toofacedxo Posted March 15, 2017 ID:1108799 Share Posted March 15, 2017 (edited) Hi, recently I have noticed that there has been something called "name not available" in my volume mixer. At first I thought it was a bug, but then a few days ago I started hearing a faint sound coming from a male, until I googled and figured out it might be adware. It usually appears when I have bluestacks open, and then disappears when I close bluestacks. I have run various anti malware / adware tests and I have cleared what has came up. I think this started when I tried to download "andyroid" but later found out that this program is nothing but trouble on my machine. I would reformat, but I thought I'd give this a try. If anyone could please respond / help me, I'd highly appreciate that. Thank you. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 Ran by Kitty (administrator) on DESKTOP-29065A9 (15-03-2017 09:53:24) Running from C:\Users\Kitty\Downloads Loaded Profiles: Kitty (Available Profiles: defaultuser0 & Kitty & Administrator) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe (Bluestack System Inc. ) C:\Program Files (x86)\BlueStacks\BstkSVC.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hammer & Chisel, Inc.) C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-28] (AVAST Software) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] () HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-03-02] (Razer Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-3632486556-2844695211-850487258-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-3632486556-2844695211-850487258-1001\...\Run: [Discord] => C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-3632486556-2844695211-850487258-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.) HKU\S-1-5-21-3632486556-2844695211-850487258-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [225816 2017-02-21] (BlueStack Systems, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-28] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-28] (AVAST Software) GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{e5108a6d-c1cd-47d4-b3a1-ddd751dea63d}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-3632486556-2844695211-850487258-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_andos_17_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzzyCtCyC0Fzy0B0CtB0AzytA0BtBtDyEtN0D0Tzu0StCzzzytBtN1L2XzutAtFtByBtFyEtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtC0EtC0CzztAyEtGtD0DyB0BtGyDtD0E0DtGtCtB0AyBtGyB0DtB0AyB0BtByBzy0D0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyB0CyE0FyCzy0AtGyEyB0ByBtGyE0BtDtBtG0AtByBzytGyCyEtCtCzztB0EyDtB0A0AyC2QtN0A0LzutDtN1B2Z1V1T1S1NzutCtBtBzytA%26cr%3D543908778%26a%3Dwnf_andos_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll [2017-01-28] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll [2017-01-28] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\rhpaduiw.default-1489355687799 [2017-03-15] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-06] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> D:\Java\bin\dtplugin\npDeployJava1.dll [2017-01-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> D:\Java\bin\plugin2\npjp2.dll [2017-01-28] (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN) StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default [2017-03-15] CHR Extension: (BetterTTV) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-01-06] CHR Extension: (Google Drive) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-05] CHR Extension: (Dark Skin for Youtube™) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-02-23] CHR Extension: (YouTube) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-05] CHR Extension: (Twitter Web - Night Mode) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadmiljohldbooihfbkjkobepojailca [2017-01-23] CHR Extension: (uBlock Origin) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-15] CHR Extension: (AdBlock) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-28] CHR Extension: (Avast Online Security) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-04] CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12] CHR Extension: (Gmail) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-05] CHR Extension: (Chrome Media Router) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11] CHR HKU\S-1-5-21-3632486556-2844695211-850487258-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-02-28] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-28] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2017-02-04] () S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-02-21] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-02-21] (BlueStack Systems, Inc.) R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-02-21] (BlueStack