Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely high CPU usage from "system idle process" & "svchost.exe" processes


  • This topic is locked This topic is locked
6 replies to this topic

#1 handakes

handakes

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 03 September 2016 - 10:44 AM

Hi there,
as the titles says, i am having an unusually high usage of cpu from those 2 processes (25-80%) on my quad core 4.3 Ghz processor,which i highly doubt is normal. another weird thing i noticed is that it's periodic, meaning it would be very high during the day, but during the night it's fine! i am afraid my device has been infected with a bitcoin miner or something!
I am using Bitdefender free antivirus, and i also scanned with malewarebytes antimaleware to no avail, so i went ahead and did a FRST scan, here are the results
any input is highly appreciated, thanks a lot.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Scalpel (administrator) on SCALPEL-PC (03-09-2016 17:34:48)
Running from C:\Users\Scalpel\Desktop
Loaded Profiles: Scalpel (Available Profiles: Scalpel & FL2-MAN)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(MiniFrame LTD.) C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\vpnsvc.exe
(Slackerhome Productions) G:\GAMES\Sources\PS3 controller\BetterDS3_1.5.3\Better DS3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
() G:\Programs\ASTER (All Version) 2011 TRiViUM\RemoveBorders\BorderlessWindowed.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Cristi) C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
(Valve Corporation) K:\My New Super Games\Steam\Steam.exe
(Valve Corporation) K:\My New Super Games\Steam\bin\steamwebhelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [hshhsaaaws] => [X]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\Run: [dualmonitor] => [X]
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [974360 2016-07-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\MountPoints2: {0f40a47a-18ba-11e6-adce-c8600024f3a8} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\MountPoints2: {29dbe2ac-5977-11e6-ac28-c8600024f3a8} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\MountPoints2: {4a2932b6-6892-11e6-90bd-c8600024f3a8} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\MountPoints2: {e2b8414a-4ed5-11e6-ae75-c8600024f3a8} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\MountPoints2: {e2b84165-4ed5-11e6-ae75-c8600024f3a8} - E:\HiSuiteDownLoader.exe
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2016-02-21]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\Launcher.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2016-04-17]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
Startup: C:\Users\Scalpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Better DS3.exe - Shortcut.lnk [2016-02-21]
ShortcutTarget: Better DS3.exe - Shortcut.lnk -> G:\GAMES\Sources\PS3 controller\BetterDS3_1.5.3\Better DS3.exe (Slackerhome Productions)
Startup: C:\Users\Scalpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BorderlessWindowed.exe - Shortcut.lnk [2016-02-27]
ShortcutTarget: BorderlessWindowed.exe - Shortcut.lnk -> G:\Programs\ASTER (All Version) 2011 TRiViUM\RemoveBorders\BorderlessWindowed.exe ()
Startup: C:\Users\Scalpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DualMonitor.exe - Shortcut.lnk [2016-02-25]
ShortcutTarget: DualMonitor.exe - Shortcut.lnk -> C:\Program Files (x86)\Dual Monitor\DualMonitor.exe (Cristi)
Startup: C:\Users\Scalpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse.ahk - Shortcut.lnk [2016-04-12]
ShortcutTarget: Mouse.ahk - Shortcut.lnk -> G:\Programs\Autohotkey\Mouse.ahk ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 02 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 03 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 04 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 05 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 06 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 07 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 08 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 09 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 10 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9 21 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll [25600 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 01 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 02 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 03 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 04 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 05 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 06 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 07 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 08 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 09 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 10 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Winsock: Catalog9-x64 21 C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp64.dll [29696 2014-01-01] (MiniFrame LTD.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{0A785092-3AD0-4A7E-85F2-181583BB2F99}: [DhcpNameServer] 109.201.137.40 109.201.137.42
Tcpip\..\Interfaces\{B696DEB6-4840-40AA-AC2C-1222F943B51C}: [NameServer] 8.8.8.8,8.8.4.4
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1702868253-912040637-2832469744-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-05] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Scalpel\AppData\Roaming\Mozilla\Firefox\Profiles\2rqq10ag.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Extension: (Firefox Hotfix) - C:\Users\Scalpel\AppData\Roaming\Mozilla\Firefox\Profiles\2rqq10ag.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\Scalpel\AppData\Roaming\Mozilla\Firefox\Profiles\2rqq10ag.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-02]
FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2016-09-01] [not signed]
FF HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27]
FF HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Scalpel\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Scalpel\AppData\Roaming\IDM\idmmzcc5 [2016-08-29] [not signed]
