Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microphone keeps getting muted to 0 volume! Please help!


  • Please log in to reply
23 replies to this topic

#1 GunnerTDog

GunnerTDog

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 08 December 2016 - 11:20 PM

I've been searching everywhere to fix this and tried everything. Including taskkilling svchost.exe's with my computer name, running troubleshooters etc. I'm always told to run malwarbytes, so i've done that about 5 times now and it keeps finding the same exact thing constantly, this is what comes up in the logs as the threat: File: Trojan.Fileless.MTGen, Location: HKU\S-1-5-21-468057835-15481181-3247691771-1001

I'm not sure if it's safe to share the whole report but that's what the malware file is called and that's where it says the location is.

If you need more info about the malware i might be able to provide it.

Thanks

I forgot to add that the type shown in malware bytes is a 'Registry Value' I'm not sure if that's important or not.


Edited by GunnerTDog, 09 December 2016 - 06:00 PM.
Moved from Win 8/8.1 to 'Am I infected?'


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:52 PM

Posted 10 December 2016 - 07:59 AM

Welcome to BC....

 

I know you have used MBAM but I want to be sure you are using the settings correctly and it is deleting/ quarantining what it finds. So...please use

the settings below and post the scan log per instructions.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 GunnerTDog

GunnerTDog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 10 December 2016 - 02:36 PM

Hello, and thanks for helping me out. So I did the malware bytes scan with the settings you said and here are the results (Please note this is the same malware that keeps showing up after I quarantine it)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/10/16
Scan Time: 12:50 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.4.1269
Components Version: 1.0.39
Update Package Version: 1.0.687
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: STALLINGS\Laurie

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415652
Time Elapsed: 28 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
Trojan.Fileless.MTGen, HKU\S-1-5-21-468057835-15481181-3247691771-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^GWWNIDZIGW, Quarantined, [453], [262349],1.0.687

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


Edited by GunnerTDog, 10 December 2016 - 02:36 PM.


#4 GunnerTDog

GunnerTDog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 10 December 2016 - 03:33 PM

And here is the AdwCleaner results

# AdwCleaner v6.040 - Logfile created 10/12/2016 at 14:27:59
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-09.3 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Laurie - STALLINGS
# Running from : C:\Users\Laurie\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: swdumon


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
[-] Folder deleted: C:\WINDOWS\Installer\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
[-] Folder deleted: C:\Users\Laurie\AppData\Local\Downloaded Installers
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\adokjfanaflbkibffcbhihgihpgijcei


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\drivers\swdumon.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\gamingwonderland.com
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\B092921321B09AF46BAFE1A1075E9292
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\B092921321B09AF46BAFE1A1075E9292
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B092921321B09AF46BAFE1A1075E9292
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B092921321B09AF46BAFE1A1075E9292
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\B092921321B09AF46BAFE1A1075E9292
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\B092921321B09AF46BAFE1A1075E9292
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\buzzwize.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ethnicelebs.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sjc-usadmm.dotomi.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\buzzwize.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ethnicelebs.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sjc-usadmm.dotomi.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com


***** [ Web browsers ] *****

[-] [C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: adokjfanaflbkibffcbhihgihpgijcei
[-] [C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4263 Bytes] - [10/12/2016 14:27:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [4261 Bytes] - [10/12/2016 14:25:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4409 Bytes] ##########
 



#5 GunnerTDog

GunnerTDog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 10 December 2016 - 03:39 PM

And here is the junkware results

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 x64
Ran by Laurie (Administrator) on Sat 12/10/2016 at 14:35:43.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\Users\Laurie\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERSUPPORT.EXE-8535B0A5.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERSUPPORT.EXE-9B59A845.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERSUPPORT.EXE-F6A79502.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERSUPPORTAO.EXE-3C504405.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERSUPPORTAOSVC.EXE-115EBFE9.pf (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/10/2016 at 14:37:39.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:52 PM

Posted 10 December 2016 - 05:23 PM

After Eset Online scan finishes and you have posted what if anything it has found, do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 GunnerTDog

GunnerTDog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 10 December 2016 - 06:17 PM

Currently doing last scan, it's taking a while


Edited by GunnerTDog, 10 December 2016 - 06:49 PM.