Systems, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation) S3 Origin Client Service; D:\Origin\OriginClientService.exe [2122248 2017-02-17] (Electronic Arts) S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2184208 2017-02-17] (Electronic Arts) R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69768 2017-02-14] (Razer Inc.) R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] () S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-02-28] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-28] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-28] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-28] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-28] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-02-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-28] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-02-28] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-02-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-10] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-28] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7546544 2014-10-22] (Broadcom Corporation) S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-02-21] (BlueStack Systems) R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-02-21] (Bluestack System Inc. ) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [287032 2016-10-26] (Intel Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-15] (Malwarebytes) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2a6e383a1adc0e24\nvlddmkm.sys [14569528 2017-02-24] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-20] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation) S3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.) S3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] () R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-15 09:53 - 2017-03-15 09:53 - 02424832 _____ (Farbar) C:\Users\Kitty\Downloads\FRST64.exe 2017-03-15 09:53 - 2017-03-15 09:53 - 00017440 _____ C:\Users\Kitty\Downloads\FRST.txt 2017-03-15 09:53 - 2017-03-15 09:53 - 00000000 ____D C:\FRST 2017-03-15 09:52 - 2017-03-15 09:52 - 01766912 _____ (Farbar) C:\Users\Kitty\Downloads\FRST.exe 2017-03-15 09:50 - 2017-03-15 09:50 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-03-15 09:50 - 2017-03-15 09:50 - 00092088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-03-15 09:50 - 2017-03-15 09:50 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-03-15 09:50 - 2017-03-15 09:50 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-15 09:50 - 2017-03-15 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-15 09:50 - 2017-03-15 09:50 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-15 09:50 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-03-15 09:49 - 2017-03-15 09:49 - 57131432 _____ (Malwarebytes ) C:\Users\Kitty\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe 2017-03-14 01:18 - 2017-03-14 01:18 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-03-12 19:44 - 2017-03-12 19:44 - 00007602 _____ C:\Users\Kitty\AppData\Local\Resmon.ResmonCfg 2017-03-12 19:02 - 2017-03-12 19:02 - 00000000 _____ C:\Windows\system32\net 2017-03-12 18:59 - 2017-03-12 18:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub 2017-03-12 18:47 - 2017-03-12 18:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software 2017-03-12 18:47 - 2017-03-12 18:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF 2017-03-12 18:38 - 2017-03-12 18:38 - 00003306 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-03-12 18:38 - 2017-03-12 18:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation 2017-03-12 18:37 - 2017-03-12 18:38 - 00002387 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-03-12 18:37 - 2017-03-12 18:38 - 00000000 ___RD C:\Users\Administrator\OneDrive 2017-03-12 18:37 - 2017-03-12 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2017-03-12 18:37 - 2017-03-12 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Razer 2017-03-12 18:36 - 2017-03-12 19:00 - 00000000 ____D C:\Users\Administrator 2017-03-12 18:36 - 2017-03-12 18:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages 2017-03-12 18:36 - 2017-03-12 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform 2017-03-12 18:36 - 2017-03-12 18:36 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 _SHDL C:\Users\Administrator\My Documents 2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos 2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures 2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music 2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer 2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers 2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA 2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2017-03-12 11:33 - 2017-03-12 18:49 