Over 1 million tech questions and answers.

Infected with a miner (question mark?)

Q: Infected with a miner (question mark?)

Hello! I've been helped in the past by this forum, so I thought I might give it another go (also thinking about joining the training program, seems about fun and fitting for my knowledge - IT student who loves to help - so yeah).Back on topic however!I've been infected with something that takes 25% of my CPU under the process "svchost.exe".I checked and it's the actual system process, not a fake or misspelled one. I used process explorer to check what service it was, and apparently, it's wuauserv, Windows Update?I deleted most of the infection, it had a task in the Task Scheduler (fake Steam task, Steam doesn't create tasks) and a couple of folders in appdata (!) where it ran.The file had, surprisingly, no extension. It was just called "Steam", about two MBs in size. I deleted that and other suspicious files I didn't download or install myself.Apparently, the only instance remaining is the one under svchost. I have attached the Addition.txt file. Here are two screenshots (taken with Gyazo)Task manager showing %CPU for the process: https://gyazo.com/9d9c50f451c94dd095de4034152cabe4Process Explorer information on that process: https://gyazo.com/5dd83c775698b8c29bbc13435657ec38 Here's the scan log:  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-06-2016Ran by Edo (administrator) on HAF-X (15-06-2016 22:14:55)Running from D:\Tutto\DownloadLoaded Profiles: Edo (Available Profiles: Edo)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Inglese (Stati Uniti)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe() C:\Windows\SysWOW64\PnkBstrA.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Flux Software LLC) C:\Users\Edo\AppData\Local\FluxSoftware\Flux\flux.exe(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(React) D:\Tutto\Giochi\ReactMW2\iw4m.exe(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Audition CC 2015\32\dynamiclinkmanager.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Audition CC 2015\32\Adobe QT32 Server.exe(Sysinternals - www.sysinternals.com) D:\Program Files (x86)\Process Explorer (ProcExp)\procexp.exe(Sysinternals - www.sysinternals.com) C:\Users\Edo\AppData\Local\Temp\procexp64.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Telegram Messenger LLP) D:\Program Files (x86)\Telegram\Telegram.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Run: [f.lux] => C:\Users\Edo\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\MountPoints2: {fcf99702-2b12-11e6-81e6-bc5ff45b0521} - E:\aocsetup.exe /autorunHKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\MountPoints2: {fcf99711-2b12-11e6-81e6-bc5ff45b0521} - F:\setup.exeHKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-21] (Microsoft Corporation)ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{02CCBA1B-B585-41A0-83FA-706EF7700B9A}: [DhcpNameServer] 192.168.1.1Internet Explorer:==================BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-17] (Oracle Corporation)BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-17] (Oracle Corporation)FireFox:========FF ProfilePath: C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-28] ()FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-17] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-17] (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-28] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Edo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @talk.google.com/O1DPlugin -> C:\Users\Edo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)FF Plugin HKU\S-1-5-21-3000302092-2520746345-460137575-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Edo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Edo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)FF Extension: Web Developer - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-04-27]FF Extension: Google Translator for Firefox - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\extensions\[email protected] [2016-04-28]FF Extension: Greasemonkey - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-04-29]FF Extension: MEGA - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\Extensions\[email protected] [2016-06-14]FF Extension: uBlock Origin - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\Extensions\[email protected] [2016-05-02]FF Extension: Adblock Plus - C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\5ehf03mu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]Chrome:=======CHR HomePage: Default -> hxxp://www.google.it/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Profile: C:\Users\Edo\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Steam Community SteamRep Integration) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclmldkenecanphogeaacolljiphmnk [2015-10-19]CHR Extension: (Presentazioni Google) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-19]CHR Extension: (Steam item search between friends.) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlddciniccidokpjhppahkoefohkchg [2015-10-19]CHR Extension: (Documenti Google) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-19]CHR Extension: (Google Drive) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]CHR Extension: (MEGA) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-05-23]CHR Extension: (YouTube) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]CHR Extension: (Google Search) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]CHR Extension: (Fogli Google) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-19]CHR Extension: (FBDown Video Downloader) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2016-05-07]CHR Extension: (Stylish) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-05-07]CHR Extension: (Google Documenti offline) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-07]CHR Extension: (AdBlock) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-23]CHR Extension: (Last.fm Scrobbler) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-05-07]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-05-07]CHR Extension: (Window Resizer) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2016-05-23]CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-07]CHR Extension: (Gmail) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-19]CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2015-10-19]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-01-22] (Electronic Arts)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-10-29] ()S3 PSEXESVC; C:\Windows\PSEXESVC.exe [189792 2016-06-11] (Sysinternals)S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-10-19] (Disc Soft Ltd)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)S3 RTCore64; D:\Program Files (x86)\Afterburner\RTCore64.sys [13512 2015-12-09] ()S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11968 2000-06-28] () [File not signed]R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)S3 HWiNFO32; \??\C:\Users\Edo\AppData\Local\Temp\HWiNFO64A.SYS [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-06-15 22:14 - 2016-06-15 22:14 - 00000000 ____D C:\FRST2016-06-15 21:54 - 2016-06-15 21:54 - 00006172 _____ C:\Windows\system32\PerfStringBackup.TMP2016-06-15 21:50 - 2016-06-15 21:50 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-06-15 21:50 - 2016-06-15 21:50 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-06-15 21:48 - 2016-06-15 21:48 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-06-15 19:31 - 2016-06-15 19:31 - 00000000 ____D C:\f4a9135958f4e456d8b9d4dd422016-06-15 19:24 - 2016-06-15 19:24 - 00007679 _____ C:\Users\Edo\AppData\Local\Resmon.ResmonCfg2016-06-15 18:45 - 2016-06-15 18:46 - 00000000 ____D C:\Windows\system32\appmgmt2016-06-15 18:29 - 2016-06-15 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2016-06-14 18:10 - 2016-06-14 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devkitPro2016-06-14 18:10 - 2016-06-14 18:10 - 00000000 ____D C:\devkitPro2016-06-14 01:10 - 2016-06-14 05:48 - 00000000 ____D C:\Users\Edo\Documents\The Witcher 32016-06-12 20:41 - 2016-06-12 20:41 - 00000000 ____D C:\Users\Edo\Documents\3DSSaveBank2016-06-11 19:02 - 2015-06-07 01:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll2016-06-11 19:02 - 2015-06-07 01:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll2016-06-11 19:02 - 2015-06-07 01:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll2016-06-11 13:40 - 2016-06-11 13:40 - 00001238 _____ C:\Users\Edo\Desktop\Forgotten Empires.lnk2016-06-11 03:39 - 2016-06-11 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoC 1.0e Patch2016-06-11 03:34 - 2016-06-11 03:34 - 00000791 _____ C:\Users\Public\Desktop\The Conquerors.lnk2016-06-11 03:08 - 2016-06-11 03:08 - 00189792 _____ (Sysinternals) C:\Windows\PSEXESVC.exe2016-06-11 03:07 - 2014-04-28 14:44 - 00396480 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsExec.exe2016-06-11 03:07 - 2014-01-29 08:23 - 00227520 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\psping.exe2016-06-11 03:07 - 2012-10-17 18:28 - 00171608 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pspasswd.exe2016-06-11 03:07 - 2012-10-01 09:23 - 00066582 _____ C:\Windows\system32\Pstools.chm2016-06-11 03:07 - 2012-06-21 23:34 - 00468592 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pskill.exe2016-06-11 03:07 - 2012-03-22 15:53 - 00232232 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\pslist.exe2016-06-11 03:07 - 2010-04-27 11:04 - 00390520 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsInfo.exe2016-06-11 03:07 - 2010-04-27 11:04 - 00333176 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsGetsid.exe2016-06-11 03:07 - 2010-04-27 11:04 - 00183160 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsLoggedon.exe2016-06-11 03:07 - 2010-04-27 11:04 - 00178040 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\psloglist.exe2016-06-11 03:07 - 2010-04-27 11:04 - 00169848 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\PsService.exe2016-06-11 03:07 - 2007-11-06 09:17 - 00000039 _____ C:\Windows\system32\psversion.txt2016-06-11 03:07 - 2006-12-04 17:53 - 00207664 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\psshutdown.exe2016-06-11 03:07 - 2006-12-04 17:53 - 00187184 _____ (Sysinternals) C:\Windows\system32\pssuspend.exe2016-06-11 03:07 - 2006-12-04 17:53 - 00105264 _____ (Sysinternals) C:\Windows\system32\psfile.exe2016-06-11 03:07 - 2006-07-28 09:32 - 00007005 _____ C:\Windows\system32\Eula.txt2016-06-11 02:58 - 2016-06-11 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games2016-06-11 02:58 - 2016-06-11 02:58 - 00000886 _____ C:\Users\Public\Desktop\Age of Empires II.lnk2016-06-11 02:01 - 2016-06-11 02:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT2016-06-11 02:01 - 2016-06-03 09:38 - 39979576 _____ C:\Windows\system32\nvcompiler.dll2016-06-11 02:01 - 2016-06-03 09:38 - 35115456 _____ C:\Windows\SysWOW64\nvcompiler.dll2016-06-11 02:01 - 2016-06-03 09:38 - 25377848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2016-06-11 02:01 - 2016-06-03 09:38 - 21802280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2016-06-11 02:01 - 2016-06-03 09:38 - 21346712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2016-06-11 02:01 - 2016-06-03 09:38 - 18143912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2016-06-11 02:01 - 2016-06-03 09:38 - 17738592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2016-06-11 02:01 - 2016-06-03 09:38 - 17290416 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2016-06-11 02:01 - 2016-06-03 09:38 - 13460536 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2016-06-11 02:01 - 2016-06-03 09:38 - 10643240 _____ C:\Windows\system32\nvptxJitCompiler.dll2016-06-11 02:01 - 2016-06-03 09:38 - 08733608 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll2016-06-11 02:01 - 2016-06-03 09:38 - 03512888 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2016-06-11 02:01 - 2016-06-03 09:38 - 03065280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2016-06-11 02:01 - 2016-06-03 09:38 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436839.dll2016-06-11 02:01 - 2016-06-03 09:38 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436839.