Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GPU at 99% usage idle. Posible Bitcoin Miner


  • This topic is locked This topic is locked
4 replies to this topic

#1 Servatis

Servatis

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 05 March 2016 - 11:57 AM

Hello, my PC has been infected with a Trojan.

 

This two files (svchost.exe and lsass.exe) in C:\Windows\TEMP are recreated at startup if I try to delete them and there are log files in that same folder that appear to be from something called "Claymore CryptoNote CPU Miner  v3.3 Beta".

If I disable the network connection the GPU returns to the normal usage. I have tried to run several malware removal software and they delete the files but the keep reapearing once I restart the pc.

I'm runing Windows 10 so I can't use Combofix.

Here are the FRST logs (I'm not a native english speaker so I'm sorry if this is difficult to understand)

 

FRST log.
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016
Ran by Servatis (administrator) on ANDRES (05-03-2016 11:40:01)
Running from E:\Downloads
Loaded Profiles: Servatis (Available Profiles: Servatis)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-2424015237-2430645784-1087269498-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-2424015237-2430645784-1087269498-1001\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games Social Club\RGSCLauncher.exe [306088 2008-12-12] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-2424015237-2430645784-1087269498-1001\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15665664 2015-11-29] ()
HKU\S-1-5-21-2424015237-2430645784-1087269498-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2424015237-2430645784-1087269498-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-2424015237-2430645784-1087269498-1001\...\RunOnce: [Uninstall C:\Users\Servatis\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Servatis\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2424015237-2430645784-1087269498-1001\...\RunOnce: [Uninstall C:\Users\Servatis\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Servatis\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-2424015237-2430645784-1087269498-1001\...\Policies\system: [DisableLockWorkstation] 0
IFEO\databasecompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\radeonpro.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\spreadsheetcompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\Servatis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-05-24]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Servatis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2014-11-01]
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 activation.guitar-pro.com
Tcpip\..\Interfaces\{1d092379-6be1-4904-8605-762eacec13d0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{1d092379-6be1-4904-8605-762eacec13d0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b8fb99ba-84b6-4386-a7a6-a850867978ec}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Servatis\AppData\Roaming\Mozilla\Firefox\Profiles\csd2y3ax.default
FF Homepage: about:home
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF user.js: detected! => C:\Users\Servatis\AppData\Roaming\Mozilla\Firefox\Profiles\csd2y3ax.default\user.js [2014-12-25]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: Fasterfox - C:\Users\Servatis\AppData\Roaming\Mozilla\Firefox\Profiles\csd2y3ax.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-08-19]
FF Extension: Spanish (Spain) Dictionary - C:\Users\Servatis\AppData\Roaming\Mozilla\Firefox\Profiles\csd2y3ax.default\Extensions\es-es@dictionaries.addons.mozilla.org [2016-02-02]
FF Extension: Firebug - C:\Users\Servatis\AppData\Roaming\Mozilla\Firefox\Profiles\csd2y3ax.default\Extensions\firebug@software.joehewitt.com.xpi [2016-03-02]
FF Extension: Password Exporter - C:\Users\Servatis\AppData\Roaming\Mozilla\Firefox\Profiles\csd2y3ax.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-06-26]
FF Extension: Adblock Plus - C:\Users\Servatis\AppData\Roaming\Mozilla\Firefox\Profiles\csd2y3ax.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT2851619&SearchSource=48","hxxp://start.iminent.com/?appId=2F699201-BA68-47FE-BF2B-A09B2FF2DE3E","hxxp://www.google.com.co/"
CHR Profile: C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Presentaciones de Google) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Mp3Skull Toolbar) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaehjnjgheaikfecjlfokolkoalpnda [2015-02-25]
CHR Extension: (Google Docs) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Búsqueda de Google) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Negro y tema blanco) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmohofkmppcgglcmlccpbokkkefigipi [2014-11-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-02-28]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-01-13]
CHR Extension: (FastestChrome - Navegue más rápido) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-11-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Visualizador de archivos PDF/PowerPoint de Google Docs) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-11-01]
CHR Extension: (4chan X) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2016-03-04]
CHR Extension: (Enhanced Steam) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-01-22]
