Jump to content

Malwarebytes - The parameter is incorrect (mbam.exe) & Computer is infected with adware, please help. / FRST Log Included


Recommended Posts

Hello, guys. I'm having an annoying issue with this certain adware that must've bypassed Windows Anti-virus. (I know, I need a better anti-virus.) It shows up in the Task Manager as 'winvmx client' and the process name is 'vmxclient.exe'. I'm positive that I have other adware as well as there is also another process named 'winscr.exe' but there are others too. What I do know is that all of these malicious processes are eating up my CPU along with my entire PC's performance. I downloaded FRST from my phone onto my computer and performed a scan so here are the results. It generated 2 .txt files. I attached them. Please help me find a solution to removing all of this junk as soon as possible. Thanks.

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Okay, I've installed the free trial of Malwarebytes but it will not start no matter what. (Yes, I disabled my anti-virus before installing this one.) The error comes up saying, "The parameter is incorrect." Something having to do with the mbam.exe. Please keep in mind that my computer is infected with multiple adware that I would love to remove. They all must've bypassed my anti-virus.. A couple that I noticed were named 'vmxclient.exe' and 'winscr.exe'. Those are obviously eating away at my computers performance. But enough of that. Here is the log from FRST. I will copy and paste the FRST.txt and attach the addition.txt. Help would be appreciated.

