Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer blue screen/restarting/crashing


  • This topic is locked This topic is locked
11 replies to this topic

#1 dutchy510

dutchy510

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 04 December 2016 - 09:45 PM

i have had my computer for a few years and it has worked fine up until a few months ago. It began restarting, crashing ad blue screening at random points there is no pattern. it does it on start up, when i open a game or when i'm not doing anything. it has gotten to the stage where it restarts or crashes 5-7 times when i first turn it on each day until it finally stops and lets me work. i have gotten many different blue screens and will attack the ones i was able to get a image of. the problem has slowly been getting worse and it becoming unbearable.

 

i have run virus scans with windows defender, SpyHunter and a Reg Scan/Fix with RegHunter. When that didn't work i completely wiped my SSD and put on fresh OS and drivers. i have two other hard drives with only files on them that i left alone because i have important data on them. but after all that the problem is still there.

 

My computer is on windows 7 home premium with the OS on a 260gb SSD and has two other hard drives 3TB and 4TB.

 

i have been trying for months to fix it and it has only gotten worse. i am at my wits end and it is driving me crazy and slowing down my work. i would appreciate any help and will be checking this post regally to answer any questions and reply to any posts

 

thanks for your time.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:05 PM

Posted 09 December 2016 - 10:38 AM

Greetings dutchy510 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. This does not sound like a malware issue but rather a hardware or system issue. I may end up referring you to another Forum here but let's take a quick look.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 dutchy510

dutchy510
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 09 December 2016 - 07:09 PM

