Jump to content

Recommended Posts

Hi, recently I have noticed that there has been something called "name not available" in my volume mixer. At first I thought it was a bug, but then a few days ago I started hearing a faint sound coming from a male, until I googled and figured out it might be adware. It usually appears when I have bluestacks open, and then disappears when I close bluestacks. I have run various anti malware / adware tests and I have cleared what has came up. I think this started when I tried to download "andyroid" but later found out that this program is nothing but trouble on my machine. I would reformat, but I thought I'd give this a try. If anyone could please respond / help me, I'd highly appreciate that. Thank you. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Kitty (administrator) on DESKTOP-29065A9 (15-03-2017 09:53:24)
Running from C:\Users\Kitty\Downloads
Loaded Profiles: Kitty (Available Profiles: defaultuser0 & Kitty & Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
(Bluestack System Inc. ) C:\Program Files (x86)\BlueStacks\BstkSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hammer & Chisel, Inc.) C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-28] (AVAST Software)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-03-02] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3632486556-2844695211-850487258-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3632486556-2844695211-850487258-1001\...\Run: [Discord] => C:\Users\Kitty\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3632486556-2844695211-850487258-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3632486556-2844695211-850487258-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [225816 2017-02-21] (BlueStack Systems, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-28] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-28] (AVAST Software)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e5108a6d-c1cd-47d4-b3a1-ddd751dea63d}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3632486556-2844695211-850487258-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_andos_17_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzzyCtCyC0Fzy0B0CtB0AzytA0BtBtDyEtN0D0Tzu0StCzzzytBtN1L2XzutAtFtByBtFyEtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtC0EtC0CzztAyEtGtD0DyB0BtGyDtD0E0DtGtCtB0AyBtGyB0DtB0AyB0BtByBzy0D0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyB0CyE0FyCzy0AtGyEyB0ByBtGyE0BtDtBtG0AtByBzytGyCyEtCtCzztB0EyDtB0A0AyC2QtN0A0LzutDtN1B2Z1V1T1S1NzutCtBtBzytA%26cr%3D543908778%26a%3Dwnf_andos_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll [2017-01-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll [2017-01-28] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\rhpaduiw.default-1489355687799 [2017-03-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> D:\Java\bin\dtplugin\npDeployJava1.dll [2017-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> D:\Java\bin\plugin2\npjp2.dll [2017-01-28] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default [2017-03-15]
CHR Extension: (BetterTTV) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-01-06]
CHR Extension: (Google Drive) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-05]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-02-23]
CHR Extension: (YouTube) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-05]
CHR Extension: (Twitter Web - Night Mode) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cadmiljohldbooihfbkjkobepojailca [2017-01-23]
CHR Extension: (uBlock Origin) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-15]
CHR Extension: (AdBlock) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-28]
CHR Extension: (Avast Online Security) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-04]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-05]
CHR Extension: (Chrome Media Router) - C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]
CHR HKU\S-1-5-21-3632486556-2844695211-850487258-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-02-28] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-28] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2017-02-04] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-02-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-02-21] (BlueStack Systems, Inc.)
R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-02-21] (BlueStack Systems, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2122248 2017-02-17] (Electronic Arts)
S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2184208 2017-02-17] (Electronic Arts)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69768 2017-02-14] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-02-28] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-28] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-28] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-28] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-02-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-02-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-02-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-14] (AVAST Software)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7546544 2014-10-22] (Broadcom Corporation)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-02-21] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-02-21] (Bluestack System Inc. )