#8 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:52 PM

Posted 10 December 2016 - 06:30 PM

If you are running the scan using Chrome...use IE. Uninstall Eset and use the directions for downloading while using IE.

 

EDIT: be sure to close all programs including Chrome before running Eset in IE.


Edited by buddy215, 10 December 2016 - 06:33 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 GunnerTDog

GunnerTDog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 10 December 2016 - 08:49 PM

The scan worked but it shut down my computer after it finished and now I can't find the log



#10 GunnerTDog

GunnerTDog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 11 December 2016 - 12:29 AM

Nothing was found using the ESET, So here are the CCleaner things you Asked for (I'm putting all 3 in the one reply)

Windows Start Ups:

No    HKCU:Run    Amazon Music    Amazon Services LLC    "C:\Users\Laurie\AppData\Local\Amazon Music\Amazon Music Helper.exe"
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No    HKCU:Run    Discord    Hammer & Chisel, Inc.    C:\Users\Laurie\AppData\Local\Discord\app-0.0.296\Discord.exe
Yes    HKCU:Run    HP Photosmart 7510 series (NET)    Hewlett-Packard Co.    "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26B3516S05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
No    HKCU:Run    Skype    Skype Technologies S.A.    "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes    HKCU:Run    World of Warplanes        "C:\Games\World_of_Warplanes\WargamingGameUpdater.exe"
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No    HKLM:Run    BtServer    Realtek Semiconductor Corporation    "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
Yes    HKLM:Run    DelaypluginInstall        C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Yes    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    hpqSRMon    Hewlett-Packard    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
Yes    HKLM:Run    IAStorIcon    Intel Corporation    "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
Yes    HKLM:Run    Malwarebytes TrayApp    Malwarebytes    C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
Yes    HKLM:Run    NvBackend    NVIDIA Corporation    "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes    HKLM:Run    ROG GameFirst II    cFos Software GmbH    C:\Program Files\ASUS\ROG GameFirst II\cFosSpeed.exe
Yes    HKLM:Run    RtHDVBg    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
No    HKLM:Run    ShadowPlay    Microsoft Corporation    C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Yes    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No    HKLM:Run    VirtuWatt    Lucidlogix Technologies Ltd.    C:\Program Files\Lucidlogix Technologies\VirtuWatt\MVPControlPanel20.Exe /hide
Yes    HKLM:Run    WebStorage    ASUS Cloud Corporation    C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\ASUSWSLoader.exe
No    HKLM:Run    Wondershare Helper Compact.exe    Wondershare    C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Yes    HKLM:Run    WRSVC    Webroot    "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
Yes    Startup Common    Install LastPass FF RunOnce.lnk    Webroot Software, Inc.    C:\Program Files (x86)\Common Files\wruninstall.exe
Yes    Startup Common    Install LastPass IE RunOnce.lnk    Webroot Software, Inc.    C:\Program Files (x86)\Common Files\wruninstall.exe
No    Startup User    Curse.lnk    Curse, Inc    C:\Users\Laurie\AppData\Roaming\Curse Client\Bin\Curse.exe

Scheduled Tasks:

