Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows loads way slower, EXE's not launching, and Internet stops temporarily


  • This topic is locked This topic is locked
28 replies to this topic

#1 io2red

io2red

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 26 September 2016 - 11:26 AM

Hello! First of all, thank you for any and all help that I receive with my issue.
 
A little over a week ago my computer began acting strange. The day before my computer began to act strange was a normal day. The computer was working fine and I don't believe I even installed or downloaded anything that entire day.
 
Now when I login to windows and get to my desktop, my computer begins to act weird. Initially the networking and sharing center shows a red X over the icon, indicating that I am not getting any network activity (I am using a wired connection, so this should not be happening at all. I should have internet access). During this "no internet access" period of time, applications do not load. I can try to run an exe, and the mouse icon plays the clicking & loading animation. But the exe does not actually open until the internet connection comes back. I can however use Ctrl+Alt+Del to switch to the alternate screen and to open the Task Manager. Also My Computer and other folders will load no problem, It seems like it just has the EXE's stop working. So my computer is in some type of stasis during this period of time in which certain programs are not allowed to run.
 
After around 2 minutes of waiting, suddenly my network will start working again. And in the time it takes to snap your fingers, all of the programs that I attempted to open/execute during the "stasis" period, will suddenly spring to life and begin to open/execute. After the internet is working, my computer then begins to function normally like nothing was ever wrong in the first place. My computer was working perfectly fine 2+ weeks ago, and this is a new behavior which leads me to believe this is virus/trojan/malware related.
 
Again, thanks for any help that I receive. Your efforts to help others are greatly appreciated!
 