------------------------------------------------------------------FRST.txt----------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by ORLANDO (administrator) on DESKTOP-06E2V5A (25-02-2017 19:10:09)
Running from C:\Users\ORLANDO\Desktop
Loaded Profiles: ORLANDO (Available Profiles: ORLANDO)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\dataup\dataup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
(winscr) C:\Program Files (x86)\winscr\winscr.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{1dba7fbb-eac9-4385-a410-45eec5adea5f}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-28]
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-25]
CHR Extension: (Adobe Acrobat) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755200 2017-02-16] (qdcomsvc Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe [722432 2017-02-19] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S2 ProductAgentService; "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" [X]
S2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe" /service [X]
S4 VSSERV; "C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe" /service [X]
S2 vsservp; "C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA)
R1 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [51784 2017-02-21] () [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-16] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-16] (Disc Soft Ltd)
R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. )
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-25] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U4 klhk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 19:10 - 2017-02-25 19:10 - 00012915 _____ C:\Users\ORLANDO\Desktop\FRST.txt
2017-02-25 18:14 - 2017-02-25 18:14 - 55566792 _____ (Malwarebytes ) C:\Users\ORLANDO\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-25 18:14 - 2017-02-25 18:14 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-25 18:14 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-25 17:38 - 2017-02-25 17:38 - 00000000 ____D C:\Program Files (x86)\regtool
2017-02-25 17:20 - 2017-02-25 17:20 - 00044153 _____ C:\Users\ORLANDO\Downloads\Addition.txt
2017-02-25 16:58 - 2017-02-25 01:16 - 02423296 ____N (Farbar) C:\Users\ORLANDO\Desktop\FRST64.exe
2017-02-25 02:10 - 2017-02-25 17:04 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-25 02:10 - 2017-02-25 14:08 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-25 02:10 - 2017-02-25 02:10 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-25 01:54 - 2017-02-25 01:54 - 00000000 ____D C:\WINDOWS\pss
2017-02-25 01:24 - 2017-02-25 19:10 - 00000000 ____D C:\FRST
2017-02-25 01:21 - 2017-02-25 01:22 - 00604928 _____ (Reimage) C:\Users\ORLANDO\Downloads\ReimageRepair.exe
2017-02-25 01:10 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2017-02-25 01:04 - 2017-02-25 16:53 - 00000000 ____D C:\Program Files\FreeFixer
2017-02-25 01:04 - 2017-02-25 01:04 - 02704615 _____ (Kephyr) C:\Users\ORLANDO\Downloads\freefixersetup.exe
2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\FreeFixer
2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\FreeFixer
2017-02-23 19:13 - 2017-02-23 19:13 - 02627220 _____ C:\Users\ORLANDO\Downloads\Voice_005.m4a
2017-02-23 19:13 - 2017-02-23 19:13 - 01081392 _____ C:\Users\ORLANDO\Downloads\Voice_003.m4a
2017-02-22 19:07 - 2017-02-22 19:10 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-02-21 17:58 - 2017-02-21 17:59 - 00000000 ____D C:\ProgramData\Microleaves
2017-02-21 14:54 - 2017-02-21 14:54 - 00051784 _____ C:\WINDOWS\system32\Drivers\drmkpro64.sys
2017-02-21 06:29 - 2017-02-21 06:29 - 00000000 ____D C:\ProgramData\aabda3c9-63f7-0
2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{C4E82169-7343-96C2-F783-DCC4A24FDF70}
2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{4246D972-F5ED-6ED9-8DA9-CC01E447DE73}
2017-02-21 06:24 - 2017-02-21 06:24 - 00023710 _____ C:\WINDOWS\System32\Tasks\{790C0847-7F0C-0E05-0811-7D797E7A117F}
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\aabda3c9-0e83-0
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\6d2d265c
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{7b0c73be-212c-0}
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{606a5394-312c-1}
2017-02-20 18:20 - 2017-02-20 18:20 - 00216089 _____ C:\ProgramData\cl.1487643569.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 00028714 _____ C:\ProgramData\agent.1487643631.bdinstall.bin
2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\llssoft
2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-02-20 18:15 - 2017-02-22 18:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-20 18:15 - 2017-02-20 18:15 - 00001310 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-02-20 18:15 - 2017-02-20 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-02-20 18:13 - 2017-02-20 18:13 - 00001159 _____ C:\Users\ORLANDO\Desktop\Install Kaspersky Security Scan version 16.0.0.1344.lnk
2017-02-20 18:12 - 2017-02-20 18:12 - 00027972 _____ C:\ProgramData\agent.1487643129.bdinstall.bin
2017-02-20 18:07 - 2017-02-20 18:13 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\BitTorrent
2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\Desktop\BitTorrent.lnk
2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2017-02-20 18:06 - 2017-02-22 18:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-02-20 18:06 - 2017-02-20 18:19 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-20 18:04 - 2017-02-20 18:05 - 177912864 _____ (Kaspersky Lab) C:\Users\ORLANDO\Downloads\kis17.0.0.611en_10743.exe
2017-02-20 18:00 - 2017-02-20 18:01 - 118423206 _____ C:\Users\ORLANDO\Downloads\Unconfirmed 522685.crdownload
2017-02-20 17:59 - 2017-02-20 17:59 - 01800192 _____ C:\Users\ORLANDO\Downloads\Kaspersky Internet Security 2016 Final Crack is Here.iso
2017-02-20 17:59 - 2017-02-20 17:59 - 00000000 ____D C:\Program Files (x86)\winscr
2017-02-20 17:56 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\d0dfc1ff-67a5-0
2017-02-20 17:56 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\d0dfc1ff-24f1-1
2017-02-20 17:56 - 2017-02-20 17:57 - 00000406 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-20 17:56 - 2017-02-20 17:56 - 01852928 _____ (splsrv Corp.) C:\WINDOWS\SysWOW64\splsrv.exe
2017-02-20 17:56 - 2017-02-20 17:56 - 00006549 _____ C:\WINDOWS\TEMPcoral.vbs
2017-02-20 17:56 - 2017-02-20 17:56 - 00003294 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\dataup
2017-02-20 17:55 - 2017-02-20 17:57 - 00000420 _____ C:\WINDOWS\Tasks\Online Application Updater.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
2017-02-20 17:55 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-02-20 17:55 - 2017-02-20 17:55 - 00003314 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
2017-02-20 17:55 - 2017-02-20 17:55 - 00003280 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-02-20 17:55 - 2017-02-20 17:55 - 00003274 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-02-20 17:55 - 2017-02-20 17:55 - 00003266 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
2017-02-20 17:55 - 2017-02-20 17:55 - 00003262 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-02-20 17:55 - 2017-02-20 17:55 - 00003260 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
2017-02-20 17:55 - 2017-02-20 17:55 - 00003248 _____ C:\WINDOWS\System32\Tasks\Online Application v2
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\c
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\ProgramData\1487642148
2017-02-20 17:54 - 2017-02-20 17:54 - 01800192 _____ C:\Users\ORLANDO\Downloads\FL Studio 11 (2014) With Crack Full Version.iso
2017-02-20 17:50 - 2017-02-20 17:50 - 00834214 _____ C:\Users\ORLANDO\Downloads\FL5tud1o123licencekeyCrackcg.zip
2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\Mozilla
2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Macromedia
2017-02-17 15:50 - 2016-11-23 05:37 - 00000570 _____ C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json
2017-02-17 15:48 - 2017-02-25 16:54 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Bluestacks