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    Driver Support    PC Drivers Headquarters LP    C:\Program Files (x86)\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
Yes    Task    Driver Support-RTMRules    PC Drivers Headquarters LP    C:\Program Files (x86)\Driver Support\DriverSupport.exe /showWelcome:false /action:checkRuleManifests /applicationMode:current
Yes    Task    Driver Support-RTMScan    PC Drivers Headquarters LP    C:\Program Files (x86)\Driver Support\DriverSupport.exe /showWelcome:false /action:scheduledScan /applicationMode:current
Yes    Task    Driver Support-RTMUpdater    PC Drivers Headquarters LP    C:\Program Files (x86)\Driver Support\DriverSupport.exe /showWelcome:false /action:checkForUpdate /applicationMode:current
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    HP Photo Creations Communicator    RocketLife    C:\Users\Laurie\AppData\Roaming\HP Photo Creations\Communicator.exe --auto
Yes    Task    HPCeeScheduleForLaurie    Hewlett-Packard    C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForLaurie (null)
Yes    Task    HPCustParticipation HP Photosmart 7510 series    Hewlett-Packard Co.    "C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1005
Yes    Task    IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473    Intel® Services Manager    C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic
Yes    Task    IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon    Intel® Services Manager    "C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe" --automatic
Yes    Task    Microsoft OneDrive Auto Update Task-S-1-5-21-468057835-15481181-3247691771-1001    Microsoft Corporation    %localappdata%\Microsoft\OneDrive\OneDrive.exe /autoupdate
Yes    Task    OneDrive Standalone Update Task    Microsoft Corporation    C:\Users\Laurie\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Yes    Task    Optimize Start Menu Cache Files-S-1-5-21-468057835-15481181-3247691771-1001        
Yes    Task    {F367EAF8-F197-4103-9E89-F738FC4D927A}    Microsoft Corporation    C:\WINDOWS\system32\pcalua.exe -a C:\Users\Laurie\AppData\Local\Roblox\Versions\version-2fd5590479874e29\RobloxPlayerLauncher.exe -c -uninstall

 

List of programs installed:

