Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with 'svchost.exe' virus (miner)


  • This topic is locked This topic is locked
9 replies to this topic

#1 epunchy

epunchy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 21 June 2015 - 10:03 PM

Hello : )

 

So similiar to this post (http://www.bleepingcomputer.com/forums/t/490284/trojanagentgen-keeps-coming-back-after-removalquarantine-svchostexe-trojan/) my computer has been infected with a mining virus. 

 

Within a few minutes of starting the computer an unnamed process (as in task manager) shows up and proceeds to take cpu usage to 100%. Scanning with malwarebytes shows two programs in the Temp directory in Windows 'lsass.exe.' and 'svchost.exe'. Using malwarebytes to remove it does not work. I can also end the process from task manager and delete the files from the temp directory but upon restart the process and the files appears again.

 

Additionally the virus publishes a log file each time with the title 'Claymore CryptoNote CPU Miner  v3.3 Beta' There is an IP address visible within the log file which i presume belongs to my nefarious miner. : /

 

I'm not sure if this is important but in addition to my local disk ssd i have two other hdds.

 

Any help would be most welcome.

 

Thanks
Eranga

 

Below is my frst log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by ErangaP (administrator) on ERANGA on 21-06-2015 23:37:48
Running from C:\Users\ErangaP\Downloads
Loaded Profiles: ErangaP (Available Profiles: ErangaP)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Felix Belzile) C:\Program Files (x86)\Cold Turkey\CTService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) E:\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\ErangaP\AppData\Local\FluxSoftware\Flux\flux.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2109440 2013-04-23] (Creative Technology Ltd)
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\...\Run: [f.lux] => C:\Users\ErangaP\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\...\Run: [GoogleChromeAutoLaunch_F1451D6EFDA407A916CD2D2235EABCF0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-06] (Google Inc.)
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\...\Run: [Digiarty_Software_AirPlayit] => C:\Program Files\Digiarty\Air_Playit\airplayit.exe [10468672 2012-02-28] ()
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\...\Run: [GalaxyClient] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-03-14]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-04-24]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\ErangaP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-03-17]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-26]
CHR Extension: (Please enter your password) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-03-20]
CHR Extension: (YouTube) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-20]
CHR Extension: (Facebook) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-20]
CHR Extension: (Infinity New Tab) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg [2015-05-24]
CHR Extension: (AdBlock) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-18]
CHR Extension: (Download) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfbckmilnhkcajpjifgbonfkkoekhmnp [2015-03-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-03-20]
CHR Extension: (Hangouts call) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpgddbgniojgndnhlkjbkpknjhppkbk [2015-03-20]
CHR Extension: (Google Play) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-03-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2015-05-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-26]
CHR Extension: (Ghostery) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\ErangaP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15]
CHR HKU\S-1-5-21-2186957993-1702665829-950521371-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ErangaP\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-04-26]
CHR HKU\S-1-5-21-2186957993-1702665829-950521371-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-03-15] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-03-15] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [323072 2015-01-18] (Felix Belzile) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-09-02] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1743928 2015-05-24] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6516792 2015-05-24] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-14] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-04-14] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2015-06-06] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [792016 2015-02-09] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-03-22] (Scarlet.Crush Productions)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [25088 2015-04-15] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [43616 2015-04-15] (SteelSeries ApS)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-22] (Microsoft Corporation)
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-21 23:37 - 2015-06-21 23:37 - 01367579 _____ C:\Users\ErangaP\Downloads\Unconfirmed 773235.crdownload