2017-02-17 15:48 - 2017-02-17 15:50 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-17 15:36 - 2017-02-17 15:47 - 335132976 _____ (BlueStack Systems Inc.) C:\Users\ORLANDO\Downloads\BlueStacks2_native_7399b918738d3feb7696e539a4902efa.exe
2017-02-16 21:38 - 2017-02-16 21:38 - 00000000 _____ C:\Users\ORLANDO\Documents\New Text Document (2).txt
2017-02-16 19:11 - 2017-02-16 19:11 - 00000000 ____D C:\WINDOWS\Panther
2017-02-16 13:47 - 2017-02-16 13:47 - 00000201 _____ C:\Users\ORLANDO\Documents\2nd SONG CRAZY.txt
2017-02-14 14:53 - 2017-02-14 14:53 - 09477678 _____ C:\Users\ORLANDO\Downloads\vnROM.net.rar
2017-02-14 14:43 - 2017-02-14 14:43 - 29419520 _____ C:\Users\ORLANDO\Desktop\AdbEnabled_G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME.tar
2017-02-14 14:43 - 2017-02-14 14:43 - 00000000 ____D C:\Users\ORLANDO\Desktop\AdbEnabled_G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME
2017-02-14 14:39 - 2017-02-14 14:39 - 00000000 ____D C:\Users\ORLANDO\Downloads\usb debugging enabler pc tricks zone
2017-02-14 13:42 - 2017-02-14 15:01 - 00000591 _____ C:\Users\ORLANDO\Documents\Beautiful Song That I Like.txt
2017-02-09 22:06 - 2017-02-09 22:07 - 00000000 ____D C:\Users\ORLANDO\Downloads\CF-Auto-Root-zeroltetmo-zeroltetmo-smg925t
2017-02-09 21:20 - 2016-11-17 13:48 - 4042680488 _____ C:\Users\ORLANDO\Downloads\G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME.tar.md5
2017-02-09 00:13 - 2017-02-09 02:22 - 00000102 _____ C:\Users\ORLANDO\Documents\Five Hundred Dollar PC.txt
2017-02-08 19:34 - 2017-02-08 22:21 - 1955906374 _____ C:\Users\ORLANDO\Downloads\G925TUVU5EPK5_G925TTMB5EPK5_TMB.zip
2017-02-08 19:18 - 2016-05-19 17:20 - 65536081 _____ C:\Users\ORLANDO\Desktop\CF-Auto-Root-zeroltetmo-zeroltetmo-smg925t.tar.md5
2017-02-08 19:16 - 2017-02-08 19:16 - 09330032 _____ (Samsung Electronics Co., Ltd.) C:\Users\ORLANDO\Downloads\Samsung-Usb-Driver-v1.5.55.0.exe
2017-02-08 19:10 - 2017-02-08 19:10 - 01107376 _____ C:\Users\ORLANDO\Downloads\odin3_v3.10.7.zip
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\ProgramData\Samsung
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\Program Files\Samsung
2017-02-08 01:00 - 2015-05-20 22:02 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2017-02-08 01:00 - 2015-05-20 22:02 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2017-02-08 01:00 - 2015-05-20 22:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2017-02-08 01:00 - 2015-05-20 22:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2017-02-03 23:29 - 2017-02-03 23:30 - 00000000 ____D C:\Users\ORLANDO\Documents\PCSX2
2017-02-03 23:28 - 2017-02-03 23:29 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2017-02-03 23:28 - 2017-02-03 23:28 - 00002008 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2017-02-03 23:27 - 2017-02-03 23:27 - 00000020 _____ C:\Users\ORLANDO\Documents\ass ins creed synister.txt
2017-02-02 23:31 - 2017-02-02 23:31 - 00000222 _____ C:\Users\ORLANDO\Desktop\Grand Theft Auto V.url
2017-01-30 19:26 - 2017-01-30 19:27 - 05596617 _____ (UserBenchmark.com) C:\Users\ORLANDO\Downloads\UserBenchMark.exe
2017-01-28 19:22 - 2017-01-28 19:22 - 18495884 _____ C:\Users\ORLANDO\Desktop\kart sav.sav
2017-01-28 16:45 - 2017-02-25 16:53 - 00000000 ____D C:\Users\ORLANDO\Valley
2017-01-28 16:44 - 2017-01-28 16:51 - 01307648 _____ C:\Users\ORLANDO\AppData\Local\file__0.localstorage
2017-01-28 16:23 - 2017-01-28 16:42 - 358226169 _____ (Unigine Corp. ) C:\Users\ORLANDO\Downloads\Unigine_Valley-1.0.exe
2017-01-27 20:12 - 2017-01-27 20:12 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Fallout4
2017-01-27 20:10 - 2017-01-27 20:10 - 00000000 ____D C:\Users\ORLANDO\Documents\My Games
2017-01-27 18:04 - 2017-01-27 18:04 - 00000222 _____ C:\Users\ORLANDO\Desktop\Fallout 4.url
2017-01-27 00:38 - 2017-01-27 00:38 - 00000000 ____D C:\Users\ORLANDO\Documents\Dolphin Emulator
2017-01-27 00:36 - 2017-01-27 00:36 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-27 00:36 - 2017-01-20 06:07 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-27 00:36 - 2016-12-15 16:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-27 00:36 - 2016-12-15 16:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-27 00:36 - 2016-12-15 16:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-27 00:36 - 2016-12-15 16:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-27 00:34 - 2017-01-23 16:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00719160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00618232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00609216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00573120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00447800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 18:52 - 2016-09-24 02:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-25 17:55 - 2016-12-30 16:32 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\CrashDumps
2017-02-25 17:42 - 2016-09-16 18:49 - 02703564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-25 17:38 - 2016-12-26 19:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-25 17:37 - 2016-12-23 12:33 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-25 17:36 - 2016-09-24 02:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-25 17:36 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-25 16:54 - 2016-07-16 03:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-25 16:19 - 2016-12-22 02:56 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{560433F8-5C21-4B4B-8D8A-0670D55FB686}
2017-02-25 02:27 - 2015-10-29 23:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-25 02:02 - 2016-12-23 15:15 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\ElevatedDiagnostics
2017-02-25 01:59 - 2016-12-23 15:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-25 01:11 - 2017-01-09 00:33 - 00119296 _____ C:\WINDOWS\SysWOW64\zlib.dll
2017-02-25 01:11 - 2016-09-24 02:51 - 00000000 ____D C:\Users\ORLANDO
2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 19:26 - 2016-10-30 17:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 19:07 - 2010-01-31 14:00 - 00000000 ____D C:\Users\ORLANDO\Desktop\OpenHardwareMonitor
2017-02-22 18:58 - 2016-09-23 18:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-02-21 18:49 - 2016-09-20 14:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-21 18:48 - 2016-09-20 14:29 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 00:26 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 18:21 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-02-20 18:21 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-20 18:21 - 2016-07-15 22:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2017-02-20 17:59 - 2016-09-16 19:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-20 17:56 - 2016-12-09 17:41 - 00019627 _____ C:\bdlog.txt
2017-02-12 14:54 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 23:17 - 2016-09-16 19:49 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 23:17 - 2016-09-16 19:49 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 23:28 - 2016-12-30 16:41 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-02 23:22 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-02-02 21:09 - 2016-12-30 16:41 - 00001155 _____ C:\Users\ORLANDO\Desktop\MSI Afterburner.lnk
2017-02-02 17:38 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-29 22:44 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-01-27 22:28 - 2016-12-27 12:37 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\NVIDIA
2017-01-27 00:45 - 2016-12-26 19:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-27 00:37 - 2016-12-26 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-27 00:36 - 2016-12-26 19:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 00:28 - 2017-01-07 21:25 - 00000565 _____ C:\Users\ORLANDO\Desktop\Fraps.lnk
2017-01-26 22:30 - 2016-12-27 12:35 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:30 - 2016-12-26 19:14 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-26 22:30 - 2016-12-26 19:13 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:30 - 2016-12-26 19:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-26 22:29 - 2016-12-26 19:13 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

