Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

idle threads/ semaphore threads


Recommended Posts

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Ok so it took me a bit to figure it out, but I deleted said partition, started a new 100gb partition for windows, and that left me with 800 some gigs, Reinstall of windows was successful, and neither idle threads/semaphore treads are no longer in the task manager and running a format on the first 400gb partition and then gonna do the second! So far so good !! ?

Link to post
Share on other sites

heres the results from the FRST scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by LeAfA (administrator) on DESKTOP-OAP8824 (21-03-2018 10:21:29)
Running from C:\Users\LeAfA\Downloads
Loaded Profiles: LeAfA (Available Profiles: LeAfA)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9244144 2017-09-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502704 2017-09-27] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.)
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [629368 2017-10-27] (NVIDIA Corporation)
Startup: C:\Users\LeAfA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk [2018-03-21]
ShortcutTarget: ZMatrix.lnk -> C:\Program Files (x86)\ZMatrix\matrix.exe (Happy Dude)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{fa4c9b79-ff0a-4560-ace3-355d674458cf}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1934100324-3847439472-2343071431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={4F06CAE4-256B-44F1-93D9-CEE58E1C42CF}&mid=847781a306ad47cd92caa90c821a8e1c-99935a038e48fcd677e957f0a57e594120eef127&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116avz&pr=fr&d=2016-01-26 08:39:10&v=4.3.6.255&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1934100324-3847439472-2343071431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-ca-e