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-03-12 11:26 - 2017-03-12 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-03-12 11:26 - 2017-03-12 18:49 - 00000000 ____D C:\Program Files\RogueKiller 2017-03-12 11:25 - 2017-03-12 11:57 - 00000000 ____D C:\ProgramData\RogueKiller 2017-03-12 11:13 - 2017-03-15 09:50 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-03-12 11:13 - 2017-03-15 09:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-12 11:13 - 2017-03-12 18:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-03-12 11:12 - 2017-03-15 09:50 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2017-03-09 20:11 - 2017-03-09 20:11 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2017-03-09 20:11 - 2017-02-23 04:17 - 00136064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2017-03-09 20:11 - 2017-01-25 20:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-03-09 20:11 - 2017-01-25 20:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-03-09 20:11 - 2017-01-25 20:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll 2017-03-09 20:11 - 2017-01-25 20:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe 2017-03-09 20:10 - 2017-02-23 18:55 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 40192056 _____ C:\Windows\system32\nvcompiler.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 34992184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 28252608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 19007528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 11122728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 03168192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 02717752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437878.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437878.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 01052096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00989632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00910784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00721768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00719856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00618416 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00605120 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00576008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00573632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll 2017-03-09 20:10 - 2017-02-23 06:32 - 00447984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2017-03-07 17:26 - 2017-03-07 17:27 - 00000000 ____D C:\Users\Kitty\AppData\Local\Genymobile 2017-03-07 04:31 - 2017-03-07 04:31 - 1258908319 _____ C:\Windows\MEMORY.DMP 2017-03-07 04:31 - 2017-03-07 04:31 - 00506452 _____ C:\Windows\Minidump\030717-3812-01.dmp 2017-03-07 04:31 - 2017-03-07 04:31 - 00000000 ____D C:\Windows\Minidump 2017-03-07 04:30 - 2017-03-07 04:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2017-03-07 04:30 - 2017-03-07 04:30 - 00000460 _____ C:\Windows\system32\.crusader 2017-03-07 04:30 - 2017-03-07 04:30 - 00000322 _____ C:\Windows\system32\bootdelete.lst 2017-03-07 04:27 - 2017-03-07 04:30 - 00000000 ____D C:\ProgramData\HitmanPro 2017-03-07 04:17 - 2017-03-12 18:59 - 00000000 ____D C:\AdwCleaner 2017-03-07 04:10 - 2017-03-07 04:11 - 00000000 ____D C:\Users\Kitty\AppData\Local\{ECAEDAF2-C806-B64A-A59E-93A281F66F3A} 2017-03-07 04:10 - 2017-03-07 04:10 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\VMware 2017-03-07 04:09 - 2017-03-07 04:09 - 01350196 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-03-07 04:09 - 2016-11-12 00:16 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys 2017-03-07 04:09 - 2016-11-12 00:05 - 00044096 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys 2017-03-07 04:08 - 2017-03-07 04:08 - 00000000 ____D C:\ProgramData\Apple 2017-03-07 04:07 - 2017-03-07 04:15 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\Andy 2017-03-07 04:07 - 2017-03-07 04:07 - 00000000 ____D C:\Users\Kitt\Andy 2017-03-07 04:07 - 2017-03-07 04:07 - 00000000 ____D C:\Users\Kitt 2017-03-07 04:06 - 2017-03-07 04:07 - 130337863 _____ C:\Users\Kitty\Downloads\ladyxtease-mfc-201504290206.mp4 2017-03-05 20:27 - 2017-03-07 03:15 - 00000000 ____D C:\Users\Kitty\AppData\Local\Troubleshooter 2017-03-05 20:26 - 2017-03-05 20:26 - 00000000 ____D C:\Users\Kitty\AppData\Local\Macromedia 2017-03-05 20:23 - 2017-03-07 03:27 - 00000552 _____ C:\Users\Kitty\AppData\Local\TroubleshooterConfig.json 2017-03-05 20:22 - 2017-03-14 01:19 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2017-03-05 20:22 - 2017-03-05 20:22 - 00001644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk 2017-03-05 20:21 - 2017-03-05 20:22 - 00000000 ____D C:\Program Files (x86)\BlueStacks 2017-03-05 20:21 - 2017-03-05 20:21 - 00000000 ____D