Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Windows 10 Desktop and taskbar only showing after login

Started by Riofloxin , Jun 14 2016 01:02 AM

This topic is locked

2 replies to this topic

#1 Riofloxin

Members
2 posts
OFFLINE

Posted 14 June 2016 - 01:02 AM

This is my very first topic on Bleeping computer, and I would like to thank this community for be out there aiding all users on a very helpful way.

Okay so passing that, Yesterday my computer was working fine as usual, but then when i logged in today the login screen was really slow after passing that only the desktop background and taskbar shows, nothing else. the computer boots to safemode fine so im assuming its a virus malware etc... I've tried almost everything. In another post someone had (close) to the same problem and used FRST to fix it i have the log data if it helps?

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016

Ran by SYSTEM on MININT-GSRAU7O (13-06-2016 22:36:20)

Running from d:\

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11

Boot Mode: Recovery

Default: ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-24] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)

S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)

S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe [68488 2016-04-14] (Google Inc.)

S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)

S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-24] (NVIDIA Corporation)

S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)

S2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1114608 2015-08-11] ()

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-24] (NVIDIA Corporation)

S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-24] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-24] (NVIDIA Corporation)

S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-10-29] (ASIX Electronics Corp.)

S3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2015-12-12] (Intel Corporation)

S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)

S2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)

S4 LMIRfsClientNP; no ImagePath

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-13] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)

S3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-12-11] (Intel Corporation)

S3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-29] (MediaTek Inc.)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-24] (NVIDIA Corporation)

S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-24] (NVIDIA Corporation)

S3 PSKTBUS; C:\Windows\System32\drivers\PSKTBUS.sys [107272 2014-03-07] (DEVGURU Co., LTD.)

S3 PSKYMDM; C:\Windows\system32\DRIVERS\PSKYMDM.sys [187144 2014-03-07] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3764736 2015-10-29] (Realtek Semiconductor Corporation )

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)

S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)

S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

S3 PSKTOBEX; \SystemRoot\System32\drivers\PSKTOBEX.sys [X]

S3 PSKYMDMVSP; \SystemRoot\system32\DRIVERS\PSKYMDMVSP.sys [X]

S3 PSKYMSMVSP; \SystemRoot\system32\DRIVERS\PSKYMSMVSP.sys [X]

S3 X6va062; \??\C:\WINDOWS\SysWOW64\Drivers\X6va062 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-13 22:00 - 2016-06-13 22:00 - 00000000 _____ C:\Recovery.txt

2016-06-13 21:59 - 2016-06-13 22:00 - 00000000 ___HD C:\$SysReset

2016-06-13 20:22 - 2016-06-13 20:23 - 00000000 ____D C:\FRST

2016-06-13 20:22 - 2016-06-13 20:22 - 02385920 _____ (Farbar) C:\Users\nicol\Downloads\FRST64.exe

2016-06-13 20:22 - 2016-06-13 20:22 - 02385920 _____ (Farbar) C:\Users\nicol\Desktop\FRST64.exe

2016-06-13 19:45 - 2016-06-13 19:45 - 00000000 ____D C:\Users\nicol\Downloads\backups

2016-06-13 19:41 - 2016-06-13 19:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\nicol\Downloads\HijackThis.exe

2016-06-13 17:12 - 2016-06-13 17:13 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2016-06-13 17:11 - 2016-06-13 17:11 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-06-13 17:11 - 2016-06-13 17:11 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-06-13 17:11 - 2016-06-13 17:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-06-13 17:11 - 2016-03-10 12:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2016-06-13 17:11 - 2016-03-10 12:08 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys

2016-06-13 17:11 - 2016-03-10 12:08 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys

2016-06-13 17:09 - 2016-06-13 17:10 - 22851472 _____ (Malwarebytes ) C:\Users\nicol\Downloads\mbam-setup-2.2.1.1043.exe

2016-06-13 15:20 - 2016-06-13 20:25 - 00965960 _____ C:\Windows\ntbtlog.txt

2016-06-13 15:20 - 2016-06-13 20:01 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job

2016-06-12 22:12 - 2016-06-12 22:12 - 00123912 _____ C:\Users\nicol\Downloads\PolyLoader_mpgh.net_mpgh.net.zip

2016-06-12 22:08 - 2016-06-12 22:08 - 00012972 _____ C:\Users\nicol\Downloads\PolyMeme v9.0.5_mpgh.net.zip

