Jump to content

leafaninottawa

Honorary Members
  • Posts

    40
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Pretty good, seems to be tasking everything as quick as it should, thank you for the help I appreciate it very much!
  2. and the second results Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by LeAfA (administrator) on DESKTOP-OAP8824 (21-03-2018 10:21:29) Running from C:\Users\LeAfA\Downloads Loaded Profiles: LeAfA (Available Profiles: LeAfA) Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\vds.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9244144 2017-09-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502704 2017-09-27] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.) HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [629368 2017-10-27] (NVIDIA Corporation) Startup: C:\Users\LeAfA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk [2018-03-21] ShortcutTarget: ZMatrix.lnk -> C:\Program Files (x86)\ZMatrix\matrix.exe (Happy Dude) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{fa4c9b79-ff0a-4560-ace3-355d674458cf}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-1934100324-3847439472-2343071431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={4F06CAE4-256B-44F1-93D9-CEE58E1C42CF}&mid=847781a306ad47cd92caa90c821a8e1c-99935a038e48fcd677e957f0a57e594120eef127&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116avz&pr=fr&d=2016-01-26 08:39:10&v=4.3.6.255&pid=wtu&sg=&sap=hp HKU\S-1-5-21-1934100324-3847439472-2343071431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-ca-e FireFox: ======== FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-21] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ca/ CHR StartupUrls: Default -> "hxxp://www.google.ca/" CHR Profile: C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default [2018-03-21] CHR Extension: (Slides) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-21] CHR Extension: (Docs) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-21] CHR Extension: (Google Drive) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2018-03-21] CHR Extension: (YouTube) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-21] CHR Extension: (Sheets) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-21] CHR Extension: (Google Docs Offline) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-21] CHR Extension: (Gmail) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-21] CHR Extension: (Chrome Media Router) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-21] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373720 2016-12-23] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [332408 2017-09-27] (Realtek Semiconductor) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 MpKslac60dceb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00F4E9A4-76AE-4B4E-8E60-55F088119BAF}\MpKslac60dceb.sys [58120 2018-03-21] (Microsoft Corporation) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_0109a19b5125cb43\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-21 11:11 - 2018-03-21 10:14 - 000000000 ____D C:\Windows\Panther 2018-03-21 10:21 - 2018-03-21 10:21 - 002403328 _____ (Farbar) C:\Users\LeAfA\Downloads\FRST64.exe 2018-03-21 10:21 - 2018-03-21 10:21 - 000009131 _____ C:\Users\LeAfA\Downloads\FRST.txt 2018-03-21 10:21 - 2018-03-21 10:21 - 000000000 ____D C:\FRST 2018-03-21 10:15 - 2018-03-21 10:15 - 000000000 _SHDL C:\Documents and Settings 2018-03-21 10:12 - 2018-03-21 10:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-21 10:12 - 2018-03-21 10:12 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2018-03-21 10:11 - 2018-03-21 10:11 - 000221968 _____ C:\Windows\system32\FNTCACHE.DAT 2018-03-21 10:11 - 2018-03-21 10:11 - 000000000 ____D C:\Windows\ServiceProfiles 2018-03-21 10:11 - 2018-03-21 09:37 - 000000000 ____D C:\Windows\system32\SleepStudy 2018-03-21 09:45 - 2018-03-21 09:45 - 000000074 _____ C:\Windows\ZMatrixSS.ini 2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\.ZMatrix 2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZMatrix 2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\Program Files (x86)\ZMatrix 2018-03-21 09:42 - 2018-03-21 09:43 - 002071626 _____ C:\Users\LeAfA\Downloads\ZMatrixSetupNT_1_5_2.exe 2018-03-21 09:38 - 2018-03-21 09:38 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\Google 2018-03-21 07:53 - 2018-03-21 07:53 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Comms 2018-03-21 07:51 - 2018-03-21 07:52 - 000000000 ____D C:\Users\LeAfA\AppData\Local\PackageStaging 2018-03-21 07:40 - 2018-03-21 07:40 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-21 07:40 - 2018-03-21 07:40 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-03-21 07:39 - 2018-03-21 09:46 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Google 2018-03-21 07:39 - 2018-03-21 07:40 - 000000000 ____D C:\Program Files (x86)\Google 2018-03-21 07:39 - 2018-03-21 07:39 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-03-21 07:39 - 2018-03-21 07:39 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-03-21 07:34 - 2018-03-21 07:34 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1934100324-3847439472-2343071431-1001 2018-03-21 07:34 - 2018-03-21 07:34 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2018-03-21 07:34 - 2018-03-21 07:34 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ___HD C:\OneDriveTemp 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Windows\LastGood 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Program Files\Intel 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Program Files (x86)\Intel 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Intel 