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [287032 2016-10-26] (Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-15] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2a6e383a1adc0e24\nvlddmkm.sys [14569528 2017-02-24] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
S3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 09:53 - 2017-03-15 09:53 - 02424832 _____ (Farbar) C:\Users\Kitty\Downloads\FRST64.exe
2017-03-15 09:53 - 2017-03-15 09:53 - 00017440 _____ C:\Users\Kitty\Downloads\FRST.txt
2017-03-15 09:53 - 2017-03-15 09:53 - 00000000 ____D C:\FRST
2017-03-15 09:52 - 2017-03-15 09:52 - 01766912 _____ (Farbar) C:\Users\Kitty\Downloads\FRST.exe
2017-03-15 09:50 - 2017-03-15 09:50 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-15 09:50 - 2017-03-15 09:50 - 00092088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-15 09:50 - 2017-03-15 09:50 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-15 09:50 - 2017-03-15 09:50 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-15 09:50 - 2017-03-15 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-15 09:50 - 2017-03-15 09:50 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-15 09:50 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-15 09:49 - 2017-03-15 09:49 - 57131432 _____ (Malwarebytes ) C:\Users\Kitty\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-14 01:18 - 2017-03-14 01:18 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-12 19:44 - 2017-03-12 19:44 - 00007602 _____ C:\Users\Kitty\AppData\Local\Resmon.ResmonCfg
2017-03-12 19:02 - 2017-03-12 19:02 - 00000000 _____ C:\Windows\system32\net
2017-03-12 18:59 - 2017-03-12 18:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2017-03-12 18:47 - 2017-03-12 18:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2017-03-12 18:47 - 2017-03-12 18:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2017-03-12 18:38 - 2017-03-12 18:38 - 00003306 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-12 18:38 - 2017-03-12 18:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2017-03-12 18:37 - 2017-03-12 18:38 - 00002387 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-12 18:37 - 2017-03-12 18:38 - 00000000 ___RD C:\Users\Administrator\OneDrive
2017-03-12 18:37 - 2017-03-12 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-03-12 18:37 - 2017-03-12 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Razer
2017-03-12 18:36 - 2017-03-12 19:00 - 00000000 ____D C:\Users\Administrator
2017-03-12 18:36 - 2017-03-12 18:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-03-12 18:36 - 2017-03-12 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2017-03-12 18:36 - 2017-03-12 18:36 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2017-03-12 18:36 - 2017-03-12 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2017-03-12 11:33 - 2017-03-12 18:49 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-12 11:26 - 2017-03-12 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-12 11:26 - 2017-03-12 18:49 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-12 11:25 - 2017-03-12 11:57 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-12 11:13 - 2017-03-15 09:50 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-12 11:13 - 2017-03-15 09:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-12 11:13 - 2017-03-12 18:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-12 11:12 - 2017-03-15 09:50 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-09 20:11 - 2017-03-09 20:11 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-09 20:11 - 2017-02-23 04:17 - 00136064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-09 20:11 - 2017-01-25 20:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-09 20:11 - 2017-01-25 20:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-09 20:11 - 2017-01-25 20:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-09 20:11 - 2017-01-25 20:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-09 20:10 - 2017-02-23 18:55 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 34992184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 28252608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 19007528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 11122728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 03168192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 02717752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437878.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437878.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 01052096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00989632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00910784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00721768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00719856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00618416 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00605120 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00576008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00573632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-03-09 20:10 - 2017-02-23 06:32 - 00447984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-07 17:26 - 2017-03-07 17:27 - 00000000 ____D C:\Users\Kitty\AppData\Local\Genymobile