As suggested, I have ran the Farbar Recovery Scan Tool (FRST) and have posted the results below.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016
Ran by OmniNW (administrator) on OMNINW-PC (26-09-2016 09:18:54)
Running from C:\Users\OmniNW\Desktop
Loaded Profiles: OmniNW (Available Profiles: OmniNW)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Razer Inc.) F:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(GOG.com) G:\Program Files\GOG Galaxy\GalaxyClient.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(GOG.com) G:\Program Files\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) G:\Program Files\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) G:\Program Files\GOG Galaxy\GalaxyClient Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [637960 2016-03-04] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [9571552 2016-07-18] ()
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1841088 2016-09-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [830064 2016-09-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-08-22] (VMware, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-05-15] (Glarysoft Ltd)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [Glary Memory Optimizer] => C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe [129488 2016-05-15] (Glarysoft Ltd)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9192440 2016-08-08] (Binary Fortress Software)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [GalaxyClient] => G:\Program Files\GOG Galaxy\GalaxyClient.exe [4090944 2016-09-20] (GOG.com)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2016-05-20]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\OmniNW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2016-09-20]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E47255D0-F1D6-4A56-8BF0-C279E161F815}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3304100226-1082674260-2939406835-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-09-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-09-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-19] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\OmniNW\AppData\Roaming\Mozilla\Firefox\Profiles\NBXnE4DQ.default
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Extension: (Avira Browser Safety) - C:\Users\OmniNW\AppData\Roaming\Mozilla\Firefox\Profiles\NBXnE4DQ.default\Extensions\abs@avira.com [2016-05-19]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> t
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default [2016-09-26]
CHR Extension: (Google Slides) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-19]
CHR Extension: (Google Docs) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-19]
CHR Extension: (Google Drive) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-19]
CHR Extension: (YouTube) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-19]
CHR Extension: (Adblock Plus) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (uBlock Origin) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-09-25]
CHR Extension: (Session Buddy) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-05-19]
CHR Extension: (SteamRep Checker) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\egnijmkeaaclmednfcjhmhangbfipidf [2016-08-28]
CHR Extension: (Google Sheets) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-19]
CHR Extension: (Avira Browser Safety) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-20]
CHR Extension: (LoungeDestroyer) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-19]
CHR Extension: (MadRollers's Dice System) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnnfcleekgamnkkpgfjhejhgjikfmcgc [2016-05-19]
CHR Extension: (/r/GlobalOffensiveTrade enhancer) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgcllhpghaadmcilkchccmikdoghfco [2016-08-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-09-14]
CHR Extension: (Celestial Lights) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbnkklencjcmkepldaineciclcheaoef [2016-06-12]
CHR Extension: (Refresh Monkey) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljngnafhejmefmijjoedbclkadhacebd [2016-06-11]
CHR Extension: (Ghostery) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-20]
CHR Extension: (Steam All Region Price Checker) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopoebekmlkmahpfjjgibkbnciooimhn [2016-05-19]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-19]
CHR Extension: (Enhanced Steam) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-08-04]
CHR Extension: (AlienTube for YouTube™) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2016-05-19]
CHR Extension: (Gmail) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-19]
CHR Extension: (Chrome Media Router) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2016-08-24]
CHR Extension: (CSGOTraders.net) - C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Extensions\podgjgjnfelamndcnhoifpilnmlfkhcc [2016-08-25]