2015-06-21 23:37 - 2015-06-21 23:37 - 00021638 _____ C:\Users\ErangaP\Downloads\FRST.txt
2015-06-21 23:37 - 2015-06-21 23:37 - 00000000 ____D C:\FRST
2015-06-21 23:36 - 2015-06-21 23:37 - 02109952 _____ (Farbar) C:\Users\ErangaP\Downloads\FRST64.exe
2015-06-21 23:15 - 2015-06-21 23:34 - 00002416 _____ C:\Users\ErangaP\Desktop\Rkill.txt
2015-06-21 23:13 - 2015-06-21 23:14 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\ErangaP\Downloads\rkill.exe
2015-06-21 23:12 - 2015-06-21 23:12 - 00000000 ____D C:\Users\ErangaP\Downloads\ProcessExplorer
2015-06-21 23:11 - 2015-06-21 23:11 - 01186640 _____ C:\Users\ErangaP\Downloads\ProcessExplorer.zip
2015-06-21 23:08 - 2015-06-21 23:08 - 00000000 ____D C:\Users\ErangaP\Downloads\Autoruns
2015-06-21 23:07 - 2015-06-21 23:07 - 00593693 _____ C:\Users\ErangaP\Downloads\Autoruns.zip
2015-06-21 23:06 - 2015-06-21 23:07 - 00000050 _____ C:\Users\ErangaP\Downloads\FixPoweliks64.log
2015-06-21 23:05 - 2015-06-21 23:06 - 02747488 _____ (Symantec Corporation) C:\Users\ErangaP\Downloads\FixPoweliks64.exe
2015-06-21 22:24 - 2015-06-21 22:25 - 05200384 _____ (AVAST Software) C:\Users\ErangaP\Downloads\aswmbr.exe
2015-06-21 22:21 - 2015-06-21 22:21 - 00034294 _____ C:\Users\ErangaP\Desktop\gmer1log.log
2015-06-21 22:14 - 2015-06-21 22:14 - 00385560 _____ C:\Windows\Minidump\062115-5234-01.dmp
2015-06-21 22:10 - 2015-06-21 22:10 - 00380416 _____ C:\Users\ErangaP\Downloads\sbnfkgn6.exe
2015-06-21 22:07 - 2015-06-21 22:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\ErangaP\Downloads\tdsskiller.exe
2015-06-19 20:21 - 2015-06-19 20:21 - 00000000 ____D C:\ProgramData\Rockstar Games
2015-06-19 00:35 - 2015-06-19 00:35 - 00000222 _____ C:\Users\ErangaP\Desktop\Max Payne 3.url
2015-06-19 00:01 - 2015-06-19 00:01 - 00001043 _____ C:\Users\ErangaP\Desktop\WinDirStat.lnk
2015-06-19 00:01 - 2015-06-19 00:01 - 00000000 ____D C:\Users\ErangaP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-06-19 00:01 - 2015-06-19 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-06-19 00:01 - 2015-06-19 00:01 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2015-06-19 00:00 - 2015-06-19 00:01 - 00645729 _____ (WDS Team) C:\Users\ErangaP\Downloads\windirstat1_1_2_setup.exe
2015-06-18 23:52 - 2015-06-18 23:52 - 00000220 _____ C:\Users\ErangaP\Desktop\BioShock.url
2015-06-18 22:58 - 2015-06-18 22:58 - 00000000 ____D C:\Users\ErangaP\Desktop\Max Payne 3
2015-06-16 22:09 - 2015-06-16 22:09 - 00000000 ____D C:\Users\ErangaP\AppData\Roaming\New Technology Studio
2015-06-16 22:09 - 2015-06-16 22:09 - 00000000 ____D C:\Users\ErangaP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV
2015-06-16 22:09 - 2015-06-16 22:09 - 00000000 ____D C:\Users\ErangaP\AppData\Local\New Technology Studio
2015-06-16 22:03 - 2015-06-16 22:03 - 02788352 _____ (Bilago) C:\Users\ErangaP\Desktop\GTAV Mod Manager.exe
2015-06-16 22:03 - 2015-06-16 22:03 - 00000000 ____D C:\Users\ErangaP\Downloads\5ab40c-GTAV Mod Manager
2015-06-16 22:01 - 2015-06-16 22:01 - 00000000 ____D C:\Users\ErangaP\Downloads\106b22-Reskinned Trainer 1.3
2015-06-16 22:00 - 2015-06-16 22:00 - 00178152 _____ C:\Users\ErangaP\Downloads\106b22-Reskinned Trainer 1.3.rar
2015-06-16 21:57 - 2015-06-16 21:57 - 00000000 ____D C:\Users\ErangaP\Downloads\ScriptHookV_1.0.372.2
2015-06-16 21:55 - 2015-06-16 22:03 - 00000000 ____D C:\Users\ErangaP\AppData\Local\Bilago
2015-06-16 14:16 - 2015-06-16 14:17 - 03984384 _____ (New Technology Studio) C:\Users\ErangaP\Downloads\ovisetup.exe
2015-06-16 14:15 - 2015-06-16 14:15 - 00393765 _____ C:\Users\ErangaP\Downloads\ScriptHookV_1.0.372.2.zip
2015-06-16 14:14 - 2015-06-16 14:14 - 02369054 _____ C:\Users\ErangaP\Downloads\5ab40c-GTAV Mod Manager.zip
2015-06-11 15:27 - 2015-06-11 15:32 - 00000000 ____D C:\Users\ErangaP\VirtualBox VMs
2015-06-11 15:25 - 2015-06-11 15:32 - 00000000 ____D C:\Users\ErangaP\.VirtualBox
2015-06-11 15:25 - 2015-06-11 15:25 - 00001092 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-06-11 15:25 - 2015-06-11 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-06-11 15:25 - 2015-06-11 15:25 - 00000000 ____D C:\Program Files\Oracle
2015-06-11 15:25 - 2015-05-13 17:11 - 00922704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-06-11 15:25 - 2015-05-13 17:10 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-06-11 15:20 - 2015-06-11 15:23 - 111273672 _____ (Oracle Corporation) C:\Users\ErangaP\Downloads\VirtualBox-4.3.28-100309-Win.exe