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00985144 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00908736 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00769984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00707520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00476664 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00422752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00178136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2016-06-11 02:01 - 2016-06-03 09:38 - 00131768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2016-06-11 02:01 - 2016-06-03 05:19 - 00113208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2016-06-11 02:01 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll2016-06-11 02:01 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll2016-06-11 02:01 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe2016-06-11 02:01 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe2016-06-11 01:31 - 2016-06-11 01:31 - 00000000 ____D C:\ProgramData\Steam2016-06-06 22:52 - 2016-06-07 00:03 - 00000000 ____D C:\Users\Edo\AppData\Roaming\discord2016-06-06 22:52 - 2016-06-06 22:52 - 00002147 _____ C:\Users\Edo\Desktop\Discord.lnk2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\Users\Edo\AppData\Local\SquirrelTemp2016-06-06 22:52 - 2016-06-06 22:52 - 00000000 ____D C:\Users\Edo\AppData\Local\Discord2016-06-05 21:28 - 2016-06-05 21:28 - 00000871 _____ C:\Users\Edo\Desktop\Warcraft III.lnk2016-06-05 19:46 - 2016-06-05 19:46 - 00000000 ____D C:\Users\Edo\AppData\Local\CrashRpt2016-06-05 14:38 - 2016-06-05 14:51 - 00077393 _____ C:\Windows\War3Unin.dat2016-06-05 14:38 - 2016-06-05 14:41 - 00139264 _____ (Blizzard Entertainment) C:\Windows\War3Unin.exe2016-06-05 14:38 - 2016-06-05 14:41 - 00002829 _____ C:\Windows\War3Unin.pif2016-06-05 14:38 - 2016-06-05 14:41 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III2016-06-05 14:17 - 2016-06-11 13:39 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2016-06-05 14:00 - 2016-06-05 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III2016-06-04 16:12 - 2016-06-04 16:12 - 00001215 _____ C:\Users\Edo\Desktop\Audacity.lnk2016-06-04 03:36 - 2016-06-04 03:36 - 00000926 _____ C:\Users\Edo\Desktop\Pokemon - Blue Kaizo Version.lnk2016-05-31 02:19 - 2016-05-31 02:19 - 00001289 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk2016-05-31 02:19 - 2016-05-31 02:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader2016-05-30 18:43 - 2016-05-30 18:44 - 00000000 ____D C:\Users\Edo\AppData\Roaming\NVIDIA2016-05-27 17:23 - 2016-05-27 17:23 - 00001269 _____ C:\Users\Edo\Desktop\MM Server Picker.lnk2016-05-27 17:22 - 2016-05-27 17:22 - 00000757 _____ C:\Users\Edo\Desktop\chetos.lnk2016-05-27 17:20 - 2016-05-27 17:20 - 00001197 _____ C:\Users\Edo\Desktop\Vibrance GUI.lnk2016-05-27 17:14 - 2016-06-15 21:48 - 00000000 ____D C:\ProgramData\NVIDIA2016-05-27 17:14 - 2016-06-03 05:26 - 06362560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll2016-05-27 17:14 - 2016-06-03 05:26 - 02453952 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll2016-05-27 17:14 - 2016-06-03 05:26 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll2016-05-27 17:14 - 2016-06-03 05:26 - 01351104 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe2016-05-27 17:14 - 2016-06-03 05:26 - 00534072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll2016-05-27 17:14 - 2016-06-03 05:26 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll2016-05-27 17:14 - 2016-06-03 05:26 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll2016-05-27 17:14 - 2016-06-03 05:26 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll2016-05-27 17:14 - 2016-06-02 14:19 - 06452948 _____ C:\Windows\system32\nvcoproc.bin2016-05-27 17:14 - 2016-05-20 09:01 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2016-05-27 17:14 - 2016-05-20 09:01 - 00201664 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2016-05-27 17:13 - 2016-06-03 09:38 - 31603768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2016-05-27 17:13 - 2016-06-03 09:38 - 19180152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll2016-05-27 17:13 - 2016-06-03 09:38 - 16756888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2016-05-27 17:13 - 2016-06-03 09:38 - 14346320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2016-05-27 17:13 - 2016-06-03 09:38 - 03825896 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll2016-05-27 17:13 - 2016-06-03 09:38 - 03383472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2016-05-27 17:13 - 2016-06-03 09:38 - 00039124 _____ C:\Windows\system32\nvinfo.pb2016-05-27 17:13 - 2016-05-20 09:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll2016-05-27 17:13 - 2016-05-20 09:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll2016-05-27 17:13 - 2016-05-20 09:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json2016-05-27 17:13 - 2016-05-20 09:01 - 00000594 _____ C:\Windows\system32\nv-vk64.json2016-05-27 17:02 - 2016-04-14 07:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll2016-05-27 17:02 - 2016-04-14 07:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll2016-05-27 17:02 - 2016-04-14 07:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys2016-05-17 09:07 - 2016-05-17 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP2016-05-17 09:06 - 2016-05-17 09:28 - 00000000 ____D C:\xampp2016-05-17 08:10 - 2016-05-17 08:10 - 00123652 ____H C:\Windows\system32\mlfcache.dat2016-05-17 06:40 - 2016-05-17 06:40 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk2016-05-17 06:39 - 2016-05-17 06:45 - 00000000 ____D C:\MinGW2016-05-17 06:15 - 2016-05-20 09:43 - 00000000 ____D C:\Users\Edo\AppData\Local\Eclipse2016-05-17 06:14 - 2016-05-17 06:14 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2016-05-17 06:14 - 2016-05-17 06:14 - 00000000 ____D C:\Program Files\Java2016-05-17 06:11 - 2016-05-20 09:43 - 00000000 ____D C:\Users\Edo\.p22016-05-17 06:11 - 2016-05-20 09:43 - 00000000 ____D C:\Program Files\eclipse2016-05-17 06:11 - 2016-05-17 08:25 - 00000949 _____ C:\Users\Edo\Desktop\Eclipse.lnk2016-05-17 06:11 - 2016-05-17 06:15 - 00000000 ____D C:\Users\Edo\.eclipse==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-06-15 21:56 - 2015-10-19 16:28 - 00000000 ____D C:\Users\Edo\AppData\Roaming\TS3Client2016-06-15 21:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf2016-06-15 21:49 - 2015-10-19 16:22 - 00000000 ____D C:\Program Files (x86)\Steam2016-06-15 21:48 - 2015-11-14 05:46 - 00000000 ____D C:\Users\Edo\AppData\Local\TSVNCache2016-06-15 21:48 - 2009-07-14 07:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT2016-06-15 19:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources2016-06-15 19:00 - 2015-10-19 16:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-06-15 18:58 - 2015-10-19 15:20 - 00000000 ____D C:\Users\Edo2016-06-15 18:55 - 2015-10-19 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2016-06-15 18:55 - 2015-10-19 16:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2016-06-15 18:48 - 2015-10-19 16:19 - 00000000 ____D C:\ProgramData\Package Cache2016-06-15 18:46 - 2016-01-17 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live2016-06-15 18:45 - 2015-10-19 15:37 - 00000000 ____D C:\Users\Edo\AppData\Local\Deployment2016-06-15 18:43 - 2015-10-19 19:30 - 00000000 ____D C:\Program Files\Common Files\Adobe2016-06-15 18:43 - 2015-10-19 19:30 - 00000000 ____D C:\Program Files\Adobe2016-06-15 18:43 - 2015-10-19 18:33 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Adobe2016-06-15 18:42 - 2015-12-04 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis2016-06-15 02:00 - 2015-10-19 18:33 - 00000000 ____D C:\Users\Edo\AppData\Local\Adobe2016-06-15 01:21 - 2015-10-19 16:17 - 00000000 ____D C:\Users\Edo\AppData\Roaming\vlc2016-06-15 00:46 - 2016-04-11 18:20 - 00000000 ____D C:\Users\Edo\AppData\Local\CrashDumps2016-06-14 00:39 - 2015-10-19 16:55 - 00000000 ____D C:\Users\Edo\AppData\Roaming\uTorrent2016-06-11 13:38 - 2015-11-02 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2016-06-11 13:38 - 2009-07-14 06:45 - 05009320 _____ C:\Windows\system32\FNTCACHE.DAT2016-06-11 03:52 - 2016-05-07 23:12 - 00000000 ____D C:\Users\Edo\AppData\Local\Battle.net2016-06-11 03:02 - 2015-10-19 15:37 - 00089560 _____ C:\Users\Edo\AppData\Local\GDIPFONTCACHEV1.DAT2016-06-11 02:02 - 2015-10-19 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2016-06-11 02:02 - 2015-10-19 15:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation2016-06-11 01:31 - 2015-10-19 15:49 - 00000000 ____D C:\Windows\SysWOW64\directx2016-06-10 22:53 - 2016-05-07 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2016-06-10 19:36 - 2015-10-19 17:13 - 00000000 ____D C:\Users\Edo\AppData\Roaming\obs-studio2016-06-10 17:49 - 2016-05-07 23:11 - 00000000 ____D C:\Program Files (x86)\Battle.net2016-06-09 02:59 - 2015-10-19 15:38 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-06-08 23:08 - 2016-02-21 19:18 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Skype2016-06-07 07:51 - 2015-10-24 11:08 - 00003394 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily2016-06-07 07:51 - 2015-10-24 11:08 - 00003268 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine2016-06-07 07:51 - 2015-10-24 11:08 - 00000000 ____D C:\Program Files (x86)\Gyazo2016-06-05 19:47 - 2015-10-29 18:44 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr2016-06-05 19:47 - 2015-10-29 18:44 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe2016-06-05 19:46 - 2015-10-29 18:44 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex02016-06-05 13:58 - 2015-10-19 17:02 - 00000000 ____D C:\Users\Edo\AppData\Roaming\DAEMON Tools Lite2016-06-05 06:07 - 2015-10-20 21:39 - 00000000 ____D C:\Users\Edo\AppData\Roaming\Audacity2016-06-05 03:46 - 2015-10-20 01:52 - 00000000 ____D C:\Users\Edo\Documents\OFX Presets2016-05-31 02:19 - 2015-10-19 17:39 - 00000000 ____D C:\ProgramData\YTD Video Downloader2016-05-30 17:48 - 2015-10-19 15:44 - 00000000 ____D C:\Users\Edo\AppData\Local\NVIDIA Corporation2016-05-28 10:59 - 2015-11-02 16:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2016-05-28 10:59 - 2015-11-02 16:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2016-05-27 17:14 - 2015-10-19 15:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation2016-05-27 17:14 - 2015-10-19 15:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation2016-05-27 17:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help2016-05-27 17:03 - 2015-10-19 15:44 - 00000000 ____D C:\Users\Edo\AppData\Local\NVIDIA2016-05-27 14:41 - 2015-10-22 21:20 - 00000000 ____D C:\Users\Edo\AppData\Roaming\HandBrake2016-05-26 23:00 - 2016-05-08 11:10 - 00000000 ____D C:\Users\Edo\Documents\Overwatch2016-05-17 06:14 - 2015-11-02 11:14 - 00000000 ____D C:\Users\Edo\.oracle_jre_usage2016-05-17 06:14 - 2015-11-02 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java==================== Files in the root of some directories =======2016-03-10 00:58 - 2016-03-10 00:59 - 0001456 _____ () C:\Users\Edo\AppData\Local\Adobe Save for Web 13.0 Prefs2016-06-15 19:24 - 2016-06-15 19:24 - 0007679 _____ () C:\Users\Edo\AppData\Local\Resmon.ResmonCfg2015-10-19 16:52 - 2015-10-19 16:52 - 0000000 ____H () C:\ProgramData\DP45977C.lflSome files in TEMP:====================C:\Users\Edo\AppData\Local\Temp\130972278783419649.exeC:\Users\Edo\AppData\Local\Temp\CmdLineExt02.dllC:\Users\Edo\AppData\Local\Temp\EBU2BFD.exeC:\Users\Edo\AppData\Local\Temp\EBU2C5B.DLLC:\Users\Edo\AppData\Local\Temp\handbrake-setup.exeC:\Users\Edo\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Edo\AppData\Local\Temp\nvStInst.exeC:\Users\Edo\AppData\Local\Temp\procexp64.exeC:\Users\Edo\AppData\Local\Temp\proxy_vole8182631914574726674.dllC:\Users\Edo\AppData\Local\Temp\SIntf16.dllC:\Users\Edo\AppData\Local\Temp\SIntf32.dllC:\Users\Edo\AppData\Local\Temp\SIntfNT.dllC:\Users\Edo\AppData\Local\Temp\utils.dllC:\Users\Edo\AppData\Local\Temp\vsredistsetup.exeC:\Users\Edo\AppData\Local\Temp\war3_Install.exe==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-06-07 01:54==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-06-2016Ran by Edo (2016-06-15 22:15:09)Running from D:\Tutto\DownloadWindows 7 Ultimate Service Pack 1 (X64) (2015-10-19 13:20:22)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-3000302092-2520746345-460137575-500 - Administrator - Disabled)Edo (S-1-5-21-3000302092-2520746345-460137575-1000 - Administrator - Enabled) => C:\Users\EdoGuest (S-1-5-21-3000302092-2520746345-460137575-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3000302092-2520746345-460137575-1002 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)µTorrent (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.1 - PainteR)Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)Aggiornamenti NVIDIA 2.11.3.5 (Version: 2.11.3.5 - NVIDIA Corporation) HiddenAsmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)AutoHotkey 1.1.22.07 (HKLM\...\AutoHotkey) (Version: 1.1.22.07 - Lexikos)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)bl (x32 Version: 1.0.0 - Your Company Name) HiddenBroadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch)CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) HiddenCCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)devkitProUpdater 1.6.0 (HKLM-x32\...\devkitProUpdater) (Version: 1.6.0 - devkitPro)Discord (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)Epic Games Launcher (HKLM-x32\...\{4620A9CA-A0D7-4F15-BA89-4545B5372345}) (Version: 1.1.60.0 - Epic Games, Inc.)Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) HiddenerLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hiddenf.lux (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Flux) (Version: - )File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)Gameforge Live 2.0.10 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.10 - Gameforge)GameRanger (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\GameRanger) (Version: - GameRanger Technologies)Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Git version 2.8.1 (HKLM\...\Git_is1) (Version: 2.8.1 - The Git Development Community)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) HiddenGrim Fandango Remastered (HKLM-x32\...\1207667183_is1) (Version: 2.0.0.2 - GOG.com)Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) HiddenMalwarebytes Anti-Malware versione 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)Microsoft .NET Framework 4.6 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.6.00081 - Microsoft Corporation)Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)Mozilla Firefox 47.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 it)) (Version: 47.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)NVIDIA Driver 3D Vision 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)NVIDIA Driver grafico 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)Pannello di controllo NVIDIA 368.39 (Version: 368.39 - NVIDIA Corporation) Hiddenph (x32 Version: 1.0.0 - Your Company Name) HiddenPokemon Online versione 2.6.2.1 (HKLM-x32\...\{3D3DE059-3951-47BE-BD7C-664898D14138}_is1) (Version: 2.6.2.1 - Pokemon Online)Popcorn-Time (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)Python 2.7.11 (64-bit) (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD62}) (Version: 2.7.11150 - Python Software Foundation)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)Scrap Mechanic (HKLM-x32\...\Steam App 387990) (Version: - Axolot Games)SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) HiddenSkype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)Software della webcam Logitech (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Tastiera italiana estesa (1.2) (HKLM\...\{0B02661F-0C23-4182-9FD7-09EDC02A8AB0}) (Version: 1.0.3.40 - tastiera-estesa.it)TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)TortoiseSVN 1.9.2.26806 (64 bit) (HKLM\...\{8A5AA5D6-F797-4ED3-AE08-35EF5433409E}) (Version: 1.9.26806 - TortoiseSVN)VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )Warcraft III: All Products (HKU\S-1-5-21-3000302092-2520746345-460137575-1000\...\Warcraft III) (Version: - )Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)XAMPP (HKLM-x32\...\xampp) (Version: 5.6.21-0 - Bitnami)YTD Video Downloader 5.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.6 - GreenTree Applications SRL) <==== ATTENTION==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No FileCustomCLSID: HKU\S-1-5-21-3000302092-2520746345-460137575-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Edo\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {3377629B-F584-4F47-ADD9-EC6FBC6E857F} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()Task: {4348C2DB-642F-472E-BDE5-10B7C61FF3CD} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()Task: {A78B98F1-99BB-49F7-8CB4-948A6574BECE} - System32\Tasks\AdobeAAMUpdater-1.0-HAF-X-Edo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)Task: {FC49CB74-2C26-4281-8595-AA7875DA15A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)==================== Shortcuts =============================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ==============2016-05-27 17:14 - 2016-06-03 05:26 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-09-22 21:32 - 2015-09-22 21:32 - 00093568 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll2016-04-03 15:10 - 2016-05-02 07:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll2016-04-03 15:10 - 2016-05-02 07:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll2016-04-03 15:10 - 2016-05-02 07:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll2016-03-02 12:06 - 2016-05-02 07:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll2015-10-29 18:43 - 2015-10-29 18:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2016-04-03 15:10 - 2016-05-02 07:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll2016-04-03 15:10 - 2016-05-02 07:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll2016-04-03 15:10 - 2016-05-02 07:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll2016-03-02 12:06 - 2016-05-02 07:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll2016-04-03 15:10 - 2016-05-02 07:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll2016-04-03 15:10 - 2016-05-02 07:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll2015-10-22 13:22 - 2016-04-27 15:25 - 00174872 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll2015-10-22 13:21 - 2016-04-27 15:25 - 00103192 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll2015-10-22 13:21 - 2016-04-27 15:25 - 00107800 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll2015-10-22 13:22 - 2016-04-27 15:25 - 00312088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll2016-01-09 07:52 - 2016-01-09 07:52 - 00486912 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\soundboard.dll2015-04-16 16:15 - 2015-04-16 16:15 - 00143891 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll2015-04-16 16:16 - 2015-04-16 16:16 - 02750483 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll2015-04-16 16:15 - 2015-04-16 16:15 - 00618515 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll2015-04-16 16:15 - 2015-04-16 16:15 - 00079379 _____ () C:\Program Files\VideoLAN\VLC\libgcc_s_seh-1.dll2015-04-16 16:16 - 2015-04-16 16:16 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll2015-04-16 16:16 - 2015-04-16 16:16 - 00035347 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll2015-04-16 16:16 - 2015-04-16 16:16 - 00083987 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll2015-04-16 16:16 - 2015-04-16 16:16 - 00075795 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll2015-10-22 13:22 - 2016-04-27 15:25 - 00485656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll2015-05-26 12:51 - 2015-05-26 12:51 - 03499008 _____ () C:\Program Files\Adobe\Adobe Audition CC 2015\DNxHDCodec.dll2015-10-19 15:40 - 2016-05-02 08:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll2015-10-19 16:23 - 2016-04-29 22:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-10-19 16:23 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll2015-10-19 16:23 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-10-19 16:23 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll2015-10-19 16:23 - 2016-06-15 02:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll2015-10-19 16:23 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2015-10-19 16:23 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2015-10-19 16:23 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2015-10-19 16:23 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2015-10-19 16:23 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2015-10-19 16:23 - 2016-06-15 02:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2016-03-09 01:12 - 2016-02-18 00:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll2015-10-19 16:23 - 2016-06-14 21:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2016-04-17 19:49 - 2010-01-14 23:35 - 00093696 _____ () D:\Tutto\Giochi\ReactMW2\miles\mssmp3.asi2016-04-17 19:49 - 2015-02-27 03:59 - 00038400 _____ () D:\Tutto\Giochi\ReactMW2\miles\mssogg.asi2016-04-17 19:49 - 2010-01-14 23:35 - 00153088 _____ () D:\Tutto\Giochi\ReactMW2\miles\mssvoice.asi2016-04-17 19:49 - 2010-01-14 23:35 - 00114688 _____ () D:\Tutto\Giochi\ReactMW2\miles\milesEq.flt2016-04-17 19:49 - 2010-01-14 23:34 - 00012288 _____ () D:\Tutto\Giochi\ReactMW2\miles\mssds3d.flt2016-04-17 19:49 - 2010-01-14 23:35 - 00058368 _____ () D:\Tutto\Giochi\ReactMW2\miles\msseax.flt2015-09-22 20:52 - 2015-09-22 20:52 - 00073088 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Windows\Temp:$DATA [16]==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or r

