bobbysaggers
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by bobbysaggers
-
Done. Here's the fixlog. Fixlog.txt
-
Okay. Addition.txt FRST.txt
-
Okay, I've successfully done everything except for the following. Fixing Windows Recovery and performing a normal boot. I repaired the WMI, confirmed it, but Windows Restore continues to say that it won't start. On the contrary it seemed to somewhat fix Windows Update because before it kept saying that it can't seem to install the new updates but now it's actually scanning. It's obviously not fixed yet because it failed to install 5 new updates. I'll include a picture. I've managed to gain access to standalone versions of all these new updates on Microsoft's website but I have no idea how to apply them. (Update files are in the other picture.) MSCONFIG will not let me apply a normal startup. I've re-enabled every start up program, every service, then checked the normal boot option but every time I click apply, it switches back to selective startup. Despite 'Load system servies' and 'load system items' both being checked underneath, it stays at selective startup regardless. Should I simply just not start MSCONFIG next time I reboot? I haven't used the fixlist yet as I would like to have these important factors taken care of. Windows Update Windows System Restore MSConfig
-
Sorry, I couldn't find a checkbox inside the Additions.txt. FRST.txt Addition.txt
-
I am so happy! These annoying processes aren't occurring anymore after the fix. THANK YOU! Sadly, Malwarebytes continues to say the same exact thing even when I perform the clean uninstall and reinstall over and over.
-
Thanks for all your help so far. Here's the fixlog results. Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01 Ran by SYSTEM (27-02-2017 18:50:20) Run:3 Running from d:\ Boot Mode: Recovery ============================================== fixlist content: ***************** HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] () GroupPolicy: Restriction <======= ATTENTION S2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () <==== ATTENTION S2 windowsmanagementservice; C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe [722432 2017-02-19] (ct Corp.) <==== ATTENTION <==== ATTENTION C:\Program Files (x86)\cpx C:\Program Files (x86)\svcvmx C:\Program Files (x86)\dataup C:\Users\ORLANDO\AppData\Local\Temp\20170221 ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value removed successfully C:\Windows\System32\GroupPolicy\Machine => moved successfully C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKLM\System\ControlSet001\Services\Dataup => key removed successfully Dataup => service removed successfully HKLM\System\ControlSet001\Services\windowsmanagementservice => key removed successfully windowsmanagementservice => service removed successfully "C:\Program Files (x86)\cpx" => not found. C:\Program Files (x86)\svcvmx => moved successfully C:\Program Files (x86)\dataup => moved successfully C:\Users\ORLANDO\AppData\Local\Temp\20170221 => moved successfully ==== End of Fixlog 18:50:20 ====
-
Okay, sorry for the wait. I managed to boot into advanced mode via USB and scan with FRST. Here's the log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2017 Ran by SYSTEM on MININT-CA5GI8H (26-02-2017 17:23:40) Running from e:\ Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] () Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) GroupPolicy: Restriction <======= ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () <==== ATTENTION S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd) S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] () S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation) S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation) S2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755200 2017-02-16] (qdcomsvc Inc.) S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.) S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] () S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S2 windowsmanagementservice; C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe [722432 2017-02-19] (ct Corp.) <==== ATTENTION <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S4 ksu; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe" ksu -r [X] S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA) S1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-21] () S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-09-16] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-09-16] (Disc Soft Ltd) S3 ITECIRfilter; C:\Windows\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. ) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2017-02-25] (Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-25] (Malwarebytes) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation) S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation) S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] () S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] () S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-25] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) S4 klhk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-26 17:15 - 2017-02-26 17:15 - 02423296 _____ (Farbar) C:\Users\ORLANDO\Downloads\FRST64.exe 2017-02-26 13:01 - 2017-02-26 17:13 - 00000258 __RSH C:\ProgramData\ntuser.pol 2017-02-26 13:01 - 2017-02-26 13:01 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\ORLANDO\Downloads\rufus-2.12.exe 2017-02-26 12:59 - 2017-02-26 13:03 - 00000000 ___HD C:\$WINDOWS.~BT 2017-02-26 12:57 - 2017-02-26 12:57 - 00001814 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2017-02-26 12:57 - 2017-02-26 12:57 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2017-02-26 12:54 - 2017-02-26 12:56 - 85420032 _____ C:\Users\ORLANDO\Downloads\Win10_1607_English_x64.iso 2017-02-26 12:30 - 2017-02-26 12:56 - 00694720 _____ (Disc Soft Ltd.) C:\Users\ORLANDO\Downloads\DTLiteInstaller.exe 2017-02-26 12:29 - 2017-02-26 12:29 - 00670720 _____ (HeiDoc.net) C:\Users\ORLANDO\Downloads\Windows ISO Downloader (1).exe 2017-02-26 12:23 - 2017-02-26 12:23 - 00670720 _____ (HeiDoc.net) C:\Users\ORLANDO\Downloads\Windows ISO Downloader.exe 2017-02-26 12:19 - 2017-02-26 12:19 - 00000000 ___HD C:\$Windows.