2015-06-11 15:12 - 2015-05-16 08:01 - 00133288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-11 15:12 - 2015-05-16 07:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-11 15:12 - 2015-05-16 06:47 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-11 15:12 - 2015-05-16 06:23 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-11 15:12 - 2015-05-16 05:42 - 03682304 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-11 15:12 - 2015-05-16 05:32 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-11 15:12 - 2015-05-16 05:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-11 15:12 - 2015-05-16 05:28 - 02223104 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-11 15:12 - 2015-05-16 05:28 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-06-11 15:12 - 2015-05-16 05:28 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-11 15:12 - 2015-05-16 05:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-11 15:12 - 2015-05-16 05:21 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-11 15:12 - 2015-05-16 05:21 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-11 15:12 - 2015-05-16 05:19 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-11 15:12 - 2015-05-16 05:19 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-11 13:49 - 2015-06-11 13:49 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-06-11 13:49 - 2015-06-11 13:49 - 00001449 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-11 13:49 - 2015-06-11 13:49 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-06-11 13:49 - 2015-06-11 13:49 - 00000000 ____D C:\Users\ErangaP\AppData\Local\Apple
2015-06-11 13:49 - 2015-06-11 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-11 13:49 - 2015-06-11 13:49 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-11 13:49 - 2015-06-11 13:49 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-11 13:49 - 2015-06-11 13:49 - 00000000 ____D C:\Program Files\iPod
2015-06-11 13:49 - 2015-06-11 13:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-11 13:49 - 2015-06-11 13:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-11 13:49 - 2015-06-11 13:49 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-11 13:49 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-06-11 13:35 - 2015-05-25 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-11 13:35 - 2015-05-25 23:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-11 13:35 - 2015-05-22 23:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-11 13:35 - 2015-05-21 23:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-11 13:35 - 2015-05-21 23:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-11 13:35 - 2015-05-21 23:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-11 13:35 - 2015-05-21 23:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-11 13:35 - 2015-05-21 23:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-11 13:35 - 2015-05-21 23:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-11 13:35 - 2015-04-17 08:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-11 13:35 - 2015-04-09 08:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-11 13:35 - 2015-04-09 08:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-11 13:35 - 2015-04-02 08:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-11 13:35 - 2015-04-02 08:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-11 13:35 - 2015-03-20 13:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-11 13:35 - 2015-03-20 13:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-11 13:35 - 2015-03-20 12:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-11 13:35 - 2015-03-20 12:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-11 13:35 - 2015-03-02 11:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-11 13:35 - 2015-03-02 11:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-11 13:34 - 2015-05-28 00:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-11 13:34 - 2015-05-28 00:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-11 13:34 - 2015-05-23 13:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-11 13:34 - 2015-05-23 13:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-11 13:34 - 2015-05-23 13:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-11 13:34 - 2015-05-23 13:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-11 13:34 - 2015-05-23 13:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-11 13:34 - 2015-05-23 12:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-11 13:34 - 2015-05-23 12:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-11 13:34 - 2015-05-23 12:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-11 13:34 - 2015-05-23 12:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-11 13:34 - 2015-05-23 12:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-11 13:34 - 2015-05-23 12:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-11 13:34 - 2015-05-23 12:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-11 13:34 - 2015-05-23 12:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-11 13:34 - 2015-05-23 12:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-11 13:34 - 2015-05-23 12:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-11 13:34 - 2015-05-23 12:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-11 13:34 - 2015-05-23 12:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-11 13:34 - 2015-05-23 12:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-11 13:34 - 2015-05-23 05:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-11 13:34 - 2015-05-23 05:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-11 13:34 - 2015-05-23 05:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-11 13:34 - 2015-05-23 04:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-11 13:34 - 2015-05-23 04:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-11 13:34 - 2015-05-23 04:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-11 13:34 - 2015-05-23 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-11 13:34 - 2015-05-23 04:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-11 13:34 - 2015-05-23 04:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-11 13:34 - 2015-05-23 04:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-11 13:34 - 2015-05-23 04:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-11 13:34 - 2015-05-23 04:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-11 13:34 - 2015-05-23 04:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-11 13:34 - 2015-05-23 04:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-11 13:34 - 2015-05-23 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-11 13:34 - 2015-05-23 03:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-11 13:34 - 2015-05-23 03:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-11 13:34 - 2015-05-23 03:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-11 13:34 - 2015-05-23 03:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-11 13:34 - 2015-05-23 03:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-11 13:34 - 2015-05-22 02:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-11 13:34 - 2015-04-25 12:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 13:34 - 2015-04-25 12:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-11 13:34 - 2015-04-16 16:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-11 13:34 - 2015-04-14 08:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-11 13:34 - 2015-04-14 08:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-11 13:34 - 2015-04-10 10:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-11 13:34 - 2015-04-10 10:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-11 13:34 - 2015-04-01 14:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-11 13:34 - 2015-04-01 14:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-11 13:34 - 2015-04-01 14:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-11 13:34 - 2015-04-01 14:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-11 13:34 - 2015-04-01 13:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-11 13:34 - 2015-04-01 13:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-11 13:34 - 2015-04-01 13:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-11 13:34 - 2015-04-01 12:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-11 13:34 - 2015-04-01 12:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-11 13:34 - 2015-04-01 12:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-11 13:34 - 2015-04-01 12:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-11 13:34 - 2015-04-01 12:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-11 13:34 - 2015-04-01 12:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-11 13:32 - 2015-06-11 13:47 - 152362800 _____ (Apple Inc.) C:\Users\ErangaP\Downloads\iTunes6464Setup.exe
2015-06-09 09:09 - 2015-06-09 09:08 - 46921182 _____ C:\Users\ErangaP\Desktop\CBS.log
2015-06-09 08:53 - 2015-06-09 08:53 - 00370880 _____ C:\Windows\Minidump\060915-5421-01.dmp
2015-06-08 16:47 - 2014-12-03 09:22 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\tlntsess.exe
2015-06-06 19:11 - 2015-06-06 19:11 - 00000862 _____ C:\Windows\system32\termcap
2015-06-05 22:44 - 2015-06-05 22:44 - 00000000 ____H C:\Users\ErangaP\Documents\Default.rdp
2015-06-05 21:51 - 2015-06-05 22:04 - 110772878 _____ C:\Users\ErangaP\Downloads\installer_linux.tar.gz
2015-06-05 21:50 - 2015-06-05 21:59 - 108728624 _____ (Apple Inc.) C:\Users\ErangaP\Downloads\iTunesSetup.exe
2015-06-04 02:58 - 2015-06-04 02:58 - 00388880 _____ C:\Windows\Minidump\060415-6562-01.dmp
2015-06-02 20:33 - 2015-06-02 20:34 - 00000000 ____D C:\Program Files (x86)\Cold Turkey
2015-06-02 20:33 - 2015-06-02 20:33 - 00001055 _____ C:\Users\Public\Desktop\Cold Turkey.lnk
2015-06-02 20:33 - 2015-06-02 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey
2015-06-02 20:33 - 2015-06-02 20:33 - 00000000 ____D C:\Program Files\WinPcap
2015-06-02 20:28 - 2015-06-02 20:32 - 07209153 _____ (Felix Belzile ) C:\Users\ErangaP\Downloads\Cold_Turkey_Basic_Installer.exe
2015-06-01 23:12 - 2015-06-01 23:12 - 00000000 ____D C:\Users\ErangaP\AppData\Local\GWX
2015-06-01 22:56 - 2015-06-01 22:56 - 00002149 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-06-01 22:55 - 2015-05-28 13:52 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-01 22:54 - 2015-05-28 17:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-01 22:54 - 2015-05-28 17:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00407112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00117576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-06-01 22:54 - 2015-05-28 17:04 - 00039056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-06-01 22:42 - 2015-06-01 22:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-01 22:42 - 2015-04-03 23:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-01 22:42 - 2015-04-03 23:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-31 18:27 - 2015-05-31 18:33 - 186155112 _____ C:\Users\ErangaP\Downloads\LAN_Patch_2617_0_0_0.exe
2015-05-31 18:21 - 2015-05-31 18:21 - 00001827 _____ C:\Users\ErangaP\Desktop\LANLauncher - Shortcut.lnk
2015-05-31 15:41 - 2015-05-31 15:41 - 00000804 _____ C:\Users\Public\Desktop\Call of Duty Black Ops 2.lnk