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-21] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default [2018-03-21]
CHR Extension: (Slides) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-21]
CHR Extension: (Docs) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-21]
CHR Extension: (Google Drive) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2018-03-21]
CHR Extension: (YouTube) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-21]
CHR Extension: (Sheets) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-21]
CHR Extension: (Google Docs Offline) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-21]
CHR Extension: (Gmail) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373720 2016-12-23] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [332408 2017-09-27] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 MpKslac60dceb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00F4E9A4-76AE-4B4E-8E60-55F088119BAF}\MpKslac60dceb.sys [58120 2018-03-21] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_0109a19b5125cb43\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 11:11 - 2018-03-21 10:14 - 000000000 ____D C:\Windows\Panther
2018-03-21 10:21 - 2018-03-21 10:21 - 002403328 _____ (Farbar) C:\Users\LeAfA\Downloads\FRST64.exe
2018-03-21 10:21 - 2018-03-21 10:21 - 000009131 _____ C:\Users\LeAfA\Downloads\FRST.txt
2018-03-21 10:21 - 2018-03-21 10:21 - 000000000 ____D C:\FRST
2018-03-21 10:15 - 2018-03-21 10:15 - 000000000 _SHDL C:\Documents and Settings
2018-03-21 10:12 - 2018-03-21 10:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-21 10:12 - 2018-03-21 10:12 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-03-21 10:11 - 2018-03-21 10:11 - 000221968 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-21 10:11 - 2018-03-21 10:11 - 000000000 ____D C:\Windows\ServiceProfiles
2018-03-21 10:11 - 2018-03-21 09:37 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-03-21 09:45 - 2018-03-21 09:45 - 000000074 _____ C:\Windows\ZMatrixSS.ini
2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\.ZMatrix
2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZMatrix
2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\Program Files (x86)\ZMatrix
2018-03-21 09:42 - 2018-03-21 09:43 - 002071626 _____ C:\Users\LeAfA\Downloads\ZMatrixSetupNT_1_5_2.exe
2018-03-21 09:38 - 2018-03-21 09:38 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\Google
2018-03-21 07:53 - 2018-03-21 07:53 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Comms
2018-03-21 07:51 - 2018-03-21 07:52 - 000000000 ____D C:\Users\LeAfA\AppData\Local\PackageStaging
2018-03-21 07:40 - 2018-03-21 07:40 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 07:40 - 2018-03-21 07:40 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-21 07:39 - 2018-03-21 09:46 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Google
2018-03-21 07:39 - 2018-03-21 07:40 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-21 07:39 - 2018-03-21 07:39 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-21 07:39 - 2018-03-21 07:39 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-21 07:34 - 2018-03-21 07:34 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1934100324-3847439472-2343071431-1001
2018-03-21 07:34 - 2018-03-21 07:34 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-03-21 07:34 - 2018-03-21 07:34 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ___HD C:\OneDriveTemp
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Windows\LastGood
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Program Files\Intel
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Program Files (x86)\Intel
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Intel
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2018-03-21 07:33 - 2018-03-21 07:34 - 000002367 _____ C:\Users\LeAfA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-21 07:33 - 2018-03-21 07:34 - 000000000 ___RD C:\Users\LeAfA\OneDrive
2018-03-21 07:33 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-21 07:33 - 2017-10-27 12:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-03-21 07:33 - 2017-09-13 19:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-03-21 07:33 - 2017-09-13 19:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-03-21 07:33 - 2017-09-13 19:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2018-03-21 07:33 - 2017-09-13 19:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-21 07:32 - 2018-03-21 07:32 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-21 07:32 - 2017-11-09 05:39 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-03-21 07:32 - 2017-11-09 05:39 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-03-21 07:32 - 2017-10-27 12:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-03-21 07:32 - 2017-10-27 12:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-03-21 07:32 - 2017-10-25 06:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2018-03-21 07:31 - 2018-03-21 08:39 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Packages
2018-03-21 07:31 - 2018-03-21 07:32 - 000000000 ____D C:\Users\LeAfA\AppData\Local\ConnectedDevicesPlatform
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ___RD C:\Users\LeAfA\3D Objects
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ___HD C:\Users\LeAfA\MicrosoftEdgeBackups
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Windows\system32\RTCOM
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\Adobe
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\VirtualStore
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Publishers
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\MicrosoftEdge
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-03-21 07:30 - 2018-03-21 07:31 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-03-21 07:30 - 2018-03-21 07:30 - 001019725 _____ C:\Windows\system32\Drivers\rtwavesskdy.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000397789 _____ C:\Windows\system32\Drivers\rtwavesmapro.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000031095 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000017664 _____ C:\Windows\system32\Drivers\rtwavesmaprocap.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000010945 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Windows\system32\SRSLabs
2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Program Files\Waves
2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Program Files\Realtek
2018-03-21 07:29 - 2018-03-21 07:33 - 000000000 ____D C:\Users\LeAfA
2018-03-21 07:29 - 2018-03-21 07:29 - 000000020 ___SH C:\Users\LeAfA\ntuser.ini
2018-03-21 07:25 - 2018-03-21 07:25 - 000000000 ____D C:\ProgramData\USOShared
2018-03-21 07:21 - 2018-03-21 07:33 - 000858920 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-21 07:17 - 2017-09-29 09:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 11:11 - 2017-09-29 09:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-03-21 10:15 - 2017-09-29 04:45 - 000262144 _____ C:\Windows\system32\config\BBI
2018-03-21 10:14 - 2017-09-29 04:45 - 000000000 ____D C:\Windows\system32\Sysprep
2018-03-21 10:12 - 2017-09-29 09:46 - 000000000 ___RD C:\Windows\PrintDialog
2018-03-21 10:12 - 2017-09-29 09:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-03-21 10:12 - 2017-09-29 04:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-03-21 09:32 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-03-21 09:04 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-21 09:01 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\AppReadiness
2018-03-21 07:35 - 2017-09-29 09:44 - 000000000 ____D C:\Windows\INF
2018-03-21 07:32 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\Help
2018-03-21 07:32 - 2017-09-29 09:37 - 000000000 ____D C:\Windows\CbsTemp
2018-03-21 07:29 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-03-21 07:25 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-03-21 07:17 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\spool
2018-03-21 07:17 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\FxsTmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-21 10:11