C:\Users\Kitty\AppData\Local\Bluestacks 2017-03-02 04:18 - 2017-03-02 04:18 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-03-02 04:18 - 2017-03-02 04:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-02-28 13:12 - 2017-02-28 13:12 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-02-20 18:38 - 2017-02-20 18:38 - 00000000 ____D C:\Users\Kitty\Documents\Rockstar Games 2017-02-20 18:38 - 2017-02-20 18:38 - 00000000 ____D C:\Users\Kitty\AppData\Local\Rockstar Games 2017-02-20 18:38 - 2017-02-20 18:38 - 00000000 ____D C:\Program Files\Rockstar Games 2017-02-20 18:38 - 2017-02-20 18:38 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2017-02-17 22:58 - 2017-02-17 22:58 - 00000000 ____D C:\Users\Kitty\Documents\Electronic Arts 2017-02-17 22:58 - 2017-02-17 22:58 - 00000000 ____D C:\ProgramData\Electronic Arts 2017-02-17 22:41 - 2014-09-16 19:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2017-02-17 22:01 - 2017-02-20 14:55 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\Origin 2017-02-17 22:01 - 2017-02-17 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2017-02-17 22:00 - 2017-02-20 14:57 - 00000000 ____D C:\ProgramData\Origin 2017-02-17 22:00 - 2017-02-17 22:58 - 00000000 ____D C:\Users\Kitty\AppData\Local\Origin 2017-02-17 22:00 - 2017-02-17 22:00 - 00000000 ____D C:\Users\Kitty\.Origin 2017-02-16 23:06 - 2017-02-09 22:33 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll 2017-02-16 23:06 - 2017-02-09 22:33 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll 2017-02-16 17:35 - 2017-03-15 00:55 - 00000000 ____D C:\Users\Kitty\AppData\LocalLow\Mozilla 2017-02-16 17:35 - 2017-02-16 17:41 - 00000000 ____D C:\Users\Kitty\AppData\Local\Mozilla 2017-02-16 17:35 - 2017-02-16 17:35 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\Mozilla 2017-02-14 21:58 - 2017-02-14 21:58 - 00114816 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll 2017-02-14 21:58 - 2017-02-14 21:58 - 00104576 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll 2017-02-14 21:58 - 2017-02-14 21:58 - 00048776 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-15 09:43 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp 2017-03-15 09:39 - 2017-01-05 23:54 - 00000000 ____D C:\ProgramData\NVIDIA 2017-03-15 09:39 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-15 09:39 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\AppReadiness 2017-03-15 00:56 - 2017-01-05 23:46 - 00000000 ____D C:\Users\Kitty 2017-03-15 00:55 - 2017-01-14 04:17 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\TS3Client 2017-03-15 00:44 - 2017-01-05 23:44 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-03-15 00:17 - 2017-01-06 02:07 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\Skype 2017-03-14 14:14 - 2017-01-06 01:06 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-03-13 01:18 - 2017-01-06 15:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-03-12 19:06 - 2017-01-05 23:49 - 01530506 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-12 19:00 - 2017-01-05 23:44 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-12 18:59 - 2016-07-16 02:04 - 00262144 _____ C:\Windows\system32\config\BBI 2017-03-12 18:36 - 2017-01-05 23:46 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-03-12 12:26 - 2017-01-29 01:41 - 00000000 ____D C:\Users\Kitty\AppData\Local\CrashDumps 2017-03-12 11:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\LiveKernelReports 2017-03-12 11:21 - 2017-01-05 23:44 - 00197752 _____ C:\Windows\system32\FNTCACHE.DAT 2017-03-11 03:00 - 2017-01-08 02:56 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\vlc 2017-03-11 01:04 - 2017-01-05 23:46 - 00000000 ____D C:\Users\Kitty\AppData\Local\Packages 2017-03-10 17:43 - 2017-02-04 05:36 - 00000000 ____D C:\Users\Kitty\AppData\Local\ElevatedDiagnostics 2017-03-10 17:43 - 2017-01-06 01:06 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2017-03-09 20:12 - 2017-01-06 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-03-09 20:12 - 2017-01-05 23:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-03-09 20:12 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF 2017-03-09 20:07 - 2017-01-29 01:40 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-09 20:07 - 2017-01-29 01:40 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-09 20:07 - 2017-01-29 01:39 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-09 20:07 - 2017-01-29 01:39 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-09 20:07 - 2017-01-29 01:39 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-09 20:07 - 2017-01-29 01:39 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-09 20:07 - 2017-01-29 01:39 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-03-09 20:07 - 2017-01-05 23:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-03-09 