7 Days to Die    The Fun Pimps    11/25/2016        
Adobe Flash Player 23 NPAPI    Adobe Systems Incorporated    11/8/2016    5.35 MB    23.0.0.207
Adobe Reader X (10.1.3) MUI    Adobe Systems Incorporated    10/23/2014    481 MB    10.1.3
AdVenture Capitalist    Hyper Hippo Games    6/22/2016        
AEGIS    ASUSTeK Computer Inc.    4/10/2016    26.3 MB    1.04.02
Amazon Music    Amazon Services LLC    11/4/2016        5.0.4.1562
ARK: Survival Evolved    Studio Wildcard    6/22/2016        
ASUS Command    ASUSTeK Computer Inc.    4/10/2016        2.09.02
ASUS Command - Ai Booting    ASUSTeK Computer Inc.    4/10/2016        2.01.15
ASUS Command - Ai Charger II    ASUSTeK Computer Inc.    4/10/2016        2.00.13
ASUS Command - Backup & Recovery    ASUSTeK Computer Inc.    4/10/2016    11.7 MB    2.01.12
ASUS Command - Family Safety    ASUSTeK Computer Inc.    4/10/2016        2.00.06
ASUS Command - Lighting    ASUSTeK Computer Inc.    4/10/2016        2.01.06
ASUS Command - PC Cleanup    ASUSTeK Computer Inc.    4/10/2016        2.01.12
ASUS Command - Power Manager    ASUSTeK Computer Inc.    4/10/2016        2.02.04
ASUS Command - Update    ASUSTeK Computer Inc.    4/10/2016        2.02.07
ASUS Music Maker    MAGIX AG    4/10/2016        18.0.4.1
ASUS ROG GAMING MOUSE GX900    ASUS    10/23/2014        1.1.0
ASUS WebStorage    ASUS Cloud Corporation    4/10/2016        1.0.24.190
Bandicam    Bandisoft.com    4/15/2016    37.2 MB    3.0.4.1035
Bandicut    Bandisoft.com    5/17/2016    27.8 MB    2.0.4.215
Bandisoft MPEG-1 Decoder    Bandisoft.com    4/15/2016        
BlackShot: Mercenary Warfare FPS    Vertigo Games America    6/10/2016        
Call of Duty: World at War    Treyarch    6/30/2016        
CCleaner    Piriform    12/10/2016        5.24
Cisco EAP-FAST Module    Cisco Systems, Inc.    11/24/2014    1.53 MB    2.2.14
Cisco LEAP Module    Cisco Systems, Inc.    11/24/2014    632 KB    1.0.19
Cisco PEAP Module    Cisco Systems, Inc.    11/24/2014    1.22 MB    1.1.6
Counter-Strike: Global Offensive    Valve    4/24/2016        
Counter-Strike: Source    Valve    6/7/2016        
Creativerse    Playful Corporation    6/14/2016        
Curse    Curse    10/13/2016    192 MB    6.0.0.0
CyberLink PhotoDirector 3    CyberLink Corp.    10/23/2014    220 MB    3.0.1.5501
CyberLink PowerDirector 10    CyberLink Corp.    4/10/2016    276 MB    10.0.0.4307
diasend® Uploader version 2.4.0_BuildR2e02    Diasend    12/5/2016    50.7 MB    2.4.0_BuildR2e02
Discord    Hammer & Chisel, Inc.    8/24/2016    47.0 MB    0.0.296
Driver Support    PC Drivers HeadQuarters LP    12/10/2016    17.3 MB    10.1.4.20
DriverUpdate        10/23/2014        
Dungeon Hunter 5    Gameloft.    11/24/2016        2.4.0.8
eManual    ASUSTeK Computer Inc.    4/10/2016        1.00.07
Fingertapps Instruments    fingertapps    4/10/2016        2.0.6.2438
Fingertapps Organizer recommended by ASUS    fingertapps    4/10/2016        3.0.2.3330
Firebird SQL Server - MAGIX Edition    MAGIX AG    11/24/2014    11.5 MB    2.1.32.0
Fresh Paint    Microsoft Corporation    4/10/2016        2.0.15133.0
Games    Microsoft Corporation    4/10/2016        2.0.139.0
Garry's Mod    Facepunch Studios    5/21/2016        
Google Chrome    Google Inc.    12/2/2016        55.0.2883.75
Heroes & Generals    Reto-Moto    4/25/2016        
HP AiO Printer Remote    Hewlett-Packard Company    4/10/2016        55.1.43.0
HP Photo Creations    HP    11/5/2016    40.0 MB    1.0.0.22142
HP Photosmart 7510 series Basic Device Software    Hewlett-Packard Co.    4/14/2016    129 MB    28.0.1315.0
HP Photosmart 7510 series Help    Hewlett Packard    4/14/2016    11.4 MB    140.0.2.2
HP Photosmart 7510 series Product Improvement Study    Hewlett-Packard Co.    4/14/2016    8.30 MB    28.0.1315.0
HP Photosmart Essential 3.5    HP    5/31/2016        3.5
HP Support Assistant    HP    4/14/2016    15.6 MB    8.3.34.7
HP Support Solutions Framework    HP    4/14/2016    6.35 MB    12.5.32.37
HP Update    Hewlett-Packard    4/14/2016    4.04 MB    5.005.002.002
Intel® Management Engine Components    Intel Corporation    4/10/2016        10.0.0.1204
Intel® Network Connections 19.1.51.0    Intel    10/23/2014    37.2 MB    19.1.51.0
Intel® Processor Graphics    Intel Corporation    4/10/2016        10.18.10.3496
Intel® Rapid Storage Technology    Intel Corporation    11/24/2014        13.0.3.1001
Intel® Ready Mode Technology    Intel Corporation    10/23/2014    12.2 MB    1.1.10.381
Intel® Update Manager    Intel Corporation    10/23/2014    24.4 MB    2.1.1269
Java 8 Update 101    Oracle Corporation    9/11/2016    93.2 MB    8.0.1010.13
Jigswar    fingertapps    4/10/2016        1.0.0.913
Mail, Calendar, and People        4/10/2016        
Malwarebytes version 3.0.4.1269    Malwarebytes    12/8/2016    145 MB    3.0.4.1269
Maps    Microsoft Corporation    4/10/2016        2.1.3230.2048
McAfee® Central for ASUS    "McAfee Inc"    11/27/2016        4.5.152.1
Microsoft Office Home and Business 2013 - en-us    Microsoft Corporation    11/15/2016        15.0.4875.1001
Microsoft OneDrive    Microsoft Corporation    8/23/2016    82.9 MB    17.3.6517.0809