2015-05-31 15:41 - 2015-05-31 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops 2
2015-05-31 15:05 - 2015-05-31 15:05 - 00446464 _____ C:\Users\ErangaP\Downloads\ONLINE Lecture 7 - Causation (1).ppt
2015-05-30 20:07 - 2015-05-30 20:08 - 00449536 _____ C:\Users\ErangaP\Downloads\ONLINE Lecture 7 - Causation.ppt
2015-05-29 11:13 - 2015-05-29 11:13 - 00001148 _____ C:\Users\ErangaP\Desktop\Dirt Rally.lnk
2015-05-29 11:04 - 2015-05-29 11:04 - 00000000 ____D C:\ProgramData\Codemasters
2015-05-29 10:59 - 2015-05-29 10:59 - 00003128 _____ C:\Windows\System32\Tasks\Origin
2015-05-26 22:17 - 2015-05-26 22:17 - 00000000 ____D C:\Users\ErangaP\Tracing
2015-05-26 22:16 - 2015-06-19 00:36 - 00000000 ____D C:\Users\ErangaP\AppData\Roaming\Skype
2015-05-26 22:16 - 2015-05-26 22:16 - 00000000 ____D C:\Users\ErangaP\AppData\Local\Skype
2015-05-26 22:15 - 2015-06-17 12:36 - 00000000 ____D C:\ProgramData\Skype
2015-05-26 22:15 - 2015-05-26 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-26 22:15 - 2015-05-26 22:15 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-05-26 22:15 - 2015-05-26 22:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-26 22:14 - 2015-05-26 22:15 - 43031680 _____ (Skype Technologies S.A.) C:\Users\ErangaP\Downloads\SkypeSetupFull.exe
2015-05-26 22:08 - 2015-05-26 22:11 - 00000000 ___RD C:\Users\ErangaP\OneDrive
2015-05-26 10:04 - 2015-05-26 10:04 - 00000222 _____ C:\Users\ErangaP\Desktop\Life Is Strange.url
2015-05-26 10:01 - 2015-05-26 10:01 - 00000000 ____D C:\Users\ErangaP\Documents\Life Is Strange(savebackup)
2015-05-24 17:23 - 2015-05-24 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2015-05-24 15:12 - 2015-05-24 15:17 - 00000000 ____D C:\Users\ErangaP\Documents\CARS
2015-05-24 15:12 - 2015-05-24 15:12 - 00000000 ____D C:\Users\ErangaP\Documents\wmd_symbol_cache
2015-05-24 14:55 - 2015-05-24 14:55 - 00000845 _____ C:\Users\Public\Desktop\Project CARS.lnk
2015-05-24 14:55 - 2015-05-24 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project CARS
2015-05-23 13:44 - 2015-06-19 19:30 - 00000000 ____D C:\Users\ErangaP\Downloads\Sound Cloud
2015-05-22 22:00 - 2015-06-11 13:52 - 00000000 ____D C:\Users\ErangaP\AppData\Roaming\Apple Computer
2015-05-22 22:00 - 2015-06-11 13:49 - 00000000 ____D C:\Users\ErangaP\AppData\Local\Apple Computer
2015-05-22 22:00 - 2015-05-23 13:39 - 00000000 ____D C:\Program Files\pia_manager
2015-05-22 22:00 - 2015-05-22 22:00 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-05-22 22:00 - 2015-05-22 22:00 - 00003158 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2015-05-22 22:00 - 2015-05-22 22:00 - 00000000 ____D C:\Users\ErangaP\AppData\Roaming\Titanium
2015-05-22 21:57 - 2015-05-22 21:58 - 25723531 _____ C:\Users\ErangaP\Downloads\privateinternetaccess.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-21 23:37 - 2015-03-17 09:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-21 23:37 - 2015-03-14 17:18 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2186957993-1702665829-950521371-1001
2015-06-21 23:34 - 2014-11-22 11:01 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-21 23:32 - 2015-04-26 12:25 - 00000000 ___RD C:\Users\ErangaP\Google Drive
2015-06-21 23:32 - 2015-03-14 19:26 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-21 23:30 - 2015-03-14 22:33 - 00006464 _____ C:\Windows\SysWOW64\Gms.log
2015-06-21 23:28 - 2015-03-14 17:13 - 01291590 _____ C:\Windows\WindowsUpdate.log
2015-06-21 23:27 - 2015-03-14 22:49 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-21 23:27 - 2014-11-22 02:51 - 00024854 _____ C:\Windows\PFRO.log
2015-06-21 23:27 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\Help
2015-06-21 23:27 - 2013-08-23 00:46 - 00054185 _____ C:\Windows\setupact.log
2015-06-21 23:27 - 2013-08-23 00:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-21 23:21 - 2015-04-30 19:49 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-21 23:00 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-21 22:59 - 2015-04-19 10:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-21 22:43 - 2015-03-14 19:26 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-21 22:37 - 2015-04-26 12:26 - 00259072 ___SH C:\Users\ErangaP\Downloads\Thumbs.db
2015-06-21 22:32 - 2015-03-14 17:13 - 00000000 ____D C:\Users\ErangaP
2015-06-21 22:14 - 2015-03-25 18:30 - 782864953 _____ C:\Windows\MEMORY.DMP
2015-06-21 22:14 - 2015-03-25 18:30 - 00000000 ____D C:\Windows\Minidump
2015-06-21 21:54 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-21 21:54 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-21 21:53 - 2015-04-18 23:29 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2015-06-21 20:59 - 2015-03-14 17:13 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E22DD467-3542-4B30-B086-A97F42D22D9E}
2015-06-21 15:17 - 2015-03-14 23:22 - 00000000 ____D C:\Users\ErangaP\AppData\Roaming\vlc
2015-06-20 13:51 - 2015-03-14 17:13 - 00000000 ____D C:\Users\ErangaP\AppData\Local\Packages
2015-06-19 20:21 - 2015-04-07 10:51 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-19 20:21 - 2015-04-07 10:48 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-19 20:20 - 2015-03-15 08:32 - 00379782 _____ C:\Windows\DirectX.log