==================== Files in the root of some directories =======

2017-01-28 16:44 - 2017-01-28 16:51 - 1307648 _____ () C:\Users\ORLANDO\AppData\Local\file__0.localstorage
2017-02-17 15:50 - 2016-11-23 05:37 - 0000570 _____ () C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json
2016-11-14 20:38 - 2016-11-14 20:38 - 0047421 _____ () C:\ProgramData\agent.1479184695.bdinstall.bin
2016-12-30 16:31 - 2016-12-30 16:31 - 0028190 _____ () C:\ProgramData\agent.1483144259.bdinstall.bin
2017-02-20 18:12 - 2017-02-20 18:12 - 0027972 _____ () C:\ProgramData\agent.1487643129.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 0028714 _____ () C:\ProgramData\agent.1487643631.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 0216089 _____ () C:\ProgramData\cl.1487643569.bdinstall.bin
2016-09-24 02:50 - 2016-09-24 02:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-27 12:35 - 2017-01-04 22:15 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-27 12:35 - 2017-01-04 22:13 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-25 02:10 - 2016-11-11 02:13 - 1886344 _____ (Microsoft Corporation) C:\Users\ORLANDO\AppData\Local\Temp\dllnt_dump.dll
2017-02-25 16:54 - 2017-02-14 02:05 - 0897048 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-Common.dll
2017-02-25 16:54 - 2017-02-14 02:05 - 0515608 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-InstallerUtils.dll
2017-02-25 16:54 - 2017-02-14 01:56 - 0187416 _____ (BlueStack Systems) C:\Users\ORLANDO\AppData\Local\Temp\HD-LibraryHandler.dll
2017-02-25 16:54 - 2017-02-14 01:55 - 0246808 _____ (BlueStack Systems) C:\Users\ORLANDO\AppData\Local\Temp\HD-Logger-Native.dll
2017-02-25 16:54 - 2017-02-14 02:05 - 0426008 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-Uninstaller.exe
2016-12-26 19:13 - 2016-12-11 10:23 - 0860776 _____ (NVIDIA Corporation) C:\Users\ORLANDO\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-27 00:19 - 2016-12-11 10:23 - 0353336 _____ (NVIDIA Corporation) C:\Users\ORLANDO\AppData\Local\Temp\nvStInst.exe
2016-08-15 23:48 - 2016-08-15 23:48 - 0488960 _____ () C:\Users\ORLANDO\AppData\Local\Temp\sqlite3.exe
2017-02-19 18:53 - 2017-02-19 18:53 - 0061440 _____ () C:\Users\ORLANDO\AppData\Local\Temp\wzjyhvht.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-21 14:54

==================== End of FRST.txt ============================

 

 

Addition.txt

Edited by bobbysaggers
Link to post
Share on other sites

  • Root Admin

Hello @bobbysaggers and :welcome:

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

 Thank you for responding. I used the Junkware Removal Tool and Adwcleaner and they worked just fine but the Sophos Free Virus Removal Tool comes up with the same error saying, "The parameter is incorrect." I'm also still seeing the same malicious processes in the Task Manager, unfortunately. Here are the logs for, JRT, Adw, and FRST just the way you wanted them.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by ORLANDO (Administrator) on Sat 02/25/2017 at 20:22:30.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 43 

Failed to delete: C:\ProgramData\microleaves (Folder) 
Failed to delete: C:\WINDOWS\Tasks\Traffic Exchange Updater.job (Task) 
Failed to delete: C:\WINDOWS\tempcoral.vbs (File) 
Failed to delete: C:\Program Files (x86)\dataup (Folder) 
Failed to delete: C:\Program Files (x86)\microleaves (Folder) 
Successfully deleted: C:\ProgramData\{606a5394-312c-1} (Folder) 
Successfully deleted: C:\ProgramData\{7b0c73be-212c-0} (Folder) 
Successfully deleted: C:\ProgramData\6d2d265c (Folder) 
Successfully deleted: C:\ProgramData\aabda3c9-0e83-0 (Folder) 
Successfully deleted: C:\ProgramData\aabda3c9-63f7-0 (Folder) 
Successfully deleted: C:\ProgramData\d0dfc1ff-24f1-1 (Folder) 
Successfully deleted: C:\ProgramData\d0dfc1ff-67a5-0 (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\DriverDR Scheduled Scan (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application Updater (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 Guard (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 Guardian (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v209 Guard (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v209 Guardian (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v209 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange Updater (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 - 1 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 - 2 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 - 3 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v209 - 1 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v209 - 2 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v209 - 3 (Task)
Successfully deleted: C:\WINDOWS\Tasks\DriverDR Scheduled Scan.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Online Application Updater.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Online Application v2 Guard.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Online Application v2 Guardian.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Online Application v2.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Online Application v209 Guard.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Online Application v209 Guardian.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Online Application v209.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job (Task) 
Successfully deleted: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job (Task) 
Successfully deleted: C:\Program Files (x86)\regtool (Folder) 