Microsoft SQL Server 2005 Compact Edition [ENU]    Microsoft Corporation    10/23/2014    1.92 MB    3.1.0000
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    4/11/2016    4.84 MB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17    Microsoft Corporation    10/23/2014    13.2 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    11/24/2014    13.1 MB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    4/11/2016    11.5 MB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    11/24/2014    9.63 MB    9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    10/23/2014    10.1 MB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    4/11/2016    8.78 MB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    6/14/2016    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    6/14/2016    11.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation    6/22/2016    20.5 MB    11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    6/22/2016    17.3 MB    11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501    Microsoft Corporation    6/14/2016    20.5 MB    12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501    Microsoft Corporation    6/14/2016    17.1 MB    12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    4/15/2016        10.0.50903
Minecraft    Mojang    4/16/2016    1.22 MB    1.0.3.0
Mozilla Firefox 50.0.2 (x86 en-US)    Mozilla    12/1/2016    91.7 MB    50.0.2
Mozilla Maintenance Service    Mozilla    12/1/2016    231 KB    50.0.2.6177
MSN Food & Drink    Microsoft Corporation    4/10/2016        3.0.4.336
MSN Health & Fitness    Microsoft Corporation    4/10/2016        3.0.4.336
MSN Money    Microsoft Corporation    4/27/2016        3.0.4.344
MSN News    Microsoft Corporation    4/27/2016        3.0.4.344
MSN Sports    Microsoft Corporation    4/29/2016        3.0.4.345
MSN Travel    Microsoft Corporation    4/10/2016        3.0.4.336
MSN Weather    Microsoft Corporation    11/26/2016        3.0.4.350
MSXML 4.0 SP3 Parser    Microsoft Corporation    11/24/2014    2.86 MB    4.30.2100.0
Music    Microsoft Corporation    4/10/2016        2.6.672.0
Music Maker Jam    MAGIX    9/3/2016        2.3.1051.1
mZIP    zimmermann    4/10/2016        2.1.0.24
NVIDIA 3D Vision Controller Driver 331.82    NVIDIA Corporation    11/24/2014        331.82
NVIDIA 3D Vision Driver 333.02    NVIDIA Corporation    11/24/2014        333.02
NVIDIA GeForce Experience 2.0    NVIDIA Corporation    11/24/2014        2.0
NVIDIA Graphics Driver 333.02    NVIDIA Corporation    11/24/2014        333.02
NVIDIA HD Audio Driver 1.3.30.1    NVIDIA Corporation    11/24/2014        1.3.30.1
NVIDIA PhysX System Software 9.13.0927    NVIDIA Corporation    11/24/2014        9.13.0927
OneNote    Microsoft Corporation    4/10/2016        16.0.3327.1048
PowerDirector    CyberLink Corp.    4/10/2016    276 MB    10.0.0.4307
PunkBuster Services    Even Balance, Inc.    7/1/2016        0.986
Reader    Microsoft Corporation    9/14/2016        6.4.9926.18471
REALTEK Bluetooth Driver    REALTEK Semiconductor Corp.    11/24/2014        3.769.769.092613
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    10/23/2014        6.0.1.7272
REALTEK Wireless LAN Driver    REALTEK Semiconductor Corp.    11/24/2014        1.00.243
ROBLOX Player for Laurie    ROBLOX Corporation    12/9/2016        
ROBLOX Studio for Laurie    ROBLOX Corporation    6/12/2016        
ROG GameFirst II v9.05    cFos Software GmbH, Bonn    4/10/2016        9.05
ShellShock Live    kChamp Games    6/30/2016        
Skype    Skype    4/10/2016        3.1.0.1016
Skype™ 7.29    Skype Technologies S.A.    11/14/2016    307 MB    7.29.102
Steam    Valve Corporation    4/24/2016        2.10.91.91
Unity Web Player    Unity Technologies ApS    5/30/2016    12.0 MB    5.3.5f1
Video    Microsoft Corporation    4/10/2016        2.6.446.0
VirtuWatt 3.0.108.30307    Lucidlogix Technologies LTD    11/24/2014    25.7 MB    3.0.108.30307
Webroot SecureAnywhere    Webroot    11/2/2016    915 KB    9.0.13.62
WebStorage    ASUS Cloud Corporation    4/10/2016        2.1.1.265
Windows Alarms    Microsoft Corporation    4/10/2016        6.3.9654.20335
Windows Calculator    Microsoft Corporation    4/10/2016        6.3.9600.20278
Windows Driver Package - DexCom, Inc. (usbser) Ports  (05/24/2010 1.0.0.2)    DexCom, Inc.    12/5/2016        05/24/2010 1.0.0.2
Windows Help+Tips    Microsoft Corporation    4/10/2016        6.3.9654.20559
Windows Live Essentials    Microsoft Corporation    10/23/2014        16.4.3522.0110
Windows Reading List    Microsoft Corporation    6/18/2016        6.3.9654.21234
Windows Scan    Microsoft Corporation    4/10/2016        6.3.9654.17133
Windows Sound Recorder    Microsoft Corporation    4/10/2016        6.3.9600.20280
Wondershare DVD Slideshow Builder Deluxe(Build 6.6.0.0)    Wondershare Software Co.,Ltd.    11/4/2016    285 MB    6.6.0.0
Wondershare Filmora(Build 7.8.1)    Wondershare Software    12/3/2016    403 MB    
Wondershare Helper Compact 2.5.2    Wondershare    11/4/2016    6.61 MB    2.5.2
Xbox 360 SmartGlass    Microsoft Corporation    4/10/2016        1.4.3.0
Xbox One SmartGlass    Microsoft Corporation    6/8/2016        2.2.1510.30008
 