RELEVANCY SCORE 200
Preferred Solution: Infected with a miner (question mark?)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected with a miner (question mark?)

Greetings d0dUxDJ and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.When you post your reply, use the button instead.In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.I would like to remind you to make no further changes to your computer unless I direct you to do so.===================================================Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.Thank you for your patience thus far.Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all Adobe products and all other products for which you do not have a valid Product Key. If you are willing to do that please right click on FRST rename it to FRST64english. Check Addition.txt and scan your computer again, posting both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.If you desire to continue please do this also.===================================================CKScanner--------------------Download CKScanner and save it to your DesktopDouble click CKScannerSelect Search For FilesOnce completed select Save List to FileA ckfiles.txt document will be placed on your DesktopCopy and paste the results of that report in your reply===================================================Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. FRST logs (2)ckfiles.txt

Read other 0 answers
RELEVANCY SCORE 55.2

I used AdAware several times to remove 10 Data Miner tracking cookies and whenever I restart and run AdAware I find the same 10 Data Miner tracking cookies again. I also used Spybot Search And Destroy and its not picking it up. How can I finally get rid of these 10 Data Miner Tracking Cookies.
 

A:Question About Data Miner

by staying off the internet you get them surfing
 

Read other 2 answers
RELEVANCY SCORE 54.8

My internet is too slow. every time I run lavasoft, I remove several data miner cookies. Spybot search is cleanI have avast and it does not detect the dataminer.please helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:33:21 PM, on 1/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\WINDOWS\stsystra.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Documents and Settings\adrian senderowicz\Application Data\Microsoft\Internet Explorer\Quick Launch\utorrent-1.6-beta-build-467.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Progr... Read more

A:Re: Hit Log, I Am Infected With Data Miner

Hello sendero and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.If we do not hear back from you within a couple of days we will need to close your topic.Thanks,Johannes

Read other 27 answers
RELEVANCY SCORE 54.8

Hi. Apparently I ran into a malware program and its been removed, mostly. but whats left is a bitcoinminer. it produces two files called winvnc86.exe and rpcminer-cpu.exe in the system these reproduce at each restart since my AV removes it right away. I have no idea how to eradicate it but I really need to put this thing out of it's misery

Here are the logs and files that's required. each post will contain a log of a different program that you requested
 

A:bitcoin miner infected on my PC

Read other 13 answers
RELEVANCY SCORE 54.8

Hi everyone, I'm running Windows 7 64bit on my pc and have tried to remove Trojan Dropper Bcminer but it returns on restart. I've had a look at other threads on this topic so have run DDS so have pasted the malwarebytes and DDS logs below. I's really appreciate any help you can offer with this, thank you very much.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
25/09/2012 22:26:44
mbam-log-2012-09-25 (22-26-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198917
Time elapsed: 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\[email protected] (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{3335ca6d-171f-7d93-5d1e-9da894f8dd09}\U\[email protected] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{333... Read more

A:Infected with trojan bc.miner

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 27 answers
RELEVANCY SCORE 54.4

Hi,
 
It appears that I'm infected with Claymore Cryptonote cpu miner (svchost in temp folder and logs for the miner results appearing right there, and cpu usage near 100% on idle). I have run FRCS and here is the log (also attached).
 