20:07 - 2017-01-05 23:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-03-07 04:31 - 2017-01-05 23:45 - 00000000 ____D C:\Users\defaultuser0 2017-03-07 04:12 - 2017-01-25 20:03 - 00000000 ____D C:\Windows\system32\appmgmt 2017-03-07 03:31 - 2017-01-06 15:21 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\OBS 2017-03-05 20:22 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries 2017-03-03 22:49 - 2017-01-06 00:19 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\TeamViewer 2017-03-02 04:18 - 2017-01-06 02:07 - 00000000 ____D C:\ProgramData\Skype 2017-03-02 04:17 - 2017-01-08 15:49 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-28 15:36 - 2017-01-06 01:44 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-28 13:12 - 2017-02-07 22:52 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-02-28 13:12 - 2017-02-07 22:52 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-02-28 13:12 - 2017-02-07 22:52 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-02-28 13:12 - 2017-02-07 22:52 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-02-28 13:12 - 2017-02-07 22:52 - 00003994 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-02-28 13:12 - 2017-01-06 01:06 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-02-28 13:12 - 2017-01-06 01:06 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148951526139001 2017-02-28 13:12 - 2017-01-06 01:06 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-02-28 13:12 - 2017-01-06 01:06 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-02-28 13:12 - 2017-01-06 01:06 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-02-28 13:12 - 2017-01-06 01:06 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-02-28 13:12 - 2017-01-06 01:06 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-02-24 19:19 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\NDF 2017-02-24 15:15 - 2017-01-06 00:03 - 00000000 ____D C:\Windows\system32\MRT 2017-02-24 15:14 - 2017-01-06 00:03 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-02-23 18:55 - 2016-09-24 03:17 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2017-02-23 18:55 - 2016-09-24 02:51 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2017-02-23 14:35 - 2017-01-29 01:40 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2017-02-23 14:35 - 2017-01-29 01:40 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2017-02-23 14:35 - 2017-01-29 01:40 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2017-02-23 14:35 - 2017-01-29 01:40 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2017-02-23 14:35 - 2017-01-29 01:40 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll 2017-02-23 14:34 - 2017-01-29 01:39 - 00059448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2017-02-23 10:30 - 2017-01-29 01:39 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-02-23 06:32 - 2016-09-24 02:42 - 04078008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-02-23 06:32 - 2016-09-24 02:42 - 03596616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-02-23 06:32 - 2016-09-23 23:42 - 00043566 _____ C:\Windows\system32\nvinfo.pb 2017-02-23 04:43 - 2017-01-29 01:39 - 00001951 _____ C:\Windows\NvContainerRecovery.bat 2017-02-23 04:28 - 2017-01-05 23:54 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2017-02-23 04:28 - 2017-01-05 23:54 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2017-02-23 04:28 - 2017-01-05 23:54 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2017-02-23 04:28 - 2017-01-05 23:54 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2017-02-23 04:28 - 2017-01-05 23:54 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2017-02-23 04:28 - 2017-01-05 23:54 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2017-02-23 04:28 - 2017-01-05 23:54 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2017-02-23 02:38 - 2017-01-05 23:54 - 07807027 _____ C:\Windows\system32\nvcoproc.bin 2017-02-15 12:34 - 2017-01-06 01:30 - 00000000 ____D C:\Users\Kitty\AppData\Local\Battle.net ==================== Files in the root of some directories ======= 2017-03-12 19:44 - 2017-03-12 19:44 - 0007602 _____ () C:\Users\Kitty\AppData\Local\Resmon.ResmonCfg 2017-03-05 20:23 - 2017-03-07 03:27 - 0000552 _____ () C:\Users\Kitty\AppData\Local\TroubleshooterConfig.json 2017-01-08 02:57 - 2017-01-08 02:57 - 0000003 _____ () C:\Users\Kitty\AppData\Local\updater.log 2017-01-08 02:57 - 2017-01-08 02:57 - 0000424 _____ () C:\Users\Kitty\AppData\Local\UserProducts.xml 2017-01-06 16:00 - 2017-01-06 16:00 - 0000016 _____ () C:\ProgramData\mntemp Some files in TEMP: ==================== 2017-03-12 18:49 - 2016-11-11 06:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll 2017-03-12 11:26 - 2016-11-11 06:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Kitty\AppData\Local\Temp\dllnt_dump.dll 