016-07-23 16:53 -------- d-----w- c:\users\user\AppData\Local\Wondershare
2016-07-23 16:53 . 2016-07-23 16:53 -------- d-----w- c:\program files\Common Files\Wondershare
2016-07-23 16:52 . 2016-07-24 11:36 -------- d-----w- c:\users\user\AppData\Roaming\Wondershare
2016-07-23 16:50 . 2015-02-02 11:45 25632 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2016-07-23 16:50 . 2016-07-23 16:50 -------- d-----w- c:\program files\Wondershare
2016-07-23 10:09 . 2016-06-29 09:19 9507208 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9061A84-160B-4300-9E98-E2EA8BDEEE4D}\mpengine.dll
2016-07-21 13:25 . 2016-07-21 13:25 -------- d-----w- c:\users\user\AppData\Local\Steam
2016-07-21 13:21 . 2016-07-21 13:21 -------- d-----w- c:\program files\Common Files\Steam
2016-07-21 13:21 . 2016-07-22 06:01 -------- d-----w- c:\program files\Steam
2016-07-20 16:53 . 2016-07-20 16:57 -------- d-----w- c:\users\user\AppData\Roaming\Awesomium
2016-07-20 14:40 . 2016-03-03 10:28 3833776 ----a-w- c:\windows\system32\GameMon.des
2016-07-20 14:39 . 2005-01-03 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2016-07-20 14:39 . 2003-07-18 21:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2016-07-20 14:39 . 2016-07-20 14:39 -------- d-----w- c:\program files\Common Files\INCA Shared
2016-07-19 19:41 . 2016-07-19 19:41 -------- d-----w- c:\windows\EOONotify
2016-07-19 10:53 . 2016-07-19 11:01 -------- d-----w- c:\program files\plaync
2016-07-19 10:49 . 2016-07-19 11:19 -------- d-----w- c:\program files\NCWest
2016-07-14 09:56 . 2016-07-14 09:56 19527360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2016-07-13 10:24 . 2016-06-10 18:52 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-07-13 10:24 . 2016-06-10 18:23 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2016-07-13 10:24 . 2016-06-10 18:14 4608000 ----a-w- c:\windows\system32\jscript9.dll
2016-07-13 10:24 . 2016-06-10 19:04 10948096 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2016-07-13 10:24 . 2016-06-10 18:53 497664 ----a-w- c:\windows\system32\vbscript.dll
2016-07-13 09:17 . 2016-07-13 09:17 -------- d-----w- C:\HoTroLoL
2016-07-05 19:43 . 2016-07-05 19:43 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2016-07-05 19:18 . 2016-07-05 19:18 -------- d-----w- c:\program files\temp
2016-07-05 19:09 . 2016-07-06 12:39 -------- d-----w- c:\program files\pack
2016-07-05 19:09 . 2016-07-06 12:39 -------- d-----w- c:\program files\mark
2016-07-05 14:38 . 2016-07-05 15:14 -------- d-----w- c:\program files\LocMt2
2016-06-30 11:55 . 2016-06-30 11:55 226488 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-14 09:56 . 2015-12-10 16:25 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-07-14 09:56 . 2015-12-10 16:25 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-21 09:13 . 2015-12-10 16:17 400552 ------w- c:\windows\system32\MpSigStub.exe
2016-06-14 15:21 . 2016-07-13 10:25 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-05-20 00:13 . 2016-05-20 00:13 875712 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-05-20 00:13 . 2016-05-20 00:13 536768 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-05-18 16:10 . 2016-06-15 06:23 306688 ----a-w- c:\windows\system32\gdi32.dll
2016-05-13 21:54 . 2016-06-15 06:25 308456 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 21:49 . 2016-06-15 06:25 26112 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 21:49 . 2016-06-15 06:25 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 21:49 . 2016-06-15 06:25 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 21:27 . 2016-06-15 06:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-05-12 15:22 . 2016-06-15 06:25 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 15:22 . 2016-06-15 06:25 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 15:18 . 2016-06-15 06:25 70144 ----a-w- c:\windows\system32\winipsec.dll
2016-05-12 15:18 . 2016-06-15 06:25 172032 ----a-w- c:\windows\system32\wdigest.dll
2016-05-12 15:18 . 2016-06-15 06:25 99840 ----a-w- c:\windows\system32\sspicli.dll
2016-05-12 15:18 . 2016-06-15 06:25 65536 ----a-w- c:\windows\system32\TSpkg.dll
2016-05-12 15:18 . 2016-06-15 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
2016-05-12 15:18 . 2016-06-15 06:25 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2016-05-12 15:18 . 2016-06-15 06:25 251392 ----a-w- c:\windows\system32\schannel.dll
2016-05-12 15:18 . 2016-06-15 06:25 141312 ----a-w- c:\windows\system32\rpchttp.dll
2016-05-12 15:18 . 2016-06-15 06:25 22016 ----a-w- c:\windows\system32\secur32.dll
2016-05-12 15:18 . 2016-06-15 06:25 274944 ----a-w- c:\windows\system32\polstore.dll
2016-05-12 15:18 . 2016-06-15 06:25 223232 ----a-w- c:\windows\system32\ncrypt.dll
2016-05-12 15:18 . 2016-06-15 06:25 260608 ----a-w- c:\windows\system32\msv1_0.dll
2016-05-12 15:18 . 2016-06-15 06:25 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-05-12 15:18 . 2016-06-15 06:25 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-05-12 15:18 . 2016-06-15 06:25 553472 ----a-w- c:\windows\system32\kerberos.dll
2016-05-12 15:18 . 2016-06-15 06:25 1062400 ----a-w- c:\windows\system32\lsasrv.dll
2016-05-12 15:18 . 2016-06-15 06:25 351744 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-05-12 15:18 . 2016-06-15 06:25 606720 ----a-w- c:\windows\system32\gpsvc.dll
2016-05-12 15:18 . 2016-06-15 06:25 79360 ----a-w- c:\windows\system32\gpapi.dll
2016-05-12 15:18 . 2016-06-15 06:25 44032 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2016-05-12 15:18 . 2016-06-15 06:25 17408 ----a-w- c:\windows\system32\credssp.dll