2015-06-19 00:50 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\rescache
2015-06-17 14:04 - 2015-03-20 07:20 - 00000000 ____D C:\Users\ErangaP\Documents\Rockstar Games
2015-06-16 22:23 - 2015-04-18 23:29 - 00001098 _____ C:\Users\ErangaP\Desktop\MSI Afterburner.lnk
2015-06-16 22:17 - 2015-04-14 20:51 - 00000080 _____ C:\Users\ErangaP\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-06-16 12:45 - 2015-04-26 12:24 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-16 12:45 - 2015-04-26 12:24 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-16 12:45 - 2015-04-26 12:24 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-16 12:45 - 2015-04-26 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-11 15:27 - 2015-03-14 22:32 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-11 15:26 - 2015-04-02 18:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-11 15:25 - 2015-03-14 23:38 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 15:25 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-06-11 15:25 - 2013-08-23 01:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-11 15:23 - 2015-03-14 23:38 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 14:26 - 2013-08-23 00:44 - 00485760 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 14:25 - 2015-03-15 08:11 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 14:25 - 2014-11-22 15:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 14:25 - 2013-08-23 01:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-11 14:25 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-06-11 14:25 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 13:59 - 2015-04-19 10:49 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 13:49 - 2015-05-05 21:42 - 00000000 ____D C:\ProgramData\Apple
2015-06-08 17:07 - 2015-04-02 18:02 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-08 17:07 - 2015-04-02 18:02 - 00000971 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-06 19:11 - 2013-08-22 21:17 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\tlntsvr.exe
2015-06-06 19:11 - 2013-08-22 20:45 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\telnet.exe
2015-06-06 19:11 - 2013-08-22 20:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tlntadmn.exe
2015-06-04 02:18 - 2014-11-22 15:29 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-04 02:18 - 2014-11-22 15:29 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 23:09 - 2015-04-04 20:57 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-01 23:09 - 2015-04-04 20:57 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-01 22:56 - 2015-03-14 22:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-01 22:56 - 2015-03-14 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-01 22:42 - 2015-03-14 22:50 - 00001393 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-31 15:47 - 2015-04-07 22:14 - 00000000 ____D C:\Users\ErangaP\AppData\Roaming\Tunngle
2015-05-31 15:47 - 2015-04-07 22:14 - 00000000 ____D C:\ProgramData\Tunngle
2015-05-29 20:27 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\NDF
2015-05-29 19:21 - 2015-03-15 17:46 - 00000000 ____D C:\Users\ErangaP\AppData\Local\SKIDROW
2015-05-29 11:04 - 2015-04-05 18:42 - 00000000 ____D C:\Users\ErangaP\Documents\My Games
2015-05-29 10:59 - 2015-04-04 10:43 - 00000000 ___HD C:\Users\ErangaP\AppData\Roaming\Origin
2015-05-28 17:04 - 2015-03-20 18:20 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-28 17:04 - 2015-03-14 22:48 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-28 17:04 - 2015-03-14 22:48 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-28 17:04 - 2015-03-14 22:48 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-28 17:04 - 2015-03-14 22:48 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-28 17:04 - 2015-03-14 22:48 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-05-28 17:04 - 2015-03-14 22:48 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-05-28 14:15 - 2015-03-14 22:49 - 06872904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-28 14:15 - 2015-03-14 22:49 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-28 14:15 - 2015-03-14 22:49 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-28 14:15 - 2015-03-14 22:49 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-28 14:15 - 2015-03-14 22:49 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-28 14:15 - 2015-03-14 22:49 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-27 20:48 - 2015-03-14 22:49 - 04408727 _____ C:\Windows\system32\nvcoproc.bin
2015-05-27 18:10 - 2015-04-24 15:45 - 00000000 ____D C:\Users\ErangaP\AppData\Local\SteelSeries Engine 3 Client
2015-05-26 10:02 - 2015-04-03 15:08 - 00000000 ____D C:\GAMES
2015-05-24 17:23 - 2015-05-13 08:52 - 00002151 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2015-05-23 14:51 - 2015-03-14 23:01 - 00000000 ____D C:\Users\ErangaP\AppData\Roaming\BitTorrent
2015-05-23 11:47 - 2015-03-14 22:49 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-23 11:47 - 2015-03-14 22:49 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-23 11:47 - 2015-03-14 22:49 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-23 11:47 - 2015-03-14 22:49 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
 