2017-01-31 01:50 - 2017-01-31 01:51 - 52892784 _____ (Daring Development Inc.) C:\Users\Kitty\AppData\Local\Temp\Infinity-Setup.exe 2017-01-07 00:32 - 2017-01-07 00:35 - 37171128 _____ () C:\Users\Kitty\AppData\Local\Temp\InstallIMVU_529.0.exe 2017-01-05 23:54 - 2017-02-09 18:39 - 0754168 _____ (NVIDIA Corporation) C:\Users\Kitty\AppData\Local\Temp\nvSCPAPI.dll 2017-01-05 23:54 - 2017-02-09 18:39 - 0868152 _____ (NVIDIA Corporation) C:\Users\Kitty\AppData\Local\Temp\nvSCPAPI64.dll 2017-01-29 01:46 - 2017-02-09 18:39 - 0352704 _____ (NVIDIA Corporation) C:\Users\Kitty\AppData\Local\Temp\nvStInst.exe 2017-03-07 04:14 - 2017-02-03 15:20 - 1342792 _____ (Andy OS, inc.) C:\Users\Kitty\AppData\Local\Temp\RemoveTemp.exe 2017-02-04 00:48 - 2017-02-04 00:48 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-133f5dfb-4b3b-4e07-b871-a2f9659451dc-sqlitejdbc.dll 2017-01-29 02:11 - 2017-01-29 02:11 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-1b37bd8c-40a7-4c24-a4af-afc4bd57d4d1-sqlitejdbc.dll 2017-01-28 22:22 - 2017-01-28 22:22 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-3b42a881-6cfc-40b4-a5f3-f231192f9b58-sqlitejdbc.dll 2017-01-30 23:22 - 2017-01-30 23:22 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-3ce7ba42-1776-4a19-b7f0-7de7a6a6719c-sqlitejdbc.dll 2017-02-28 18:53 - 2017-02-28 18:53 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-49df1f9e-61ce-4d42-adb5-8352da39236e-sqlitejdbc.dll 2017-01-28 01:19 - 2017-01-28 01:19 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-7dc02359-f4af-4940-8009-bcd66f9a2429-sqlitejdbc.dll 2017-01-30 20:01 - 2017-01-30 20:01 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-9c5c46e5-2b3f-4da3-b492-993c1a664261-sqlitejdbc.dll 2017-01-28 01:05 - 2017-01-28 01:05 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-c4e7c220-eecb-4324-8940-abf4317ed7e0-sqlitejdbc.dll 2017-03-02 04:17 - 2017-03-02 04:17 - 14456872 _____ (Microsoft Corporation) C:\Users\Kitty\AppData\Local\Temp\vc_redist.x86.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-24 15:14 ==================== End of FRST.txt ============================ Addition_15-03-2017 09.53.53.txt Edited March 15, 2017 by toofacedxo Had to add logs Link to post Share on other sites More sharing options...
toofacedxo Posted March 15, 2017 Author ID:1108807 Share Posted March 15, 2017 Forgot to save it to desktop, not sure if it makes much of a difference, here are the logs re posted. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted March 17, 2017 ID:1109464 Share Posted March 17, 2017 Hello toofacedxo and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download and save RogueKiller to your Desktop from this link:https://www.fosshub.com/RogueKiller.html/setup.exe Right click setup.exe and select Run as Administrator to start installing RogueKiller. At the next window Checkmark "Install 32 and 64 bit versions, then select "Next" In the next window skip Licence I.D. and Licence Key, select "Next" In the next window make no changes and select "Next" In the next window leave both "Additional Shortcuts" checkmarked, then select "Next" In the next window make no changes and select "Install" RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish. RogueKiller will launch. Accept UAC, then read and accept "User Agreements" In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan" When the scan completes select "Open Report" In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply Let me see those logs, also tell me if there are any remaining issues or concerns.... Thank you, Kevin.... fixlist.txt Link to post Share on other sites More sharing options...
toofacedxo Posted March 17, 2017 Author ID:1109471 Share Posted March 17, 2017 (edited) Thanks so much for your reply Kevin. I have done all said to do and have attached the logs. I couldn't get adw to open up a log because it said that there were no adware found. The weird part about this is that it is all coming back clean, while "Name Not Available" remains in my volume mixer. So when I turned on my computer today, there was name not available in the volume mixer, when the first tool you gave me restarted my computer, it went away when the computer booted back up. It seems to appear randomly, and disappear only sometimes after a restart / shut down. Also it appears 100% of the time when I have Bluestacks open even though this issue started before I even had Bluestacks downloaded. Thanks for your reply once again, looking forward to hearing from you. Also I should mention that 2 days ago I ran adw, and roguekiller and they both have found and removed threats on the computer. Fixlog.txt MalwareBytesScan.txt JRT.txt RogueKiller.txt Edited March 17, 2017 by toofacedxo Link to post Share on other sites More sharing options...