FF HKU\S-1-5-21-1702868253-912040637-2832469744-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.google.com/"
CHR Profile: C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-21]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-08-17]
CHR Extension: (Entanglement Web App) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2016-02-21]
CHR Extension: (Google Docs) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-21]
CHR Extension: (Google Drive) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-21]
CHR Extension: (Blue Scalpel 2) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\beeeodlblpfkomblbeoobgiomahbgjdo [2016-02-21]
CHR Extension: (Web Developer) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-07-24]
CHR Extension: (YouTube) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-21]
CHR Extension: (History 2) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2016-02-21]
CHR Extension: (Adblock Plus) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Google Search) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-21]
CHR Extension: (Tampermonkey) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-24]
CHR Extension: (Simple Facebook) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fehonfajapnkdlogkffeemjoninangkk [2016-02-21]
CHR Extension: (Google Sheets) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-21]
CHR Extension: (EditThisCookie) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2016-02-21]
CHR Extension: (Google Docs Offline) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-09-01]
CHR Extension: (Video Blocker) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2016-08-10]
CHR Extension: (Better YouTube Watch History) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2016-03-28]
CHR Extension: (Poppit!) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-02-21]
CHR Extension: (Your Quality for YouTube™) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfcilgimggemnogfigihdkmapdhhlbph [2016-02-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (My Chrome Theme) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-02-21]
CHR Extension: (Gmail) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-21]
CHR Extension: (Chrome Media Router) - C:\Users\Scalpel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-07-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-07-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-07-21] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [394944 2016-04-12] (Scarlet.Crush Productions)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2016-02-02] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6435896 2016-03-04] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-08-12] (Bitdefender)
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\vpnsvc.exe [192720 2016-07-21] (eVenture Limited)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2783864 2016-08-27] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103168 2016-08-27] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-25] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 mfcoresvc; C:\Windows\system32\mfcoresvc.exe [16824 2016-03-19] ()
S3 MUTESV_SERVICE; C:\Program Files\ASTER-V7\mutesv.exe [8704 2010-09-01] () [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [322896 2016-02-18] (Locktime Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38240 2016-02-01] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-21] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-07-28] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
R2 SoftXpand 2011 Watchdog; C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe [34744 2014-01-01] (MiniFrame LTD.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AFTrafMgr1.1; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_1_64.sys [54712 2016-08-11] (AnchorFree Inc.)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [51872 2011-03-13] (Windows (R) Win 7 DDK provider) [File not signed]
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-02-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-21] (Bluestack System Inc. )
R3 CMUAC; C:\Windows\System32\DRIVERS\CMUAC.SYS [390656 2014-01-08] (C-Media Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R0 mfcore; C:\Windows\System32\drivers\mfcore.sys [80312 2016-03-19] ()
S3 MUTENX_SERVICE; C:\Windows\System32\DRIVERS\mutenx.sys [67728 2010-09-02] () [File not signed]
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [129152 2016-02-18] (Locktime Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [42856 2016-03-27] (Nefarius Software Solutions)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-02-17] (Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 ALSysIO; \??\C:\Users\Scalpel\AppData\Local\Temp\ALSysIO64.sys [X]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
U0 mfcorefs; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 17:34 - 2016-09-03 17:34 - 00031219 _____ C:\Users\Scalpel\Desktop\FRST.txt
2016-09-03 17:30 - 2016-09-03 17:34 - 00000000 ____D C:\FRST
2016-09-03 17:30 - 2016-09-03 17:30 - 02397696 _____ (Farbar) C:\Users\Scalpel\Desktop\FRST64.exe
2016-09-03 17:25 - 2016-09-03 17:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-03 17:24 - 2016-09-03 17:24 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-03 17:24 - 2016-09-03 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-03 17:24 - 2016-09-03 17:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-03 17:24 - 2016-09-03 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-03 17:24 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-03 17:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-03 17:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-03 17:20 - 2016-09-03 17:22 - 22851472 _____ (Malwarebytes ) C:\Users\Scalpel\Desktop\mbam-setup-2.2.1.1043.exe
2016-09-02 14:00 - 2016-09-02 14:00 - 00000398 __RSH C:\ProgramData\ntuser.pol
2016-09-02 14:00 - 2016-09-02 14:00 - 00000000 ____D C:\usb_driver
2016-09-02 03:29 - 2016-09-02 03:29 - 00000000 ____D C:\Users\Scalpel\AppData\LocalLow\Apple Computer