2016-06-12 22:07 - 2016-06-12 22:07 - 00087318 _____ C:\Users\nicol\Downloads\besthackever_mpgh.net.rar

2016-06-10 04:07 - 2016-06-10 04:07 - 13767776 _____ (Microsoft Corporation) C:\Users\nicol\Downloads\vc_redist.x86.exe

2016-06-10 04:00 - 2016-06-10 04:01 - 14572000 _____ (Microsoft Corporation) C:\Users\nicol\Downloads\vc_redist.x64.exe

2016-06-10 03:55 - 2016-06-10 03:55 - 00026948 _____ C:\Users\nicol\Downloads\HazardEdit's CSGO Hack v003_mpgh.net.zip

2016-06-08 20:01 - 2016-06-08 20:02 - 00001331 _____ C:\Users\nicol\Desktop\Launcher - Shortcut.lnk

2016-06-08 19:58 - 2016-06-08 19:58 - 00721335 _____ C:\Users\nicol\Downloads\Crack-V5.rar

2016-06-08 18:04 - 2016-06-08 18:04 - 00001858 _____ C:\Users\nicol\Desktop\PlayGTAV - Shortcut.lnk

2016-06-08 12:04 - 2010-05-26 09:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll

2016-06-08 12:04 - 2010-05-26 09:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll

2016-06-08 12:04 - 2008-10-15 04:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll

2016-06-08 12:04 - 2008-10-15 04:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2016-06-08 12:04 - 2008-10-15 04:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll

2016-06-08 12:04 - 2008-10-15 04:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2016-06-08 12:04 - 2008-10-15 04:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll

2016-06-08 12:04 - 2008-10-15 04:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2016-06-08 00:00 - 2016-06-08 00:00 - 00000000 ____D C:\Users\nicol\AppData\LocalLow\Smartly Dressed Games

2016-06-07 23:13 - 2016-06-07 23:13 - 00000222 _____ C:\Users\nicol\Desktop\Unturned.url

2016-06-07 18:34 - 2016-06-07 18:34 - 00000219 _____ C:\Users\nicol\Desktop\Counter-Strike Global Offensive.url

2016-06-07 15:05 - 2016-06-07 15:05 - 00000000 ____D C:\Users\nicol\AppData\Local\Steam

2016-06-07 15:05 - 2016-06-07 15:05 - 00000000 ____D C:\Users\nicol\AppData\Local\CEF

2016-06-07 14:56 - 2016-06-13 19:06 - 00000000 ____D C:\Program Files (x86)\Steam

2016-06-07 14:56 - 2016-06-07 14:56 - 01380712 _____ C:\Users\nicol\Downloads\SteamSetup.exe

2016-06-07 14:56 - 2016-06-07 14:56 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk

2016-06-06 00:01 - 2016-06-07 18:42 - 00021184 _____ C:\Windows\SysWOW64\Drivers\X6va062_2016.06.09.01.01.47

2016-06-01 20:05 - 2016-06-01 20:05 - 04476732 _____ C:\Users\nicol\Downloads\File_000.mp4

2016-06-01 19:53 - 2016-06-01 19:54 - 13397223 _____ C:\Users\nicol\Downloads\File_000.mov

2016-06-01 00:28 - 2016-06-01 00:28 - 00000000 ____D C:\Users\nicol\AppData\Roaming\Sony Creative Software Inc

2016-05-31 23:16 - 2016-05-31 23:16 - 00006068 _____ C:\Windows\System32\--traceoff

2016-05-31 23:16 - 2016-05-31 23:16 - 00001111 _____ C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk

2016-05-31 23:16 - 2016-05-31 23:16 - 00000000 _____ C:\Windows\System32\--debugoff

2016-05-31 23:15 - 2016-05-31 23:21 - 00000000 ____D C:\Users\nicol\AppData\Local\Sony

2016-05-31 23:15 - 2016-05-31 23:15 - 00000000 ____D C:\ProgramData\Sony

2016-05-31 23:15 - 2016-05-31 23:15 - 00000000 ____D C:\Program Files\Sony

2016-05-31 23:15 - 2016-05-31 23:15 - 00000000 ____D C:\Program Files (x86)\Sony

2016-05-31 23:14 - 2016-06-01 00:14 - 00000000 ____D C:\Users\nicol\AppData\Roaming\Sony