I need help please. Thank you
 
LOG:
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Juanjo (administrator) on JUANJO-DESKTOP (29-07-2015 18:50:17)
Running from D:\Downloads
Loaded Profiles: Juanjo (Available Profiles: Juanjo)
Platform: Windows 8.1 Pro (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Windows\SysWOW64\ASGT.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Goog... Read more

A:Infected with Claymore Cryptonote cpu miner - Help please

 
Download the attached file
 fixlist.txt   7.02KB
  4 downloads and save it in the same directory FRST64 is saved.
Start FRST64 with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
 
  Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
 
 
Download AdwCleaner from here. Save the file to the desktop.
 
 NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 Close all open windows and browsers.
XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Clic... Read more

Read other 7 answers
RELEVANCY SCORE 54.4

Hello : )
 
So similiar to this post (http://www.bleepingcomputer.com/forums/t/490284/trojanagentgen-keeps-coming-back-after-removalquarantine-svchostexe-trojan/) my computer has been infected with a mining virus. 
 
Within a few minutes of starting the computer an unnamed process (as in task manager) shows up and proceeds to take cpu usage to 100%. Scanning with malwarebytes shows two programs in the Temp directory in Windows 'lsass.exe.' and 'svchost.exe'. Using malwarebytes to remove it does not work. I can also end the process from task manager and delete the files from the temp directory but upon restart the process and the files appears again.
 
Additionally the virus publishes a log file each time with the title 'Claymore CryptoNote CPU Miner  v3.3 Beta' There is an IP address visible within the log file which i presume belongs to my nefarious miner. : /
 
I'm not sure if this is important but in addition to my local disk ssd i have two other hdds.
 
Any help would be most welcome.
 
Thanks
Eranga
 
Below is my frst log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by ErangaP (administrator) on ERANGA on 21-06-2015 23:37:48
Running from C:\Users\ErangaP\Downloads
Loaded Profiles: ErangaP (Available Profiles: ErangaP)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recove... Read more

A:Infected with 'svchost.exe' virus (miner)

hi,
 
We will remove some items with FRST then go from there. Iam only on this site once or twice per day so you may not get a reply back from me until the next day.
 
copy/paste whats between the two lines below into notepad. Save it as fixlist.txt in the same location that you have FRST. Start FRST like before except this time click on the fix button once. Machine may reboot to finish the process. When done you will find fixlog.txt in the same location as FRST. Copy/paste the fixlog.txt in your reply.
 
----------------------------------------------------------
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKU\S-1-5-21-2186957993-1702665829-950521371-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
2015-06-21 22:10 - 2015-06-21 22:10 - 00380416 _____ C:\Users\ErangaP\Downloads\sbnfkgn6.exe
C:\Users\ErangaP\AppData\Roaming\Origin\update.vbe
Task: {240C5839-8294-42D0-A626-28BE1D598C3A} - System32\Tasks\Origin => C:\Users\ErangaP\AppData\Roaming\Origin\update.vbe [2015-05-29] () <==== ATTENTION
EmptyTemp:
------------------------------------------------------------------------
 
did you install this: WinPcap 4.1.3   Its a pa... Read more

Read other 9 answers
RELEVANCY SCORE 53.6

Hello.
 
I am new to this site, so please pardon me if I speak out of protocol.
 
I recently found out that I had a Bitcoin Miner on my computer (Dell Inspiron N7010 Laptop). I hadn't known immediately, but I noticed a significant drop in my computer's performance. It began running ever slower, and games that it could usually handle began crashing and coming down to as low as 4 FPS. Also, error messages involving programs by the names of "mswaqrus.exe" and "Atk0yR7.exe" began coming up, saying they generated exceptions which could not be handled and to click "OK" to terminate the program or "Cancel" to debug the program. I only ever clicked "OK". The only reason I even know it's a Bitcoin Miner is because a few days ago, a window came up (black background, gray text) saying something about starting a Bitcoin Miner. Unfortunately, the window disappeared before I could screenshot it. Without further ado, here are the DDS logs. Thank you.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Gudz at 12:23:37 on 2013-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2933.803 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enab... Read more

A:Infected with Bitcoin Miner and Slow Computer

Hello AllergicToCats I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the... Read more

Read other 17 answers
RELEVANCY SCORE 53.6

Hello everyone
First and foremost, thanks for your time . I appreciate ur good will to help.

Background information :

1) SSD has been formatted 1 week ago or less (Cant remember) the second drive (1tb) remained as backup.

2) each time I open Skype /Certain games/ Battle.net EVEN Google Chrome.
my GPU temp jumps from 30 idle to 50 and the GPU uses its full functions (Clock speed jumps to max, etc)

3)My computer's clock time is not stable, keeps on changing (has been like that for more than a year, even tho I formatted 2 times since the problem arise) I suspect this problem is due to having a motherboard battery burnt although it may be a virus in the BIOS.( my assumptions) I never tried to replace a motherboard battery, I currently have Asus Z97 motherboard.
PC scanned with - Rogue-killer, Anti-malware bytes and Hitman PRO.

SSD Has been formatted 2 times in the last 3 years and a half

from win 8.1 to win10. and from win10 to win7. (SINCE THE FIRST FORMAT THE CLOCK STARTED BUGGING.

since then I have had the problem with time.

*bitcoin miner : New problem that I have just noticed recently, which is taking all my attention to cure my GPU.

*Note: Currently If I don't run the apps I mentioned above my GPU temp is OK. therefore the main problems are Clock time changes, and Temp jumps super high for no reason while running certain applications.

I used Process Explorer to try and track which applications cause GPU traffic,
that's how I know when the bitcoi... Read more

Read other answers
RELEVANCY SCORE 53.6

Hi, 
I posted my problem in the BSOD section and they helped me with some advice and told me to post in this specific section.
If anything needs to be done just ask me and I will be please to do it.
 
I had many issues with my PC freezing lately and I also have been infected by a Miner malware. I think I removed the infection but I'm not quite 100% sure. I still have suspicious files in the Regedit. When freeze happen, most of the time the Event Viewer says it is related to Driver Booster files that does not exist anymore (Could this be a spyware)
 
error in file configuration defenition NT TASK\Driver Booster SkipUAC (olivi
C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe.
 
I installed iObit crap trying to solve my problems, but obviously this didn'T helped... As more problems resulted. It is now all removed
 
 I just want to be sure I am free of viruses. What are the normal steps to makes sure my computer is now safe?
I think it could be a driver issues but the moderator asked me to get help here to make sure my computer was clean.
Today I updated my motherboard BIOS, PCI/e, PCI drivers and aven't crashed yet.
 
Link to other post Here
 
Original post Here :

I am using Windows 10 64bits, I made the upgrade this summer and had a lot of issues since. I did restored the system but still the same problems...
I have an almost brand new computer (October 2014 built)
 
AMD FX 8320 8-core Black Edition
ASUS M5A97... Read more

A:bsod and freezes, recently infected by cpu miner

**Scan Informations comming in minutes in this post**

Read other 4 answers
RELEVANCY SCORE 53.6

I realized I am having really high CPU usage but I have no idea what the source is.  On idle, I get a fluctuation of 60% to 80%, and in games I max at 100% the whole time I am playing causing me to have extreme lag.
 
This is what my task manager looks like currently:

 
I am wondering what steps I should take to identify the source of the issue.  I have ran CCleaner and MalwareBytes already and it didn't help.  MalwareBytes only detected some PUPs which I quarantined.
 
Thanks

A:High CPU Usage, thinking I might be infected with a RAT or Miner

Is that screenshot taken before or after show processes from all users is clicked? If it was before, can you post a screenshot after you click on it?