Edited by GunnerTDog, 11 December 2016 - 12:33 AM.


#11 GunnerTDog

GunnerTDog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 11 December 2016 - 12:38 AM

After all those scans and stuff my mic is still getting muted automatically.



#12 GunnerTDog

GunnerTDog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 11 December 2016 - 12:58 AM

Oh wait ESET did find some stuff earlier when the scan got interrupted here they are(had to use pictures since it wouldn't let copy them)

https://gyazo.com/5516ddc178f8fbadd397b4de48456435

https://gyazo.com/fa7bc0025a4b2fdcd4261ccaa63715d6

https://gyazo.com/f2280c27fd5330da398627e455de091f

https://gyazo.com/1959c220e39677ce94bc5bfc547c4f30

https://gyazo.com/78ab76f0eb045fb4343c553435318490



#13 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:52 PM

Posted 11 December 2016 - 07:44 AM

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    HP Photosmart 7510 series (NET)    Hewlett-Packard Co.    "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26B3516S05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
Yes    HKCU:Run    World of Warplanes        "C:\Games\World_of_Warplanes\WargamingGameUpdater.exe"
Yes    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    DelaypluginInstall        C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Yes    HKLM:Run    hpqSRMon    Hewlett-Packard    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
Yes    HKLM:Run    ROG GameFirst II    cFos Software GmbH    C:\Program Files\ASUS\ROG GameFirst II\cFosSpeed.exe
Yes    Startup Common    Install LastPass FF RunOnce.lnk    Webroot Software, Inc.    C:\Program Files (x86)\Common Files\wruninstall.exe
Yes    Startup Common    Install LastPass IE RunOnce.lnk    Webroot Software, Inc.    C:\Program Files (x86)\Common Files\wruninstall.exe