CHR Extension: (Gmail) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (PR Checker) - C:\Users\Servatis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc [2014-11-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-07-30] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-03-04] (Electronic Arts)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-03-05] (Power Admin LLC)
S4 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2970424 2015-06-29] (AVG Technologies)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102400 2016-02-26] (Advanced Micro Devices)
R3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-10-24] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-10-24] (Windows ® Win 7 DDK provider)
R3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mlkumidi; C:\Windows\system32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-03-05] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
U5 vjoy; C:\Windows\System32\Drivers\vjoy.sys [44656 2014-09-15] (Shaul Eizikovich)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-01-23] (Wellbia.com Co., Ltd.)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-05 11:16 - 2016-03-05 11:16 - 00000000 ____D C:\Users\Servatis\AppData\Roaming\ATI
2016-03-05 11:16 - 2016-03-05 11:16 - 00000000 ____D C:\Users\Servatis\AppData\Local\ATI
2016-03-05 11:16 - 2016-03-05 11:16 - 00000000 ____D C:\ProgramData\ATI
2016-03-05 11:10 - 2016-03-05 11:10 - 00016148 _____ C:\WINDOWS\system32\ANDRES_Servatis_HistoryPrediction.bin
2016-03-05 11:06 - 2016-03-05 11:06 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-03-05 11:05 - 2016-03-05 11:05 - 00000000 ____D C:\Users\Servatis\AppData\Local\AMD
2016-03-05 11:05 - 2016-03-05 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-03-05 11:05 - 2016-03-05 11:05 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-03-05 11:05 - 2016-03-05 11:05 - 00000000 ____D C:\Program Files (x86)\AMD
2016-03-05 11:05 - 2016-03-05 11:05 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-03-05 11:04 - 2016-03-05 11:04 - 00000000 ____D C:\AMD
2016-03-05 10:36 - 2016-03-05 10:36 - 00189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2016-03-05 10:34 - 2016-03-05 10:34 - 00000000 ____D C:\WINDOWS\LastGood
2016-03-05 10:18 - 2016-03-05 11:10 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-05 10:17 - 2016-03-05 11:08 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-03-05 10:16 - 2016-03-05 10:16 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-05 09:40 - 2016-03-05 11:40 - 00000000 ____D C:\FRST
2016-03-05 09:38 - 2016-03-05 10:36 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-05 09:38 - 2016-03-05 10:01 - 00291434 _____ C:\WINDOWS\ntbtlog.txt
2016-03-05 08:54 - 2016-03-05 10:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-05 08:52 - 2016-03-05 09:51 - 00000000 ____D C:\Users\Servatis\Desktop\mbar
2016-03-05 08:33 - 2016-03-05 09:52 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-05 08:33 - 2016-03-05 09:41 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-05 08:33 - 2016-03-05 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-05 08:33 - 2016-03-05 08:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 08:33 - 2016-03-05 08:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-05 08:33 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-05 08:33 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-05 08:11 - 2016-03-05 08:11 - 00001159 _____ C:\Users\Servatis\Desktop\MSI Afterburner.lnk
2016-03-05 05:53 - 2016-03-05 05:53 - 00000000 ____D C:\Users\Servatis\Documents\Criterion Games
2016-03-04 20:54 - 2016-03-04 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™ Most Wanted
2016-03-04 15:18 - 2016-03-04 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2016-03-02 08:17 - 2016-03-02 08:18 - 06568344 _____ (Tim Kosse) C:\Users\Servatis\Downloads\FileZilla_3.16.0_win64-setup.exe
2016-02-29 07:01 - 2016-02-29 07:01 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-02-28 00:21 - 2016-01-31 01:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-28 00:21 - 2016-01-31 01:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-28 00:21 - 2016-01-31 01:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-28 00:21 - 2016-01-31 01:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-28 00:21 - 2016-01-31 01:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-28 00:21 - 2016-01-31 01:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-28 00:21 - 2016-01-31 01:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-28 00:21 - 2016-01-31 01:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-28 00:21 - 2016-01-31 01:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-28 00:21 - 2016-01-31 01:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-28 00:21 - 2016-01-31 00:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-28 00:21 - 2016-01-31 00:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-28 00:21 - 2016-01-31 00:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-28 00:21 - 2016-01-31 00:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-28 00:21 - 2016-01-31 00:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-28 00:21 - 2016-01-31 00:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-28 00:21 - 2016-01-31 00:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-28 00:21 - 2016-01-31 00:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-28 00:21 - 2016-01-31 00:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-28 00:21 - 2016-01-31 00:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-28 00:21 - 2016-01-31 00:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-28 00:21 - 2016-01-31 00:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-28 00:21 - 2016-01-31 00:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-28 00:21 - 2016-01-31 00:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-28 00:21 - 2016-01-31 00:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-28 00:21 - 2016-01-31 00:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-28 00:21 - 2016-01-31 00:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-28 00:21 - 2016-01-31 00:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-28 00:21 - 2016-01-31 00:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-28 00:21 - 2016-01-31 00:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-28 00:21 - 2016-01-31 00:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-28 00:21 - 2016-01-31 00:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-28 00:21 - 2016-01-31 00:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-28 00:21 - 2016-01-31 00:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-28 00:21 - 2016-01-31 00:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-28 00:21 - 2016-01-31 00:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-28 00:21 - 2016-01-31 00:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-28 00:21 - 2016-01-31 00:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-28 00:21 - 2016-01-31 00:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-28 00:21 - 2016-01-31 00:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-28 00:21 - 2016-01-31 00:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-28 00:21 - 2016-01-31 00:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-28 00:21 - 2016-01-31 00:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-28 00:21 - 2016-01-31 00:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-28 00:21 - 2016-01-31 00:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-28 00:21 - 2016-01-31 00:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-28 00:21 - 2016-01-31 00:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-28 00:21 - 2016-01-31 00:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-28 00:21 - 2016-01-31 00:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-28 00:21 - 2016-01-31 00:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-02-28 00:21 - 2016-01-31 00:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-28 00:21 - 2016-01-31 00:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-28 00:21 - 2016-01-31 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-28 00:21 - 2016-01-31 00:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-28 00:21 - 2016-01-31 00:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-28 00:21 - 2016-01-30 23:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-28 00:21 - 2016-01-30 23:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-26 16:01 - 2016-02-26 16:01 - 00118608 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 13408208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 11108696 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 08089248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 01506000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 01237200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00458472 _____ C:\WINDOWS\system32\amdmiracast.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00120656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00110344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2016-02-26 16:00 - 2016-02-26 16:00 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2016-02-26 15:59 - 2016-02-26 15:59 - 10963496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2016-02-26 15:59 - 2016-02-26 15:59 - 09176928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2016-02-26 15:59 - 2016-02-26 15:59 - 09017808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2016-02-26 15:57 - 2016-02-26 15:57 - 00296648 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2016-02-26 15:54 - 2016-02-26 15:54 - 00023240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmafd.sys
2016-02-26 15:53 - 2016-02-26 15:53 - 23981568 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2016-02-26 15:48 - 2016-02-26 15:48 - 49988096 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2016-02-26 15:48 - 2016-02-26 15:48 - 00235008 _____ C:\WINDOWS\system32\clinfo.exe
2016-02-26 15:47 - 2016-02-26 15:47 - 41510400 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2016-02-26 15:45 - 2016-02-26 15:45 - 00065024 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-02-26 15:45 - 2016-02-26 15:45 - 00059392 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-02-26 15:44 - 2016-02-26 15:44 - 27596288 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2016-02-26 15:44 - 2016-02-26 15:44 - 22348288 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2016-02-26 15:23 - 2016-02-26 15:23 - 00693248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2016-02-26 15:23 - 2016-02-26 15:23 - 00574464 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2016-02-26 15:23 - 2016-02-26 15:23 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2016-02-26 15:22 - 2016-02-26 15:22 - 06644224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2016-02-26 15:22 - 2016-02-26 15:22 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2016-02-26 15:18 - 2016-02-26 15:18 - 05223936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2016-02-26 15:18 - 2016-02-26 15:18 - 00102400 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