CHR Profile: C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1222664 2016-01-18] (Autodesk Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-05-19] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-09-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1454720 2016-09-06] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-19] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5132312 2016-08-08] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [241936 2016-07-09] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 GalaxyClientService; G:\Program Files\GOG Galaxy\GalaxyClientService.exe [281152 2016-09-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6394432 2016-09-26] (GOG.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [732056 2016-07-18] ()
S3 mi-raysat_3dsmax2017_64; N:\Program Files\Autodesk\3ds Max 2017\raysat_3dsmax2017_64server.exe [86016 2011-09-14] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457152 2016-09-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457152 2016-09-16] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-16] (NVIDIA Corporation)
S3 Origin Client Service; G:\Program Files\Origin\OriginClientService.exe [2130440 2016-09-11] (Electronic Arts)
S2 Origin Web Helper Service; G:\Program Files\Origin\OriginWebHelperService.exe [2195984 2016-09-11] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-09-15] (Overwolf LTD)
S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-04-18] ()
R2 RzKLService; F:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [132864 2016-04-29] (Razer Inc.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [92160 2015-02-17] (Code Sector) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-08-22] (VMware, Inc.) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11837440 2011-08-22] () [File not signed]
S3 VSStandardCollectorService140; N:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-05-19] (Glarysoft Ltd)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [177952 2015-06-12] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-09-02] (NVIDIA Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-03-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-04-17] (Razer, Inc.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)
R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [19504 2016-01-13] (Windows (R) Win 7 DDK provider)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-01-14] (Western Digital Technologies)
S3 npf; \??\C:\Users\OmniNW\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-26 09:18 - 2016-09-26 09:19 - 00032288 _____ C:\Users\OmniNW\Desktop\FRST.txt
2016-09-26 09:16 - 2016-09-26 09:18 - 00000000 ____D C:\FRST
2016-09-26 08:57 - 2016-09-16 15:30 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-09-26 08:56 - 2016-09-16 17:46 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 34809912 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 28214840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 17270984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 14118336 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-09-26 08:56 - 2016-09-16 17:46 - 10868288 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 10746872 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 10287344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 09090952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 08877480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 08684304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 03595832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 01020472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00956864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00895032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00179952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-09-26 08:56 - 2016-09-16 17:46 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-09-26 08:51 - 2016-09-26 09:06 - 00002035 _____ C:\Users\OmniNW\Desktop\Computer Problem.txt
2016-09-26 08:51 - 2016-09-26 08:51 - 00003598 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-26 08:29 - 2016-09-26 08:29 - 02403328 _____ (Farbar) C:\Users\OmniNW\Desktop\FRST64.exe
2016-09-23 10:29 - 2016-09-23 10:29 - 00000000 ____D C:\Users\OmniNW\AppData\Local\GalaxyCommunicationService
2016-09-23 10:27 - 2016-09-23 10:27 - 00000000 ____D C:\Users\OmniNW\AppData\LocalLow\CDProjektRED
2016-09-23 10:27 - 2016-09-23 10:27 - 00000000 ____D C:\ProgramData\CDProjekt RED
2016-09-22 19:29 - 2016-09-22 19:29 - 00001037 _____ C:\Users\Public\Desktop\Gwent.lnk
2016-09-22 19:29 - 2016-09-22 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2016-09-22 19:28 - 2016-09-22 19:28 - 00000000 ____D C:\ProgramData\GOG.com
2016-09-22 10:04 - 2016-09-22 10:04 - 00001095 _____ C:\Users\OmniNW\Desktop\Windward.lnk
2016-09-22 09:58 - 2016-09-22 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-09-22 09:58 - 2016-09-22 09:58 - 00000852 _____ C:\Users\Public\Desktop\Wasteland 2 - Director's Cut.lnk
2016-09-22 09:15 - 2016-09-22 09:15 - 00000002 _____ C:\END
2016-09-21 01:17 - 2016-09-21 01:17 - 00000218 _____ C:\Users\OmniNW\AppData\Local\recently-used.xbel
2016-09-20 22:44 - 2016-09-20 22:44 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-09-16 23:23 - 2016-09-16 23:23 - 00000000 ____D C:\Users\OmniNW\AppData\LocalLow\Unity
2016-09-16 22:16 - 2016-09-16 22:16 - 00000222 _____ C:\Users\OmniNW\Desktop\Beholder.url
2016-09-16 12:19 - 2016-09-16 12:19 - 00000000 ____D C:\Users\OmniNW\AppData\LocalLow\Bossa Studios
2016-09-16 12:08 - 2016-09-16 12:08 - 00000881 _____ C:\Users\OmniNW\Desktop\Uplay.lnk
2016-09-16 12:08 - 2016-09-16 12:08 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-09-16 12:08 - 2016-09-16 12:08 - 00000000 ____D C:\Users\OmniNW\AppData\Local\Ubisoft Game Launcher