kevinf80 Posted March 18, 2017 ID:1109472 Share Posted March 18, 2017 Run the following: Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them.Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. Attach saved report in your next message. Link to post Share on other sites More sharing options...
toofacedxo Posted March 18, 2017 Author ID:1109475 Share Posted March 18, 2017 2017.03.17-20.30.09-i0-t92-d0.txt Link to post Share on other sites More sharing options...
kevinf80 Posted March 18, 2017 ID:1109477 Share Posted March 18, 2017 Continue with the following: 1.Download Malwarebytes Anti-Rootkit from this link:http://www.malwarebytes.org/products/mbar/ 2. Unzip the File to a convenient location. (Recommend the Desktop) 3. Open the folder where the contents were unzipped to run mbar.exe 4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image: 5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.) 6. The following image opens, select Next. 7. The following image opens, select Update 8. When the update completes select Next. 9. In the following window ensure "Targets" are ticked. Then select "Scan" 10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed. 11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process. 12. If no threats were found you will see the following image, Select Exit: 13. Verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall 14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder. 15. Select "Y" from your Keyboard, tap Enter. 16. The fix will be applied, select any key to Exit. 17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:System - logMbar - log Date and time of scan will also be shown Thanks, Kevin... Link to post Share on other sites More sharing options...
toofacedxo Posted March 18, 2017 Author ID:1109479 Share Posted March 18, 2017 system log - --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.953.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 4.008000 GHz Memory total: 17137553408, free: 14925430784 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.953.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 4.008000 GHz Memory total: 17137553408, free: 14911614976 Downloaded database version: v2017.03.18.01 Downloaded database version: v2017.03.11.01 Downloaded database version: v2017.03.14.01 ======================================= Initializing... ------------ Kernel report ------------ 03/17/2017 20:42:21 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\system32\drivers\aswVmm.sys \SystemRoot\system32\drivers\aswRvrt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\aswbuniva.sys \SystemRoot\system32\drivers\aswbloga.sys \SystemRoot\system32\drivers\aswbidsha.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\aswSP.sys \SystemRoot\system32\drivers\aswSnx.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\aswRdr2.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \??\C:\Windows\System32\drivers\zamguard64.sys \??\C:\Windows\System32\drivers\zam64.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\aswbidsdrivera.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2a6e383a1adc0e24\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys \SystemRoot\system32\drivers\SpbCx.sys \SystemRoot\System32\drivers\TeeDriverW8x64.sys \SystemRoot\system32\DRIVERS\bcmwl63a.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\iaLPSS2_UART2.sys \SystemRoot\system32\drivers\SerCx2.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys \SystemRoot\System32\Drivers\msgpioclx.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\acpipagr.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\HdAudio.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\rzendpt.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\rzudd.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\aswMonFlt.sys \SystemRoot\system32\drivers\wcnfs.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\aswStm.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\peauth.sys \??\C:\Windows\system32\drivers\rzpnk.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\rzpmgrk.sys \SystemRoot\system32\drivers\Ndu.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \SystemRoot\System32\drivers\tunnel.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.03.18.01 rootkit: v2017.03.11.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffff9a85deaba060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9a85de9cbae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9a85deaba060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffff9a85de89ee40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9a85de857400, DeviceName: \Device\0000003c\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 69E6646 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1024000 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1026048 Numsec = 233412608 Partition is not bootable Partition file system is NTFS Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 120034123776 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffff9a85deab9060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9a85de9caae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9a85deab9060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffff9a85de89ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9a85de8a4060, DeviceName: \Device\0000003d\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 38E7431 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\058e016628ca385ecca0589255c71bce\System.Drawing.