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin 2018-03-21 07:33 - 2018-03-21 07:34 - 000002367 _____ C:\Users\LeAfA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-03-21 07:33 - 2018-03-21 07:34 - 000000000 ___RD C:\Users\LeAfA\OneDrive 2018-03-21 07:33 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2018-03-21 07:33 - 2017-10-27 12:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2018-03-21 07:33 - 2017-09-13 19:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll 2018-03-21 07:33 - 2017-09-13 19:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2018-03-21 07:33 - 2017-09-13 19:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll 2018-03-21 07:33 - 2017-09-13 19:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe 2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\NVIDIA 2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2018-03-21 07:32 - 2018-03-21 07:32 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2018-03-21 07:32 - 2017-11-09 05:39 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2018-03-21 07:32 - 2017-11-09 05:39 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2018-03-21 07:32 - 2017-10-27 12:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat 2018-03-21 07:32 - 2017-10-27 12:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2018-03-21 07:32 - 2017-10-25 06:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin 2018-03-21 07:31 - 2018-03-21 08:39 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Packages 2018-03-21 07:31 - 2018-03-21 07:32 - 000000000 ____D C:\Users\LeAfA\AppData\Local\ConnectedDevicesPlatform 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ___RD C:\Users\LeAfA\3D Objects 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ___HD C:\Users\LeAfA\MicrosoftEdgeBackups 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Windows\system32\RTCOM 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\Adobe 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\VirtualStore 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Publishers 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\MicrosoftEdge 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Program Files (x86)\Realtek 2018-03-21 07:30 - 2018-03-21 07:31 - 000000000 ____D C:\Windows\SysWOW64\RTCOM 2018-03-21 07:30 - 2018-03-21 07:30 - 001019725 _____ C:\Windows\system32\Drivers\rtwavesskdy.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000397789 _____ C:\Windows\system32\Drivers\rtwavesmapro.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000031095 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000017664 _____ C:\Windows\system32\Drivers\rtwavesmaprocap.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000010945 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____H C:\ProgramData\DP45977C.lfl 2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Windows\system32\SRSLabs 2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Program Files\Waves 2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Program Files\Realtek 2018-03-21 07:29 - 2018-03-21 07:33 - 000000000 ____D C:\Users\LeAfA 2018-03-21 07:29 - 2018-03-21 07:29 - 000000020 ___SH C:\Users\LeAfA\ntuser.ini 2018-03-21 07:25 - 2018-03-21 07:25 - 000000000 ____D C:\ProgramData\USOShared 2018-03-21 07:21 - 2018-03-21 07:33 - 000858920 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-21 07:17 - 2017-09-29 09:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-21 11:11 - 2017-09-29 09:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2018-03-21 10:15 - 2017-09-29 04:45 - 000262144 _____ C:\Windows\system32\config\BBI 2018-03-21 10:14 - 2017-09-29 04:45 - 000000000 ____D C:\Windows\system32\Sysprep 2018-03-21 10:12 - 2017-09-29 09:46 - 000000000 ___RD C:\Windows\PrintDialog 2018-03-21 10:12 - 2017-09-29 09:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2018-03-21 10:12 - 2017-09-29 04:45 - 000032768 _____ C:\Windows\system32\config\ELAM 2018-03-21 09:32 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2018-03-21 09:04 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-21 09:01 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\AppReadiness 2018-03-21 07:35 - 2017-09-29 09:44 - 000000000 ____D C:\Windows\INF 2018-03-21 07:32 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\Help 2018-03-21 07:32 - 2017-09-29 09:37 - 000000000 ____D C:\Windows\CbsTemp 2018-03-21 07:29 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2018-03-21 07:25 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\USOPrivate 2018-03-21 07:17 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\spool 2018-03-21 07:17 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\FxsTmp ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-21 10:11 ==================== End of FRST.txt ============================