==================== Files in the root of some directories =======
 
2015-03-14 23:15 - 2015-03-15 08:43 - 1065984 _____ () C:\Users\ErangaP\AppData\Local\file__0.localstorage
 
Files to move or delete:
====================
C:\Users\ErangaP\AppData\Roaming\Origin\update.vbe
 
 
Some files in TEMP:
====================
C:\Users\ErangaP\AppData\Local\Temp\130747661588089069.exe
C:\Users\ErangaP\AppData\Local\Temp\13074766167618683991.exe
C:\Users\ErangaP\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\ErangaP\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\ErangaP\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\ErangaP\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ErangaP\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\ErangaP\AppData\Local\Temp\nvStInst.exe
C:\Users\ErangaP\AppData\Local\Temp\procexp64.exe
C:\Users\ErangaP\AppData\Local\Temp\sfamcc00001.dll
C:\Users\ErangaP\AppData\Local\Temp\sfextra.dll
C:\Users\ErangaP\AppData\Local\Temp\sonarinst.exe
C:\Users\ErangaP\AppData\Local\Temp\SRLDetectionLibrary8147324385126139919.dll
C:\Users\ErangaP\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-21 13:17
 
==================== End of log ============================

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:35 PM

Posted 26 June 2015 - 07:34 AM

hi,

 

We will remove some items with FRST then go from there. Iam only on this site once or twice per day so you may not get a reply back from me until the next day.