==================== End of FRST.txt ============================

Link to post
Share on other sites

and the second results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by LeAfA (administrator) on DESKTOP-OAP8824 (21-03-2018 10:21:29)
Running from C:\Users\LeAfA\Downloads
Loaded Profiles: LeAfA (Available Profiles: LeAfA)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9244144 2017-09-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502704 2017-09-27] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.)
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [629368 2017-10-27] (NVIDIA Corporation)
Startup: C:\Users\LeAfA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk [2018-03-21]
ShortcutTarget: ZMatrix.lnk -> C:\Program Files (x86)\ZMatrix\matrix.exe (Happy Dude)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{fa4c9b79-ff0a-4560-ace3-355d674458cf}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1934100324-3847439472-2343071431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={4F06CAE4-256B-44F1-93D9-CEE58E1C42CF}&mid=847781a306ad47cd92caa90c821a8e1c-99935a038e48fcd677e957f0a57e594120eef127&lang=en&ds=AVG&coid=avgtbavg&cmpid=1116avz&pr=fr&d=2016-01-26 08:39:10&v=4.3.6.255&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1934100324-3847439472-2343071431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-ca-e

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-21] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default [2018-03-21]
CHR Extension: (Slides) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-21]
CHR Extension: (Docs) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-21]
CHR Extension: (Google Drive) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2018-03-21]
CHR Extension: (YouTube) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-21]
CHR Extension: (Sheets) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-21]
CHR Extension: (Google Docs Offline) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-21]
CHR Extension: (Gmail) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\LeAfA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373720 2016-12-23] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [332408 2017-09-27] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 MpKslac60dceb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00F4E9A4-76AE-4B4E-8E60-55F088119BAF}\MpKslac60dceb.sys [58120 2018-03-21] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_desktop_ref4wu.inf_amd64_0109a19b5125cb43\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 11:11 - 2018-03-21 10:14 - 000000000 ____D C:\Windows\Panther
2018-03-21 10:21 - 2018-03-21 10:21 - 002403328 _____ (Farbar) C:\Users\LeAfA\Downloads\FRST64.exe
2018-03-21 10:21 - 2018-03-21 10:21 - 000009131 _____ C:\Users\LeAfA\Downloads\FRST.txt
2018-03-21 10:21 - 2018-03-21 10:21 - 000000000 ____D C:\FRST
2018-03-21 10:15 - 2018-03-21 10:15 - 000000000 _SHDL C:\Documents and Settings
2018-03-21 10:12 - 2018-03-21 10:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-21 10:12 - 2018-03-21 10:12 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-03-21 10:11 - 2018-03-21 10:11 - 000221968 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-21 10:11 - 2018-03-21 10:11 - 000000000 ____D C:\Windows\ServiceProfiles
2018-03-21 10:11 - 2018-03-21 09:37 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-03-21 09:45 - 2018-03-21 09:45 - 000000074 _____ C:\Windows\ZMatrixSS.ini
2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\.ZMatrix
2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZMatrix
2018-03-21 09:45 - 2018-03-21 09:45 - 000000000 ____D C:\Program Files (x86)\ZMatrix
2018-03-21 09:42 - 2018-03-21 09:43 - 002071626 _____ C:\Users\LeAfA\Downloads\ZMatrixSetupNT_1_5_2.exe
2018-03-21 09:38 - 2018-03-21 09:38 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\Google
2018-03-21 07:53 - 2018-03-21 07:53 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Comms
2018-03-21 07:51 - 2018-03-21 07:52 - 000000000 ____D C:\Users\LeAfA\AppData\Local\PackageStaging
2018-03-21 07:40 - 2018-03-21 07:40 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 07:40 - 2018-03-21 07:40 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-21 07:39 - 2018-03-21 09:46 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Google
2018-03-21 07:39 - 2018-03-21 07:40 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-21 07:39 - 2018-03-21 07:39 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-21 07:39 - 2018-03-21 07:39 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-21 07:34 - 2018-03-21 07:34 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1934100324-3847439472-2343071431-1001
2018-03-21 07:34 - 2018-03-21 07:34 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-03-21 07:34 - 2018-03-21 07:34 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ___HD C:\OneDriveTemp
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Windows\LastGood