2016-09-16 11:39 - 2016-09-16 11:39 - 00000222 _____ C:\Users\OmniNW\Desktop\Worlds Adrift Island Creator.url
2016-09-16 10:02 - 2016-09-16 10:02 - 00000000 ____D C:\Users\OmniNW\AppData\Local\Mos_Eisley_Main_A
2016-09-16 09:31 - 2016-09-16 09:31 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TankiX
2016-09-14 08:07 - 2016-09-09 11:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-09-14 08:07 - 2016-09-09 11:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-09-14 08:07 - 2016-09-09 11:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-09-14 08:07 - 2016-09-09 11:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-09-13 14:53 - 2016-09-13 14:53 - 00000000 ____D C:\Users\OmniNW\AppData\LocalLow\Blind Sky Studios LTD
2016-09-13 09:17 - 2016-09-13 09:17 - 00000222 _____ C:\Users\OmniNW\Desktop\TOXIKK.url
2016-09-12 08:55 - 2016-09-12 08:55 - 00000000 ____D C:\Users\OmniNW\AppData\LocalLow\Blizzard Entertainment
2016-09-12 08:55 - 2016-09-12 08:55 - 00000000 ____D C:\Users\OmniNW\AppData\Local\Blizzard
2016-09-11 21:25 - 2016-09-11 23:12 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\FileZilla
2016-09-11 21:03 - 2016-09-11 21:03 - 00000827 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-09-11 21:03 - 2016-09-11 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-09-11 10:29 - 2016-09-11 10:29 - 00000000 ____D C:\Users\OmniNW\.QtWebEngineProcess
2016-09-11 10:29 - 2016-09-11 10:29 - 00000000 ____D C:\Users\OmniNW\.Origin
2016-09-09 11:25 - 2016-09-09 11:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1-1-0-26-0.dll
2016-09-09 11:25 - 2016-09-09 11:25 - 00261920 _____ C:\Windows\system32\vulkan-1-1-0-26-0.dll
2016-09-09 11:25 - 2016-09-09 11:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-26-0.exe
2016-09-09 11:24 - 2016-09-09 11:24 - 00125216 _____ C:\Windows\system32\vulkaninfo-1-1-0-26-0.exe
2016-09-09 09:48 - 2016-09-26 08:51 - 00003786 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-09 09:48 - 2016-09-26 08:51 - 00001429 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-09-09 09:47 - 2016-09-26 08:51 - 00003836 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-09 09:47 - 2016-09-26 08:51 - 00003836 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-09 09:47 - 2016-09-26 08:51 - 00003774 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-09 09:47 - 2016-09-26 08:51 - 00003538 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-09 09:47 - 2016-09-16 15:40 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-09-02 12:13 - 2016-09-04 08:39 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\TS3Client
2016-09-02 12:13 - 2016-09-02 12:13 - 00000814 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-09-02 12:13 - 2016-09-02 12:13 - 00000764 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-09-01 19:09 - 2016-09-01 19:09 - 00000222 _____ C:\Users\OmniNW\Desktop\ARK Survival Evolved.url
2016-08-31 09:01 - 2016-08-31 09:01 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2016-08-31 09:01 - 2016-08-31 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1 Open Beta
2016-08-31 08:34 - 2016-09-26 08:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-31 08:33 - 2016-08-25 16:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
2016-08-31 08:33 - 2016-08-25 16:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
2016-08-28 17:27 - 2016-08-28 17:27 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-08-27 19:34 - 2016-09-25 11:52 - 00000132 _____ C:\Users\OmniNW\AppData\Roaming\Adobe Targa Format CS6 Prefs
2016-08-27 17:47 - 2016-08-27 18:18 - 00000000 ____D C:\Users\OmniNW\AppData\Local\Nem's Tools
2016-08-27 17:44 - 2016-08-27 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-26 09:15 - 2016-05-19 20:45 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\TeraCopy
2016-09-26 09:14 - 2009-07-13 22:13 - 00785510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-26 09:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-09-26 09:12 - 2016-05-20 00:47 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-09-26 09:12 - 2016-05-19 21:00 - 00000000 ____D C:\Users\OmniNW\AppData\Local\DisplayFusion
2016-09-26 09:12 - 2016-05-19 09:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-26 09:10 - 2016-05-20 00:21 - 00000000 ____D C:\ProgramData\VMware
2016-09-26 09:10 - 2016-05-19 14:23 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-26 09:10 - 2016-05-19 14:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-26 09:10 - 2016-05-19 01:23 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-09-26 09:09 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-26 08:57 - 2016-05-19 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-26 08:57 - 2016-05-19 09:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-26 08:51 - 2016-05-19 09:48 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-26 08:51 - 2016-05-19 09:48 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-09-26 08:33 - 2016-05-19 14:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-26 08:33 - 2009-07-13 21:45 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-26 08:33 - 2009-07-13 21:45 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-25 15:01 - 2016-05-19 11:41 - 00000000 ___RD C:\Users\OmniNW\Desktop\General Programs