Read other 2 answers
RELEVANCY SCORE 53.6

Broni has redirected me here to start a new topic here after determining I have been infected with a ZeroAccess Rootkit identified by MBAM as a BC Miner trojan. Below are my DDS and GMER logs. When I opened GMER, it wouldn't let me check some of the boxes off to the right (System, Sections, Devices, Modules etc...) the only ones that were selected were Services, Registry, Files, my C: drive and ADS. I have also attached my Attach.txt from the DDS scan.

I haven't noticed any performance issues on my PC but wanted to see if I could get some help removing the infection.

Thanks.

A:Infected with ZeroAccess Rootkit - BC Miner Trojan

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ashish at 18:06:17 on 2012-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8136.5982 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe... Read more

Read other 17 answers
RELEVANCY SCORE 53.2

http://www.bleepingcomputer.com/forums/t/563607/self-creating-svchostexe-in-windowstemp-folder-claymore-cryptonote-cpu-miner/
http://www.bleepingcomputer.com/forums/t/562026/svchostexe-creates-itself-in-cwindowstemp/
 
I am having the same problem as the above two. Please help me remove the infection! :'(
 

 FRST.zip   69.47KB
  8 downloads

 Addition.txt   32.85KB
  3 downloads

A:Infected with Claymore CPU Miner, svchost.exe in C:/Windows/Temp

hi aoisoraa,
 
  If you still need help with the issue you can do this to get started:
 
  We will get two downloads to use, then go from there based on the logs:
 
1)  Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 
   http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 
    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal   capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Con... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

Thank you in advance for the help on this topic. I have performed all the recommended scans and run checks on all hard drives on my system. I have uninstalled Avast virus protection and replaced with PC-cillin, however I left Panda 1 month trial on as it's the last feature I installed. Almost all the checks discovered and resolved infections and liabilities but I still notice Net-Broadcaster running when I attempt shutdown. I have temporarily disabled system restore. I have just run HijackThis and here is the log:Logfile of HijackThis v1.99.1Scan saved at 10:43:57, on 05/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\Ati2evxx.exeD:\WINDOWS\system32\svchost.exeD:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exeD:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXED:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exeD:\WINDOWS\system32\Ati2evxx.exeD:\WINDOWS\Explorer.EXED:\PROGRA~1\PESTPA~1\PPMemCheck.exeD:\PROGRA~1\PESTPA~1\PPControl.exeD:\P... Read more

A:Infected With Net-broadcaster, Popups, Data Miner, Malware Etc.

Thanks you all for looking into this...I have now re-enabled System Restore and run CCleaner. Removed all cookies and everything but still get windows box re: Net-Broadcast...? [the displayed string is incomplete] on shutdown. I often have had to use Task Manager to force close running applications and last night during preparation process I also had to force stop from mains switch. Ah, some of the online scan tools failed to complete. PC-cillin, Panda, Stinger and Ad-Aware have all scanned and removed - logs saved.

I hope this is enough info for now.

TarAntXon

Read other 3 answers
RELEVANCY SCORE 52.4

Hi All,
 
I have an issue with a Windows Server 2008 64 bit that was infected with a crypto miner.
I ran Malwarebytes, Kaspersky, AVG to scan the server and some files were removed.
Now i have an issue where at startup. It seems the virus is trying to re-install itself.
I noticed the following :
 
At startup. The windows host files is replaced with one which block access to popular antivirus websites. Deleting the host file does not help since at next restart the host files with be replaced again.
At startup.IFEO entries are being added to registry to block execution of antivirus.
The virus create a file at C:Windows\Rdpinst
The virus create a file at C:\Windows\Temp:1
Windows Update has been disable and cannot update the OS
 
Deleting the registry entries and files does not help because it is being recreated at startup. I tried to find the origin service or program of the files and registry hijack but was unsucessful. Please i would be grateful if anyone can help.
 
Thanks
 
FRST Log below : 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by administrator (administrator) on MEA-HV1 (18-01-2016 09:25:25)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: administrator & MsDtsServer110 & ReportServer (Available Profiles: wing & polly & updater & ta.operator & administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSER... Read more

A:Windows Server 2008 infected with malware - crypto miner

Greetings virtuoso and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problem... Read more

Read other 17 answers
RELEVANCY SCORE 50.8

Hi -------- I have the above against my " Multimedia Audio Controller " in device manager. My speakers and michrophone do not work on my p.c. and this may be the problem. It does not even recognise that I have speakers and mich. attached as they are greyed out in the " sounds and audio device properties " pop up. Also I have a tft monitor with grills for inbuilt speakers ( well I take it they are for that ) and do not get any sound out of my monitor.I feel they are related.

I downloaded a utility called " unknown device identifier 5.02 and this gave me the make and model no. of the audio card it is " sis7012 audio driver " and then proceeded to download the appropriate driver and tried to install. It failed with an error message of a red cross and 536870397 number is displayed.

I installed a satellite card a while back and wonder if there is a conflict of some sort with this.
Have you any ideas on how to get my speakers and michrophone working ?

Just thinking out loud -- why can't I just delete the Multimedia Audio Controller ( the 1 with the yellow question mark ) . It is listed under " other devices " in device manager and I have an entry further down in the device manager called " sound video and game controllers " this then has all the usual listings such as " audio drivers " and " media control devices " etc. doesen't this section contain all the relevant entries to enable my spea... Read more

A:yellow question mark

Read other 15 answers
RELEVANCY SCORE 50.8

I have an HP Pavilion dv9000 laptop and I am unable to use my question mark key. I also cannot get capital letters for some keys notably the letters "z, x,c,v, m etc"
Is it a keyboard choice issue or something I have to turn off
Can someone tell me how to resolve this issue.
Thanks
 

A:Question Mark Key issue

Try the recommendations here: http://www.computing.net/answers/windows-xp/keyboard-does-not-work-correctly/169913.html

They mention testing to make sure no keys are stuck and testing another keyboard. If another keyboard works on your laptop Id guess the key contacts on the built in keyboard are acting up.
 

Read other 2 answers
RELEVANCY SCORE 50.8

Hello

computer:

VISTA home premium 64 bit
service pack 1
AMD Phenom x4 9750 quad core processor
8 gb system memory
750 Gb hard drive
ATI Radeon HD 3650

Whenever I try to view movie trailer clips from this one website the video seems to
take a long time to load up...and in the end I just get a quicktime picture with this
question mark in the middle

In the past I was always able to watch these video clips without any problems...I've
also noticed that my sidebar weather gadget, in VISTA, has also frozen on one
temperature and will not change...this happened around the same time I noticed that
I was getting the quicktime question mark

I have tried updating quicktime...it doesn't help
 

Read other answers
RELEVANCY SCORE 50.8

Hello
The strangest thing, ``when i go shift and question mark`` on this forum lately I get this .
The quotation marks don`t really look normal either come to think of it. (``)
I usually just have questions but now no question marks.
Any ideas
thanks
Rob
 

A:Solved: É That`s what get if I hit the question mark

Whats happened here, sounds like you computer thinks you have a different language key board.

I cant remember where exactly the setting is, but it should be under control panel -> keyboard or control panel -> regonial and language options

hope that fixes it for you
 

Read other 2 answers
RELEVANCY SCORE 50.8

I can`t get the question mark for my acer Aspire netbook to come up. All I get when I key shift question mark is the french e with an accent.

I tried to change the keyboard to US but to no avail. I can`t seem to delete Canadian french keyboard layout.

What m I doing wrong

A:Can`t get question mark to type out

It should work :(
Try to boot your computer.

Read other 2 answers
RELEVANCY SCORE 50.4

I just got a thinkpad T420. Had to do the whole bootable usb/cd with windows 7 iso writtten on it. Since im not that good with computers it took a while to figure out i needed to do that to get my computer to work. Anyways now after ive been able to get on the homescreen i cant seem to connect to my wifi. So i go to device manager and all my drivers have yellow question marks. This is almost guaranteed the problem i believe. I tried finding what i needed off windows 7 download support or whatever and ive been transferring the drives via usb and still my laptop cant seem to find the .exe driver files.

The Point: Can somebody help me find what driver files i need for the network controller and all. Im going to provide some handy info below.