Registry: 4 

Failed to delete: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpx (Registry Value) 
Failed to delete: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx (Registry Value) 
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\Dataup (Registry Key) 
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\windowsmanagementservice (Registry Key) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/25/2017 at 20:23:21.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**********************Adwcleaner Log*************************

# AdwCleaner v6.043 - Logfile created 25/02/2017 at 20:37:03
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : ORLANDO - DESKTOP-06E2V5A
# Running from : C:\Users\ORLANDO\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

Service Found:  Dataup
Service Found:  windowsmanagementservice


***** [ Folders ] *****

Folder Found:  C:\ProgramData\Microleaves
Folder Found:  C:\ProgramData\Application Data\Microleaves
Folder Found:  C:\Program Files (x86)\dataup
Folder Found:  C:\Program Files (x86)\regtool
Folder Found:  C:\Program Files (x86)\Microleaves


***** [ Files ] *****

File Found:  C:\Users\ORLANDO\Downloads\ReimageRepair.exe
File Found:  C:\WINDOWS\TEMPcoral.vbs
File Found:  C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found:  C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found:  C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.solvusoft.com_0.localstorage
File Found:  C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_www.solvusoft.com_0.localstorage-journal


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  {790C0847-7F0C-0E05-0811-7D797E7A117F}


***** [ Registry ] *****

Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Key Found:  HKLM\SOFTWARE\Microleaves
Key Found:  [x64] HKLM\SOFTWARE\Microleaves
Data Found:  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26} [NameServer] - 82.163.143.157 82.163.142.159
Data Found:  [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26} [NameServer] - 82.163.143.157 82.163.142.159
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cpx]
Key Found:  HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3328 Bytes] - [25/02/2017 20:37:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3401 Bytes] ##########

 


 

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

The logs show that you have pieces of older antivirus from both Kaspersky and Bitdefender but they do not appear to be fully installed and operational. The following script will remove at least part of this infection and forcibly remove some of the Bitdefender antivirus. Then we'll proceed from there as needed.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Link to post
Share on other sites

  • Root Admin

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Link to post
Share on other sites

  • Root Admin

Okay, I think we're going to have to try to remove this from the Recovery Console

On a clean machine, please download Farbar Recovery Scan Tool and save it to a USB flash drive.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

Plug the flash drive into the infected PC and start the computer into the Recovery Options for Command Prompt.

Windows Vista, 7

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

Windows 8, 8.1
Please see
How to use the Windows 8 System Recovery Environment Command Prompt

Windows 10
Please see
How to Start Windows 10 in Safe Mode with Command Prompt

How to Boot to Advanced Startup Options in Windows 10

Note: In case you can not enter System Recovery Options by using F8 method, you can use a Windows installation disc, or make a repair disc.
Any Windows installation disc or a repair disc made on another computer can be used.
Choose one of the options below to download and create a Windows Repair Disk or Installation Disk. Either one can be used.

How to Create a Windows 7 System Repair Disc
How to Create a System Repair Disc in Windows 10
Microsoft Windows and Office ISO Download Tool

You may also download from Microsoft but you will need to input your license key first. The above links do not require your key

Download Windows 7 Disc Images (ISO Files)
Download Windows 8.1
Download Windows 10

 

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • Notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.

 

 

 

 

Edited by AdvancedSetup
Link to post
Share on other sites

Okay, I have no access to another clean computer at all so this is going to be a bit tricky. I guess the only way to access Advanced Startup Options in Windows 10 is to use an installation disk which I don't have. Sigh. Wish there was a more convenient way to access these options. Thanks Windows 10.

Edited by bobbysaggers
Link to post
Share on other sites

  • Root Admin

You can try using this infected machine to copy FRST over to a USB stick for the Recovery Environment. Creating a bootable disk by USB is extremely easy and a disk cost now days is like a couple bucks.

This link gives multiple ways to start Advanced mode

https://www.tenforums.com/tutorials/2294-advanced-startup-options-boot-windows-10-a.html

 

 