2016-09-25 12:46 - 2016-05-19 14:27 - 00001201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-09-25 12:46 - 2016-05-19 14:27 - 00000000 ____D C:\Program Files\paint.net
2016-09-25 12:32 - 2016-05-19 01:23 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-09-25 09:10 - 2016-05-20 00:27 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\OBS
2016-09-25 09:08 - 2016-05-20 00:27 - 00000000 ____D C:\Program Files\OBS
2016-09-23 09:06 - 2016-05-19 01:45 - 00118680 _____ C:\Users\OmniNW\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-23 09:03 - 2009-07-13 21:45 - 05074728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-23 00:16 - 2016-05-20 22:31 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\VMware
2016-09-23 00:16 - 2016-05-20 22:31 - 00000000 ____D C:\Users\OmniNW\AppData\Local\VMware
2016-09-22 23:59 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-22 23:52 - 2016-05-19 09:27 - 00000000 ___RD C:\Users\OmniNW\Desktop\Games
2016-09-22 19:39 - 2016-05-19 01:44 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-22 15:15 - 2016-07-16 09:15 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-09-22 09:58 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-21 00:59 - 2016-05-24 21:56 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\deluge
2016-09-21 00:54 - 2016-05-19 14:57 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\MPC-HC
2016-09-20 23:54 - 2016-05-19 18:30 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-20 08:50 - 2016-05-19 14:57 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-20 08:49 - 2016-05-19 14:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-16 18:46 - 2016-05-19 11:25 - 01841088 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-09-16 18:46 - 2016-05-19 11:25 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-09-16 18:46 - 2016-05-19 11:25 - 01448384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-09-16 18:46 - 2016-05-19 11:25 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-09-16 18:46 - 2016-05-19 11:25 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-09-16 17:46 - 2016-08-19 01:01 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-09-16 17:46 - 2016-08-19 01:01 - 03917840 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-09-16 17:46 - 2016-05-19 11:23 - 19854064 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-09-16 17:46 - 2016-05-19 11:23 - 14353512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-09-16 17:46 - 2016-05-19 11:23 - 03458608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-09-16 17:46 - 2015-11-10 01:13 - 00039730 _____ C:\Windows\system32\nvinfo.pb
2016-09-16 15:57 - 2016-05-19 11:24 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-09-16 15:57 - 2016-05-19 11:24 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-09-16 15:57 - 2016-05-19 09:48 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-09-16 15:57 - 2016-05-19 09:48 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-09-16 15:57 - 2016-05-19 09:48 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-09-16 15:57 - 2016-05-19 09:48 - 01364024 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-09-16 15:57 - 2016-05-19 09:48 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-09-16 15:57 - 2016-05-19 09:48 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-09-16 00:40 - 2016-05-19 09:48 - 07379415 _____ C:\Windows\system32\nvcoproc.bin
2016-09-15 19:17 - 2016-05-19 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-15 09:34 - 2016-05-26 13:22 - 00000000 ____D C:\Users\OmniNW\AppData\Local\Battle.net
2016-09-14 18:35 - 2016-05-19 14:22 - 00002208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-14 15:23 - 2016-05-20 19:56 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-09-13 12:34 - 2016-05-20 00:13 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-11 23:11 - 2016-05-26 14:29 - 00000000 ____D C:\Users\OmniNW\AppData\Local\CrashDumps
2016-09-11 23:09 - 2016-06-04 08:57 - 00000000 ____D C:\Program Files\Highresolution Enterprises
2016-09-11 21:26 - 2016-05-19 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-09-11 21:26 - 2016-05-19 14:23 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-09-11 19:21 - 2016-06-03 12:10 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\Origin
2016-09-11 19:21 - 2016-06-03 12:09 - 00000000 ____D C:\ProgramData\Origin
2016-09-11 10:29 - 2016-06-03 12:10 - 00000000 ____D C:\Users\OmniNW\AppData\Local\Origin
2016-09-11 10:29 - 2016-05-19 00:40 - 00000000 ____D C:\Users\OmniNW
2016-09-11 09:41 - 2016-07-21 12:48 - 00000132 _____ C:\Users\OmniNW\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-09 12:25 - 2016-05-19 11:26 - 00000000 ____D C:\Users\OmniNW\AppData\Local\NVIDIA Corporation
2016-09-09 09:48 - 2016-05-19 11:18 - 00000000 ____D C:\Users\OmniNW\AppData\Local\NVIDIA
2016-09-02 04:17 - 2016-05-19 11:23 - 00104384 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-09-02 04:17 - 2016-05-19 11:23 - 00094144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-09-02 04:17 - 2016-05-19 11:23 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-08-31 09:43 - 2016-06-03 12:09 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-08-28 17:27 - 2016-05-20 16:46 - 00000000 ____D C:\Users\OmniNW\AppData\Roaming\Autodesk
2016-08-28 09:12 - 2016-05-19 15:22 - 00000000 ___RD C:\Users\OmniNW\Desktop\Coding & Development