  3. heres the results from the FRST scan Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by LeAfA (administrator) on DESKTOP-OAP8824 (21-03-2018 10:21:29) Running from C:\Users\LeAfA\Downloads Loaded Profiles: LeAfA (Available Profiles: LeAfA) Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\vds.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9244144 2017-09-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502704 2017-09-27] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.) HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [629368 2017-10-27] (NVIDIA Corporation) Startup: C:\Users\LeAfA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk [2018-03-21] ShortcutTarget: ZMatrix.lnk -> C:\Program Files (x86)\ZMatrix\matrix.exe (Happy Dude) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{fa4c9b79-ff0a-4560-ace3-355d674458cf}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-1934100324-3847439472-2343071431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={4F06CAE4-256B-44F1-93D9-CEE58E1C42CF}&mid=847781a306ad47cd92caa90c821a8e1c-99935a038e48fcd677e957f0a57e594120eef127&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116avz&pr=fr&d=2016-01-26 08:39:10&v=4.3.6.255&pid=wtu&sg=&sap=hp HKU\S-1-5-21-1934100324-3847439472-2343071431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-ca-e FireFox: ======== FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-21] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ca/ CHR StartupUrls: Default -> "hxxp://www.google.ca/" CHR Profile: C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default [2018-03-21] CHR Extension: (Slides) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-21] CHR Extension: (Docs) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-21] CHR Extension: (Google Drive) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2018-03-21] CHR Extension: (YouTube) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-21] CHR Extension: (Sheets) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-21] CHR Extension: (Google Docs Offline) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-21] CHR Extension: (Gmail) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-21] CHR Extension: (Chrome Media Router) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-21] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373720 2016-12-23] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [332408 2017-09-27] (Realtek Semiconductor) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 MpKslac60dceb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00F4E9A4-76AE-4B4E-8E60-55F088119BAF}\MpKslac60dceb.sys [58120 2018-03-21] (Microsoft Corporation) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_0109a19b5125cb43\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-21 11:11 - 2018-03-21 10:14 - 000000000 ____D C:\Windows\Panther 2018-03-21 10:21 - 2018-03-21 10:21 - 002403328 _____ (Farbar) C:\Users\LeAfA\Downloads\FRST64.exe 2018-03-21 10:21 - 2018-03-21 10:21 - 000009131 _____ C:\Users\LeAfA\Downloads\FRST.txt 2018-03-21 10:21 - 2018-03-21 10:21 - 000000000 ____D C:\FRST 2018-03-21 10:15 - 2018-03-21 10:15 - 000000000 _SHDL C:\Documents and Settings 2018-03-21 10:12 - 2018-03-21 10:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-21 10:12 - 2018-03-21 10:12 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2018-03-21 10:11 - 2018-03-21 10:11 - 000221968 _____ C:\Windows\system32\FNTCACHE.DAT 2018-03-21 10:11 - 2018-03-21 10:11 - 000000000 ____D C:\Windows\ServiceProfiles 2018-03-21 10:11 - 2018-03-21 09:37 - 000000000 ____D C:\Windows\system32\SleepStudy 2018-03-21 09:45 - 2018-03-21 09:45 - 000000074 _____ C:\Windows\ZMatrixSS.ini 2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\.ZMatrix 2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZMatrix 2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\Program Files (x86)\ZMatrix 2018-03-21 09:42 - 2018-03-21 09:43 - 002071626 _____ C:\Users\LeAfA\Downloads\ZMatrixSetupNT_1_5_2.exe 2018-03-21 09:38 - 2018-03-21 09:38 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\Google 2018-03-21 07:53 - 2018-03-21 07:53 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Comms 2018-03-21 07:51 - 2018-03-21 07:52 - 000000000 ____D C:\Users\LeAfA\AppData\Local\PackageStaging 2018-03-21 07:40 - 2018-03-21 07:40 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-21 07:40 - 2018-03-21 07:40 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-03-21 07:39 - 2018-03-21 09:46 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Google 2018-03-21 07:39 - 2018-03-21 07:40 - 000000000 ____D C:\Program Files (x86)\Google 2018-03-21 07:39 - 2018-03-21 07:39 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-03-21 07:39 - 2018-03-21 07:39 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2018-03-21 07:34 - 2018-03-21 07:34 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1934100324-3847439472-2343071431-1001 2018-03-21 07:34 - 2018-03-21 07:34 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2018-03-21 07:34 - 2018-03-21 07:34 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ___HD C:\OneDriveTemp 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Windows\LastGood 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Program Files\Intel 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Program Files (x86)\Intel 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Intel 2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin 2018-03-21 07:33 - 2018-03-21 07:34 - 000002367 _____ C:\Users\LeAfA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-03-21 07:33 - 2018-03-21 07:34 - 000000000 ___RD C:\Users\LeAfA\OneDrive 2018-03-21 07:33 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2018-03-21 07:33 - 2017-10-27 12:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2018-03-21 07:33 - 2017-09-13 19:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll 2018-03-21 07:33 - 2017-09-13 19:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2018-03-21 07:33 - 2017-09-13 19:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll 2018-03-21 07:33 - 2017-09-13 19:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe 2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\NVIDIA 2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2018-03-21 07:32 - 2018-03-21 07:32 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2018-03-21 07:32 - 2017-11-09 05:39 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2018-03-21 