2016-02-26 15:17 - 2016-02-26 15:17 - 00103424 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2016-02-26 15:15 - 2016-02-26 15:15 - 00134656 _____ C:\WINDOWS\system32\amdhdl64.dll
2016-02-26 15:15 - 2016-02-26 15:15 - 00123392 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2016-02-26 15:14 - 2016-02-26 15:14 - 31378944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2016-02-26 15:14 - 2016-02-26 15:14 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2016-02-26 15:14 - 2016-02-26 15:14 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2016-02-26 15:13 - 2016-02-26 15:13 - 08008192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2016-02-26 15:11 - 2016-02-26 15:11 - 09804288 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2016-02-26 15:11 - 2016-02-26 15:11 - 00865280 _____ (AMD) C:\WINDOWS\system32\coinst_15.30.dll
2016-02-26 15:11 - 2016-02-26 15:11 - 00686208 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2016-02-26 15:11 - 2016-02-26 15:11 - 00686208 _____ C:\WINDOWS\system32\atiapfxx.blb
2016-02-26 15:11 - 2016-02-26 15:11 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2016-02-26 15:11 - 2016-02-26 15:11 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2016-02-26 15:10 - 2016-02-26 15:10 - 15711744 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2016-02-26 15:10 - 2016-02-26 15:10 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2016-02-26 15:10 - 2016-02-26 15:10 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2016-02-26 15:10 - 2016-02-26 15:10 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2016-02-26 15:09 - 2016-02-26 15:09 - 25841152 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2016-02-26 15:09 - 2016-02-26 15:09 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2016-02-26 15:08 - 2016-02-26 15:08 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2016-02-26 15:08 - 2016-02-26 15:08 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2016-02-26 15:06 - 2016-02-26 15:06 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2016-02-26 15:05 - 2016-02-26 15:05 - 00204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2016-02-26 15:05 - 2016-02-26 15:05 - 00204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2016-02-26 15:05 - 2016-02-26 15:05 - 00157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2016-02-26 15:05 - 2016-02-26 15:05 - 00157144 _____ C:\WINDOWS\system32\ativvsva.dat
2016-02-26 15:04 - 2016-02-26 15:04 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2016-02-26 15:04 - 2016-02-26 15:04 - 00224256 _____ C:\WINDOWS\system32\dgtrayicon.exe
2016-02-26 15:04 - 2016-02-26 15:04 - 00209920 _____ C:\WINDOWS\system32\GameManager64.dll
2016-02-26 15:04 - 2016-02-26 15:04 - 00204800 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2016-02-26 15:04 - 2016-02-26 15:04 - 00189952 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2016-02-26 15:04 - 2016-02-26 15:04 - 00186368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2016-02-26 15:04 - 2016-02-26 15:04 - 00162304 _____ C:\WINDOWS\system32\atieah64.exe
2016-02-26 15:04 - 2016-02-26 15:04 - 00145408 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2016-02-26 15:04 - 2016-02-26 15:04 - 00078336 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2016-02-26 15:03 - 2016-02-26 15:03 - 00562688 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2016-02-26 15:03 - 2016-02-26 15:03 - 00249344 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2016-02-26 15:03 - 2016-02-26 15:03 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2016-02-26 15:02 - 2016-02-26 15:02 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2016-02-26 14:58 - 2016-02-26 14:58 - 01272832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2016-02-26 14:58 - 2016-02-26 14:58 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2016-02-26 14:58 - 2016-02-26 14:58 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2016-02-26 14:58 - 2016-02-26 14:58 - 00674816 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2016-02-26 14:58 - 2016-02-26 14:58 - 00157696 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2016-02-26 14:58 - 2016-02-26 14:58 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2016-02-26 14:58 - 2016-02-26 14:58 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2016-02-26 14:58 - 2016-02-26 14:58 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2016-02-26 14:58 - 2016-02-26 14:58 - 00075776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2016-02-26 14:58 - 2016-02-26 14:58 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2016-02-26 14:58 - 2016-02-26 14:58 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2016-02-26 14:57 - 2016-02-26 14:57 - 00195072 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2016-02-26 14:57 - 2016-02-26 14:57 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2016-02-26 14:56 - 2016-02-26 14:56 - 00174592 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2016-02-05 19:31 - 2016-02-05 19:32 - 06554232 _____ (Tim Kosse) C:\Users\Servatis\Downloads\FileZilla_3.15.0.1_win64-setup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-05 11:35 - 2015-12-12 05:45 - 00000000 ____D C:\Users\Servatis\AppData\Roaming\Anvsoft