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Program Files\Intel
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Program Files (x86)\Intel
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 ____D C:\Intel
2018-03-21 07:34 - 2018-03-21 07:34 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2018-03-21 07:33 - 2018-03-21 07:34 - 000002367 _____ C:\Users\LeAfA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-21 07:33 - 2018-03-21 07:34 - 000000000 ___RD C:\Users\LeAfA\OneDrive
2018-03-21 07:33 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-21 07:33 - 2017-10-27 12:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-03-21 07:33 - 2017-09-13 19:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-03-21 07:33 - 2017-09-13 19:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-03-21 07:33 - 2017-09-13 19:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2018-03-21 07:33 - 2017-09-13 19:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-21 07:32 - 2018-03-21 07:33 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-21 07:32 - 2018-03-21 07:32 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-21 07:32 - 2017-11-09 05:39 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-03-21 07:32 - 2017-11-09 05:39 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-03-21 07:32 - 2017-10-27 12:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-03-21 07:32 - 2017-10-27 12:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-03-21 07:32 - 2017-10-27 12:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-03-21 07:32 - 2017-10-25 06:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2018-03-21 07:31 - 2018-03-21 08:39 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Packages
2018-03-21 07:31 - 2018-03-21 07:32 - 000000000 ____D C:\Users\LeAfA\AppData\Local\ConnectedDevicesPlatform
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ___RD C:\Users\LeAfA\3D Objects
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ___HD C:\Users\LeAfA\MicrosoftEdgeBackups
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Windows\system32\RTCOM
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Roaming\Adobe
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\VirtualStore
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\Publishers
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Users\LeAfA\AppData\Local\MicrosoftEdge
2018-03-21 07:31 - 2018-03-21 07:31 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-03-21 07:30 - 2018-03-21 07:31 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-03-21 07:30 - 2018-03-21 07:30 - 001019725 _____ C:\Windows\system32\Drivers\rtwavesskdy.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000397789 _____ C:\Windows\system32\Drivers\rtwavesmapro.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000031095 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000017664 _____ C:\Windows\system32\Drivers\rtwavesmaprocap.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000010945 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Windows\system32\SRSLabs
2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Program Files\Waves
2018-03-21 07:30 - 2018-03-21 07:30 - 000000000 ____D C:\Program Files\Realtek
2018-03-21 07:29 - 2018-03-21 07:33 - 000000000 ____D C:\Users\LeAfA
2018-03-21 07:29 - 2018-03-21 07:29 - 000000020 ___SH C:\Users\LeAfA\ntuser.ini
2018-03-21 07:25 - 2018-03-21 07:25 - 000000000 ____D C:\ProgramData\USOShared
2018-03-21 07:21 - 2018-03-21 07:33 - 000858920 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-21 07:17 - 2017-09-29 09:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 11:11 - 2017-09-29 09:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-03-21 10:15 - 2017-09-29 04:45 - 000262144 _____ C:\Windows\system32\config\BBI
2018-03-21 10:14 - 2017-09-29 04:45 - 000000000 ____D C:\Windows\system32\Sysprep
2018-03-21 10:12 - 2017-09-29 09:46 - 000000000 ___RD C:\Windows\PrintDialog
2018-03-21 10:12 - 2017-09-29 09:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-03-21 10:12 - 2017-09-29 04:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-03-21 09:32 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-03-21 09:04 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-21 09:01 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\AppReadiness
2018-03-21 07:35 - 2017-09-29 09:44 - 000000000 ____D C:\Windows\INF
2018-03-21 07:32 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\Help
2018-03-21 07:32 - 2017-09-29 09:37 - 000000000 ____D C:\Windows\CbsTemp
2018-03-21 07:29 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-03-21 07:25 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-03-21 07:17 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\spool
2018-03-21 07:17 - 2017-09-29 09:46 - 000000000 ____D C:\Windows\system32\FxsTmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-21 10:11

==================== End of FRST.txt ============================

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.