2017-03-07 04:31 - 2017-03-07 04:31 - 1258908319 _____ C:\Windows\MEMORY.DMP
2017-03-07 04:31 - 2017-03-07 04:31 - 00506452 _____ C:\Windows\Minidump\030717-3812-01.dmp
2017-03-07 04:31 - 2017-03-07 04:31 - 00000000 ____D C:\Windows\Minidump
2017-03-07 04:30 - 2017-03-07 04:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-03-07 04:30 - 2017-03-07 04:30 - 00000460 _____ C:\Windows\system32\.crusader
2017-03-07 04:30 - 2017-03-07 04:30 - 00000322 _____ C:\Windows\system32\bootdelete.lst
2017-03-07 04:27 - 2017-03-07 04:30 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-07 04:17 - 2017-03-12 18:59 - 00000000 ____D C:\AdwCleaner
2017-03-07 04:10 - 2017-03-07 04:11 - 00000000 ____D C:\Users\Kitty\AppData\Local\{ECAEDAF2-C806-B64A-A59E-93A281F66F3A}
2017-03-07 04:10 - 2017-03-07 04:10 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\VMware
2017-03-07 04:09 - 2017-03-07 04:09 - 01350196 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-07 04:09 - 2016-11-12 00:16 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2017-03-07 04:09 - 2016-11-12 00:05 - 00044096 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2017-03-07 04:08 - 2017-03-07 04:08 - 00000000 ____D C:\ProgramData\Apple
2017-03-07 04:07 - 2017-03-07 04:15 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\Andy
2017-03-07 04:07 - 2017-03-07 04:07 - 00000000 ____D C:\Users\Kitt\Andy
2017-03-07 04:07 - 2017-03-07 04:07 - 00000000 ____D C:\Users\Kitt
2017-03-07 04:06 - 2017-03-07 04:07 - 130337863 _____ C:\Users\Kitty\Downloads\ladyxtease-mfc-201504290206.mp4
2017-03-05 20:27 - 2017-03-07 03:15 - 00000000 ____D C:\Users\Kitty\AppData\Local\Troubleshooter
2017-03-05 20:26 - 2017-03-05 20:26 - 00000000 ____D C:\Users\Kitty\AppData\Local\Macromedia
2017-03-05 20:23 - 2017-03-07 03:27 - 00000552 _____ C:\Users\Kitty\AppData\Local\TroubleshooterConfig.json
2017-03-05 20:22 - 2017-03-14 01:19 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-03-05 20:22 - 2017-03-05 20:22 - 00001644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-03-05 20:21 - 2017-03-05 20:22 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-03-05 20:21 - 2017-03-05 20:21 - 00000000 ____D C:\Users\Kitty\AppData\Local\Bluestacks
2017-03-02 04:18 - 2017-03-02 04:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-02 04:18 - 2017-03-02 04:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-28 13:12 - 2017-02-28 13:12 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-20 18:38 - 2017-02-20 18:38 - 00000000 ____D C:\Users\Kitty\Documents\Rockstar Games
2017-02-20 18:38 - 2017-02-20 18:38 - 00000000 ____D C:\Users\Kitty\AppData\Local\Rockstar Games
2017-02-20 18:38 - 2017-02-20 18:38 - 00000000 ____D C:\Program Files\Rockstar Games
2017-02-20 18:38 - 2017-02-20 18:38 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-02-17 22:58 - 2017-02-17 22:58 - 00000000 ____D C:\Users\Kitty\Documents\Electronic Arts
2017-02-17 22:58 - 2017-02-17 22:58 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-02-17 22:41 - 2014-09-16 19:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2017-02-17 22:01 - 2017-02-20 14:55 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\Origin
2017-02-17 22:01 - 2017-02-17 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-02-17 22:00 - 2017-02-20 14:57 - 00000000 ____D C:\ProgramData\Origin
2017-02-17 22:00 - 2017-02-17 22:58 - 00000000 ____D C:\Users\Kitty\AppData\Local\Origin
2017-02-17 22:00 - 2017-02-17 22:00 - 00000000 ____D C:\Users\Kitty\.Origin
2017-02-16 23:06 - 2017-02-09 22:33 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
2017-02-16 23:06 - 2017-02-09 22:33 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
2017-02-16 17:35 - 2017-03-15 00:55 - 00000000 ____D C:\Users\Kitty\AppData\LocalLow\Mozilla
2017-02-16 17:35 - 2017-02-16 17:41 - 00000000 ____D C:\Users\Kitty\AppData\Local\Mozilla
2017-02-16 17:35 - 2017-02-16 17:35 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\Mozilla
2017-02-14 21:58 - 2017-02-14 21:58 - 00114816 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll
2017-02-14 21:58 - 2017-02-14 21:58 - 00104576 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll
2017-02-14 21:58 - 2017-02-14 21:58 - 00048776 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 09:43 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp
2017-03-15 09:39 - 2017-01-05 23:54 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-15 09:39 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 09:39 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-15 00:56 - 2017-01-05 23:46 - 00000000 ____D C:\Users\Kitty
2017-03-15 00:55 - 2017-01-14 04:17 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\TS3Client
2017-03-15 00:44 - 2017-01-05 23:44 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-15 00:17 - 2017-01-06 02:07 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\Skype
2017-03-14 14:14 - 2017-01-06 01:06 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-03-13 01:18 - 2017-01-06 15:12 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-12 19:06 - 2017-01-05 23:49 - 01530506 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-12 19:00 - 2017-01-05 23:44 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-12 18:59 - 2016-07-16 02:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-03-12 18:36 - 2017-01-05 23:46 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-12 12:26 - 2017-01-29 01:41 - 00000000 ____D C:\Users\Kitty\AppData\Local\CrashDumps