2016-09-02 03:29 - 2016-09-02 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-09-02 03:24 - 2016-09-02 03:29 - 00000000 ____D C:\Program Files (x86)\QuickTime Alternative
2016-09-02 03:24 - 2016-09-02 03:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime Alternative
2016-09-02 03:24 - 2010-03-17 22:53 - 00180224 _____ (Apple Inc.) C:\Windows\SysWOW64\QTCF.dll
2016-09-02 03:24 - 2010-03-17 22:53 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2016-09-02 03:24 - 2010-03-17 22:53 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2016-09-02 03:05 - 2016-09-02 03:05 - 00001178 _____ C:\Users\Scalpel\Desktop\AfterFX.exe - Shortcut.lnk
2016-09-02 02:43 - 2016-09-02 02:43 - 00001537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-09-02 02:43 - 2016-09-02 02:43 - 00000000 ____D C:\Adobe Application Manager 10.0
2016-09-02 02:28 - 2016-09-02 02:28 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-09-02 00:37 - 2016-09-02 02:52 - 494474014 _____ C:\Users\Scalpel\Desktop\battle.mp4
2016-09-01 19:19 - 2016-09-02 12:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-01 03:42 - 2016-08-25 22:50 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-09-01 03:41 - 2016-08-26 01:28 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 35182648 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 34801088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 28207672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 14093368 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-09-01 03:41 - 2016-08-26 01:28 - 10865704 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 10737632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 10278080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 09086856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 08875408 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 08680696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 03594808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 03160512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00956352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00941504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00892864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00686896 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00575984 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00520912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00408784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00223304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-09-01 03:41 - 2016-08-26 01:28 - 00181488 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00159352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00054728 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-09-01 03:41 - 2016-08-26 01:28 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-09-01 03:41 - 2016-08-26 01:28 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-09-01 02:21 - 2016-09-01 07:09 - 00000000 ____D C:\Users\Scalpel\Documents\Battlefield 1 Open Beta
2016-08-31 22:24 - 2016-08-31 22:24 - 00000703 _____ C:\Users\Public\Desktop\Battlefield 1 Open Beta.lnk
2016-08-31 22:24 - 2016-08-31 22:24 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2016-08-25 18:25 - 2016-08-25 18:25 - 00000000 ____D C:\Users\Scalpel\AppData\LocalLow\TheGameBakers
2016-08-25 11:56 - 2016-08-25 11:56 - 00000571 _____ C:\Users\Public\Desktop\Furi.lnk
2016-08-24 03:00 - 2016-08-24 03:00 - 00000000 ___RD C:\Users\Scalpel\iCloudDrive
2016-08-24 03:00 - 2016-08-24 03:00 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-08-24 02:55 - 2016-08-24 03:00 - 00000000 ____D C:\Users\Scalpel\AppData\Local\Apple Inc
2016-08-24 01:05 - 2016-09-02 03:24 - 00000000 ____D C:\ProgramData\Apple Computer
2016-08-24 01:05 - 2016-08-24 03:07 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\Apple Computer
2016-08-24 01:05 - 2016-08-24 03:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-24 01:05 - 2016-08-24 02:50 - 00000000 ____D C:\Users\Scalpel\AppData\Local\Apple Computer
2016-08-24 01:05 - 2016-08-24 01:05 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\Users\Scalpel\AppData\Local\Apple
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\ProgramData\Apple
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\Program Files\iTunes
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\Program Files\iPod
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\Program Files\Bonjour
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-08-24 01:05 - 2016-08-24 01:05 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-08-18 08:39 - 2016-08-18 08:39 - 00000000 ____D C:\Users\Scalpel\AppData\Local\openvr
2016-08-10 04:36 - 2016-08-10 04:36 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\SynthMaker
2016-08-10 04:36 - 2016-08-10 04:36 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\Acoustica
2016-08-10 04:35 - 2016-08-10 04:35 - 00002031 _____ C:\Users\Scalpel\AppData\Roaming\Microsoft\Windows\Start Menu\Mixcraft 6.lnk
2016-08-10 04:35 - 2016-08-10 04:35 - 00002007 _____ C:\Users\Scalpel\Desktop\Mixcraft 6.lnk
2016-08-10 04:35 - 2016-08-10 04:35 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 6
2016-08-10 04:35 - 2016-08-10 04:35 - 00000000 ____D C:\Program Files (x86)\VST
2016-08-10 04:34 - 2016-08-10 04:35 - 00000000 ____D C:\ProgramData\Acoustica
2016-08-10 04:34 - 2016-08-10 04:35 - 00000000 ____D C:\Program Files (x86)\Acoustica Mixcraft 6
2016-08-07 20:10 - 2016-08-07 20:10 - 00000016 _____ C:\ProgramData\mntemp
2016-08-07 20:10 - 2016-08-07 20:10 - 00000000 ____D C:\Users\Scalpel\AppData\Local\UnrealEngine
2016-08-07 20:10 - 2016-08-07 20:10 - 00000000 ____D C:\Users\Scalpel\AppData\Local\ShooterGame
2016-08-06 00:44 - 2016-09-01 02:00 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\sfv-mod-manager
2016-08-06 00:44 - 2016-08-06 00:44 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frosthaven
2016-08-06 00:44 - 2016-08-06 00:44 - 00000000 ____D C:\Users\Scalpel\AppData\Local\sfv
2016-08-04 02:25 - 2016-08-04 02:25 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\bizarre creations