==================== Files in the root of some directories =======

2016-07-21 12:48 - 2016-09-11 09:41 - 0000132 _____ () C:\Users\OmniNW\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-27 19:34 - 2016-09-25 11:52 - 0000132 _____ () C:\Users\OmniNW\AppData\Roaming\Adobe Targa Format CS6 Prefs
2016-05-19 01:29 - 2016-05-19 01:29 - 0000036 _____ () C:\Users\OmniNW\AppData\Local\housecall.guid.cache
2016-09-21 01:17 - 2016-09-21 01:17 - 0000218 _____ () C:\Users\OmniNW\AppData\Local\recently-used.xbel
2016-05-20 10:45 - 2016-06-01 01:04 - 0007608 _____ () C:\Users\OmniNW\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\OmniNW\AppData\Local\Temp\avgnt.exe
C:\Users\OmniNW\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\OmniNW\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\OmniNW\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 14:06

==================== End of FRST.txt ============================
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:09 AM

Posted 26 September 2016 - 12:43 PM

Greetings io2red and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:09 AM

Posted 26 September 2016 - 02:25 PM

Greetings once again.

I would like to uninstall AdAware and Spybot. Since Spybot is not listed under Installed Programs we will remove it manually by means of a FRST fixlist.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [AdobeBridge] => [X]
S3 npf; \??\C:\Users\OmniNW\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [X]
Task: {1A885F2C-3260-4536-99C8-11E5F6AA2542} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D30B81C0-3012-4B8B-B46B-2AB529F61A81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {DC53856E-0735-436A-95BF-7A73BB761983} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
2016-05-19 14:29 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did AdAware uninstall?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 io2red

io2red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 26 September 2016 - 06:16 PM

Hello Gary, your assistance is greatly appreciated, thanks! You can call me Nick.
 
As you have requested, I have uninstalled both programs. AdAware was uninstalled without an issue, and Spybot Search & Destroy was also uninstalled without an issue.
 
Ran all programs as requested, Farbar's in Safe Mode, the rest with normal boot, and things happened as expected. No issues were encountered. I have included the logs below in the same order as you have requested (Fixlog -> AdwCleaner Log -> Junkware Log).
 
After running everything and restarting, the problem still seems to persist. This time was a little different than the usual strange boots though. This time when the network connected and my computer started working again, my entire screen flashed black (like a fullscreen application was running) and appeared frozen. I clicked once to see the name of the application/program, and it was NVIDIA Share. I managed to take a picture of the application crash, but it may be unrelated. I do have an NVidia GPU. (Picture: http://i.imgur.com/Ev5KQD0.png)
 
Earlier today I recorded a video using my phone and uploaded it to YouTube so you can get a better idea of my problem. This was right before I did your requested changes, but the issue is still the same so this should still be very relevant. The video begins as I log into windows, and the applications finally begin to load at ~1:50.
 
 
Did AdAware uninstall? - Yes
Fixlog - Included Below
AdwCleaner log - Included Below
Junkware log - Included Below
Update on computer performance - Unchanged
 
 
Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by OmniNW (26-09-2016 13:20:42) Run:1
Running from C:\Users\OmniNW\Desktop
Loaded Profiles: OmniNW (Available Profiles: OmniNW)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [AdobeBridge] => [X]
S3 npf; \??\C:\Users\OmniNW\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [X]
Task: {1A885F2C-3260-4536-99C8-11E5F6AA2542} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D30B81C0-3012-4B8B-B46B-2AB529F61A81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {DC53856E-0735-436A-95BF-7A73BB761983} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
2016-05-19 14:29 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
npf => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A885F2C-3260-4536-99C8-11E5F6AA2542}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A885F2C-3260-4536-99C8-11E5F6AA2542}" => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D30B81C0-3012-4B8B-B46B-2AB529F61A81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D30B81C0-3012-4B8B-B46B-2AB529F61A81}" => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC53856E-0735-436A-95BF-7A73BB761983}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC53856E-0735-436A-95BF-7A73BB761983}" => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => key removed successfully
"C:\Program Files (x86)\Spybot - Search & Destroy" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value removed successfully
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} => removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value removed successfully
SDScannerService => service removed successfully
SDWSCService => service removed successfully


The system needed a reboot.

==== End of Fixlog 13:20:42 ====
 
AdwCleaner log
# AdwCleaner v6.020 - Logfile created 26/09/2016 at 13:35:13
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-26.3 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : OmniNW - OMNINW-PC
# Running from : C:\Users\OmniNW\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\END


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp


***** [ Web browsers ] *****

[-] [C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: netflix.com
[-] [C:\Users\OmniNW\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: hamachi.en.softonic.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1506 Bytes] - [26/09/2016 13:35:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [1711 Bytes] - [26/09/2016 13:34:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1652 Bytes] ##########

 
Junkware log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows 7 Professional x64 
Ran by OmniNW (Administrator) on Mon 09/26/2016 at 15:29:54.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 26 

Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NID1BIY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3AUVSUXW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL60P3MK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRYMT9LZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2KU6OBI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M61ZX9BK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NW65T77V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8Z5QYKH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\OmniNW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YILW9PL1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NID1BIY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3AUVSUXW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL60P3MK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRYMT9LZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2KU6OBI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M61ZX9BK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NW65T77V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8Z5QYKH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YILW9PL1 (Temporary Internet Files Folder) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/26/2016 at 15:31:27.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:09 AM

Posted 26 September 2016 - 09:46 PM

Thank you for the information.