2017-03-12 11:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-12 11:21 - 2017-01-05 23:44 - 00197752 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-11 03:00 - 2017-01-08 02:56 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\vlc
2017-03-11 01:04 - 2017-01-05 23:46 - 00000000 ____D C:\Users\Kitty\AppData\Local\Packages
2017-03-10 17:43 - 2017-02-04 05:36 - 00000000 ____D C:\Users\Kitty\AppData\Local\ElevatedDiagnostics
2017-03-10 17:43 - 2017-01-06 01:06 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-09 20:12 - 2017-01-06 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-09 20:12 - 2017-01-05 23:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-09 20:12 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF
2017-03-09 20:07 - 2017-01-29 01:40 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 20:07 - 2017-01-29 01:40 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 20:07 - 2017-01-29 01:39 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 20:07 - 2017-01-29 01:39 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 20:07 - 2017-01-29 01:39 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 20:07 - 2017-01-29 01:39 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 20:07 - 2017-01-29 01:39 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 20:07 - 2017-01-05 23:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-09 20:07 - 2017-01-05 23:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-07 04:31 - 2017-01-05 23:45 - 00000000 ____D C:\Users\defaultuser0
2017-03-07 04:12 - 2017-01-25 20:03 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-07 03:31 - 2017-01-06 15:21 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\OBS
2017-03-05 20:22 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-03 22:49 - 2017-01-06 00:19 - 00000000 ____D C:\Users\Kitty\AppData\Roaming\TeamViewer
2017-03-02 04:18 - 2017-01-06 02:07 - 00000000 ____D C:\ProgramData\Skype
2017-03-02 04:17 - 2017-01-08 15:49 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-28 15:36 - 2017-01-06 01:44 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-28 13:12 - 2017-02-07 22:52 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-28 13:12 - 2017-02-07 22:52 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-28 13:12 - 2017-02-07 22:52 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-28 13:12 - 2017-02-07 22:52 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-28 13:12 - 2017-02-07 22:52 - 00003994 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-28 13:12 - 2017-01-06 01:06 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-28 13:12 - 2017-01-06 01:06 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148951526139001
2017-02-28 13:12 - 2017-01-06 01:06 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-28 13:12 - 2017-01-06 01:06 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-28 13:12 - 2017-01-06 01:06 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-28 13:12 - 2017-01-06 01:06 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-28 13:12 - 2017-01-06 01:06 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-24 19:19 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-24 15:15 - 2017-01-06 00:03 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 15:14 - 2017-01-06 00:03 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 18:55 - 2016-09-24 03:17 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-02-23 18:55 - 2016-09-24 02:51 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-23 14:35 - 2017-01-29 01:40 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-02-23 14:35 - 2017-01-29 01:40 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-02-23 14:35 - 2017-01-29 01:40 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-02-23 14:35 - 2017-01-29 01:40 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-02-23 14:35 - 2017-01-29 01:40 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-02-23 14:34 - 2017-01-29 01:39 - 00059448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-02-23 10:30 - 2017-01-29 01:39 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-02-23 06:32 - 2016-09-24 02:42 - 04078008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-23 06:32 - 2016-09-24 02:42 - 03596616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-23 06:32 - 2016-09-23 23:42 - 00043566 _____ C:\Windows\system32\nvinfo.pb
2017-02-23 04:43 - 2017-01-29 01:39 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-23 04:28 - 2017-01-05 23:54 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-23 04:28 - 2017-01-05 23:54 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-23 04:28 - 2017-01-05 23:54 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-23 04:28 - 2017-01-05 23:54 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-23 04:28 - 2017-01-05 23:54 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-23 04:28 - 2017-01-05 23:54 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-23 04:28 - 2017-01-05 23:54 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-23 02:38 - 2017-01-05 23:54 - 07807027 _____ C:\Windows\system32\nvcoproc.bin
2017-02-15 12:34 - 2017-01-06 01:30 - 00000000 ____D C:\Users\Kitty\AppData\Local\Battle.net

==================== Files in the root of some directories =======

2017-03-12 19:44 - 2017-03-12 19:44 - 0007602 _____ () C:\Users\Kitty\AppData\Local\Resmon.ResmonCfg
2017-03-05 20:23 - 2017-03-07 03:27 - 0000552 _____ () C:\Users\Kitty\AppData\Local\TroubleshooterConfig.json
2017-01-08 02:57 - 2017-01-08 02:57 - 0000003 _____ () C:\Users\Kitty\AppData\Local\updater.log
2017-01-08 02:57 - 2017-01-08 02:57 - 0000424 _____ () C:\Users\Kitty\AppData\Local\UserProducts.xml
2017-01-06 16:00 - 2017-01-06 16:00 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-03-12 18:49 - 2016-11-11 06:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
2017-03-12 11:26 - 2016-11-11 06:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Kitty\AppData\Local\Temp\dllnt_dump.dll
2017-01-31 01:50 - 2017-01-31 01:51 - 52892784 _____ (Daring Development Inc.) C:\Users\Kitty\AppData\Local\Temp\Infinity-Setup.exe
2017-01-07 00:32 - 2017-01-07 00:35 - 37171128 _____ () C:\Users\Kitty\AppData\Local\Temp\InstallIMVU_529.0.exe
2017-01-05 23:54 - 2017-02-09 18:39 - 0754168 _____ (NVIDIA Corporation) C:\Users\Kitty\AppData\Local\Temp\nvSCPAPI.dll
2017-01-05 23:54 - 2017-02-09 18:39 - 0868152 _____ (NVIDIA Corporation) C:\Users\Kitty\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-29 01:46 - 2017-02-09 18:39 - 0352704 _____ (NVIDIA Corporation) C:\Users\Kitty\AppData\Local\Temp\nvStInst.exe
2017-03-07 04:14 - 2017-02-03 15:20 - 1342792 _____ (Andy OS, inc.) C:\Users\Kitty\AppData\Local\Temp\RemoveTemp.exe
2017-02-04 00:48 - 2017-02-04 00:48 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-133f5dfb-4b3b-4e07-b871-a2f9659451dc-sqlitejdbc.dll
2017-01-29 02:11 - 2017-01-29 02:11 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-1b37bd8c-40a7-4c24-a4af-afc4bd57d4d1-sqlitejdbc.dll
2017-01-28 22:22 - 2017-01-28 22:22 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-3b42a881-6cfc-40b4-a5f3-f231192f9b58-sqlitejdbc.dll
2017-01-30 23:22 - 2017-01-30 23:22 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-3ce7ba42-1776-4a19-b7f0-7de7a6a6719c-sqlitejdbc.dll
2017-02-28 18:53 - 2017-02-28 18:53 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-49df1f9e-61ce-4d42-adb5-8352da39236e-sqlitejdbc.dll
2017-01-28 01:19 - 2017-01-28 01:19 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-7dc02359-f4af-4940-8009-bcd66f9a2429-sqlitejdbc.dll
2017-01-30 20:01 - 2017-01-30 20:01 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-9c5c46e5-2b3f-4da3-b492-993c1a664261-sqlitejdbc.dll
2017-01-28 01:05 - 2017-01-28 01:05 - 0820224 _____ () C:\Users\Kitty\AppData\Local\Temp\sqlite-3.9.1-c4e7c220-eecb-4324-8940-abf4317ed7e0-sqlitejdbc.dll
2017-03-02 04:17 - 2017-03-02 04:17 - 14456872 _____ (Microsoft Corporation) C:\Users\Kitty\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-24 15:14

==================== End of FRST.txt ============================

 

 

 

Screenshot_2.jpg

Addition_15-03-2017 09.53.53.txt

Edited by toofacedxo
Had to add logs
Link to post
Share on other sites

Hello toofacedxo and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image

Let me see those logs, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin....

fixlist.txt

Link to post
Share on other sites

Thanks so much for your reply Kevin. I have done all said to do and have attached the logs. 

I couldn't get adw to open up a log because it said that there were no adware found. 

The weird part about this is that it is all coming back clean, while "Name Not Available" remains in my volume mixer.

So when I turned on my computer today, there was name not available in the volume mixer, when the first tool you gave me restarted my computer, it went away when the computer booted back up. It seems to appear randomly, and disappear only sometimes after a restart / shut down. Also it appears 100% of the time when I have Bluestacks open even though this issue started before I even had Bluestacks downloaded. 

Thanks for your reply once again, looking forward to hearing from you. 

Also I should mention that 2 days ago I ran adw, and roguekiller and they both have found and removed threats on the computer. 