2016-05-31 22:53 - 2016-05-31 22:53 - 13448129 _____ C:\Users\nicol\Downloads\Randy Orton RKO Pack by CasualSavage.zip

2016-05-31 22:41 - 2016-05-31 22:41 - 00000000 ____D C:\Users\nicol\AppData\Roaming\Publish Providers

2016-05-31 22:38 - 2016-05-31 22:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Sony

2016-05-29 17:14 - 2016-05-29 17:14 - 00000000 ____D C:\Users\nicol\AppData\Roaming\Epson

2016-05-29 15:06 - 2016-06-13 02:06 - 00000937 _____ C:\Windows\Tasks\EPSON XP-410 Series Update {6843E59F-8DA6-4B23-BF93-42B74E50F27E}.job

2016-05-29 15:06 - 2016-06-13 02:06 - 00000751 _____ C:\Windows\Tasks\EPSON XP-410 Series Invitation {6843E59F-8DA6-4B23-BF93-42B74E50F27E}.job

2016-05-29 15:06 - 2016-05-29 15:06 - 00004134 _____ C:\Windows\System32\Tasks\EPSON XP-410 Series Update {6843E59F-8DA6-4B23-BF93-42B74E50F27E}

2016-05-29 15:06 - 2016-05-29 15:06 - 00003956 _____ C:\Windows\System32\Tasks\EPSON XP-410 Series Invitation {6843E59F-8DA6-4B23-BF93-42B74E50F27E}

2016-05-29 15:05 - 2016-06-13 02:05 - 00000937 _____ C:\Windows\Tasks\EPSON XP-410 Series Update {197C55D5-E0E3-475D-B82C-7C7B3F5A5A1E}.job

2016-05-29 15:05 - 2016-06-13 02:05 - 00000751 _____ C:\Windows\Tasks\EPSON XP-410 Series Invitation {197C55D5-E0E3-475D-B82C-7C7B3F5A5A1E}.job

2016-05-29 15:05 - 2016-05-29 15:05 - 00004134 _____ C:\Windows\System32\Tasks\EPSON XP-410 Series Update {197C55D5-E0E3-475D-B82C-7C7B3F5A5A1E}

2016-05-29 15:05 - 2016-05-29 15:05 - 00003956 _____ C:\Windows\System32\Tasks\EPSON XP-410 Series Invitation {197C55D5-E0E3-475D-B82C-7C7B3F5A5A1E}

2016-05-29 15:04 - 2016-05-29 15:04 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information

2016-05-29 15:04 - 2016-05-29 15:04 - 00000000 ____D C:\Program Files (x86)\EPSON

2016-05-29 14:49 - 2016-05-29 15:04 - 00000000 ____D C:\Program Files (x86)\EPSON Software

2016-05-29 14:49 - 2016-05-29 14:49 - 00000000 ____D C:\Program Files\EpsonNet

2016-05-29 14:49 - 2016-05-29 14:49 - 00000000 ____D C:\Program Files\EPSON

2016-05-29 14:44 - 2016-05-29 14:47 - 107079608 _____ C:\Users\nicol\Downloads\epson15730.exe

2016-05-27 21:42 - 2016-05-27 21:42 - 00005048 _____ C:\Users\nicol\Downloads\EarthPointFlyTo_054206.kml

2016-05-24 18:32 - 2016-05-24 18:32 - 00000000 ____D C:\Users\nicol\Documents\My Games

2016-05-24 18:31 - 2016-05-24 18:31 - 00001652 _____ C:\Users\nicol\Desktop\dirt3 - Shortcut.lnk

2016-05-24 18:31 - 2016-05-24 18:31 - 00000000 __SHD C:\ProgramData\DSS

2016-05-24 18:31 - 2016-05-24 18:31 - 00000000 ____D C:\ProgramData\Codemasters

2016-05-24 18:26 - 2016-05-24 18:26 - 00000000 ____D C:\Windows\SysWOW64\xlive

2016-05-24 18:26 - 2016-05-24 18:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2016-05-24 18:24 - 2016-05-24 18:24 - 00466456 _____ (Creative Labs) C:\Windows\System32\wrap_oal.dll

2016-05-24 18:24 - 2016-05-24 18:24 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll

2016-05-24 18:24 - 2016-05-24 18:24 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll

2016-05-24 18:24 - 2016-05-24 18:24 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll

2016-05-24 18:24 - 2016-05-24 18:24 - 00000000 ____D C:\Program Files (x86)\OpenAL

2016-05-24 18:24 - 2016-05-24 18:24 - 00000000 ____D C:\Program Files (x86)\BRS

2016-05-24 18:24 - 2011-04-15 15:40 - 00809496 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmpFD32.tmp

2016-05-24 18:24 - 2011-04-15 15:40 - 00809496 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmpFD22.tmp

2016-05-24 18:24 - 2011-03-19 13:16 - 01417216 _____ (Blue Ripple Sound Limited) C:\Windows\SysWOW64\rapture3d_oal.dll

2016-05-24 18:24 - 2010-09-22 11:12 - 19087360 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\SysWOW64\mkl_blueripple.dll

2016-05-24 18:24 - 2010-05-26 09:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2016-05-24 18:24 - 2010-05-26 09:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2016-05-24 18:18 - 2016-05-24 18:18 - 00000000 ____D C:\Program Files (x86)\Codemasters

2016-05-22 18:15 - 2016-05-22 18:15 - 00021184 _____ C:\Windows\SysWOW64\Drivers\X6va062_2016.05.23.02.17.42

2016-05-20 05:43 - 2016-05-20 05:43 - 00000000 ____D C:\Users\nicol\.fontconfig

2016-05-20 05:42 - 2016-05-20 05:42 - 00000000 ____D C:\Users\nicol\AppData\Local\Movavi

2016-05-20 05:42 - 2016-05-20 05:42 - 00000000 ____D C:\Users\nicol\AppData\Local\converter

2016-05-20 05:42 - 2016-05-20 05:42 - 00000000 ____D C:\ProgramData\Movavi

2016-05-20 05:42 - 2016-05-20 05:42 - 00000000 ____D C:\Program Files (x86)\Movavi Video Converter 16

2016-05-20 05:41 - 2016-05-20 05:41 - 00000016 _____ C:\ProgramData\mntemp

2016-05-20 05:41 - 2016-05-20 05:41 - 00000000 ____D C:\ProgramData\Movavi Video Converter 16

2016-05-20 05:40 - 2016-05-20 05:41 - 51896680 _____ (Movavi) C:\Users\nicol\Downloads\MovaviVideoConverterSetupC_1.exe

2016-05-20 01:39 - 2016-05-20 01:42 - 00000000 ____D C:\Users\nicol\Desktop\Supergirl.Season.1.720p.WEB-DL.x265.ShAaNiG

2016-05-19 21:00 - 2016-05-19 21:00 - 00000989 _____ C:\Users\nicol\Desktop\Core Temp.lnk

2016-05-19 21:00 - 2016-05-19 21:00 - 00000000 ____D C:\Program Files\Core Temp

2016-05-19 20:59 - 2016-05-19 20:59 - 01160568 _____ (Alcpu ) C:\Users\nicol\Downloads\Core-Temp-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-13 20:33 - 2015-10-29 22:28 - 00786432 ___SH C:\Windows\System32\config\BBI

2016-06-13 20:26 - 2015-12-11 22:20 - 00879220 _____ C:\Windows\System32\PerfStringBackup.INI

2016-06-13 20:05 - 2015-10-29 23:21 - 00000000 ____D C:\Windows\INF

2016-06-13 19:50 - 2016-03-11 00:04 - 00000091 _____ C:\HaxLogs.txt

2016-06-13 19:50 - 2015-12-12 01:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-06-13 19:50 - 2015-12-12 01:38 - 00000000 ____D C:\ProgramData\NVIDIA

2016-06-13 19:45 - 2015-10-29 23:24 - 00000000 ___SD C:\Windows\Downloaded Program Files

2016-06-13 19:15 - 2015-12-11 22:44 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-06-13 19:12 - 2015-12-12 01:40 - 00000000 ____D C:\users\nicol

2016-06-13 17:00 - 2016-01-07 13:41 - 00000000 ____D C:\Users\nicol\AppData\Local\ElevatedDiagnostics

2016-06-13 14:00 - 2015-12-11 22:44 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-06-12 17:23 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\AppReadiness

2016-06-11 20:16 - 2016-03-10 22:47 - 00000000 ____D C:\Users\nicol\AppData\Local\HTC MediaHub