You can simply copy and paste your logs in your reply rather than put the information into code boxes.

Let's do this.

===================================================

Using VGA Driver in Normal Mode

--------------------
  • Click the Windows key + R at the same time
  • Type msconfig and hit Enter
  • Click the Boot tab (for XP click BOOT.INI)
  • Place a check mark in Base video, then click OK
  • Restart your computer
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 io2red

io2red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 27 September 2016 - 01:04 AM

After following your directions and rebooting, there seems to be no noteworthy changes (Aside from the low resolution of course). Things are still loading slowly after logging in.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:09 AM

Posted 27 September 2016 - 09:02 AM

Thank you. You can reverse that then I would like you to boot into Safe Mode with Networking and let me know how your computer performs.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 io2red

io2red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 27 September 2016 - 09:44 AM

After rebooting into Safe Mode With Networking, it does seem to have made a difference. After logging in, my computer was functioning like it normally would before this issue. I was able to immediately launch Chrome (unlike before) and other applications. So booting into Safe Mode With Networking does appear to have an effect.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:09 AM

Posted 27 September 2016 - 01:14 PM

Very good. We have some additional troubleshooting to do.

Please do this.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 io2red

io2red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 27 September 2016 - 02:32 PM

After following your steps, Avira blocked the registry changes from disabling startup. I disabled that and went through the steps again to ensure it was properly disabled. No issues were encountered here.

 

Boot up was quick and clean, chrome launched instantaneously. My computer appears to be running well with Clean Boot.

 

Edit: I am not sure if this is related or it is unrelated, so I wanted to bring it up to you. I recently noticed my computer had begun to take unusually long to shut down as well. I have had VerboseStatus set to 1 so the shutting down screen usually tells me what processes are shutting down. But it was just saying "Shutting Down...". So (hopefully you won't get mad at me for testing this, it's the only thing I have done without your permission) I temporarily disabled the "ClearPageFileAtShutdown" registry entry to test my suspicion that the Page File was the cause. And that one change completely fixed my long shut downs. It went from taking around a minute to being less than 3 seconds. So something seems to be going wrong with clearing my Page File step at ShutDown as well. (It's currently 15.8 GB)

 

AKXM3dY.png


Edited by io2red, 27 September 2016 - 03:16 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:09 AM

Posted 27 September 2016 - 03:49 PM

Greetings,

We will deal with the pagefile after we determine the cause(s) for the long boot process. You have quite a few autorun entries and I am not sure all of them are necessary. The issue is probable one of 2 things, either too much stuff loading at boot or a program(s) is hanging up the boot process. Here are all the autoruns in the FRST log:
 

HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [637960 2016-03-04] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1841088 2016-09-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [830064 2016-09-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-08-22] (VMware, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-05-15] (Glarysoft Ltd)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [Glary Memory Optimizer] => C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe [129488 2016-05-15] (Glarysoft Ltd)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9192440 2016-08-08] (Binary Fortress Software)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [GalaxyClient] => G:\Program Files\GOG Galaxy\GalaxyClient.exe [4090944 2016-09-20] (GOG.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2016-05-20]
Startup: C:\Users\OmniNW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk


We have a couple of options. First, you could download and run Autoruns and uncheck unnecessary startup items. The second option is to work through the Clean Boot environment to try to identify the issue(s). I will provide both options and you can pick which one you would like to try.

===================================================

Disabling Autoruns Entries

--------------------
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder (or if necessary right click and select Extract)
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Uncheck any items you do not need to launch at startup. Note: This does not mean you can't run the program, only that it won't automatically launch at startup whether you use it or not
  • If you are unsure about an entry you can Google it or check the startup in the BleepingComputer Startup List
===================================================

Troubleshooting in Clean Boot Environment

--------------------
  • While in a Clean Boot Environment place a check mark in half of the unchecked items and reboot your computer
  • If your symptoms reappear, uncheck an item, reboot your computer and see if your symptoms disappear. Repeat the process as necessary
  • If your symptoms do not appear, check an additional item, reboot your computer and see if your symptoms reappear. Repeat the process as necessary
  • Note: It is possible the unchecking and rechecking of items resolves the underlying issue without a particular service being identified as the culprit
  • List the program(s) causing your difficulties in your reply
Let me know if you have any questions or what the results are.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 io2red

io2red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 27 September 2016 - 09:51 PM

With the help of your suggestions, I believe have managed to find the service that is causing issues. It took a while, but the service causing me problems is NVIDIA LocalSystem Container. I have tested it by disabling just this one service, rebooting, enabling it again, rebooting, and so forth several times. Every time it's enabled, my issue occurs and I can't use anything for ~2 minutes. But when it's disabled, my computer functions properly and all programs load immediately.