Lenovo Thinkpad T420
Windows 7 Ultimate 64bit
4Gb Ram
Intel i5-2520M 2.50Ghz

base system device

PCI\VEN_1180&DEV_E823&SUBSYS_21CE17AA&REV_05
PCI\VEN_1180&DEV_E823&SUBSYS_21CE17AA
PCI\VEN_1180&DEV_E823&CC_088001
PCI\VEN_1180&DEV_E823&CC_0880


Biometric Coprocessor properties

USB\VID_147E&PID_2016&REV_0002
USB\VID_147E&PID_2016


Ethernet Controller

PCI\VEN_8086&DEV_1502&SUBSYS_21CE17AA&REV_04
PCI\VEN_8086&DEV_1502&SUBSYS_21CE17AA
PCI\VEN_8086&DEV_1502&CC_020000
PCI\VEN_8086&DEV_1502&CC_0200


Network Controller

PCI\VEN_8086&DEV_0085&SUBSYS_13118086&REV_34
PCI\VEN_8086&DEV_0085&SUBSYS_13118086
PCI\V... Read more

Read other answers
RELEVANCY SCORE 50.4

Hello,
I have a Toshiba laptop running Windows XP pro, with 3 partitions. Recently I partitioned my hardrive for installing linux. After using linux for sometime, I deleted the partition using partition magic and redistributed the free space amongst the other partitions. When I was using linux, I installed a program called F-Disk, which allowed me to access my linux partitions from windows. This program made the linux partitions as separate partitions which would show up on My Computer. But now after deleting linux, these local disks still show up on my computer with a red circle and a white question mark on them. They dont have any space on them and I cant access them or anything like that. These local drives do not go away at all. I have a attached an image which shows My computer.

Can someone help me with this please?
Thanks.
 

A:Question Mark Drive on My Computer

Read other 7 answers
RELEVANCY SCORE 50.4

I'm trying to fix a Dell Inspiron 2200 laptop. In the device manager there is a yellow question mark next to "other devices" and everthing listed under other devices has the question mark. The error code has flashed as a 1 or 2 and they are listed as not installed. I can't connect to the internet and I am using another computer. Can anyone give me a procedure and link to appropriate web sites for driver downloads?

A:Yellow Question Mark Next to other devices

Do you have the dell's driver disc? If not you can go to Dell's website and download the drivers with one pc and copy the drivers to disc and throw them on the other pc!Inspiron 2200 Drivers

Read other 3 answers
RELEVANCY SCORE 50.4

Hello :

When I press the shift and question mark in Gmail I get an E with an acute accent mark, instead of a question mark. In my notepad and wordperfect programs, the problem does not occur : pressing shift and the question mark at the same time get me the usual question mark..

Could someone tell me how to regain the question mark in my gmail?

Thank you,
Robert
 

A:Solved: Eacute instead of question mark

I found a resolution when I saw a google site that indicated a solution I had previously tried unsuccessfully : holding down the shift and control keys at the same time : it required one to hold down the control and shift keys. However, in my case anyway, I could only get it to work by holding them down for about 11 seconds!

So, the solution is to hold down the shift and control key simultaneously for an extended length of time. And in my case it was very extended!

The problem has nothing to do with having installed the wrong keyboard, which is what many would have one think.

For some reason the problem and the solution apply only when using Gmail. Notepad and other programs seem to work normally (as long as you have the proper keyboard installed).

Robert
 

Read other 1 answers
RELEVANCY SCORE 50.4

for some reason i trusted a shady profile on myspace it said something about download this ms viewer to view full page I usually dont fall for these but it looked official and it was early and my girl was playing cold turkey with me lol (the chick looked hot lol)after that there was so much spyware worm stuff popping up i did all the removal procedures that i know of but this one thing wont dissapear it starts up with the computer its a blue question mark that blinks a little red ghostbusters like circle with a slesh and once every few minutes a dialog box pops up that saysthat numerous spyware are running on my computer if i click the dialog it takes me to a spydawn websiteHHEEEEEEEEEEEEEEEELLLLLLLLLLLLPPPPPPPPPPPPLogfile of HijackThis v1.99.1Scan saved at 10:38:59 AM, on 2/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\CFusion\cfam\program\ccmgr.exeC:\CFusion\Bin\cfserver.exeC:\CFusion\cfam\Program\... Read more

A:System Alert Question Mark

Welcome to BC Gadget Junkie Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.******************************Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Read other 2 answers
RELEVANCY SCORE 50.4

My E Drive is not working and it has a blue question mark over it. in device manager it has a rectangle with an ! in the middle.  How to fix.  My laptop is old its a compaq.

A:Blue question mark over E Drive it seems like its gone

It's possible that the disk-drive is logically divided into both 'C:' and 'D:' partitions.That would make your CD/DVD drive as the 'E:' drive. So, put a disk into the CD/DVD drive, to see if your computer will be able to read it. 

Read other 2 answers
RELEVANCY SCORE 50.4

I had a major problem with my computer and couldn't use Restore or do a Recovery. I formatted and re-installed Windows XP using my Windows XP disk. The problem is I cant get on the Internet. There are four other computers in the house, all of which can connect ok. After hours of trying to figure out the problem, and fiddling with the wires on the modem and router, I've discovered that when I look in Device Manager there is a yellow question mark with an exclamation mark against Ethernet Controller in Other Devices. When I right-click and select properties it says that the drivers are not
installed. Obviously I can't connect to Windows Update so my only option
is to install from a specific location. I've put my Windows disk in and
used the location D:\i386 and also D:\i386\system32 but it can't seem to
find the drivers. Another query is, should there be more than one entry
in Network adapters? I only have one, that being the 1394 Net Adapter. I
seem to remember another adapter being there in the past. So, if I'm on
the right path, can I download the required driver from the Internet and
copy it over, if so, can you tell me the driver file and the folder it
needs to be in. I hope that's enough information for you and look
forward to your reply. Thank you, Gary

EMACHINES 5250
Intel Pentium 4 2933 MHz
512MB PC3200 DDR SDRAM
160gb Hard Drive
Windows XP Home SP2
 

A:Question mark over Ethernet Controller

Do you have an onboard internet connection. If so, you probably use the Realtek driver. It is found at eMachines product support. It is also found at
http://www.realtek.com.tw/downloads/downloadsView.aspx?Conn=4&DownTypeID=3&GetDown=false&Langid=1&Level=5&PFid=6&PNid=6>
or www.RealTek.com or www.eMachines.com

Look for the RealTek RTL8139/810X Network Driver, version 2.1.22.1026 or higher. It will be about 3.78 MB or a bit more.

It will come with installation instructions.

It is usually a very easy, and very good network connection.
With the eMachine computer shut down and unplugged, remove the side of the case, and take out the
 

Read other 8 answers
RELEVANCY SCORE 50.4

HELP! I'm so frustrated in trying to find someone who can help me with this issue ... I promised a report to the client several hours ago! The only way I know to fix it is to manually delete every single one. Too much time.

I'm importing spreadsheets from a system that I work with on a regular basis. There's a character box w/ a question mark, as if it's indicating a space or tab. How can I permanently stop this from happening? Of course this doesn't seem to be happening to anyone else who uses the same system ...

here's a screenshot:
 

A:Excel Character - Question Mark In A Box

Read other 13 answers
RELEVANCY SCORE 50.4

i have gone through my devices and on the bottom are my usbs and they all have a question mark by them
 

A:USB in device manager has a question mark by it

With the amount of information given I have to say the best advice I can give is install the driver.

Might want to check out the link in my signature.
 

Read other 1 answers
RELEVANCY SCORE 50.4

after switching from xp home to xp pro...in my device manager next to video controller there is a yellow question mark. i have tried to update driver...un-successful....i ran dxdiag.exe in display tab there is no manufacturer info...does this mean i do not have a graphics card or video controller. my dvd program will not let me play my videos...is this all connected? will provode any info neccessary upon request

A:video controller question mark

Copy and paste your dxdiag to the forum. Also, if you can, provide the video card make and model. We can further diagnose your issue from there.

If you can't provide the card information, if it is completely stock, provide the make and model of your pc. We can probably find the card info/the motherboard information (if it is integrated video).

Thanks much

Read other 1 answers
RELEVANCY SCORE 50.4

Don't know how and when, but all of a sudden I've seen all my outgoing emails in text format have a '?' at the beginning of the msg. E.g. "?Hello,...".
Obviously when I compose the msg there is no question mark.
This happens only if I use text format and with all codepages except UTF-8.

I've never installed external email clients and I've always been using Windows Mail and now Windows Live Mail 2011. IE7 then IE8 and now IE9beta. I don't use 3rd party firewalls/antivirus/anti-malware etc.