2016-03-05 11:33 - 2014-11-01 16:58 - 00000000 ____D C:\Users\Servatis\AppData\Roaming\uTorrent
2016-03-05 11:30 - 2014-11-01 15:18 - 00001050 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-05 11:26 - 2015-03-21 05:00 - 00000000 ____D C:\Users\Servatis\AppData\Roaming\qBittorrent
2016-03-05 11:19 - 2014-11-01 15:18 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{81EBEE70-BFEE-4B2E-A601-01616603A5E5}
2016-03-05 11:16 - 2015-07-29 22:21 - 00968010 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-05 11:16 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-03-05 11:12 - 2014-11-08 05:04 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-03-05 11:10 - 2015-07-29 22:22 - 00000000 ____D C:\Users\Servatis
2016-03-05 11:10 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-05 11:10 - 2015-06-18 16:15 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-05 11:10 - 2014-12-06 07:15 - 00264533 ____N C:\WINDOWS\Minidump\030516-10953-01.dmp
2016-03-05 11:10 - 2014-11-01 15:18 - 00001046 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-05 11:07 - 2014-12-05 17:57 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-03-05 11:06 - 2015-07-10 04:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-03-05 11:06 - 2015-05-21 00:59 - 00003130 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2016-03-05 11:05 - 2014-12-05 17:42 - 00000000 ____D C:\Program Files\AMD
2016-03-05 10:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-05 10:21 - 2014-12-06 07:15 - 00264533 ____N C:\WINDOWS\Minidump\030516-10750-01.dmp
2016-03-05 10:18 - 2014-12-06 07:15 - 00262485 ____N C:\WINDOWS\Minidump\030516-10781-01.dmp
2016-03-05 09:29 - 2015-06-18 20:58 - 00000000 ____D C:\Users\Servatis\AppData\Local\Battle.net
2016-03-05 09:05 - 2015-05-03 03:39 - 00000000 ____D C:\Users\Servatis\AppData\Local\CrashDumps
2016-03-05 08:50 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-03-05 08:50 - 2014-11-01 16:59 - 00000000 ____D C:\ProgramData\APN
2016-03-05 08:29 - 2014-11-01 16:38 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2016-03-05 08:11 - 2016-01-11 15:25 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-03-05 08:11 - 2015-01-15 05:43 - 00000000 ____D C:\ProgramData\Origin
2016-03-05 07:25 - 2014-11-08 13:31 - 00000000 ____D C:\Users\Servatis\AppData\Local\Last.fm
2016-03-05 07:25 - 2014-11-08 12:10 - 00000000 ____D C:\Users\Servatis\AppData\Roaming\Skype
2016-03-05 06:07 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-05 04:52 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-04 20:42 - 2016-01-22 16:25 - 00002266 _____ C:\WINDOWS\System32\Tasks\Origin
2016-03-04 17:02 - 2015-12-19 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-03-04 17:02 - 2015-12-19 00:19 - 00000000 ____D C:\Program Files\CPUID
2016-03-04 13:58 - 2014-11-01 16:57 - 00000000 ____D C:\Users\Servatis\AppData\Roaming\AIMP3
2016-03-04 13:55 - 2015-09-17 04:50 - 00000000 ____D C:\Users\Servatis\AppData\Local\Origin
2016-03-04 13:31 - 2015-09-17 04:44 - 00000000 ____D C:\Program Files (x86)\Origin
2016-03-04 13:31 - 2014-11-01 18:05 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-04 12:06 - 2015-03-14 19:19 - 00000000 ____D C:\Users\Servatis\AppData\Roaming\TeamViewer
2016-03-04 08:02 - 2014-11-04 03:00 - 00000000 ____D C:\Users\Servatis\AppData\Roaming\FileZilla
2016-03-04 06:27 - 2014-11-04 03:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-03-04 06:27 - 2014-11-04 03:00 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-03-04 06:01 - 2014-12-15 02:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-03 20:04 - 2014-11-21 23:02 - 00000000 ____D C:\Users\Servatis\AppData\Roaming\Audacity
2016-03-03 18:28 - 2014-11-01 19:54 - 00000016 _____ C:\WINDOWS\SysWOW64\w3data.vss
2016-03-03 18:28 - 2014-11-01 19:54 - 00000016 _____ C:\WINDOWS\SysWOW64\msvcsv60.dll
2016-03-03 18:28 - 2014-11-01 19:54 - 00000016 _____ C:\WINDOWS\msocreg32.dat
2016-03-03 18:28 - 2014-11-01 19:54 - 00000016 _____ C:\Users\Servatis\AppData\Roaming\msregsvv.dll
2016-03-03 18:28 - 2014-11-01 19:54 - 00000016 _____ C:\ProgramData\autobk.inc
2016-03-03 18:28 - 2014-11-01 19:47 - 00000000 ____D C:\Users\Servatis\Documents\Addictive Drums 2 Logs
2016-03-03 18:26 - 2014-11-01 16:19 - 00000000 ____D C:\Users\Servatis\AvidLogFiles
2016-03-02 17:02 - 2014-11-08 05:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-01 23:47 - 2012-11-19 22:01 - 00000000 ____D C:\Users\Servatis\Documents\My Games
2016-02-29 16:27 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-28 05:31 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-28 00:31 - 2014-11-01 15:20 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-28 00:26 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-28 00:25 - 2014-11-01 16:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-28 00:21 - 2014-11-01 16:59 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-27 23:39 - 2014-11-01 16:34 - 00000000 ____D C:\Users\Servatis\AppData\Local\ElevatedDiagnostics
2016-02-05 23:59 - 2014-11-01 14:59 - 00000000 ____D C:\Users\Servatis\AppData\Local\Packages
 