Edited by AdvancedSetup
Link to post
Share on other sites

Okay, sorry for the wait. I managed to boot into advanced mode via USB and scan with FRST. Here's the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2017
Ran by SYSTEM on MININT-CA5GI8H (26-02-2017 17:23:40)
Running from e:\
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () <==== ATTENTION
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755200 2017-02-16] (qdcomsvc Inc.)
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe [722432 2017-02-19] (ct Corp.) <==== ATTENTION <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 ksu; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe" ksu -r [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA)
S1 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [51784 2017-02-21] ()
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-09-16] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-09-16] (Disc Soft Ltd)
S3 ITECIRfilter; C:\Windows\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. )
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2017-02-25] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-25] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-25] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S4 klhk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 17:15 - 2017-02-26 17:15 - 02423296 _____ (Farbar) C:\Users\ORLANDO\Downloads\FRST64.exe
2017-02-26 13:01 - 2017-02-26 17:13 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-02-26 13:01 - 2017-02-26 13:01 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\ORLANDO\Downloads\rufus-2.12.exe
2017-02-26 12:59 - 2017-02-26 13:03 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-26 12:57 - 2017-02-26 12:57 - 00001814 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-02-26 12:57 - 2017-02-26 12:57 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-02-26 12:54 - 2017-02-26 12:56 - 85420032 _____ C:\Users\ORLANDO\Downloads\Win10_1607_English_x64.iso
2017-02-26 12:30 - 2017-02-26 12:56 - 00694720 _____ (Disc Soft Ltd.) C:\Users\ORLANDO\Downloads\DTLiteInstaller.exe
2017-02-26 12:29 - 2017-02-26 12:29 - 00670720 _____ (HeiDoc.net) C:\Users\ORLANDO\Downloads\Windows ISO Downloader (1).exe
2017-02-26 12:23 - 2017-02-26 12:23 - 00670720 _____ (HeiDoc.net) C:\Users\ORLANDO\Downloads\Windows ISO Downloader.exe
2017-02-26 12:19 - 2017-02-26 12:19 - 00000000 ___HD C:\$Windows.~WS
2017-02-26 12:12 - 2017-02-26 12:12 - 18316400 _____ (Microsoft Corporation) C:\Users\ORLANDO\Downloads\MediaCreationTool (1).exe
2017-02-26 12:11 - 2017-02-26 12:11 - 00000000 ____D C:\ESD
2017-02-26 02:27 - 2017-02-26 12:14 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-26 02:22 - 2017-02-26 02:22 - 00003660 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-26 01:55 - 2017-02-26 01:55 - 05741448 _____ (Microsoft Corporation) C:\Users\ORLANDO\Downloads\Windows10Upgrade9252.exe
2017-02-26 01:55 - 2017-02-26 01:55 - 00000719 _____ C:\Users\ORLANDO\Desktop\Windows 10 Upgrade Assistant.lnk
2017-02-26 01:55 - 2017-02-26 01:55 - 00000000 ____D C:\Windows10Upgrade
2017-02-26 00:40 - 2017-02-26 00:40 - 00001134 _____ C:\Users\ORLANDO\Desktop\Snipping Tool.lnk
2017-02-25 23:26 - 2017-02-25 23:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\ORLANDO\Downloads\rkill.exe
2017-02-25 21:43 - 2017-02-25 23:16 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-02-25 21:43 - 2017-02-25 23:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-25 21:43 - 2017-02-25 23:15 - 00109272 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2017-02-25 21:43 - 2017-02-25 23:14 - 00000000 ____D C:\Users\ORLANDO\Desktop\mbar
2017-02-25 21:42 - 2017-02-25 21:43 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ORLANDO\Downloads\mbar-1.09.3.1001.exe
2017-02-25 20:54 - 2017-02-25 20:54 - 00034970 _____ C:\Users\ORLANDO\Desktop\Addition.txt
2017-02-25 20:41 - 2017-02-25 20:41 - 00000000 ____D C:\Program Files (x86)\regtool
2017-02-25 20:35 - 2017-02-25 20:40 - 00000000 ____D C:\AdwCleaner
2017-02-25 20:35 - 2017-02-25 20:35 - 04015056 _____ C:\Users\ORLANDO\Desktop\AdwCleaner.exe
2017-02-25 20:30 - 2017-02-25 20:30 - 303014634 _____ C:\Users\ORLANDO\Desktop\regbackup.reg
2017-02-25 20:22 - 2017-02-25 20:22 - 01663040 _____ (Malwarebytes) C:\Users\ORLANDO\Downloads\JRT.exe
2017-02-25 18:14 - 2017-02-25 21:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-25 18:14 - 2017-02-25 18:14 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-25 18:14 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-02-25 02:10 - 2017-02-25 17:04 - 00028272 _____ C:\Windows\System32\Drivers\TrueSight.sys
2017-02-25 02:10 - 2017-02-25 14:08 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-25 02:10 - 2017-02-25 02:10 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-25 01:54 - 2017-02-25 01:54 - 00000000 ____D C:\Windows\pss
2017-02-25 01:24 - 2017-02-25 21:39 - 00000000 ____D C:\FRST
2017-02-25 01:10 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\Windows\System32\ffnd.exe
2017-02-25 01:04 - 2017-02-25 16:53 - 00000000 ____D C:\Program Files\FreeFixer
2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\FreeFixer
2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\FreeFixer
2017-02-23 19:13 - 2017-02-23 19:13 - 02627220 _____ C:\Users\ORLANDO\Downloads\Voice_005.m4a
2017-02-23 19:13 - 2017-02-23 19:13 - 01081392 _____ C:\Users\ORLANDO\Downloads\Voice_003.m4a
2017-02-22 19:07 - 2017-02-22 19:10 - 00000000 ____D C:\Windows\Microsoft Antimalware
2017-02-21 14:54 - 2017-02-21 14:54 - 00051784 _____ C:\Windows\System32\Drivers\drmkpro64.sys
2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{C4E82169-7343-96C2-F783-DCC4A24FDF70}
2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{4246D972-F5ED-6ED9-8DA9-CC01E447DE73}
2017-02-20 18:20 - 2017-02-20 18:20 - 00216089 _____ C:\ProgramData\cl.1487643569.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 00028714 _____ C:\ProgramData\agent.1487643631.bdinstall.bin
2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\llssoft
2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-02-20 18:15 - 2017-02-22 18:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-20 18:12 - 2017-02-20 18:12 - 00027972 _____ C:\ProgramData\agent.1487643129.bdinstall.bin
2017-02-20 18:07 - 2017-02-20 18:13 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\BitTorrent
2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\Desktop\BitTorrent.lnk
2017-02-20 18:06 - 2017-02-25 23:31 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-02-20 18:06 - 2017-02-20 18:19 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-20 17:59 - 2017-02-20 17:59 - 00000000 ____D C:\Program Files (x86)\winscr
2017-02-20 17:56 - 2017-02-20 17:56 - 01852928 _____ (splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
2017-02-20 17:56 - 2017-02-20 17:56 - 00006549 _____ C:\Windows\TEMPcoral.vbs
2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\dataup
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\c
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\ProgramData\1487642148
2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\Mozilla
2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Macromedia
2017-02-17 15:50 - 2016-11-23 05:37 - 00000570 _____ C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json
2017-02-17 15:48 - 2017-02-25 16:54 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Bluestacks
2017-02-17 15:48 - 2017-02-17 15:50 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-16 21:38 - 2017-02-16 21:38 - 00000000 _____ C:\Users\ORLANDO\Documents\New Text Document (2).txt
2017-02-16 19:11 - 2017-02-26 13:02 - 00000000 ____D C:\Windows\Panther
2017-02-16 13:47 - 2017-02-16 13:47 - 00000201 _____ C:\Users\ORLANDO\Documents\2nd SONG CRAZY.txt
2017-02-14 13:42 - 2017-02-14 15:01 - 00000591 _____ C:\Users\ORLANDO\Documents\Beautiful Song That I Like.txt
2017-02-09 00:13 - 2017-02-09 02:22 - 00000102 _____ C:\Users\ORLANDO\Documents\Five Hundred Dollar PC.txt
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\ProgramData\Samsung
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\Program Files\Samsung
2017-02-08 01:00 - 2015-05-20 22:02 - 01490656 _____ (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
2017-02-08 01:00 - 2015-05-20 22:02 - 00708168 _____ (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
2017-02-08 01:00 - 2015-05-20 22:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2017-02-08 01:00 - 2015-05-20 22:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2017-02-03 23:29 - 2017-02-03 23:30 - 00000000 ____D C:\Users\ORLANDO\Documents\PCSX2
2017-02-03 23:28 - 2017-02-03 23:29 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2017-02-03 23:28 - 2017-02-03 23:28 - 00002008 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2017-02-03 23:27 - 2017-02-03 23:27 - 00000020 _____ C:\Users\ORLANDO\Documents\ass ins creed synister.txt
2017-02-02 23:31 - 2017-02-02 23:31 - 00000222 _____ C:\Users\ORLANDO\Desktop\Grand Theft Auto V.url
2017-01-30 19:26 - 2017-01-30 19:27 - 05596617 _____ (UserBenchmark.com) C:\Users\ORLANDO\Downloads\UserBenchMark.exe
2017-01-28 19:22 - 2017-01-28 19:22 - 18495884 _____ C:\Users\ORLANDO\Desktop\kart sav.sav
2017-01-28 16:45 - 2017-02-25 16:53 - 00000000 ____D C:\Users\ORLANDO\Valley
2017-01-28 16:44 - 2017-01-28 16:51 - 01307648 _____ C:\Users\ORLANDO\AppData\Local\file__0.localstorage
2017-01-27 20:12 - 2017-01-27 20:12 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Fallout4
2017-01-27 20:10 - 2017-01-27 20:10 - 00000000 ____D C:\Users\ORLANDO\Documents\My Games
2017-01-27 18:04 - 2017-01-27 18:04 - 00000222 _____ C:\Users\ORLANDO\Desktop\Fallout 4.url
2017-01-27 00:38 - 2017-01-27 00:38 - 00000000 ____D C:\Users\ORLANDO\Documents\Dolphin Emulator
2017-01-27 00:36 - 2017-01-27 00:36 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-27 00:36 - 2017-01-20 06:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-01-27 00:36 - 2016-12-15 16:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-01-27 00:36 - 2016-12-15 16:33 - 00266528 _____ C:\Windows\System32\vulkan-1.dll
2017-01-27 00:36 - 2016-12-15 16:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-01-27 00:36 - 2016-12-15 16:32 - 00125728 _____ C:\Windows\System32\vulkaninfo.exe
2017-01-27 00:34 - 2017-01-23 16:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 40192056 _____ C:\Windows\System32\nvcompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6437849.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6437849.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFTH264.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFThevc.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcumd.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\System32\nvDecMFTMjpeg.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\Windows\System32\nv-vk64.json