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-01 21:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-09-03 17:34 - 2016-02-21 10:55 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\Steam
2016-09-03 17:30 - 2016-03-12 00:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-03 17:26 - 2016-02-24 01:35 - 00000000 ____D C:\Users\Scalpel\AppData\Local\CrashDumps
2016-09-03 17:23 - 2016-02-21 11:56 - 00686676 _____ C:\Windows\system32\perfh00C.dat
2016-09-03 17:23 - 2016-02-21 11:56 - 00483096 _____ C:\Windows\system32\perfh001.dat
2016-09-03 17:23 - 2016-02-21 11:56 - 00131306 _____ C:\Windows\system32\perfc00C.dat
2016-09-03 17:23 - 2016-02-21 11:56 - 00096030 _____ C:\Windows\system32\perfc001.dat
2016-09-03 17:23 - 2009-07-14 07:13 - 02171574 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-03 17:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-03 17:22 - 2009-07-14 06:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-03 17:22 - 2009-07-14 06:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-03 17:17 - 2016-02-21 05:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-03 17:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-03 17:16 - 2009-07-14 07:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-03 11:00 - 2016-04-17 00:05 - 00000428 _____ C:\Windows\Tasks\ScpUpdater.job
2016-09-02 17:35 - 2016-02-25 14:38 - 00000000 ____D C:\ProgramData\Origin
2016-09-02 14:00 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-09-02 13:22 - 2016-03-13 11:46 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-02 13:22 - 2016-02-21 07:04 - 00000000 ____D C:\Users\Scalpel\Documents\temp
2016-09-02 03:25 - 2016-02-21 06:42 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\Adobe
2016-09-02 02:51 - 2016-02-21 06:42 - 00000000 ____D C:\Users\Scalpel\AppData\Local\Adobe
2016-09-02 00:38 - 2016-06-11 20:32 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\HandBrake
2016-09-01 03:43 - 2016-02-21 06:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-01 03:43 - 2016-02-21 05:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-01 03:43 - 2016-02-21 05:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-01 03:42 - 2016-03-13 11:46 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-31 22:23 - 2016-02-21 05:59 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-30 01:57 - 2016-06-20 14:39 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\uTorrent
2016-08-29 21:51 - 2016-03-04 22:33 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\DMCache
2016-08-29 21:43 - 2016-03-04 22:33 - 00000000 ____D C:\Users\Scalpel\Downloads\Compressed
2016-08-27 08:08 - 2016-05-24 19:43 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-08-27 08:07 - 2016-05-24 19:50 - 00001055 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2016-08-27 08:07 - 2016-05-24 19:43 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2016-08-26 01:28 - 2016-03-13 11:46 - 19848080 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-08-26 01:28 - 2016-03-13 11:46 - 17463088 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-08-26 01:28 - 2016-03-13 11:46 - 17263792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-08-26 01:28 - 2016-03-13 11:46 - 14352816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-08-26 01:28 - 2016-03-13 11:46 - 03917512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-08-26 01:28 - 2016-03-13 11:46 - 03456888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-08-26 01:28 - 2016-03-13 11:46 - 01588688 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-08-26 01:28 - 2016-03-13 11:46 - 01019960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-08-26 01:28 - 2016-03-13 11:46 - 00039731 _____ C:\Windows\system32\nvinfo.pb
2016-08-25 23:10 - 2016-03-13 11:46 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-08-25 23:10 - 2016-03-13 11:46 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-08-25 23:10 - 2016-03-13 11:46 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-08-25 23:10 - 2016-03-13 11:46 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-08-25 23:10 - 2016-03-13 11:46 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-08-25 23:10 - 2016-03-13 11:46 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-08-25 23:10 - 2016-03-13 11:46 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-08-25 23:10 - 2016-03-13 11:46 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-08-25 11:42 - 2016-03-04 22:33 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\IDM
2016-08-24 03:33 - 2016-03-12 19:04 - 00000000 ____D C:\Users\Scalpel\Documents\My Games
2016-08-24 03:00 - 2016-02-21 05:59 - 02194076 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-08-24 03:00 - 2016-02-21 04:52 - 00000000 ____D C:\Users\Scalpel
2016-08-24 01:59 - 2016-07-22 03:23 - 00000000 ____D C:\Users\Scalpel\Documents\HiSuite
2016-08-22 17:18 - 2016-03-13 11:46 - 07320235 _____ C:\Windows\system32\nvcoproc.bin
2016-08-18 15:08 - 2016-07-30 13:30 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-09 04:48 - 2016-03-27 12:19 - 00000000 ____D C:\Users\Scalpel\AppData\Roaming\Hide.me
2016-08-08 21:47 - 2016-02-21 05:31 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-06 00:44 - 2016-05-09 14:24 - 00000000 ____D C:\Users\Scalpel\AppData\Local\SquirrelTemp
2016-08-05 03:50 - 2016-03-28 23:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-05 01:19 - 2016-02-27 03:41 - 00000000 ____D C:\ProgramData\Oracle
2016-08-05 01:01 - 2016-02-27 03:41 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-05 01:01 - 2016-02-27 03:41 - 00000000 ____D C:\Users\Scalpel\.oracle_jre_usage
2016-08-05 01:01 - 2016-02-27 03:41 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-05 01:01 - 2016-02-21 05:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== Files in the root of some directories =======