==================== Files in the root of some directories =======
 
2014-11-13 06:11 - 2015-12-04 05:54 - 0000034 _____ () C:\Users\Servatis\AppData\Roaming\AdobeWLCMCache.dat
2015-12-30 21:43 - 2015-12-30 15:36 - 0012005 _____ () C:\Users\Servatis\AppData\Roaming\alsoft.ini
2014-11-01 16:18 - 2014-11-01 19:42 - 0534090 _____ () C:\Users\Servatis\AppData\Roaming\AvidCoreRuntime_Install.log
2014-11-01 19:54 - 2016-03-03 18:28 - 0000016 _____ () C:\Users\Servatis\AppData\Roaming\msregsvv.dll
2015-03-08 12:07 - 2015-11-06 11:32 - 0001456 _____ () C:\Users\Servatis\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-16 05:35 - 2015-01-16 10:09 - 0000600 _____ () C:\Users\Servatis\AppData\Local\PUTTY.RND
2014-11-23 12:36 - 2015-07-30 00:07 - 0007598 _____ () C:\Users\Servatis\AppData\Local\Resmon.ResmonCfg
2014-11-01 19:54 - 2016-03-03 18:28 - 0000016 _____ () C:\ProgramData\autobk.inc
2015-07-29 23:13 - 2015-07-29 23:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Servatis\AppData\Roaming\Origin\update.vbe
 
 
Some files in TEMP:
====================
C:\Users\Servatis\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Servatis\AppData\Local\Temp\Cleanup.dll
C:\Users\Servatis\AppData\Local\Temp\ddu.exe
C:\Users\Servatis\AppData\Local\Temp\difxapi.dll
C:\Users\Servatis\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Servatis\AppData\Local\Temp\msvcm80.dll
C:\Users\Servatis\AppData\Local\Temp\msvcp80.dll
C:\Users\Servatis\AppData\Local\Temp\msvcr80.dll
C:\Users\Servatis\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 10:00
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 05 March 2016 - 09:16 PM

Hello Servatis and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------

Uninstall Please:

TuneUp Utilities
AVG PC TuneUp
Free VPN - Hola

==============================================================================================

Going over your logs I noticed that you have µTorrent and Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==================================================================================================

 

System32\Tasks\AutoKMS
KMSpico

 

This PC is running pirate software from Microsoft. Kmspico is used to bypass Windows activation right?  Bleepingcomputer dose not support the use of such tools. And discussing such things here is against the rules.

 

 A sure way of getting hacked, Are you sure that software hasnt got a rat in it.? (Remote assistance tool or some other back door to your system)

 

But  I'll try to help still.

==================================================================================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Servatis

Servatis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 07 March 2016 - 07:02 AM

Hello Yılmaz. Thanks for your help! I was able to find and delete the malware just before your reply (it was in an Origin false folder) and now my pc is working normally again. I ran Malwarebytes Anti-Malware and Zemana Antimalware and they both came out clean.

Again, thank you for your help. I just found this forum two days ago and I'm liking it a lot.



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 07 March 2016 - 02:22 PM

Well,If you wish to continue ,you must send reports.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 05 April 2016 - 09:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users