 

NVIDIA LocalSystem Container

 

 

PSiSoGX.png

 

 

This would seem to make sense because I think I had done an update in the NVIDIA GeForce Experience application the day before these issues occurred. I'm guessing the next step would be to reinstall GeForce experience and my graphics card drivers?

 

I will wait for your instruction before I make any changes.

 

gold-horizontal-line.gif

 

Also: While using Autoruns, I came across a suspicious yellow entry (as in the whole row was highlighted yellow) of a File not found labeled, "kerncap.vbs" that referred to something that doesn't seem to exist. It didn't like me changing it's permissions either, but I did manage to disable it.

 
BVTConsumer File not found: KernCap.vbs

 

oz1uXfg.png

 

gold-horizontal-line.gif

I uninstalled a couple irrelevant programs that had unnecessary startup entries that I can list if needed. And I also disabled many of the entries you suggested. But they didn't really affect my problem aside from maybe cutting off a few milliseconds off of my initial load. So I don't think it's worth mentioning these.

 

 

As far as the applications you were curious about, I will be keeping these but uninstalled/removed the rest:

 

[Essential-SSD] HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
[Needed-Drawing Tablet] HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [637960 2016-03-04] (Graphic Tablet Company Shenzhen)
[Essential-Anti Win10/WinX Update Tool] HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
[Essential-AntiVirus] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [830064 2016-09-06] (Avira Operations GmbH & Co. KG)
[Essential-AntiVirus] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
[Needed-HDD Utilities] HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
[Needed-Virtual Machines] HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-08-22] (VMware, Inc.)
[Needed-HDD Utilities] HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
[Needed-Gaming] HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
[Needed-Window Management, Tools & Helps For Multi-Monitor] HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [9192440 2016-08-08] (Binary Fortress Software)
[Essential-Cleanup & Management] HKU\S-1-5-21-3304100226-1082674260-2939406835-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
[Needed-Pictures] Startup: C:\Users\OmniNW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk
 
If you have any questions why I am keeping these, I can elaborate further. Thanks again for helping me with this Gary!

 

I uninstalled a couple irrelevant programs that had unnecessary startup entries that I can list if needed. And I also disabled many of the entries you suggested. But they didn't really affect my problem aside from maybe cutting off a few milliseconds off of my initial load. So I don't think it's worth mentioning these.


Edited by io2red, 27 September 2016 - 09:53 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:09 AM

Posted 27 September 2016 - 10:18 PM

Hi Nick,

I am ending for the evening and want to give full attention to what you have written. One thing I need to consider is why your computer did not perform better when we used the VGA (non-NVIDIA) drivers. There may be a very good reason for that but I would like to find it.

I would like to review some additional information before commenting. Please do the following and I will review everything in the morning. I appreciate your patience and understanding.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 io2red

io2red
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 27 September 2016 - 10:34 PM

Thanks Gary,

 

No problem, sleep well. Thanks for taking your time with this, I would rather you be able to take your time than just rush it. Rest up and we can get back to it tomorrow.

 

I have attached a zip of my System Summary as you have requested.

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:09 AM

Posted 28 September 2016 - 10:09 AM

Thank you for your understanding and patience.
 

This would seem to make sense because I think I had done an update in the NVIDIA GeForce Experience application the day before these issues occurred. I'm guessing the next step would be to reinstall GeForce experience and my graphics card drivers?

Can you tell me the steps you took to do this, i.e. allowed NVIDIA site to detect and download drivers, manually locate and install, select Update Driver through Device Manager, etc.

Is your computer a laptop or desktop?

Yes, let's uninstall the drivers then reboot your computer. If you still see the same symptoms then attempt to roll back the drivers. If you need instructions please let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users