2016-06-10 04:08 - 2015-12-11 22:36 - 00000000 ____D C:\ProgramData\Package Cache

2016-06-09 15:14 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-06-08 18:18 - 2016-01-04 14:10 - 00000080 _____ C:\Users\nicol\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦

2016-06-08 14:00 - 2015-12-11 23:14 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-06-08 10:08 - 2015-12-11 22:41 - 00000000 ____D C:\Users\nicol\AppData\Roaming\uTorrent

2016-06-07 12:49 - 2016-04-20 19:08 - 00000000 ____D C:\Program Files (x86)\ASDECO Manager

2016-06-03 22:59 - 2015-12-11 22:44 - 00000000 ____D C:\Program Files (x86)\Google

2016-06-01 19:58 - 2015-01-26 20:37 - 00000000 ___RD C:\Users\nicol\Desktop\Stuff

2016-05-29 18:53 - 2016-01-29 16:25 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-05-29 15:01 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\System32\FxsTmp

2016-05-29 14:48 - 2016-03-25 00:08 - 00000000 ____D C:\ProgramData\EPSON

2016-05-19 21:01 - 2016-04-10 23:25 - 00000000 ____D C:\Program Files (x86)\Virtual Router

2016-05-19 19:34 - 2015-12-11 22:27 - 00000000 ___RD C:\Users\nicol\OneDrive

2016-05-15 17:41 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\rescache

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe

[2016-05-10 22:04] - [2016-04-22 20:18] - 0585728 ____A (Microsoft Corporation) 5C156EC4E44E30331BCC865A3B61D839

C:\Windows\System32\wininit.exe

[2016-05-10 22:04] - [2016-04-22 21:06] - 0291360 ____A (Microsoft Corporation) C1C81AAF533552B3C4D9F11A5FF97700

C:\Windows\explorer.exe

[2016-05-10 22:05] - [2016-04-22 21:08] - 4515256 ____A (Microsoft Corporation) 2617877C5761B8A696FD0368861EE6E4

C:\Windows\SysWOW64\explorer.exe

[2016-05-10 22:04] - [2016-04-22 21:09] - 4074160 ____A (Microsoft Corporation) 692E62EA6039478321AE5D24A68E1FE2

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll

[2016-05-10 22:04] - [2016-04-22 21:00] - 1399224 ____A (Microsoft Corporation) F5F7CE3E32536F1A37FB3972F27A814F

C:\Windows\SysWOW64\User32.dll

[2016-05-10 22:04] - [2016-04-22 21:00] - 1337240 ____A (Microsoft Corporation) E7BD4D15CDC5A1E162256CFADCA92344

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\dnsapi.dll

[2016-04-12 19:35] - [2016-03-29 02:11] - 0686976 ____A (Microsoft Corporation) 9A3E17CDB177913C2A111C80F3D0DBB4

C:\Windows\SysWOW64\dnsapi.dll

[2016-04-12 19:35] - [2016-03-29 01:28] - 0535080 ____A (Microsoft Corporation) 6A7ACABAE92C837F5C1330188EAE36AE

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

Restore point date: 2016-05-24 18:24

Restore point date: 2016-06-01 21:35

Restore point date: 2016-06-08 12:02

Restore point date: 2016-06-10 04:01

Restore point date: 2016-06-13 18:07

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 6091.2 MB

Available physical RAM: 5322.29 MB

Total Virtual: 6091.2 MB

Available Virtual: 5361.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:277.27 GB) NTFS

Drive d: (16GIG) (Removable) (Total:14.6 GB) (Free:14.46 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D2D13CFF)

Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 14.6 GB) (Disk ID: 1BBB0EC5)

Partition 1: (Not Active) - (Size=14.6 GB) - (Type=0C)

LastRegBack: 2016-06-11 21:42

==================== End of FRST.txt ==================

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 HelpBot

Bleepin' Binary Bot

Bots
12,577 posts
OFFLINE

Gender:Male
Local time:11:09 AM

Posted 19 June 2016 - 01:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/617272 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

FRST Download Link
When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
Double click on the FRST icon and allow it to run.
Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
Notepad will open with the results.
Post the new logs as explained in the prep guide.
Close the program window, and delete the program from your desktop.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Back to top

#3 HelpBot

Bleepin' Binary Bot

Bots
12,577 posts
OFFLINE

Gender:Male
Local time:11:09 AM

Posted 24 June 2016 - 01:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!