 

copy/paste whats between the two lines below into notepad. Save it as fixlist.txt in the same location that you have FRST. Start FRST like before except this time click on the fix button once. Machine may reboot to finish the process. When done you will find fixlog.txt in the same location as FRST. Copy/paste the fixlog.txt in your reply.

 

----------------------------------------------------------

HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKU\S-1-5-21-2186957993-1702665829-950521371-1001\...\Run: [GalaxyClient] => [X]

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
2015-06-21 22:10 - 2015-06-21 22:10 - 00380416 _____ C:\Users\ErangaP\Downloads\sbnfkgn6.exe
C:\Users\ErangaP\AppData\Roaming\Origin\update.vbe
Task: {240C5839-8294-42D0-A626-28BE1D598C3A} - System32\Tasks\Origin => C:\Users\ErangaP\AppData\Roaming\Origin\update.vbe [2015-05-29] () <==== ATTENTION
EmptyTemp:
------------------------------------------------------------------------
 
did you install this: WinPcap 4.1.3   Its a packet capture library, but I didnt see any packet capture software on your machine.
do you know what this is:  C:\Users\ErangaP\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
 
 

 


How Can I Reduce My Risk to Malware?


#3 epunchy

epunchy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 26 June 2015 - 07:43 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by ErangaP at 2015-06-26 22:37:40 Run:1
Running from C:\Users\ErangaP\Downloads
Loaded Profiles: ErangaP (Available Profiles: ErangaP)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
2015-06-21 22:10 - 2015-06-21 22:10 - 00380416 _____ C:\Users\ErangaP\Downloads\sbnfkgn6.exe
C:\Users\ErangaP\AppData\Roaming\Origin\update.vbe
Task: {240C5839-8294-42D0-A626-28BE1D598C3A} - System32\Tasks\Origin => C:\Users\ErangaP\AppData\Roaming\Origin\update.vbe [2015-05-29] () <==== ATTENTION
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value removed successfully
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
cpuz137 => Service removed successfully
gdrv => Service removed successfully
GPUZ => Service removed successfully
C:\Users\ErangaP\Downloads\sbnfkgn6.exe => moved successfully.
C:\Users\ErangaP\AppData\Roaming\Origin\update.vbe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{240C5839-8294-42D0-A626-28BE1D598C3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{240C5839-8294-42D0-A626-28BE1D598C3A}" => key removed successfully
C:\Windows\System32\Tasks\Origin => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
EmptyTemp: => 4.4 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 22:39:24 ====
 
 
 
Thanks so much for even replying !
 
No i don't recognise either of those.


#4 epunchy

epunchy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 26 June 2015 - 07:45 AM

I should mention also that in the interim I had blocked the two files from the internet (so i could use at least use the computer). That stopped the usage, should i re allow it?



#5 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:35 PM

Posted 26 June 2015 - 08:02 AM

On second thought lets leave WinPcap. You have some networking software in your add/remove programs panel that may use it.

the other item you can delete manually.

 

 

I had blocked the two files from the internet (so i could use at least use the computer). That stopped the usage, should i re allow it?

These two files:

 'lsass.exe.' and 'svchost.exe in a Temp directory? Are they still appearing in a temp directory?

 

 

How Can I Reduce My Risk to Malware?


#6 epunchy

epunchy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 26 June 2015 - 08:10 AM

No sign of them in the temp or in the task manager and ive also disabled the firewall rules



#7 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:35 PM

Posted 26 June 2015 - 08:23 AM

ok good. Looks like WinPcap was installed the same day as cold turkey. Maybe it uses it since it seems to be some internet blocking software. Maybe filters packets for certain info.

I think your good to go. Miner should be gone anyway.

 

 


How Can I Reduce My Risk to Malware?


#8 epunchy

epunchy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 26 June 2015 - 08:28 AM

Yep it looks like cold turkey does install it specifically.

 

Brilliant. Honestly thank you so much for your time and patience.

 

 

All the best

Eranga



#9 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:35 PM

Posted 26 June 2015 - 08:40 AM

Ok, Your welcome. You can delete FRST.exe and its .txt files. Theres also a FRST folder in your root Drive C:

Happy safe surfing out there.


How Can I Reduce My Risk to Malware?


#10 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:35 PM

Posted 12 July 2015 - 01:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users