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    HP Photo Creations Communicator    RocketLife    C:\Users\Laurie\AppData\Roaming\HP Photo Creations\Communicator.exe --auto
Yes    Task    HPCeeScheduleForLaurie    Hewlett-Packard    C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForLaurie (null)
Yes    Task    HPCustParticipation HP Photosmart 7510 series    Hewlett-Packard Co.    "C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1005
Yes    Task    IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473    Intel® Services Manager    C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic
Yes    Task    IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon    Intel® Services Manager    "C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe" --automatic
Yes    Task    Microsoft OneDrive Auto Update Task-S-1-5-21-468057835-15481181-3247691771-1001    Microsoft Corporation    %localappdata%\Microsoft\OneDrive\OneDrive.exe /autoupdate
Yes    Task    OneDrive Standalone Update Task    Microsoft Corporation    C:\Users\Laurie\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Yes    Task    Optimize Start Menu Cache Files-S-1-5-21-468057835-15481181-3247691771-1001        
Yes    Task    {F367EAF8-F197-4103-9E89-F738FC4D927A}    Microsoft Corporation    C:\WINDOWS\system32\pcalua.exe -a C:\Users\Laurie\AppData\Local\Roblox\Versions\version-2fd5590479874e29\RobloxPlayerLauncher.exe -c -uninstall

 

Delete these Tasks: Use CCleaner by clicking on each item and choosing Delete on the right.

Yes    Task    Driver Support    PC Drivers Headquarters LP    C:\Program Files (x86)\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
Yes    Task    Driver Support-RTMRules    PC Drivers Headquarters LP    C:\Program Files (x86)\Driver Support\DriverSupport.exe /showWelcome:false /action:checkRuleManifests /applicationMode:current
Yes    Task    Driver Support-RTMScan    PC Drivers Headquarters LP    C:\Program Files (x86)\Driver Support\DriverSupport.exe /showWelcome:false /action:scheduledScan /applicationMode:current
Yes    Task    Driver Support-RTMUpdater    PC Drivers Headquarters LP    C:\Program Files (x86)\Driver Support\DriverSupport.exe /showWelcome:false /action:checkForUpdate /applicationMode:current

 

Uninstall these programs: Use Download Revo Uninstaller Freeware .....especially for the Wondershare programs, Driver Support and Driver Updater)

 

Adobe Reader X (10.1.3) MUI    Adobe Systems Incorporated    10/23/2014    481 MB    10.1.3 (Uninstall or Update...your choice)

Driver Support    PC Drivers HeadQuarters LP    12/10/2016    17.3 MB    10.1.4.20
DriverUpdate        10/23/2014    

Java 8 Update 101    Oracle Corporation    9/11/2016    93.2 MB    8.0.1010.13 (Or update...most users don't need Java)

McAfee® Central for ASUS    "McAfee Inc"    11/27/2016        4.5.152.1

Wondershare DVD Slideshow Builder Deluxe(Build 6.6.0.0)    Wondershare Software Co.,Ltd.    11/4/2016    285 MB    6.6.0.0
Wondershare Filmora(Build 7.8.1)    Wondershare Software    12/3/2016    403 MB    
Wondershare Helper Compact 2.5.2    Wondershare    11/4/2016    6.61 MB    2.5.2

 

I was not able to view the images in gyazo.com.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 GunnerTDog

GunnerTDog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 11 December 2016 - 12:48 PM

the things in gyazo were pretty much ccsetup(524).exe stuff



#15 buddy215

buddy215

  • Moderator
  • 13,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:52 PM

Posted 11 December 2016 - 01:08 PM

After completing the uninstalls and disabling in my last post....run a scan using MBAM and let me know if it is still

finding Trojan.Fileless.MTGen

 

Run this scan, too.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users