dragokas
commented
5 years ago Hi, thank you for the log. If you need our assistance:
-
Read carefully: How to make a request for help in the PC cure section
-
Attach 'Collection-[Date].zip' log created by AutoLogger
-
Describe your problem in details.
Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics. Ignore any recommendations given by other users, including PM !!!
Assistance is provided free of charge at our free time. If you found our help useful, you can thank us with any amount using this form or you can leave a feedback in Guestbook.
Just would like to have this reviewed by an expert. Thanks!
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.19
Platform: x64 Windows 10 (Pro), 10.0.17763.557 (ReleaseId: 1809), Service Pack: 0 Time: 15.07.2019 - 13:04 (UTC-06:00) Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409) Elevated: Yes Ran by: Doggo (group: Administrator) on DOG, FirstRun: yes
Chrome: 75.0.3770.100 Edge: 11.0.17763.557 Internet Explorer: 11.0.17763.1 Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes: Number | Path 4 C:\Program Files (x86)\Battle.net\Battle.net.exe 1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 1 C:\Program Files (x86)\Common Files\Steam\SteamService.exe 1 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe 2 C:\Program Files (x86)\Dropbox\Client\76.4.126\QtWebEngineProcess.exe 3 C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 1 C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe 20 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 1 C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe 1 C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe 1 C:\Program Files (x86)\Gyazo\GyStation.exe 1 C:\Program Files (x86)\Origin\OriginWebHelperService.exe 1 C:\Program Files (x86)\PureVPN\PureVPNService.exe 1 C:\Program Files (x86)\Steam\Steam.exe 5 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe 1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 1 C:\Program Files\CCleaner\CCleaner64.exe 1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe 1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 1 C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe 1 C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe 1 C:\Program Files\Logitech Gaming Software\LCore.exe 1 C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE 2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe 1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64kzf8qxf38zg5c\SkypeApp.exe 1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64kzf8qxf38zg5c\SkypeBackgroundHost.exe 1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x648wekyb3d8bbwe\Microsoft.Photos.exe 1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19061.410.0_x648wekyb3d8bbwe\YourPhone.exe 1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe 1 C:\ProgramData\Battle.net\Agent\Agent.6732\Agent.exe 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe 4 C:\Users\ggshe\AppData\Local\Discord\app-0.0.305\Discord.exe 1 C:\Users\ggshe\AppData\Local\Microsoft\OneDrive\OneDrive.exe 1 C:\Users\ggshe\AppData\Roaming\Telegram Desktop\Telegram.exe 1 C:\Users\ggshe\Desktop\HiJackThis.exe 1 C:\Windows\SysWOW64\vmnat.exe 1 C:\Windows\SysWOW64\vmnetdhcp.exe 1 C:\Windows\System32\ApplicationFrameHost.exe 1 C:\Windows\System32\CompPkgSrv.exe 1 C:\Windows\System32\DbxSvc.exe 5 C:\Windows\System32\RuntimeBroker.exe 1 C:\Windows\System32\SearchIndexer.exe 1 C:\Windows\System32\SecurityHealthService.exe 1 C:\Windows\System32\SecurityHealthSystray.exe 1 C:\Windows\System32\SettingSyncHost.exe 1 C:\Windows\System32\SgrmBroker.exe 3 C:\Windows\System32\conhost.exe 2 C:\Windows\System32\csrss.exe 1 C:\Windows\System32\ctfmon.exe 1 C:\Windows\System32\dasHost.exe 2 C:\Windows\System32\dllhost.exe 1 C:\Windows\System32\dwm.exe 2 C:\Windows\System32\fontdrvhost.exe 1 C:\Windows\System32\ibtsiva.exe 1 C:\Windows\System32\lsass.exe 1 C:\Windows\System32\services.exe 1 C:\Windows\System32\sihost.exe 1 C:\Windows\System32\smss.exe 1 C:\Windows\System32\spoolsv.exe 81 C:\Windows\System32\svchost.exe 2 C:\Windows\System32\taskhostw.exe 2 C:\Windows\System32\wbem\WmiPrvSE.exe 1 C:\Windows\System32\wininit.exe 1 C:\Windows\System32\winlogon.exe 1 C:\Windows\System32\wlanext.exe 1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe 1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 1 C:\Windows\explorer.exe 1 F:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe 1 F:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 1 F:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_cigdxjtnqwo_18_44_01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwingy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0DyDyD0E0AyByC0E0DtCyCyE0F0DtN0D0Tzu0StByEzytAtN1L2XzuyEtFtBzztFtDtFzzzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0EyE0DyDyDtA0BtGtBtA0BtBtGyB0D0AtAtGyC0D0D0EtG0EyCyEyCtDtByDtAyD0DyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE1Szz1StD1RyCyCtG1Rzy1SyDtGyEtDyEzytGzyyDzy1RtG1TtBtBtAzyyD1RzyyDyCzytA2QtN0A0LzutDtN1B2Z1V1T1S1NzutCzyyDzytCtN1Q2Z1B1P1RzutCyDyEtDzztBtBtAtCzz%26cr%3D566195545%26a%3Dbgy_cigdxjtnqwo_18_44_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{518b33ae-375d-712d-6742-d1fe0400268d}: [SuggestionsURL] = https://ie.search.yahoo.com/os?appid=fes&command={searchTerms} - Yahoo! Powered Search R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{518b33ae-375d-712d-6742-d1fe0400268d}: [URL] = https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_cigdxjtnqwo_18_44_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwingy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0DyDyD0E0AyByC0E0DtCyCyE0F0DtN0D0Tzu0StByEzytAtN1L2XzuyEtFtBzztFtDtFzzzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0EyE0DyDyDtA0BtGtBtA0BtBtGyB0D0AtAtGyC0D0D0EtG0EyCyEyCtDtByDtAyD0DyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE1Szz1StD1RyCyCtG1Rzy1SyDtGyEtDyEzytGzyyDzy1RtG1TtBtBtAzyyD1RzyyDyCzytA2QtN0A0LzutDtN1B2Z1V1T1S1NzutCzyyDzytCtN1Q2Z1B1P1RzutCyDyEtDzztBtBtAtCzz%26cr%3D566195545%26a%3Dbgy_cigdxjtnqwo_18_44_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms} - Yahoo! Powered Search O2 - HKLM..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll O2 - HKLM..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll O2-32 - HKLM..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll O2-32 - HKLM..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll O4 - HKCU..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR O4 - HKCU..\Run: [Discord] = C:\Users\ggshe\AppData\Local\Discord\app-0.0.305\Discord.exe O4 - HKCU..\Run: [Gyazo] = C:\Program Files (x86)\Gyazo\GyStation.exe O4 - HKCU..\Run: [HOTS Logs Uploader] = C:\Users\ggshe\Downloads\HOTS Logs Uploader.exe O4 - HKCU..\Run: [OneDrive] = C:\Users\ggshe\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft) O4 - HKCU..\Run: [Skype for Desktop] = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe O4 - HKCU..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent O4 - HKLM..\Run: [Launch LCore] = C:\Program Files\Logitech Gaming Software\LCore.exe /minimized O4 - HKLM..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe O4 - User Startup: C:\Users\ggshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk -> C:\Users\ggshe\AppData\Roaming\Telegram Desktop\Telegram.exe -autostart O4-32 - HKLM..\Run: [Discord] = C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall O4-32 - HKLM..\Run: [Dropbox] = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup O4-32 - HKLM..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4-32 - HKLM..\Run: [vmware-tray.exe] = F:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\vsocklib.dll O17 - DHCP DNS 1: 192.168.2.1 O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O22 - Task (.job): (Not scheduled) DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c O22 - Task (.job): (Not scheduled) DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler O23 - Service R2: DbxSvc - C:\WINDOWS\system32\DbxSvc.exe O23 - Service R2: Intel Bluetooth Service - (ibtsiva) - C:\WINDOWS\system32\ibtsiva.exe O23 - Service R2: Logitech Gaming Registry Service - (LogiRegistryService) - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe O23 - Service R2: Microsoft Office Click-to-Run Service - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 O23 - Service R2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service R2: PureVPN Service - (PureVPNService) - C:\Program Files (x86)\PureVPN\PureVPNService.exe O23 - Service R2: TeamViewer 13 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service R2: VMware Authorization Service - (VMAuthdService) - F:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service R2: VMware DHCP Service - (VMnetDHCP) - C:\WINDOWS\SysWOW64\vmnetdhcp.exe O23 - Service R2: VMware NAT Service - C:\WINDOWS\SysWOW64\vmnat.exe O23 - Service R2: VMware USB Arbitration Service - (VMUSBArbService) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe O23 - Service R2: VMware Workstation Server - (VMwareHostd) - F:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -u "C:\ProgramData\VMware\hostd\config.xml" O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService O23 - Service S2: Dropbox Update Service (dbupdate) - (dbupdate) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /svc O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service S3: Dropbox Update Service (dbupdatem) - (dbupdatem) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /medsvc O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\elevation_service.exe O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE O23 - Service S3: OpenVpnService - C:\Program Files (x86)\PureVPN\bin\openvpnserv2.exe O23 - Service S3: Origin Client Service - C:\Program Files (x86)\Origin\OriginClientService.exe
-- End of file - Time spent: 16.8 sec. - 31836 bytes, CRC32: FFFFFFFF. Sign: 釲