2016-02-21 08:55 - 2016-04-09 17:41 - 0000132 _____ () C:\Users\Scalpel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-02-21 09:25 - 2016-06-29 03:58 - 0007609 _____ () C:\Users\Scalpel\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Scalpel\AppData\Local\setup.txt
2016-02-21 05:34 - 2016-02-21 05:34 - 0170156 _____ () C:\ProgramData\1456025666.bdinstall.bin
2016-08-07 20:10 - 2016-08-07 20:10 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\FL2-MAN\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Scalpel\AppData\Local\Temp\AskSLib.dll
C:\Users\Scalpel\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Scalpel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Scalpel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Scalpel\AppData\Local\Temp\nvStInst.exe
C:\Users\Scalpel\AppData\Local\Temp\tmpEA7A.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION


LastRegBack: 2016-08-26 03:42

==================== End of FRST.txt ============================

attached below is also the addition.txt file.

Attached Files



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:10 AM

Posted 07 September 2016 - 02:58 AM

Just to let you know I am currently going over your logs. I should be finished very soon. Thank you for your patience.
To err is Human. To blame it on someone else is even more Human.

#3 handakes

handakes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 07 September 2016 - 09:32 AM

Just to let you know I am currently going over your logs. I should be finished very soon. Thank you for your patience.

 

thanks a lot for the heads up, i am checking the topic regularly for a reply.



#4 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:10 AM

Posted 07 September 2016 - 06:14 PM

I'm back. There was a lot to look up.

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

Is this a work computer, and are you aware that testsigning is set?

 https://msdn.microsoft.com/en-us/windows/hardware/drivers/install/introduction-to-test-signing

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall any pirated Adobe products, Internet Download manager and uTorrent Pro. and all other products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt and   ListBCD checked and post both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.


If you decide to remove the program(s) please do this.
 

CKScanner

--------------------

  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

  • CKScanner report
  • FRST report
  • Addition report

To err is Human. To blame it on someone else is even more Human.

#5 handakes

handakes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 08 September 2016 - 01:14 PM

thanks a lot for the reply, i appreciate the time you took to examine the report, and i know you are trying to help, but i live in this part of the world where most of what you said is simply not applicable, thanks though..
being infected using p2p clients is extremely unlikely in my case, i am a little paranoid and i check my sources multiple times before even attempting a download, i am using the best antivirus and internet security i can get my hands on, and i scan my computer regularly, besides, i was only trying to know if there is Actual infection or is it normal for this process to shoot up sometimes like this, which after a little search i found it "could" do that sometime, would be nice if you could confirm that or deny it by the way, but i understand if you would not offer further assistance. it's your forums, your rules, i get it.



#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:10 AM

Posted 09 September 2016 - 08:22 PM

Your most welcome to the time I've spent. Sorry I couldn't look further into this, but pirated software is a dangerous business, and not something we can condone.
 
Here is some more information. That I have no problem sharing.
 
For the "system idle process":
https://askleo.com/what_is_the_system_idle_process_and_why_is_it_using_most_of_the_cpu/
 
And on "svchost.exe" :
http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchostexe-process/
 
Good luck. 


To err is Human. To blame it on someone else is even more Human.

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:10 AM

Posted 16 September 2016 - 08:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users