07:32 - 2017-11-09 05:39 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2018-03-21 07:32 - 2017-10-27 12:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat 2018-03-21 07:32 - 2017-10-27 12:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2018-03-21 07:32 - 2017-10-27 12:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2018-03-21 07:32 - 2017-10-25 06:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin 2018-03-21 07:31 - 2018-03-21 08:39 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Packages 2018-03-21 07:31 - 2018-03-21 07:32 - 000000000 ____D C:\Users\LeAfA\AppData\Local\ConnectedDevicesPlatform 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ___RD C:\Users\LeAfA\3D Objects 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ___HD C:\Users\LeAfA\MicrosoftEdgeBackups 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Windows\system32\RTCOM 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\Adobe 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\VirtualStore 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Publishers 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\MicrosoftEdge 2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Program Files (x86)\Realtek 2018-03-21 07:30 - 2018-03-21 07:31 - 000000000 ____D C:\Windows\SysWOW64\RTCOM 2018-03-21 07:30 - 2018-03-21 07:30 - 001019725 _____ C:\Windows\system32\Drivers\rtwavesskdy.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000397789 _____ C:\Windows\system32\Drivers\rtwavesmapro.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000031095 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000017664 _____ C:\Windows\system32\Drivers\rtwavesmaprocap.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000010945 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat 2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____H C:\ProgramData\DP45977C.lfl 2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Windows\system32\SRSLabs 2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Program Files\Waves 2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Program Files\Realtek 2018-03-21 07:29 - 2018-03-21 07:33 - 000000000 ____D C:\Users\LeAfA 2018-03-21 07:29 - 2018-03-21 07:29 - 000000020 ___SH C:\Users\LeAfA\ntuser.ini 2018-03-21 07:25 - 2018-03-21 07:25 - 000000000 ____D C:\ProgramData\USOShared 2018-03-21 07:21 - 2018-03-21 07:33 - 000858920 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-21 07:17 - 2017-09-29 09:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-21 11:11 - 2017-09-29 09:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2018-03-21 10:15 - 2017-09-29 04:45 - 000262144 _____ C:\Windows\system32\config\BBI 2018-03-21 10:14 - 2017-09-29 04:45 - 000000000 ____D C:\Windows\system32\Sysprep 2018-03-21 10:12 - 2017-09-29 09:46 - 000000000 ___RD C:\Windows\PrintDialog 2018-03-21 10:12 - 2017-09-29 09:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2018-03-21 10:12 - 2017-09-29 04:45 - 000032768 _____ C:\Windows\system32\config\ELAM 2018-03-21 09:32 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2018-03-21 09:04 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-21 09:01 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\AppReadiness 2018-03-21 07:35 - 2017-09-29 09:44 - 000000000 ____D C:\Windows\INF 2018-03-21 07:32 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\Help 2018-03-21 07:32 - 2017-09-29 09:37 - 000000000 ____D C:\Windows\CbsTemp 2018-03-21 07:29 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2018-03-21 07:25 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\USOPrivate 2018-03-21 07:17 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\spool 2018-03-21 07:17 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\FxsTmp ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-21 10:11 ==================== End of FRST.txt ============================
  4. I’ll do that just as soon as my drives are formatted
  5. Ok so it took me a bit to figure it out, but I deleted said partition, started a new 100gb partition for windows, and that left me with 800 some gigs, Reinstall of windows was successful, and neither idle threads/semaphore treads are no longer in the task manager and running a format on the first 400gb partition and then gonna do the second! So far so good !! ?
  6. Cause I have a hankering that once windows is installed idle threads and semaphore threads will be right back there
  7. And maybe find out if the windows RE is infected as well?
  8. Is it normal for the partitions to be missing ?? IE 3&5??
  9. k So never mind that for now lol, tried reset the pc, and then remove all files, tells me I need a CD/install media, so I’m gonna clean my thumb drive and make a boot drive with it, will look for another route to enter the windows RE
  10. I want to shrink my c: to 100gb for the windows partition, and then partition the drive again to make two 410gb drives, but am unsure of numbers lol, should I format first and then partition in the new OS??
  11. will do, and I’ll let you know, will start once the kids go to bed rofl
  12. K so I chatted with a local tech and he told me to download winbolt, here the results of that, no success tho, idle threads and semaphore threads is still running winbolt results 1.txt
  13. Got it back, they couldn’t do anything with it, so now it’s up to fix this stuff !!!
  14. K so apparently there’s absolutely nothing Jeff can do! Going to pick it up and maybe just gonna try and wipe the drive clean, all the partitions and everything else that’s on it, and start completely fresh
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.