2016-05-12 15:18 . 2016-06-15 06:25 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-05-12 14:56 . 2016-06-15 06:25 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-05-12 14:52 . 2016-06-15 06:25 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2016-05-12 14:52 . 2016-06-15 06:25 313856 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-05-12 14:52 . 2016-06-15 06:25 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-05-12 14:52 . 2016-06-15 06:25 115712 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-05-12 14:52 . 2016-06-15 06:25 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-05-12 14:52 . 2016-06-15 06:25 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-05-12 14:51 . 2016-06-15 06:25 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 14:51 . 2016-06-15 06:25 22016 ----a-w- c:\windows\system32\lsass.exe
2016-05-12 14:51 . 2016-06-15 06:25 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 13:04 . 2016-06-15 06:25 370784 ----a-w- c:\windows\system32\drivers\cng.sys
2016-05-12 13:04 . 2016-06-15 06:25 249352 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-05-11 15:19 . 2016-06-15 06:24 206336 ----a-w- c:\windows\system32\ws2_32.dll
2016-05-11 15:19 . 2016-06-15 06:24 351744 ----a-w- c:\windows\system32\winhttp.dll
2016-05-11 15:19 . 2016-06-15 06:25 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2016-05-11 15:19 . 2016-06-15 06:24 231424 ----a-w- c:\windows\system32\mswsock.dll
2016-05-11 15:01 . 2016-06-15 06:24 26624 ----a-w- c:\windows\system32\netbtugc.exe
2016-05-11 14:52 . 2016-06-15 06:24 188928 ----a-w- c:\windows\system32\drivers\netbt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-06-14 10:38 1741104 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-06-14 10:38 1741104 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-06-14 10:38 1741104 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-06-28 26424960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-29 2585744]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-07-05 24204648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2016-01-29 1278920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-03-31 596504]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-12-10 280576]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2015-12-1 1192656]
Ðáñáêïëïýèçóç åéäïðïéÞóåùí ìåëÜíçò - HP Deskjet 3520 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN27C1561T05SZ;CONNECTION=USB;MONITOR=1; [2009-7-14 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 143144]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-05-23 324224]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [2016-07-24 797352]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 143144]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2016-07-24 19984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-06-10 102912]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2016-03-03 3833776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-04-02 71488]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-04-02 206312]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-11-16 146024]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-04-02 44608]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2015-11-16 111040]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2016-05-24 1982752]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-29 915600]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-07-04 29760]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-29 1706128]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2016-01-29 19775632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-01-29 426040]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2016-07-24 16432]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-29 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-01-29 32912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2015-02-02 25632]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESGIGUARD
*NewlyCreated* - ESGSCANNER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 08:22 1245848 ----a-w- c:\program files\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-10 09:56]
.
2016-07-24 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 16:26]
.
2016-07-24 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 16:26]
.
2016-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-10 15:55]
.
2016-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-10 15:55]
.
2016-07-21 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 07:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Clip bookmark - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&îáãùãÞ óôï Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m4entee6.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Steam App 570 - c:\program files\Steam\steam.exe
AddRemove-{79C54A05-F146-4EA0-8A70-D4EFE6181E52} - c:\program files\InstallShield Installation Information\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3843692468-4068903542-3892895194-1000\Software\G*e*n*i*e*"!\FM Genie Scout 15]
"GameDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015\\games"
"ShortlistDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015"
"SaveDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015\\"
"HistoryDir"="c:\\FM Genie Scout 15\\History Points"
"HistoryAutoTracking"=dword:00000000
"LangDB"="c:\\FM Genie Scout 15\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a615
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification2"=dword:00000000
"ShowQuickGuideNotification"=dword:00000000
"ShowShortlistGuideNotification"=dword:00000001
"ShowDonateNotification"=dword:00000000
"Version"=dword:00000202
"UniqueID"="15-FC80-0ABF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000006
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000000
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000001
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:000001fb
"GameLoadedCounter"=dword:0000000c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-07-24 15:59:18
ComboFix-quarantined-files.txt 2016-07-24 12:59
.
Pre-Run: 15 ÊáôÜëïãïé 387.832.877.056 äéáèÝóéìá byte
Post-Run: 19 ÊáôÜëïãïé 395.277.819.904 äéáèÝóéìá byte
.
- - End Of File - - F67C3FAC3909717C3238B4EBDC2104B1
3C27C0429156ADC19E0F46AF77CD22D7