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\68f0c8b24547a1eeafc998eb2b2522e0\System.Windows.Forms.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\561bcb2835dc3d4de610397aebd07edc\System.Core.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\69bc7c6c084baf2d2ffd6871c726e266\System.Configuration.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cfff018936a7c6348cb7ea98d432343a\System.Xml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\cdf154aba70e4b85cbf7e19b477c8fd9\System.ServiceProcess.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\644006124f267e54cf6760ac688fbf3e\System.Xml.Linq.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0e3670b79a0d3cf62dffca3403010d44\PresentationCore.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1b30fcb579bbaad955474f384a20d978\System.Xaml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5fa817daff10898645f2a4f4514bee62\PresentationFramework.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\8332b61f3d1dd79a521761fcc22cc283\System.Management.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\b02077014cbc9078ead7391e8ee5fbe6\UIAutomationTypes.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1026048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished mbar log - Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.03.18.01 rootkit: v2017.03.11.01 Windows 10 x64 NTFS Internet Explorer 11.953.14393.0 Kitty :: DESKTOP-29065A9 [administrator] 3/17/2017 8:42:25 PM mbar-log-2017-03-17 (20-42-25).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 371534 Time elapsed: 6 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted March 18, 2017 ID:1109480 Share Posted March 18, 2017 Continue with the following: Download Portable Windows Repair (all in one) from one of the following:www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.ziphttp://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.htmlhttps://www.bleepingcomputer.com/download/windows-repair-all-in-one/ Unzip the contents into a newly created folder on your desktop. Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator" From the main GUI do the following: Select Tab 5 to make Registry backup, use the recommended option... When complete select "Repairs" tab, from there select "Open Repairs" tab.. From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab.... When complete re-boot your system to Normal mode, see if there is any improvement... Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt Link to post Share on other sites More sharing options...
toofacedxo Posted March 18, 2017 Author ID:1109482 Share Posted March 18, 2017 _Windows_Repair_Log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted March 18, 2017 ID:1109513 Share Posted March 18, 2017 Did you re-boot after running repair tool, has it made any difference..? Link to post Share on other sites More sharing options...
toofacedxo Posted March 19, 2017 Author ID:1109860 Share Posted March 19, 2017 So I'm not seeing Name Not Available yesterday and today, only comes up when I have bluestacks open. But ever since I did the tweaking.com step I keep getting errors like this pop up when I try to click on certain things. I can't use certain headphones / microphones now either. Link to post Share on other sites More sharing options...
kevinf80 Posted March 19, 2017 ID:1109886 Share Posted March 19, 2017 Groove Music is a Windows 10 app, do you normally use other software to play your music.. Link to post Share on other sites More sharing options...
toofacedxo Posted March 19, 2017 Author ID:1109889 Share Posted March 19, 2017 I use VLC Media Player, but this isn't the only problem that pops up, it was doing it for photos too, and then teamspeak. Link to post Share on other sites More sharing options...
kevinf80 Posted March 19, 2017 ID:1109891 Share Posted March 19, 2017 Ok, run the following: Select the Windows key and X Key together. From the produced list select:: Command Promt (Admin) At the Command prompt, type SFC /SCANNOW hit the Enter key Wait for the scan to finish - make a note of any error messages - and then reboot. Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply. Link to post Share on other sites More sharing options...
toofacedxo Posted March 19, 2017 Author ID:1109907 Share Posted March 19, 2017 CBS.rar Link to post Share on other sites More sharing options...
kevinf80 Posted March 19, 2017 ID:1109908 Share Posted March 19, 2017 Any improvement...? Link to post Share on other sites More sharing options...
toofacedxo Posted March 20, 2017 Author ID:1109935 Share Posted March 20, 2017 So far so good. No Name available only pops up when blue stacks is open, never on it's own. Is that normal? Link to post Share on other sites More sharing options...
kevinf80 Posted March 20, 2017 ID:1109978 Share Posted March 20, 2017 Yes it is normal for what you describe with BlueStacks, i`ve just installed BlueStacks on a virtual system and can confirm the addition to volume mixer as normal... If no more issues or concerns run the following to clean up: Uninstall RogueKiller and Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down:"Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 23, 2017 Root Admin ID:1110900 Share Posted March 23, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts