Cant get into home screen, possibly a virus.

[Zekrit]

I shut down my laptop each night, and this morning i tried to get on to it, and it froze up not letting me do anything on the screen after i logged in, and so i restarted the computer. and this time around it restarted itself halfway through the boot, and gave me the options to repair or to boot normally. neither one produced results, and when i try to start it up in safe mode(any of the 3 safe mode options), it gets to aswbloga.sys and aswbidsha.sys before crashing into a split second blue screen with the error code STOP: c000021a {Fatal Sysytem Error}. i did some digging and found this forum, where someone had a similar problem (https://forums.malwarebytes.com/topic/134417-windows-7-black-screen-virus-cant-boot-into-safe-mode/) and several symptoms were the same as i was experiencing. i downloaded the program suggested there, and now i just need help from this point for a fix file. I would try myself but I dont know what to focus on or even what im looking for. if i need to take any more steps to fix this issue, then please let me know. I would rather fix this issue, than install a new Operating system (i kinda lost everything, but its an older computer that has lasted me since 2011) aside from being outdated, its still a reliable computer. i just dont have the money, and want to exhaust every avenue before trying to learn Linux.

 

Quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by SYSTEM on MININT-OVSU3OO (05-12-2017 11:07:38)
Running from f:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [ElcMouse] => C:\Program Files\ELECOM_Mouse_Driver\ElcMouseApl.exe [1442816 2015-10-27] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-22] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-14] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\Girl of the Pain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2017-11-28]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-22] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-22] (AVAST Software)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [242448 2012-06-25] (CyberLink)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [314368 2017-08-30] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3758336 2015-12-16] (INCA Internet Co., Ltd.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-30] (Electronic Arts)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-15] (DEVGURU Co., LTD.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803952 2017-11-09] (TeamViewer GmbH)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\Kingsoft Office\10.1.0.5652\wtoolex\wpsupdatesvr.exe [X]
S4 wpscloudsvr; "C:\Program Files (x86)\Kingsoft\Kingsoft Office\wpscloudsvr.exe" LocalService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-22] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-22] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-22] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-22] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-22] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-22] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-13] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-22] (AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-22] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-22] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-22] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-22] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-22] (AVAST Software)
S1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-05-15] (BullGuard Ltd.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ElcMouLFlt; C:\Windows\System32\DRIVERS\ElcMouLFlt.sys [28648 2015-09-11] (ELECOM)
S3 ElcMouUFlt; C:\Windows\System32\DRIVERS\ElcMouUFlt.sys [27624 2015-09-11] (ELECOM)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-12-21] ()
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-15] (Malwarebytes)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 11:07 - 2017-12-05 11:07 - 000000000 ____D C:\FRST
2017-11-28 12:58 - 2017-11-28 12:58 - 000000016 _____ C:\ProgramData\mntemp
2017-11-28 12:58 - 2017-11-28 12:58 - 000000000 ____D C:\Users\Girl of the Pain\Documents\ICARUS
2017-11-28 12:25 - 2017-11-28 12:25 - 000000222 _____ C:\Users\Girl of the Pain\Desktop\Riders of Icarus.url
2017-11-28 12:22 - 2017-11-28 12:22 - 000002228 _____ C:\Users\Girl of the Pain\Desktop\Riders of Icarus.lnk
2017-11-28 12:05 - 2017-11-28 12:05 - 000000000 ____D C:\Nexon
2017-11-28 12:02 - 2017-11-28 12:02 - 000000000 ____D C:\Users\Girl of the Pain\AppData\Roaming\Python
2017-11-28 12:02 - 2017-11-28 12:02 - 000000000 ____D C:\Users\Girl of the Pain\AppData\Local\NexonLauncher
2017-11-28 12:02 - 2017-11-28 12:02 - 000000000 ____D C:\Users\Girl of the Pain\AppData\Local\Crashpad
2017-11-28 12:00 - 2017-11-28 12:03 - 000000000 ____D C:\Users\Girl of the Pain\AppData\Roaming\NexonLauncher
2017-11-28 12:00 - 2017-11-28 12:00 - 000002172 _____ C:\Users\Girl of the Pain\Desktop\Nexon Launcher.lnk
2017-11-28 12:00 - 2017-11-28 12:00 - 000000000 ____D C:\Program Files (x86)\Nexon
2017-11-28 11:59 - 2017-11-28 11:59 - 011523384 _____ C:\Users\Girl of the Pain\Downloads\NexonLauncherSetup.exe
2017-11-27 16:52 - 2017-11-27 16:52 - 003534781 _____ C:\Users\Girl of the Pain\Downloads\[Jebus of %2Fa%2F] Dragon Ball (480p Dual)_attachments.7z
2017-11-22 11:46 - 2017-11-22 11:45 - 000183584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2017-11-22 11:45 - 2017-11-22 11:45 - 000365168 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2017-11-11 08:53 - 2017-11-15 12:13 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2017-11-11 08:53 - 2017-11-11 08:58 - 000001905 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-11 08:53 - 2017-11-01 06:54 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-11-11 08:52 - 2017-11-11 08:52 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-11 08:52 - 2017-11-11 08:52 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-08 13:18 - 2017-11-08 13:18 - 000000000 ____D C:\Users\Girl of the Pain\AppData\LocalLow\Team 17 Digital ltd_
2017-11-05 12:35 - 2017-11-05 12:35 - 000000222 _____ C:\Users\Girl of the Pain\Desktop\The Escapists 2.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-05 08:35 - 2016-07-25 15:19 - 001752116 _____ C:\Windows\ntbtlog.txt
2017-12-05 07:35 - 2017-08-24 15:17 - 349928742 _____ C:\Windows\MEMORY.DMP
2017-12-05 07:02 - 2015-12-08 17:38 - 000000000 ____D C:\Users\Girl of the Pain\AppData\Roaming\uTorrent
2017-12-05 06:59 - 2017-01-30 17:58 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-12-05 06:54 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-05 06:53 - 2015-11-28 23:34 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-04 18:50 - 2009-07-13 20:45 - 000017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-04 18:50 - 2009-07-13 20:45 - 000017168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-04 18:45 - 2016-10-04 05:04 - 000003044 _____ C:\Windows\System32\Tasks\{E74E446B-7F13-42E4-AE2E-32D3A9F4B216}
2017-12-04 18:45 - 2016-10-04 05:04 - 000003044 _____ C:\Windows\System32\Tasks\{D5507FE5-54ED-4CD4-A739-9B0C69A0EF54}
2017-12-04 18:45 - 2016-10-04 05:04 - 000003044 _____ C:\Windows\System32\Tasks\{7DD045BD-10F3-4577-844D-11642F3F04A5}
2017-12-04 18:45 - 2016-10-04 05:04 - 000003044 _____ C:\Windows\System32\Tasks\{762069CB-CEE2-4CA4-8415-8AA759D760C7}
2017-12-04 18:45 - 2016-10-04 05:04 - 000003044 _____ C:\Windows\System32\Tasks\{23569562-AA38-42F1-90B8-AE337DA3D5C6}
2017-12-04 18:45 - 2016-10-04 05:03 - 000003044 _____ C:\Windows\System32\Tasks\{AE287489-5D8D-4F66-ABBD-E4BFC0343F3D}
2017-12-04 18:45 - 2016-10-04 05:03 - 000003044 _____ C:\Windows\System32\Tasks\{99641C80-CF1F-45E9-BD91-43BCDB239BF8}
2017-12-04 18:45 - 2016-10-04 05:03 - 000003044 _____ C:\Windows\System32\Tasks\{7DA7BF0A-A7B3-4BE4-B390-100480F9A159}
2017-12-04 18:45 - 2016-10-04 05:03 - 000003044 _____ C:\Windows\System32\Tasks\{60F1C3EE-5197-498E-847B-8BD5C0052202}
2017-12-04 18:45 - 2016-10-04 05:02 - 000003044 _____ C:\Windows\System32\Tasks\{B2F07C21-BCC5-4187-B67C-A4D4D3A44E5F}
2017-12-04 18:45 - 2016-10-04 05:02 - 000003044 _____ C:\Windows\System32\Tasks\{101D3D70-6418-4512-80E3-A14A539AD19B}
2017-12-04 18:45 - 2016-10-04 05:01 - 000003044 _____ C:\Windows\System32\Tasks\{7A77A1EE-35B1-423A-A241-C74F00D27E42}
2017-12-04 18:45 - 2016-09-21 09:28 - 000003902 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1474478921
2017-12-04 18:45 - 2016-07-24 09:49 - 000003404 _____ C:\Windows\System32\Tasks\WinverUpdateChceck
2017-12-04 18:45 - 2016-07-24 09:49 - 000003192 _____ C:\Windows\System32\Tasks\Smart System Filter
2017-12-04 18:44 - 2017-04-15 05:15 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-04 18:44 - 2017-04-15 05:15 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-04 18:44 - 2017-03-30 05:25 - 000003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-12-04 18:44 - 2017-03-30 05:17 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-04 18:44 - 2017-03-01 06:41 - 000004482 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-04 18:44 - 2016-09-21 09:38 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-04 18:44 - 2016-07-24 09:50 - 000003186 _____ C:\Windows\System32\Tasks\Custom Standart Helper
2017-12-04 18:23 - 2016-09-21 09:26 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-12-04 17:22 - 2015-11-28 19:33 - 000000000 ____D C:\Users\Girl of the Pain\AppData\Roaming\Skype
2017-12-04 16:19 - 2017-03-17 16:43 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-12-04 07:07 - 2017-09-28 09:49 - 000000000 ____D C:\Users\Girl of the Pain\AppData\LocalLow\uTorrent
2017-12-01 07:28 - 2015-12-14 16:41 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-28 12:00 - 2015-12-09 08:34 - 000000002 _____ C:\END
2017-11-27 15:21 - 2015-11-29 09:53 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-22 11:46 - 2016-09-21 09:26 - 000455376 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2017-11-22 11:45 - 2016-09-21 09:26 - 000455384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys.151137998544204
2017-11-22 11:45 - 2016-09-21 09:26 - 000364464 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2017-11-22 11:45 - 2016-09-21 09:26 - 000203976 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2017-11-22 11:45 - 2016-09-21 09:26 - 000148288 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2017-11-22 11:45 - 2016-09-21 09:26 - 000110376 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2017-11-22 11:45 - 2016-09-21 09:26 - 000084416 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2017-11-22 11:45 - 2016-09-21 09:26 - 000047008 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2017-11-22 11:44 - 2016-09-21 09:26 - 001026232 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2017-11-22 11:43 - 2017-03-17 16:43 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbloga.sys
2017-11-22 11:43 - 2017-03-17 16:43 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2017-11-22 11:43 - 2017-03-17 16:43 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsha.sys
2017-11-22 11:43 - 2017-03-17 16:43 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbuniva.sys
2017-11-15 13:27 - 2017-04-15 05:15 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-14 16:20 - 2015-12-18 17:24 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-14 16:20 - 2015-12-18 17:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-14 16:20 - 2015-12-18 17:24 - 000000000 ____D C:\Windows\System32\Macromed
2017-11-14 16:20 - 2015-11-29 19:30 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-14 07:47 - 2015-11-28 19:32 - 000000000 ____D C:\ProgramData\Skype
2017-11-13 06:26 - 2017-01-04 05:45 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-11-11 09:05 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-11-11 08:58 - 2017-10-10 06:18 - 000001103 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2017-11-11 08:58 - 2017-09-27 06:01 - 000002002 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-11-11 08:58 - 2017-03-30 05:26 - 000001145 _____ C:\Users\Public\Desktop\True Key.lnk
2017-11-11 08:58 - 2017-03-30 05:16 - 000002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-11-11 08:58 - 2017-01-21 14:22 - 000001106 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2017-11-11 08:58 - 2017-01-04 16:38 - 000000741 _____ C:\Users\Public\Desktop\ELECOM MouseAssistant5.lnk
2017-11-11 08:58 - 2016-10-08 10:50 - 000001141 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-11 08:58 - 2016-09-21 09:28 - 000001159 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-11-11 08:58 - 2016-09-21 09:26 - 000001960 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-11-11 08:58 - 2016-07-18 05:51 - 000002339 _____ C:\Users\Public\Desktop\WPS Writer.lnk
2017-11-11 08:58 - 2016-07-18 05:51 - 000002337 _____ C:\Users\Public\Desktop\WPS Presentation.lnk
2017-11-11 08:58 - 2016-07-18 05:51 - 000002321 _____ C:\Users\Public\Desktop\WPS Spreadsheets.lnk
2017-11-11 08:58 - 2016-06-22 12:36 - 000001979 _____ C:\Users\Public\Desktop\Paradise Pet Salon.lnk
2017-11-11 08:58 - 2016-06-22 12:35 - 000000953 _____ C:\Users\Public\Desktop\Games.lnk
2017-11-11 08:58 - 2016-04-25 14:10 - 000002691 _____ C:\Users\Public\Desktop\Skype.lnk
2017-11-11 08:58 - 2016-02-25 06:42 - 000001219 _____ C:\Users\Public\Desktop\Daycare Nightmare.lnk
2017-11-11 08:58 - 2016-02-25 06:40 - 000002030 _____ C:\Users\Public\Desktop\Cute Knight.lnk
2017-11-11 08:58 - 2016-02-14 08:50 - 000000955 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-11-11 08:58 - 2015-12-08 19:58 - 000001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-11-11 08:57 - 2017-05-20 17:43 - 000002220 _____ C:\Users\Girl of the Pain\Desktop\Discord.lnk
2017-11-11 08:57 - 2016-08-14 17:15 - 000001841 _____ C:\Users\Girl of the Pain\Desktop\Uranium - Shortcut.lnk
2017-11-11 08:57 - 2016-07-27 17:06 - 000001193 _____ C:\Users\Girl of the Pain\Desktop\lol.launcher.lnk
2017-11-11 08:57 - 2016-07-25 17:12 - 000000828 _____ C:\Users\Girl of the Pain\Desktop\PeaZip.lnk
2017-11-11 08:57 - 2016-02-25 06:35 - 000001065 _____ C:\Users\Girl of the Pain\Desktop\Escape from Paradise.lnk
2017-11-11 08:57 - 2016-02-25 06:33 - 000001098 _____ C:\Users\Girl of the Pain\Desktop\Escape from Paradise 2.lnk
2017-11-11 08:57 - 2016-02-25 06:31 - 000001096 _____ C:\Users\Girl of the Pain\Desktop\Project Paradise.lnk
2017-11-11 08:57 - 2015-12-08 17:39 - 000002637 _____ C:\Users\Girl of the Pain\Desktop\µTorrent.lnk
2017-11-11 08:55 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\Globalization
2017-11-11 08:52 - 2015-12-09 11:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-11 08:52 - 2015-12-09 11:45 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-06 07:31 - 2015-12-08 19:58 - 000000000 ____D C:\Users\Girl of the Pain\AppData\Roaming\vlc

Some files in TEMP:
====================
2016-04-23 17:53 - 2016-04-23 17:53 - 000073168 _____ () C:\Users\Girl of the Pain\AppData\Local\Temp\3nqtB0Y0oM.exe
2016-04-23 17:52 - 2016-04-23 17:52 - 000000000 _____ () C:\Users\Girl of the Pain\AppData\Local\Temp\9E3VoLXXsM.exe
2015-11-28 19:43 - 2015-11-28 19:43 - 000144008 _____ (© 2015 Microsoft Corporation) C:\Users\Girl of the Pain\AppData\Local\Temp\BingSvc.exe
2015-11-28 19:43 - 2015-11-28 19:43 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\Girl of the Pain\AppData\Local\Temp\BSvcProcessor.exe
2015-11-28 19:43 - 2015-11-28 19:43 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\Girl of the Pain\AppData\Local\Temp\BSvcUpdater.exe
2015-12-09 11:03 - 2015-12-09 11:03 - 018910296 _____ (BullGuard Ltd.) C:\Users\Girl of the Pain\AppData\Local\Temp\BullGuard Antivirus Setup.exe
2017-10-10 06:18 - 2017-10-10 06:18 - 000290304 _____ (Microsoft Corporation) C:\Users\Girl of the Pain\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2016-07-24 09:51 - 2016-07-24 09:51 - 006931456 _____ () C:\Users\Girl of the Pain\AppData\Local\Temp\chromedriver.exe
2015-12-27 13:17 - 2015-12-27 13:17 - 000466944 _____ (Realtek Semiconductor Corp.) C:\Users\Girl of the Pain\AppData\Local\Temp\COMAP.EXE

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2017-08-24 14:16] - [2017-04-17 07:37] - 000512000 _____ (Microsoft Corporation) 5E9F8D029D9B03110D835CBFC058068B

C:\Windows\System32\dnsapi.dll
[2015-12-09 14:24] - [2015-12-09 14:24] - 000356352 _____ (Microsoft Corporation) 847D6E4415B743BC2A4CB45AFC4CA644

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points  =========================

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8086.17 MB
Available physical RAM: 7331.57 MB
Total Virtual: 8084.32 MB
Available Virtual: 7329.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:679 GB) (Free:132.16 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:19.53 GB) (Free:19.44 GB) NTFS
Drive f: () (Removable) (Total:31.24 GB) (Free:31.24 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=679 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 31.3 GB) (Disk ID: 7955C402)
Partition 1: (Not Active) - (Size=31.2 GB) - (Type=0C)

LastRegBack: 2017-12-03 11:10

==================== End of FRST.txt ============================