Fixlog.txt

MalwareBytesScan.txt

JRT.txt

RogueKiller.txt

Edited by toofacedxo
Link to post
Share on other sites

Run the following:

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.
Link to post
Share on other sites

Continue with the following:

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

user posted image

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

user posted image

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

user posted image

7. The following image opens, select Update

user posted image

8. When the update completes select Next.

user posted image

9. In the following window ensure "Targets" are ticked. Then select "Scan"

user posted image

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

user posted image

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:

user posted image

13. Verify that your system is now running normally, making sure that the following items are functional:
 
  • Internet access
  • Windows Update
  • Windows Firewall


14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Thanks,

Kevin...
Link to post
Share on other sites

system log - 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.953.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 4.008000 GHz
Memory total: 17137553408, free: 14925430784

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.953.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 4.008000 GHz
Memory total: 17137553408, free: 14911614976

Downloaded database version: v2017.03.18.01
Downloaded database version: v2017.03.11.01
Downloaded database version: v2017.03.14.01
=======================================
Initializing...
------------ Kernel report ------------
     03/17/2017 20:42:21
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\aswVmm.sys
\SystemRoot\system32\drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\aswbuniva.sys
\SystemRoot\system32\drivers\aswbloga.sys
\SystemRoot\system32\drivers\aswbidsha.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\aswbidsdrivera.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2a6e383a1adc0e24\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\bcmwl63a.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\iaLPSS2_UART2.sys
\SystemRoot\system32\drivers\SerCx2.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\rzendpt.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\rzudd.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\rzpnk.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\rzpmgrk.sys
\SystemRoot\system32\drivers\Ndu.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.18.01
  rootkit: v2017.03.11.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9a85deaba060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9a85de9cbae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9a85deaba060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff9a85de89ee40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9a85de857400, DeviceName: \Device\0000003c\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 69E6646

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1026048  Numsec = 233412608
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffff9a85deab9060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9a85de9caae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9a85deab9060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffff9a85de89ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9a85de8a4060, DeviceName: \Device\0000003d\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 38E7431

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\058e016628ca385ecca0589255c71bce\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\68f0c8b24547a1eeafc998eb2b2522e0\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\561bcb2835dc3d4de610397aebd07edc\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\69bc7c6c084baf2d2ffd6871c726e266\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cfff018936a7c6348cb7ea98d432343a\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\cdf154aba70e4b85cbf7e19b477c8fd9\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\644006124f267e54cf6760ac688fbf3e\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0e3670b79a0d3cf62dffca3403010d44\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1b30fcb579bbaad955474f384a20d978\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5fa817daff10898645f2a4f4514bee62\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\8332b61f3d1dd79a521761fcc22cc283\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\b02077014cbc9078ead7391e8ee5fbe6\UIAutomationTypes.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1026048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 

 

 

 

mbar log - 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.18.01
  rootkit: v2017.03.11.01

Windows 10 x64 NTFS
Internet Explorer 11.953.14393.0
Kitty :: DESKTOP-29065A9 [administrator]

3/17/2017 8:42:25 PM
mbar-log-2017-03-17 (20-42-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 371534
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Continue with the following:

Download Portable Windows Repair (all in one) from one of the following:

www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html

https://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Unzip the contents into a newly created folder on your desktop.

Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode

Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

From the main GUI do the following:

Select Tab 5 to make Registry backup, use the recommended option...

user posted image

When complete select "Repairs" tab, from there select "Open Repairs" tab..

From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab....

user posted image

When complete re-boot your system to Normal mode, see if there is any improvement...

Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt
Link to post
Share on other sites

So I'm not seeing Name Not Available yesterday and today, only comes up when I have bluestacks open. But ever since I did the tweaking.com step I keep getting errors like this pop up when I try to click on certain things. I can't use certain headphones / microphones now either. 

Screenshot_1.jpg

Link to post
Share on other sites

Ok, run the following:

Select the Windows key and X Key together. From the produced list select::

Command Promt (Admin)

At the Command prompt, type

SFC /SCANNOW

hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.

Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.

 

Link to post
Share on other sites

Yes it is normal for what you describe with BlueStacks, i`ve just installed BlueStacks on a virtual system and can confirm the addition to volume mixer as normal...

If no more issues or concerns run the following to clean up:

Uninstall RogueKiller and Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.