~WS 2017-02-26 12:12 - 2017-02-26 12:12 - 18316400 _____ (Microsoft Corporation) C:\Users\ORLANDO\Downloads\MediaCreationTool (1).exe 2017-02-26 12:11 - 2017-02-26 12:11 - 00000000 ____D C:\ESD 2017-02-26 02:27 - 2017-02-26 12:14 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-02-26 02:22 - 2017-02-26 02:22 - 00003660 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask 2017-02-26 01:55 - 2017-02-26 01:55 - 05741448 _____ (Microsoft Corporation) C:\Users\ORLANDO\Downloads\Windows10Upgrade9252.exe 2017-02-26 01:55 - 2017-02-26 01:55 - 00000719 _____ C:\Users\ORLANDO\Desktop\Windows 10 Upgrade Assistant.lnk 2017-02-26 01:55 - 2017-02-26 01:55 - 00000000 ____D C:\Windows10Upgrade 2017-02-26 00:40 - 2017-02-26 00:40 - 00001134 _____ C:\Users\ORLANDO\Desktop\Snipping Tool.lnk 2017-02-25 23:26 - 2017-02-25 23:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ORLANDO\Downloads\rkill.exe 2017-02-25 21:43 - 2017-02-25 23:16 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2017-02-25 21:43 - 2017-02-25 23:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-02-25 21:43 - 2017-02-25 23:15 - 00109272 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys 2017-02-25 21:43 - 2017-02-25 23:14 - 00000000 ____D C:\Users\ORLANDO\Desktop\mbar 2017-02-25 21:42 - 2017-02-25 21:43 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ORLANDO\Downloads\mbar-1.09.3.1001.exe 2017-02-25 20:54 - 2017-02-25 20:54 - 00034970 _____ C:\Users\ORLANDO\Desktop\Addition.txt 2017-02-25 20:41 - 2017-02-25 20:41 - 00000000 ____D C:\Program Files (x86)\regtool 2017-02-25 20:35 - 2017-02-25 20:40 - 00000000 ____D C:\AdwCleaner 2017-02-25 20:35 - 2017-02-25 20:35 - 04015056 _____ C:\Users\ORLANDO\Desktop\AdwCleaner.exe 2017-02-25 20:30 - 2017-02-25 20:30 - 303014634 _____ C:\Users\ORLANDO\Desktop\regbackup.reg 2017-02-25 20:22 - 2017-02-25 20:22 - 01663040 _____ (Malwarebytes) C:\Users\ORLANDO\Downloads\JRT.exe 2017-02-25 18:14 - 2017-02-25 21:43 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-25 18:14 - 2017-02-25 18:14 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-25 18:14 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\System32\Drivers\mbae64.sys 2017-02-25 02:10 - 2017-02-25 17:04 - 00028272 _____ C:\Windows\System32\Drivers\TrueSight.sys 2017-02-25 02:10 - 2017-02-25 14:08 - 00000000 ____D C:\ProgramData\RogueKiller 2017-02-25 02:10 - 2017-02-25 02:10 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\Program Files\RogueKiller 2017-02-25 01:54 - 2017-02-25 01:54 - 00000000 ____D C:\Windows\pss 2017-02-25 01:24 - 2017-02-25 21:39 - 00000000 ____D C:\FRST 2017-02-25 01:10 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\Windows\System32\ffnd.exe 2017-02-25 01:04 - 2017-02-25 16:53 - 00000000 ____D C:\Program Files\FreeFixer 2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\FreeFixer 2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\FreeFixer 2017-02-23 19:13 - 2017-02-23 19:13 - 02627220 _____ C:\Users\ORLANDO\Downloads\Voice_005.m4a 2017-02-23 19:13 - 2017-02-23 19:13 - 01081392 _____ C:\Users\ORLANDO\Downloads\Voice_003.m4a 2017-02-22 19:07 - 2017-02-22 19:10 - 00000000 ____D C:\Windows\Microsoft Antimalware 2017-02-21 14:54 - 2017-02-21 14:54 - 00051784 _____ C:\Windows\System32\Drivers\drmkpro64.sys 2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{C4E82169-7343-96C2-F783-DCC4A24FDF70} 2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{4246D972-F5ED-6ED9-8DA9-CC01E447DE73} 2017-02-20 18:20 - 2017-02-20 18:20 - 00216089 _____ C:\ProgramData\cl.1487643569.bdinstall.bin 2017-02-20 18:20 - 2017-02-20 18:20 - 00028714 _____ C:\ProgramData\agent.1487643631.bdinstall.bin 2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\llssoft 2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Program Files (x86)\svcvmx 2017-02-20 18:15 - 2017-02-22 18:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-02-20 18:12 - 2017-02-20 18:12 - 00027972 _____ C:\ProgramData\agent.1487643129.bdinstall.bin 2017-02-20 18:07 - 2017-02-20 18:13 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\BitTorrent 2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\Desktop\BitTorrent.lnk 2017-02-20 18:06 - 2017-02-25 23:31 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-02-20 18:06 - 2017-02-20 18:19 - 00000000 ____D C:\Program Files\Common Files\AV 2017-02-20 17:59 - 2017-02-20 17:59 - 00000000 ____D C:\Program Files (x86)\winscr 2017-02-20 17:56 - 2017-02-20 17:56 - 01852928 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe 2017-02-20 17:56 - 2017-02-20 17:56 - 00006549 _____ C:\Windows\TEMPcoral.vbs 2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\qdcomsvc 2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\dataup 2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\c 2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\ProgramData\1487642148 2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\Mozilla 2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Macromedia 2017-02-17 15:50 - 2016-11-23 05:37 - 00000570 _____ C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json 2017-02-17 15:48 - 2017-02-25 16:54 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Bluestacks 2017-02-17 15:48 - 2017-02-17 15:50 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2017-02-16 21:38 - 2017-02-16 21:38 - 00000000 _____ C:\Users\ORLANDO\Documents\New Text Document (2).txt 2017-02-16 19:11 - 2017-02-26 13:02 - 00000000 ____D C:\Windows\Panther 2017-02-16 13:47 - 2017-02-16 13:47 - 00000201 _____ C:\Users\ORLANDO\Documents\2nd SONG CRAZY.txt 2017-02-14 13:42 - 2017-02-14 15:01 - 00000591 _____ C:\Users\ORLANDO\Documents\Beautiful Song That I Like.txt 2017-02-09 00:13 - 2017-02-09 02:22 - 00000102 _____ C:\Users\ORLANDO\Documents\Five Hundred Dollar PC.txt 2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\ProgramData\Samsung 2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\Program Files\Samsung 2017-02-08 01:00 - 2015-05-20 22:02 - 01490656 _____ (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll 2017-02-08 01:00 - 2015-05-20 22:02 - 00708168 _____ (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll 2017-02-08 01:00 - 2015-05-20 22:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys 2017-02-08 01:00 - 2015-05-20 22:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys 2017-02-03 23:29 - 2017-02-03 23:30 - 00000000 ____D C:\Users\ORLANDO\Documents\PCSX2 2017-02-03 23:28 - 2017-02-03 23:29 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0 2017-02-03 23:28 - 2017-02-03 23:28 - 00002008 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk 2017-02-03 23:27 - 2017-02-03 23:27 - 00000020 _____ C:\Users\ORLANDO\Documents\ass ins creed synister.txt 2017-02-02 23:31 - 2017-02-02 23:31 - 00000222 _____ C:\Users\ORLANDO\Desktop\Grand Theft Auto V.url 2017-01-30 19:26 - 2017-01-30 19:27 - 05596617 _____ (UserBenchmark.com) C:\Users\ORLANDO\Downloads\UserBenchMark.exe 2017-01-28 19:22 - 2017-01-28 19:22 - 18495884 _____ C:\Users\ORLANDO\Desktop\kart sav.sav 2017-01-28 16:45 - 2017-02-25 16:53 - 00000000 ____D C:\Users\ORLANDO\Valley 2017-01-28 16:44 - 2017-01-28 16:51 - 01307648 _____ C:\Users\ORLANDO\AppData\Local\file__0.localstorage 2017-01-27 20:12 - 2017-01-27 20:12 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Fallout4 2017-01-27 20:10 - 2017-01-27 20:10 - 00000000 ____D C:\Users\ORLANDO\Documents\My Games 2017-01-27 18:04 - 2017-01-27 18:04 - 00000222 _____ C:\Users\ORLANDO\Desktop\Fallout 4.url 2017-01-27 00:38 - 2017-01-27 00:38 - 00000000 ____D C:\Users\ORLANDO\Documents\Dolphin Emulator 2017-01-27 00:36 - 2017-01-27 00:36 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-01-27 00:36 - 2017-01-20 06:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2017-01-27 00:36 - 2016-12-15 16:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-01-27 00:36 - 2016-12-15 16:33 - 00266528 _____ C:\Windows\System32\vulkan-1.dll 2017-01-27 00:36 - 2016-12-15 16:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-01-27 00:36 - 2016-12-15 16:32 - 00125728 _____ C:\Windows\System32\vulkaninfo.exe 2017-01-27 00:34 - 2017-01-23 16:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 40192056 _____ C:\Windows\System32\nvcompiler.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6437849.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6437849.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFTH264.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFThevc.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcumd.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\System32\nvDecMFTMjpeg.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\Windows\System32\nv-vk64.json ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-26 17:17 - 2016-12-26 19:12 - 00000000 ____D C:\ProgramData\NVIDIA 2017-02-26 17:17 - 2016-09-24 02:54 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-26 17:17 - 2016-07-15 22:04 - 00524288 _____ C:\Windows\System32\config\BBI 2017-02-26 17:13 - 2016-09-24 02:51 - 00000000 ____D C:\users\ORLANDO 2017-02-26 17:09 - 2016-09-24 02:49 - 00000000 ____D C:\Windows\System32\SleepStudy 2017-02-26 13:03 - 2016-09-24 02:54 - 00001908 _____ C:\Windows\diagwrn.xml 2017-02-26 13:03 - 2016-09-24 02:54 - 00001908 _____ C:\Windows\diagerr.xml 2017-02-26 13:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2017-02-26 13:01 - 2015-10-29 23:24 - 00000000 ___HD C:\Windows\System32\GroupPolicy 2017-02-26 12:59 - 2016-09-16 21:56 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\DAEMON Tools Lite 2017-02-26 12:57 - 2016-09-16 21:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2017-02-26 12:24 - 2016-12-22 02:56 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{560433F8-5C21-4B4B-8D8A-0670D55FB686} 2017-02-26 12:22 - 2016-09-16 18:49 - 00977548 _____ C:\Windows\System32\PerfStringBackup.INI 2017-02-26 01:10 - 2016-12-30 16:32 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\CrashDumps 2017-02-26 00:05 - 2017-01-22 16:53 - 00000000 ____D C:\Users\ORLANDO\Desktop\New folder 2017-02-25 23:44 - 2016-09-16 18:46 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Packages 2017-02-25 23:44 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\spool 2017-02-25 23:44 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\setup 2017-02-25 23:44 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF 2017-02-25 23:44 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp 2017-02-25 23:28 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness 2017-02-25 20:42 - 2016-12-23 12:33 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-25 16:54 - 2016-07-16 03:47 - 00000000 __RHD C:\Users\Public\Libraries 2017-02-25 02:02 - 2016-12-23 15:15 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\ElevatedDiagnostics 2017-02-25 01:11 - 2017-01-09 00:33 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll 2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-22 19:07 - 2010-01-31 14:00 - 00000000 ____D C:\Users\ORLANDO\Desktop\OpenHardwareMonitor 2017-02-22 18:58 - 2016-09-23 18:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-02-21 18:49 - 2016-09-20 14:29 - 00000000 ____D C:\Windows\System32\MRT 2017-02-21 18:48 - 2016-09-20 14:29 - 138020592 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe 2017-02-20 18:21 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\ELAMBKUP 2017-02-20 18:21 - 2016-07-15 22:04 - 00065536 _____ C:\Windows\System32\config\ELAM 2017-02-20 17:59 - 2016-09-16 19:48 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-20 17:56 - 2016-12-09 17:41 - 00019627 _____ C:\bdlog.txt 2017-02-12 14:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\LiveKernelReports 2017-02-06 23:17 - 2016-09-16 19:49 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-03 23:28 - 2016-12-30 16:41 - 00000000 ____D C:\Windows\SysWOW64\directx 2017-02-02 23:22 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2017-02-02 21:09 - 2016-12-30 16:41 - 00001155 _____ C:\Users\ORLANDO\Desktop\MSI Afterburner.lnk 2017-02-02 17:38 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\NDF 2017-01-29 22:44 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2017-01-27 22:28 - 2016-12-27 12:37 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\NVIDIA 2017-01-27 00:45 - 2016-12-26 19:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-01-27 00:36 - 2016-12-26 19:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-01-27 00:28 - 2017-01-07 21:25 - 00000565 _____ C:\Users\ORLANDO\Desktop\Fraps.lnk ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2017-01-09 18:42] - [2016-12-13 20:24] - 0673792 ____A (Microsoft Corporation) 917F081E2AB667C44F7D96DE1D16DFAE C:\Windows\System32\wininit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0304240 ____A (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70 C:\Windows\explorer.exe [2016-12-09 12:07] - [2016-11-11 01:56] - 4673304 ____A (Microsoft Corporation) 4E10FB1A015B49AC68F76C1A3F4D9C0F C:\Windows\SysWOW64\explorer.exe [2016-12-09 12:08] - [2016-11-10 23:41] - 4311736 ____A (Microsoft Corporation) AF46710DDB8B0E304AA4FD2B940CABD8 C:\Windows\System32\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0044496 ____A (Microsoft Corporation) 36F670D89040709013F6A460176767EC C:\Windows\SysWOW64\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0038792 ____A (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B C:\Windows\System32\services.exe [2016-12-09 12:08] - [2016-11-11 01:51] - 0454592 ____A (Microsoft Corporation) 3C69CC28665854F1AAB4B4005005FA31 C:\Windows\System32\User32.dll [2016-12-22 23:38] - [2016-12-09 02:10] - 1461200 ____A (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26 C:\Windows\SysWOW64\User32.dll [2016-12-22 23:38] - [2016-12-09 01:52] - 1435896 ____A (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B C:\Windows\System32\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0033280 ____A (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69 C:\Windows\SysWOW64\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 0027648 ____A (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B C:\Windows\System32\rpcss.dll [2016-07-16 03:42] - [2016-07-16 03:42] - 0888320 ____A (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6 C:\Windows\System32\dnsapi.dll [2016-09-29 14:56] - [2016-09-15 09:30] - 0646136 ____A (Microsoft Corporation) 96B8A433F6407DE34850927C96C6CE9B C:\Windows\SysWOW64\dnsapi.dll [2016-09-29 14:56] - [2016-09-15 09:37] - 0496872 ____A (Microsoft Corporation) 227CFE3EDA82029AAC1C088A16297CD7 C:\Windows\System32\Drivers\volsnap.sys [2016-07-16 03:42] - [2016-07-16 03:42] - 0391520 ____A (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230 ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8114.85 MB Available physical RAM: 7328.04 MB Total Virtual: 8114.85 MB Available Virtual: 7382.15 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.41 GB) (Free:22.17 GB) NTFS Drive d: (System) (Fixed) (Total:149.01 GB) (Free:12.8 GB) NTFS Drive e: (CCSA_X64FRE_EN-US_DV5) (Fixed) (Total:14.91 GB) (Free:11.8 GB) NTFS ==>[system with boot components (obtained from drive)] Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: C1E18C9D) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=55.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F15C9808) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 14.9 GB) (Disk ID: 002A450B) Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS) LastRegBack: 2017-02-21 14:54 ==================== End of FRST.txt ============================
-
Okay, I have no access to another clean computer at all so this is going to be a bit tricky. I guess the only way to access Advanced Startup Options in Windows 10 is to use an installation disk which I don't have. Sigh. Wish there was a more convenient way to access these options. Thanks Windows 10.
-
Here's what the process looks like in person. The Malwarebytes Root-Kit Scanner actually detected thousands of files having to do with that svcvmx.exe virus while it was constantly freezing.
-
Yeah.. It's been scanning one file for a long time now. There's a web address in that file. Weird. This virus is not having it.
-
It's still going. (Even though it says not responding like this in the parentheses.) Over 2000 malware found so far. Wow.
-
Okay, it's been running for about 10 minutes so far. It's still scanning but it has already found over a thousand malware files. It's not responding though. Should I be concerned or is that just the scanning process?
-
Alright, there ya go! Fixlog.txt
-
Okay, my computer restarted. Here's the log. Fixlog.txt
-
I can't start it. It continues to say parameter is incorrect.
-
Thank you for responding. I used the Junkware Removal Tool and Adwcleaner and they worked just fine but the Sophos Free Virus Removal Tool comes up with the same error saying, "The parameter is incorrect." I'm also still seeing the same malicious processes in the Task Manager, unfortunately. Here are the logs for, JRT, Adw, and FRST just the way you wanted them. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 10 Home x64 Ran by ORLANDO (Administrator) on Sat 02/25/2017 at 20:22:30.22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 43 Failed to delete: C:\ProgramData\microleaves (Folder) Failed to delete: C:\WINDOWS\Tasks\Traffic Exchange Updater.job (Task) Failed to delete: C:\WINDOWS\tempcoral.vbs (File) Failed to delete: C:\Program Files (x86)\dataup (Folder) Failed to delete: C:\Program Files (x86)\microleaves (Folder) Successfully deleted: C:\ProgramData\{606a5394-312c-1} (Folder) Successfully deleted: C:\ProgramData\{7b0c73be-212c-0} (Folder) Successfully deleted: C:\ProgramData\6d2d265c (Folder) Successfully deleted: C:\ProgramData\aabda3c9-0e83-0 (Folder) Successfully deleted: C:\ProgramData\aabda3c9-63f7-0 (Folder) Successfully deleted: C:\ProgramData\d0dfc1ff-24f1-1 (Folder) Successfully deleted: C:\ProgramData\d0dfc1ff-67a5-0 (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\DriverDR Scheduled Scan (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application Updater (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 Guard (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 Guardian (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v209 Guard (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v209 Guardian (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v209 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange Updater (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 - 1 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 - 2 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 - 3 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v209 - 1 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v209 - 2 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v209 - 3 (Task) Successfully deleted: C:\WINDOWS\Tasks\DriverDR Scheduled Scan.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application Updater.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v2 Guard.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v2 Guardian.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v2.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v209 Guard.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v209 Guardian.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Online Application v209.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job (Task) Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job (Task) Successfully deleted: C:\Program Files (x86)\regtool (Folder) Registry: 4 Failed to delete: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpx (Registry Value) Failed to delete: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx (Registry Value) Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\Dataup (Registry Key) Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\windowsmanagementservice (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 02/25/2017 at 20:23:21.12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **********************Adwcleaner Log************************* # AdwCleaner v6.043 - Logfile created 25/02/2017 at 20:37:03 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-24.1 [Server] # Operating System : Windows 10 Home (X64) # Username : ORLANDO - DESKTOP-06E2V5A # Running from : C:\Users\ORLANDO\Desktop\AdwCleaner.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: Dataup Service Found: windowsmanagementservice ***** [ Folders ] ***** Folder Found: C:\ProgramData\Microleaves Folder Found: C:\ProgramData\Application Data\Microleaves Folder Found: C:\Program Files (x86)\dataup Folder Found: C:\Program Files (x86)\regtool Folder Found: C:\Program Files (x86)\Microleaves ***** [ Files ] ***** File Found: C:\Users\ORLANDO\Downloads\ReimageRepair.exe File Found: C:\WINDOWS\TEMPcoral.vbs File Found: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage File Found: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage-journal File Found: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.solvusoft.com_0.localstorage File Found: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.solvusoft.com_0.localstorage-journal ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** Task Found: {790C0847-7F0C-0E05-0811-7D797E7A117F} ***** [ Registry ] ***** Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService Key Found: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService Key Found: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} Key Found: HKLM\SOFTWARE\Microleaves Key Found: [x64] HKLM\SOFTWARE\Microleaves Data Found: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26} [NameServer] - 82.163.143.157 82.163.142.159 Data Found: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26} [NameServer] - 82.163.143.157 82.163.142.159 Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cpx] Key Found: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com Chrome pref Found: [C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.ask.com ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [3328 Bytes] - [25/02/2017 20:37:03] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3401 Bytes] ########## Addition.txt FRST.txt
-
Okay, I've installed the free trial of Malwarebytes but it will not start no matter what. (Yes, I disabled my anti-virus before installing this one.) The error comes up saying, "The parameter is incorrect." Something having to do with the mbam.exe. Please keep in mind that my computer is infected with multiple adware that I would love to remove. They all must've bypassed my anti-virus.. A couple that I noticed were named 'vmxclient.exe' and 'winscr.exe'. Those are obviously eating away at my computers performance. But enough of that. Here is the log from FRST. I will copy and paste the FRST.txt and attach the addition.txt. Help would be appreciated. ------------------------------------------------------------------FRST.txt---------------------------------------------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017 Ran by ORLANDO (administrator) on DESKTOP-06E2V5A (25-02-2017 19:10:09) Running from C:\Users\ORLANDO\Desktop Loaded Profiles: ORLANDO (Available Profiles: ORLANDO) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe () C:\Program Files (x86)\dataup\dataup.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe () C:\Program Files (x86)\svcvmx\svcvmx.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe (qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe (ct Corp.) C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe (winscr) C:\Program Files (x86)\winscr\winscr.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Failed to access process -> vmxclient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe () C:\Program Files (x86)\svcvmx\vmxclient.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] () Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab) HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159 Tcpip\..\Interfaces\{1dba7fbb-eac9-4385-a410-45eec5adea5f}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26}: [NameServer] 82.163.143.157 82.163.142.159 Tcpip\..\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-938885844-2572887661-1113377308-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 FireFox: ======== FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default [2017-02-22] CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-28] CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-25] CHR Extension: (Adobe Acrobat) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-22] CHR Extension: (Chrome Web Store Payments) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22] CHR Extension: (Chrome Media Router) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22] CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-09] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] () R3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation) R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755200 2017-02-16] (qdcomsvc Inc.) [File not signed] R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.) R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] () S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 windowsmanagementservice; C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe [722432 2017-02-19] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X] S2 ProductAgentService; "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" [X] S2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe" /service [X] S4 VSSERV; "C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe" /service [X] S2 vsservp; "C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA) R1 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [51784 2017-02-21] () [File not signed] S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-16] (Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-16] (Disc Soft Ltd) R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. ) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] () S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] () U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-25] () S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) U4 klhk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-25 19:10 - 2017-02-25 19:10 - 00012915 _____ C:\Users\ORLANDO\Desktop\FRST.txt 2017-02-25 18:14 - 2017-02-25 18:14 - 55566792 _____ (Malwarebytes ) C:\Users\ORLANDO\Downloads\mb3-setup-consumer-3.0.6.1469.exe 2017-02-25 18:14 - 2017-02-25 18:14 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-25 18:14 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-02-25 17:38 - 2017-02-25 17:38 - 00000000 ____D C:\Program Files (x86)\regtool 2017-02-25 17:20 - 2017-02-25 17:20 - 00044153 _____ C:\Users\ORLANDO\Downloads\Addition.txt 2017-02-25 16:58 - 2017-02-25 01:16 - 02423296 ____N (Farbar) C:\Users\ORLANDO\Desktop\FRST64.exe 2017-02-25 02:10 - 2017-02-25 17:04 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-02-25 02:10 - 2017-02-25 14:08 - 00000000 ____D C:\ProgramData\RogueKiller 2017-02-25 02:10 - 2017-02-25 02:10 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\Program Files\RogueKiller 2017-02-25 01:54 - 2017-02-25 01:54 - 00000000 ____D C:\WINDOWS\pss 2017-02-25 01:24 - 2017-02-25 19:10 - 00000000 ____D C:\FRST 2017-02-25 01:21 - 2017-02-25 01:22 - 00604928 _____ (Reimage) C:\Users\ORLANDO\Downloads\ReimageRepair.exe 2017-02-25 01:10 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe 2017-02-25 01:04 - 2017-02-25 16:53 - 00000000 ____D C:\Program Files\FreeFixer 2017-02-25 01:04 - 2017-02-25 01:04 - 02704615 _____ (Kephyr) C:\Users\ORLANDO\Downloads\freefixersetup.exe 2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\FreeFixer 2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\FreeFixer 2017-02-23 19:13 - 2017-02-23 19:13 - 02627220 _____ C:\Users\ORLANDO\Downloads\Voice_005.m4a 2017-02-23 19:13 - 2017-02-23 19:13 - 01081392 _____ C:\Users\ORLANDO\Downloads\Voice_003.m4a 2017-02-22 19:07 - 2017-02-22 19:10 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware 2017-02-21 17:58 - 2017-02-21 17:59 - 00000000 ____D C:\ProgramData\Microleaves 2017-02-21 14:54 - 2017-02-21 14:54 - 00051784 _____ C:\WINDOWS\system32\Drivers\drmkpro64.sys 2017-02-21 06:29 - 2017-02-21 06:29 - 00000000 ____D C:\ProgramData\aabda3c9-63f7-0 2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{C4E82169-7343-96C2-F783-DCC4A24FDF70} 2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{4246D972-F5ED-6ED9-8DA9-CC01E447DE73} 2017-02-21 06:24 - 2017-02-21 06:24 - 00023710 _____ C:\WINDOWS\System32\Tasks\{790C0847-7F0C-0E05-0811-7D797E7A117F} 2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\aabda3c9-0e83-0 2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\6d2d265c 2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{7b0c73be-212c-0} 2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{606a5394-312c-1} 2017-02-20 18:20 - 2017-02-20 18:20 - 00216089 _____ C:\ProgramData\cl.1487643569.bdinstall.bin 2017-02-20 18:20 - 2017-02-20 18:20 - 00028714 _____ C:\ProgramData\agent.1487643631.bdinstall.bin 2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\llssoft 2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Program Files (x86)\svcvmx 2017-02-20 18:15 - 2017-02-22 18:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-02-20 18:15 - 2017-02-20 18:15 - 00001310 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk 2017-02-20 18:15 - 2017-02-20 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater 2017-02-20 18:13 - 2017-02-20 18:13 - 00001159 _____ C:\Users\ORLANDO\Desktop\Install Kaspersky Security Scan version 16.0.0.1344.lnk 2017-02-20 18:12 - 2017-02-20 18:12 - 00027972 _____ C:\ProgramData\agent.1487643129.bdinstall.bin 2017-02-20 18:07 - 2017-02-20 18:13 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\BitTorrent 2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\Desktop\BitTorrent.lnk 2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2017-02-20 18:06 - 2017-02-22 18:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-02-20 18:06 - 2017-02-20 18:19 - 00000000 ____D C:\Program Files\Common Files\AV 2017-02-20 18:04 - 2017-02-20 18:05 - 177912864 _____ (Kaspersky Lab) C:\Users\ORLANDO\Downloads\kis17.0.0.611en_10743.exe 2017-02-20 18:00 - 2017-02-20 18:01 - 118423206 _____ C:\Users\ORLANDO\Downloads\Unconfirmed 522685.crdownload 2017-02-20 17:59 - 2017-02-20 17:59 - 01800192 _____ C:\Users\ORLANDO\Downloads\Kaspersky Internet Security 2016 Final Crack is Here.iso 2017-02-20 17:59 - 2017-02-20 17:59 - 00000000 ____D C:\Program Files (x86)\winscr 2017-02-20 17:56 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\d0dfc1ff-67a5-0 2017-02-20 17:56 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\d0dfc1ff-24f1-1 2017-02-20 17:56 - 2017-02-20 17:57 - 00000406 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job 2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job 2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job 2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job 2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job 2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job 2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job 2017-02-20 17:56 - 2017-02-20 17:56 - 01852928 _____ (splsrv Corp.) C:\WINDOWS\SysWOW64\splsrv.exe 2017-02-20 17:56 - 2017-02-20 17:56 - 00006549 _____ C:\WINDOWS\TEMPcoral.vbs 2017-02-20 17:56 - 2017-02-20 17:56 - 00003294 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater 2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3 2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2 2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1 2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\qdcomsvc 2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\dataup 2017-02-20 17:55 - 2017-02-20 17:57 - 00000420 _____ C:\WINDOWS\Tasks\Online Application Updater.job 2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209.job 2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job 2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job 2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2.job 2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job 2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job 2017-02-20 17:55 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\Microleaves 2017-02-20 17:55 - 2017-02-20 17:55 - 00003314 _____ C:\WINDOWS\System32\Tasks\Online Application Updater 2017-02-20 17:55 - 2017-02-20 17:55 - 00003280 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian 2017-02-20 17:55 - 2017-02-20 17:55 - 00003274 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard 2017-02-20 17:55 - 2017-02-20 17:55 - 00003266 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian 2017-02-20 17:55 - 2017-02-20 17:55 - 00003262 _____ C:\WINDOWS\System32\Tasks\Online Application v209 2017-02-20 17:55 - 2017-02-20 17:55 - 00003260 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard 2017-02-20 17:55 - 2017-02-20 17:55 - 00003248 _____ C:\WINDOWS\System32\Tasks\Online Application v2 2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\c 2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\ProgramData\1487642148 2017-02-20 17:54 - 2017-02-20 17:54 - 01800192 _____ C:\Users\ORLANDO\Downloads\FL Studio 11 (2014) With Crack Full Version.iso 2017-02-20 17:50 - 2017-02-20 17:50 - 00834214 _____ C:\Users\ORLANDO\Downloads\FL5tud1o123licencekeyCrackcg.zip 2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\Mozilla 2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Macromedia 2017-02-17 15:50 - 2016-11-23 05:37 - 00000570 _____ C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json 2017-02-17 15:48 - 2017-02-25 16:54 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Bluestacks 2017-02-17 15:48 - 2017-02-17 15:50 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2017-02-17 15:36 - 2017-02-17 15:47 - 335132976 _____ (BlueStack Systems Inc.) C:\Users\ORLANDO\Downloads\BlueStacks2_native_7399b918738d3feb7696e539a4902efa.exe 2017-02-16 21:38 - 2017-02-16 21:38 - 00000000 _____ C:\Users\ORLANDO\Documents\New Text Document (2).txt 2017-02-16 19:11 - 2017-02-16 19:11 - 00000000 ____D C:\WINDOWS\Panther 2017-02-16 13:47 - 2017-02-16 13:47 - 00000201 _____ C:\Users\ORLANDO\Documents\2nd SONG CRAZY.txt 2017-02-14 14:53 - 2017-02-14 14:53 - 09477678 _____ C:\Users\ORLANDO\Downloads\vnROM.net.rar 2017-02-14 14:43 - 2017-02-14 14:43 - 29419520 _____ C:\Users\ORLANDO\Desktop\AdbEnabled_G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME.tar 2017-02-14 14:43 - 2017-02-14 14:43 - 00000000 ____D C:\Users\ORLANDO\Desktop\AdbEnabled_G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME 2017-02-14 14:39 - 2017-02-14 14:39 - 00000000 ____D C:\Users\ORLANDO\Downloads\usb debugging enabler pc tricks zone 2017-02-14 13:42 - 2017-02-14 15:01 - 00000591 _____ C:\Users\ORLANDO\Documents\Beautiful Song That I Like.txt 2017-02-09 22:06 - 2017-02-09 22:07 - 00000000 ____D C:\Users\ORLANDO\Downloads\CF-Auto-Root-zeroltetmo-zeroltetmo-smg925t 2017-02-09 21:20 - 2016-11-17 13:48 - 4042680488 _____ C:\Users\ORLANDO\Downloads\G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME.tar.md5 2017-02-09 00:13 - 2017-02-09 02:22 - 00000102 _____ C:\Users\ORLANDO\Documents\Five Hundred Dollar PC.txt 2017-02-08 19:34 - 2017-02-08 22:21 - 1955906374 _____ C:\Users\ORLANDO\Downloads\G925TUVU5EPK5_G925TTMB5EPK5_TMB.zip 2017-02-08 19:18 - 2016-05-19 17:20 - 65536081 _____ C:\Users\ORLANDO\Desktop\CF-Auto-Root-zeroltetmo-zeroltetmo-smg925t.tar.md5 2017-02-08 19:16 - 2017-02-08 19:16 - 09330032 _____ (Samsung Electronics Co., Ltd.) C:\Users\ORLANDO\Downloads\Samsung-Usb-Driver-v1.5.55.0.exe 2017-02-08 19:10 - 2017-02-08 19:10 - 01107376 _____ C:\Users\ORLANDO\Downloads\odin3_v3.10.7.zip 2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\ProgramData\Samsung 2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\Program Files\Samsung 2017-02-08 01:00 - 2015-05-20 22:02 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll 2017-02-08 01:00 - 2015-05-20 22:02 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll 2017-02-08 01:00 - 2015-05-20 22:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2017-02-08 01:00 - 2015-05-20 22:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2017-02-03 23:29 - 2017-02-03 23:30 - 00000000 ____D C:\Users\ORLANDO\Documents\PCSX2 2017-02-03 23:28 - 2017-02-03 23:29 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0 2017-02-03 23:28 - 2017-02-03 23:28 - 00002008 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk 2017-02-03 23:27 - 2017-02-03 23:27 - 00000020 _____ C:\Users\ORLANDO\Documents\ass ins creed synister.txt 2017-02-02 23:31 - 2017-02-02 23:31 - 00000222 _____ C:\Users\ORLANDO\Desktop\Grand Theft Auto V.url 2017-01-30 19:26 - 2017-01-30 19:27 - 05596617 _____ (UserBenchmark.com) C:\Users\ORLANDO\Downloads\UserBenchMark.exe 2017-01-28 19:22 - 2017-01-28 19:22 - 18495884 _____ C:\Users\ORLANDO\Desktop\kart sav.sav 2017-01-28 16:45 - 2017-02-25 16:53 - 00000000 ____D C:\Users\ORLANDO\Valley 2017-01-28 16:44 - 2017-01-28 16:51 - 01307648 _____ C:\Users\ORLANDO\AppData\Local\file__0.localstorage 2017-01-28 16:23 - 2017-01-28 16:42 - 358226169 _____ (Unigine Corp. ) C:\Users\ORLANDO\Downloads\Unigine_Valley-1.0.exe 2017-01-27 20:12 - 2017-01-27 20:12 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Fallout4 2017-01-27 20:10 - 2017-01-27 20:10 - 00000000 ____D C:\Users\ORLANDO\Documents\My Games 2017-01-27 18:04 - 2017-01-27 18:04 - 00000222 _____ C:\Users\ORLANDO\Desktop\Fallout 4.url 2017-01-27 00:38 - 2017-01-27 00:38 - 00000000 ____D C:\Users\ORLANDO\Documents\Dolphin Emulator 2017-01-27 00:36 - 2017-01-27 00:36 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-01-27 00:36 - 2017-01-20 06:07 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2017-01-27 00:36 - 2016-12-15 16:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2017-01-27 00:36 - 2016-12-15 16:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll 2017-01-27 00:36 - 2016-12-15 16:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2017-01-27 00:36 - 2016-12-15 16:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe 2017-01-27 00:34 - 2017-01-23 16:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00719160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00618232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00609216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00573120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00447800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json 2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-25 18:52 - 2016-09-24 02:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-25 17:55 - 2016-12-30 16:32 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\CrashDumps 2017-02-25 17:42 - 2016-09-16 18:49 - 02703564 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-25 17:38 - 2016-12-26 19:12 - 00000000 ____D C:\ProgramData\NVIDIA 2017-02-25 17:37 - 2016-12-23 12:33 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-25 17:36 - 2016-09-24 02:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-25 17:36 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-02-25 16:54 - 2016-07-16 03:47 - 00000000 __RHD C:\Users\Public\Libraries 2017-02-25 16:19 - 2016-12-22 02:56 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{560433F8-5C21-4B4B-8D8A-0670D55FB686} 2017-02-25 02:27 - 2015-10-29 23:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-02-25 02:02 - 2016-12-23 15:15 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\ElevatedDiagnostics 2017-02-25 01:59 - 2016-12-23 15:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-02-25 01:11 - 2017-01-09 00:33 - 00119296 _____ C:\WINDOWS\SysWOW64\zlib.dll 2017-02-25 01:11 - 2016-09-24 02:51 - 00000000 ____D C:\Users\ORLANDO 2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-22 19:26 - 2016-10-30 17:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-22 19:07 - 2010-01-31 14:00 - 00000000 ____D C:\Users\ORLANDO\Desktop\OpenHardwareMonitor 2017-02-22 18:58 - 2016-09-23 18:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-02-21 18:49 - 2016-09-20 14:29 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-21 18:48 - 2016-09-20 14:29 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-21 00:26 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-20 18:21 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP 2017-02-20 18:21 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-20 18:21 - 2016-07-15 22:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM 2017-02-20 17:59 - 2016-09-16 19:48 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-20 17:56 - 2016-12-09 17:41 - 00019627 _____ C:\bdlog.txt 2017-02-12 14:54 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-02-06 23:17 - 2016-09-16 19:49 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-06 23:17 - 2016-09-16 19:49 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-03 23:28 - 2016-12-30 16:41 - 00000000 ____D C:\WINDOWS\SysWOW64\directx 2017-02-02 23:22 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2017-02-02 21:09 - 2016-12-30 16:41 - 00001155 _____ C:\Users\ORLANDO\Desktop\MSI Afterburner.lnk 2017-02-02 17:38 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-01-29 22:44 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2017-01-27 22:28 - 2016-12-27 12:37 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\NVIDIA 2017-01-27 00:45 - 2016-12-26 19:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-01-27 00:37 - 2016-12-26 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-01-27 00:36 - 2016-12-26 19:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-01-27 00:28 - 2017-01-07 21:25 - 00000565 _____ C:\Users\ORLANDO\Desktop\Fraps.lnk 2017-01-26 22:30 - 2016-12-27 12:35 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-26 22:30 - 2016-12-26 19:14 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-01-26 22:30 - 2016-12-26 19:13 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-26 22:30 - 2016-12-26 19:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-01-26 22:29 - 2016-12-26 19:13 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-26 22:29 - 2016-12-26 19:13 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-26 22:29 - 2016-12-26 19:13 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-26 22:29 - 2016-12-26 19:13 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-26 22:29 - 2016-12-26 19:13 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ==================== Files in the root of some directories ======= 2017-01-28 16:44 - 2017-01-28 16:51 - 1307648 _____ () C:\Users\ORLANDO\AppData\Local\file__0.localstorage 2017-02-17 15:50 - 2016-11-23 05:37 - 0000570 _____ () C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json 2016-11-14 20:38 - 2016-11-14 20:38 - 0047421 _____ () C:\ProgramData\agent.1479184695.bdinstall.bin 2016-12-30 16:31 - 2016-12-30 16:31 - 0028190 _____ () C:\ProgramData\agent.1483144259.bdinstall.bin 2017-02-20 18:12 - 2017-02-20 18:12 - 0027972 _____ () C:\ProgramData\agent.1487643129.bdinstall.bin 2017-02-20 18:20 - 2017-02-20 18:20 - 0028714 _____ () C:\ProgramData\agent.1487643631.bdinstall.bin 2017-02-20 18:20 - 2017-02-20 18:20 - 0216089 _____ () C:\ProgramData\cl.1487643569.bdinstall.bin 2016-09-24 02:50 - 2016-09-24 02:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-12-27 12:35 - 2017-01-04 22:15 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log 2016-12-27 12:35 - 2017-01-04 22:13 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 Some files in TEMP: ==================== 2017-02-25 02:10 - 2016-11-11 02:13 - 1886344 _____ (Microsoft Corporation) C:\Users\ORLANDO\AppData\Local\Temp\dllnt_dump.dll 2017-02-25 16:54 - 2017-02-14 02:05 - 0897048 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-Common.dll 2017-02-25 16:54 - 2017-02-14 02:05 - 0515608 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-InstallerUtils.dll 2017-02-25 16:54 - 2017-02-14 01:56 - 0187416 _____ (BlueStack Systems) C:\Users\ORLANDO\AppData\Local\Temp\HD-LibraryHandler.dll 2017-02-25 16:54 - 2017-02-14 01:55 - 0246808 _____ (BlueStack Systems) C:\Users\ORLANDO\AppData\Local\Temp\HD-Logger-Native.dll 2017-02-25 16:54 - 2017-02-14 02:05 - 0426008 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-Uninstaller.exe 2016-12-26 19:13 - 2016-12-11 10:23 - 0860776 _____ (NVIDIA Corporation) C:\Users\ORLANDO\AppData\Local\Temp\nvSCPAPI64.dll 2017-01-27 00:19 - 2016-12-11 10:23 - 0353336 _____ (NVIDIA Corporation) C:\Users\ORLANDO\AppData\Local\Temp\nvStInst.exe 2016-08-15 23:48 - 2016-08-15 23:48 - 0488960 _____ () C:\Users\ORLANDO\AppData\Local\Temp\sqlite3.exe 2017-02-19 18:53 - 2017-02-19 18:53 - 0061440 _____ () C:\Users\ORLANDO\AppData\Local\Temp\wzjyhvht.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-21 14:54 ==================== End of FRST.txt ============================ Addition.txt
-
Hello, guys. I'm having an annoying issue with this certain adware that must've bypassed Windows Anti-virus. (I know, I need a better anti-virus.) It shows up in the Task Manager as 'winvmx client' and the process name is 'vmxclient.exe'. I'm positive that I have other adware as well as there is also another process named 'winscr.exe' but there are others too. What I do know is that all of these malicious processes are eating up my CPU along with my entire PC's performance. I downloaded FRST from my phone onto my computer and performed a scan so here are the results. It generated 2 .txt files. I attached them. Please help me find a solution to removing all of this junk as soon as possible. Thanks. Addition.txt FRST.txt