On the web it's impossible to find a solution and that's the best I've seen: Unwanted Question Mark In Message Body | TheDailyReviewer

Please, can someone help me?

A:Question mark '?' in outgoing emails

If you are running an ANSI program, if it doesn't understand a character, it sticks a '?' in place of it. If UTF-8 works I'd stick with that. I've only used English versions of Windows but from programming I know it's a can of worms when you start getting into code pages, unicode and all that jazz. Not everything understands non-ANSI char set. I'd try another mail program.

Read other 9 answers
RELEVANCY SCORE 50.4

not sure where to post this as it applies to all windows versions... why can't you have a question mark in the file names of files in Windows??? many pictures and songs I make is about a question and I HATE having to replace the question mark with an underscore!!! why aren't question marks allowed in file names???

A:Why can't you have a question mark (?) in file names???

Because it's a reserved character.http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspxUse any character in the current code page for a name, including Unicode characters and characters in the extended character set (128–255), except for the following:The following reserved characters:< (less than)> (greater than): (colon)" (double quote)/ (forward slash)\ (backslash)| (vertical bar or pipe)? (question mark)* (asterisk)

Read other 3 answers
RELEVANCY SCORE 50.4

I have done all cleans as instructed. When this first happened, I was also being directed to an "Adware" page every time I opened IE. Running AVG Anti-Spyware fixed that. I still have the flashing question mark and there is a program I can not remove called "System Alert Popup."Problem first occurred when son was surfing porn I think. Not certain about that.Following is "Hijack This"Any and all help appreciated.Logfile of HijackThis v1.99.1Scan saved at 12:11:54 PM, on 3/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\O... Read more

A:Flashing Question Mark In Tool Bar

Hello Sippy, Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 11 answers
RELEVANCY SCORE 50.4

Hello,
Tried to load a DVD today but could not open the DVD tray.
There's a big blue question mark over the drive.
Using a paperclip in the reset hole wouldn't open it.
I'm able to get the tray to come out by using my finger on the side of the door. I tried loading the DVD in then pushing it closed. It spins up and asks what I want to do with the DVD but won't let me select anything.
Device Manager says the device is working properly.
This is on a Dell i5-3340, 8M of RAM, Windows 10 Home 64 bit machine.
Any help will be appreciated.
Thanks for your time.

Just have to add, I can eject the tray from Disk Management.
 

Read other answers
RELEVANCY SCORE 50.4

Recipients of my emails often ask me why there are question marks after and before my posted message. I am not entering them, so why do they appear? This usually happens when I add a PDF attachment.

I'm sending from my Mac iBook G4 and recipients are on PCs.

Thanks for your help!
 

Read other answers
RELEVANCY SCORE 50.4

Hey everyone. The other day I was chatting with my friend, and I tried to ask a question, only to find that my question mark wasn't working. I told him that it sucked that I couldn't use my question mark or my slash, but after trying, I found that my slash actually was working. can anyone tall me what could be causing this problem? I could use some help. BTW, in case it matters, I'm using a dell latitude d620 with windows 7 on it.

PS: The only reason that I could use a question mark up there ^, was by using Alt+63, so I actually can use a question mark, just not with the key. :/

Thanks in advance!

A:question mark doesn't work, but / does...

How abouuuuut..?
Keyboard mapping
Thats a software based remedy, Otherwise just google keyboard mapping and I'm sure you'll find the way to do it w/out software.
Theres also a M$ program that might help you out.
http://www.microsoft.com/en-us/downl....aspx?id=22339
G'Luck
-D-

Read other 1 answers
RELEVANCY SCORE 50.4

Hello all ! Got a small glitch which I am hoping you can help me out with. I just reinstalled windows xp on a Dell Latitude D610 and did all the Microsoft updates to service pack 3 and about 72 other Microsoft updates. Also went to the Dell drivers update website and scanned my machine thru there for drivers and downloaded and installed their recommendations.Now when I go to "device manager", in other devices it lists 2 unknowns, Network controller and PCI simple communications controller. Two big question marks with a"!" in the middle. I uninstalled and tried reinstalling them, but it says it cannot find the file on those two. Laptop still works very good, but I am wondering if I need those 2 devices and if I do, where do I get them. Thanks in advance.

A:Other devices yellow question mark.

The PCI Simple Communcations device is probably the dial-up modem...I would just disable the modem in the BIOS, unless I was on dialup.http://support.dell.com/support/edocs/systems/latd610/en/ug_en/drivers.htm#wp1052327Driver Support WebpageYou need to pick the correct applicable driver for networking...and install same. Look at your system documentation to see which is applicable to the system you have.Louis

Read other 4 answers
RELEVANCY SCORE 50.4

whilst using my machine on line (XP) i restarted by its self and when it rebooted there was a new harddrive icon in my computer. this icon when clicked on and properties view, has 0byts but it has a small red circle with a white question mark . its kinda in the bottom left corner of the icon.

Has anyone seen heard of this before?
 

A:Restart created new HD with red question mark?

Do you have a camera, or other removable storage device plugged in to a usb port ?
 

Read other 1 answers
RELEVANCY SCORE 50

I recently bought an iPod and plugged it into my PC running XP Pro SP2 but it wasn't recognized so I then unplugged it. Well in Windows explorer when I click on "My Computer" the is a new local drive with a red circle/question mark on it. I can't seem to remove it and it doesn't show up in the disk management or device manager.

Could someone please let me know how to remove this unknown phantom drive?

Jeremy

A:Unknown drive with red circle and question mark

Hi jeremywar!!

Welcome to TSF!!

First of all, did you already restart the computer?

Read other 7 answers
RELEVANCY SCORE 50

Hi,
Device manager isnt reconigzing the smbus controller (puts a yellow question mark next to it.). My Computer is an Emachines T3504 with an Intel Motherboard and an ATI Xpress 200 Chipset. Ive Tried installing the Chipset Drivers but it hasnt solved the SM Buscontroller issue. Any ideas??

A:Yellow Question Mark SMBus Controller

Try the Intel site, http://www.intel.com/support/chipsets/sb/cs-013541.htm or http://ati.amd.com/products/radeonxpress200mIntel/specs.html.I forgot that was before AMD acquired ATI.Louis

Read other 8 answers
RELEVANCY SCORE 50

Under control panel, in my device manager i have the yellow ? against other diveces/multimedia audio controller.
Is this there as i have disabled my onboard audio on my motherboard as i have a creative soundcard now?

A:yellow question mark in device mananger

most probable
read your motherboard book to make sure there isnt a jumper or dip switch that had to be moved to use a sound card.

if thats the onboard sound, right click on the yellow conflict and disable it.

post back

Read other 3 answers
RELEVANCY SCORE 50

Hi all. . .I searched the forums and couldn't figure out how to fix my problem. I am not very computer savvy, so please forgive me if this sounds really dumb. .

My daughter has an A22M Thinkpad with Windows 2000 Pro. We can't get the internet to work after her b/f restored it to last known good configuration. Now, there is a question mark beside the "ethernet controller", PCI Serial port, and Display adapter under the device manager.

I went to the IBM site and downloaded the drivers for Ethernet driver for Intel PRO/100 SP Mini PCI combo card and reinstalled it but that didn't work. The question mark is still showing up. Any advice on how to fix this?

Thanks!!
 

A:Arghhh!! Ethernet Controller. . .Question Mark?

Read other 11 answers
RELEVANCY SCORE 50

Need help in getting rid of the icon. Everytime i click on it, it will direct me to http://www.spylocked.com/?aff=334. If I'm in full-screen mode it will automatically bring me back to window onces in awhile.
Thank for helping in advance.
 

A:System Tray with White Question Mark.

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 50

Anyone familiar with this problem, pls help, thx

A:idiotic keyboard question mark key types

Maybe this will help: Types ? instead of apostrophe ? instead of question mark - Control Panel - Windows 7

Read other 5 answers
RELEVANCY SCORE 50

I have recently reformatted my computer and removed vista and installed xp.
Now I'm no computer wizard so now I have learned the hard way to backup everything before you start a major project lol.Anyway Now I have yellow question mark in devive manager by other devices labled other device bridge,sm bus controller,and usb wireless 802.11 b/g. Are these things a problem in development and how can i fix it ?
 

A:Solved: Device Manager Question Mark

Read other 16 answers