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 17:17 - 2016-12-26 19:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-26 17:17 - 2016-09-24 02:54 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-26 17:17 - 2016-07-15 22:04 - 00524288 _____ C:\Windows\System32\config\BBI
2017-02-26 17:13 - 2016-09-24 02:51 - 00000000 ____D C:\users\ORLANDO
2017-02-26 17:09 - 2016-09-24 02:49 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-02-26 13:03 - 2016-09-24 02:54 - 00001908 _____ C:\Windows\diagwrn.xml
2017-02-26 13:03 - 2016-09-24 02:54 - 00001908 _____ C:\Windows\diagerr.xml
2017-02-26 13:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-02-26 13:01 - 2015-10-29 23:24 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2017-02-26 12:59 - 2016-09-16 21:56 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\DAEMON Tools Lite
2017-02-26 12:57 - 2016-09-16 21:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-02-26 12:24 - 2016-12-22 02:56 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{560433F8-5C21-4B4B-8D8A-0670D55FB686}
2017-02-26 12:22 - 2016-09-16 18:49 - 00977548 _____ C:\Windows\System32\PerfStringBackup.INI
2017-02-26 01:10 - 2016-12-30 16:32 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\CrashDumps
2017-02-26 00:05 - 2017-01-22 16:53 - 00000000 ____D C:\Users\ORLANDO\Desktop\New folder
2017-02-25 23:44 - 2016-09-16 18:46 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Packages
2017-02-25 23:44 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\spool
2017-02-25 23:44 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\setup
2017-02-25 23:44 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF
2017-02-25 23:44 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-25 23:28 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-25 20:42 - 2016-12-23 12:33 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-25 16:54 - 2016-07-16 03:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-25 02:02 - 2016-12-23 15:15 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\ElevatedDiagnostics
2017-02-25 01:11 - 2017-01-09 00:33 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 19:07 - 2010-01-31 14:00 - 00000000 ____D C:\Users\ORLANDO\Desktop\OpenHardwareMonitor
2017-02-22 18:58 - 2016-09-23 18:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-02-21 18:49 - 2016-09-20 14:29 - 00000000 ____D C:\Windows\System32\MRT
2017-02-21 18:48 - 2016-09-20 14:29 - 138020592 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-02-20 18:21 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\ELAMBKUP
2017-02-20 18:21 - 2016-07-15 22:04 - 00065536 _____ C:\Windows\System32\config\ELAM
2017-02-20 17:59 - 2016-09-16 19:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-20 17:56 - 2016-12-09 17:41 - 00019627 _____ C:\bdlog.txt
2017-02-12 14:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-06 23:17 - 2016-09-16 19:49 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 23:28 - 2016-12-30 16:41 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-02-02 23:22 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-02-02 21:09 - 2016-12-30 16:41 - 00001155 _____ C:\Users\ORLANDO\Desktop\MSI Afterburner.lnk
2017-02-02 17:38 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\NDF
2017-01-29 22:44 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-01-27 22:28 - 2016-12-27 12:37 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\NVIDIA
2017-01-27 00:45 - 2016-12-26 19:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-27 00:36 - 2016-12-26 19:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 00:28 - 2017-01-07 21:25 - 00000565 _____ C:\Users\ORLANDO\Desktop\Fraps.lnk

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2017-01-09 18:42] - [2016-12-13 20:24] - 0673792 ____A (Microsoft Corporation) 917F081E2AB667C44F7D96DE1D16DFAE

C:\Windows\System32\wininit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0304240 ____A (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70

C:\Windows\explorer.exe
[2016-12-09 12:07] - [2016-11-11 01:56] - 4673304 ____A (Microsoft Corporation) 4E10FB1A015B49AC68F76C1A3F4D9C0F

C:\Windows\SysWOW64\explorer.exe
[2016-12-09 12:08] - [2016-11-10 23:41] - 4311736 ____A (Microsoft Corporation) AF46710DDB8B0E304AA4FD2B940CABD8

C:\Windows\System32\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0044496 ____A (Microsoft Corporation) 36F670D89040709013F6A460176767EC

C:\Windows\SysWOW64\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0038792 ____A (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B

C:\Windows\System32\services.exe
[2016-12-09 12:08] - [2016-11-11 01:51] - 0454592 ____A (Microsoft Corporation) 3C69CC28665854F1AAB4B4005005FA31

C:\Windows\System32\User32.dll
[2016-12-22 23:38] - [2016-12-09 02:10] - 1461200 ____A (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26

C:\Windows\SysWOW64\User32.dll
[2016-12-22 23:38] - [2016-12-09 01:52] - 1435896 ____A (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B

C:\Windows\System32\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0033280 ____A (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69

C:\Windows\SysWOW64\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0027648 ____A (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B

C:\Windows\System32\rpcss.dll
[2016-07-16 03:42] - [2016-07-16 03:42] - 0888320 ____A (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6

C:\Windows\System32\dnsapi.dll
[2016-09-29 14:56] - [2016-09-15 09:30] - 0646136 ____A (Microsoft Corporation) 96B8A433F6407DE34850927C96C6CE9B

C:\Windows\SysWOW64\dnsapi.dll
[2016-09-29 14:56] - [2016-09-15 09:37] - 0496872 ____A (Microsoft Corporation) 227CFE3EDA82029AAC1C088A16297CD7

C:\Windows\System32\Drivers\volsnap.sys
[2016-07-16 03:42] - [2016-07-16 03:42] - 0391520 ____A (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230


==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8114.85 MB
Available physical RAM: 7328.04 MB
Total Virtual: 8114.85 MB
Available Virtual: 7382.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.41 GB) (Free:22.17 GB) NTFS
Drive d: (System) (Fixed) (Total:149.01 GB) (Free:12.8 GB) NTFS
Drive e: (CCSA_X64FRE_EN-US_DV5) (Fixed) (Total:14.91 GB) (Free:11.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: C1E18C9D)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F15C9808)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 002A450B)
Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS)

LastRegBack: 2017-02-21 14:54

==================== End of FRST.txt ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.