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Admin (administrator) on ADMIN-PC (10-12-2016 13:02:32)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe
(BitTorrent Inc.) C:\Users\Admin\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16686600 2016-08-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1460744 2016-08-08] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1971872 2016-10-25] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKU\S-1-5-21-1682432959-3493480357-3839079111-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1682432959-3493480357-3839079111-1000\...\MountPoints2: {41b3dca6-9c91-11e6-add4-806e6f6e6963} - F:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-11-11]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{968DC912-7655-42B2-A043-29411B2AD7AA}: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-09-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-10-31] (Microsoft Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-10-25] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-09-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-10-31] (Microsoft Corporation)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [2016-10-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-11-11] [not signed]
FF HKU\S-1-5-21-1682432959-3493480357-3839079111-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-10-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.nz/
CHR StartupUrls: Default -> "hxxps://www.google.co.nz/","hxxps://www.google.co.nz/webhp?hl=en&sa=X&ved=0ahUKEwiBqdyC0fzPAhUEUZQKHQTQAVEQPAgD"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2016-12-10]
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-28]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-28]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-10-28]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-28]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1457160 2016-11-24] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-02] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-18] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [859816 2016-11-04] (Enigma Software Group USA, LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-10-28] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-10-28] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-18] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
U0 aswVmm; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-10 13:02 - 2016-12-10 13:02 - 00015647 _____ C:\Users\Admin\Downloads\FRST.txt
2016-12-10 13:02 - 2016-12-10 13:02 - 00000000 ____D C:\FRST
2016-12-10 13:01 - 2016-12-10 13:01 - 02420224 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2016-12-09 11:47 - 2016-12-09 11:47 - 00395968 _____ C:\Windows\Minidump\120916-11138-01.dmp
2016-12-08 21:57 - 2016-12-08 21:57 - 00104853 _____ C:\Users\Admin\Downloads\eJwdyMsNwyAMANBdGABj82mabRBBJGqCEXbUQ9XdK_Ud38fc8zSr2VWHrADbIYXnZkV55lZtY25nzeMQW_iCrJrLftWuAuQpIDr3cDEl96QFgWLyPoQF_xciEtz91fnd7ejNfH8DcyLF.pG-SPigmjw7gC26NekKOepOryuQ
2016-12-06 21:37 - 2016-12-06 21:37 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-12-06 21:37 - 2016-12-02 06:04 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-12-06 21:37 - 2016-09-10 07:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-12-06 21:37 - 2016-09-10 07:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-12-06 21:37 - 2016-09-10 07:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-12-06 21:37 - 2016-09-10 07:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-06 21:35 - 2016-12-02 08:52 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 34703416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 28137920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 17440744 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 17373312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 14055360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-06 21:35 - 2016-12-02 08:52 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 10346208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 09151400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 08754160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 03645496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 03206592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437619.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437619.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 01036736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00943552 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00895424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00683824 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00573072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00170872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-12-06 21:35 - 2016-12-02 08:52 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-12-06 10:13 - 2016-12-06 10:17 - 00216276 _____ C:\Windows\ntbtlog.txt
2016-12-06 10:10 - 2016-12-06 10:10 - 00390368 _____ C:\Windows\Minidump\120616-11091-01.dmp
2016-12-05 15:43 - 2016-12-05 15:43 - 07115122 _____ C:\Users\Admin\Downloads\Attachments_2016125 (1).zip
2016-12-05 15:32 - 2016-12-05 15:32 - 07115122 _____ C:\Users\Admin\Downloads\Attachments_2016125.zip
2016-12-02 20:12 - 2016-12-02 20:13 - 00000000 ____D C:\Users\Admin\Documents\Mirrors Edge Catalyst
2016-11-28 14:31 - 2016-11-28 14:31 - 00022705 _____ C:\Users\Admin\Downloads\CV.pdf
2016-11-26 20:24 - 2016-11-26 20:24 - 00000233 _____ C:\Users\Admin\Desktop\Tom Clancy's The Division.url
2016-11-26 17:46 - 2016-11-26 17:47 - 00385544 _____ C:\Windows\Minidump\112616-9937-01.dmp
2016-11-23 17:18 - 2016-11-18 02:45 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-23 17:18 - 2016-11-18 02:45 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-23 17:18 - 2016-11-18 02:45 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-21 22:45 - 2016-11-17 15:04 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437595.dll
2016-11-21 22:45 - 2016-11-17 15:04 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437595.dll
2016-11-17 23:23 - 2016-11-17 23:23 - 00000000 ____D C:\Users\Admin\Documents\CPY_SAVES
2016-11-17 23:22 - 2016-11-17 23:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PowerISO
2016-11-17 22:00 - 2016-11-17 22:00 - 03862600 _____ (Power Software Ltd) C:\Users\Admin\Downloads\PowerISO6-x64.exe
2016-11-17 22:00 - 2016-11-17 22:00 - 00000812 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-11-17 22:00 - 2016-11-17 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-11-17 22:00 - 2016-11-17 22:00 - 00000000 ____D C:\Program Files\PowerISO
2016-11-17 22:00 - 2016-10-02 13:50 - 00137280 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2016-11-16 20:01 - 2016-11-11 12:48 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437586.dll
2016-11-16 20:01 - 2016-11-11 12:48 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437586.dll
2016-11-14 13:49 - 2016-12-10 12:57 - 00003258 _____ C:\Windows\System32\Tasks\RegHunterStartup
2016-11-13 01:01 - 2016-11-13 01:01 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-13 01:01 - 2016-11-13 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-13 01:01 - 2016-11-13 01:01 - 00000000 ____D C:\Program Files\iTunes
2016-11-13 01:01 - 2016-11-13 01:01 - 00000000 ____D C:\Program Files\iPod
2016-11-13 01:00 - 2016-11-13 01:00 - 00000000 ____D C:\Program Files\Bonjour
2016-11-13 01:00 - 2016-11-13 01:00 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-11-13 00:59 - 2016-11-13 01:00 - 177311560 _____ (Apple Inc.) C:\Users\Admin\Downloads\iTunes6464Setup (1).exe
2016-11-12 19:09 - 2016-11-12 19:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Activision
2016-11-11 12:38 - 2016-11-11 12:38 - 00000000 ____D C:\Users\Admin\AppData\Local\HP
2016-11-11 12:38 - 2016-11-11 12:38 - 00000000 ____D C:\ProgramData\WEBREG
2016-11-11 12:35 - 2016-11-11 12:35 - 00001327 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-11-11 12:35 - 2016-11-11 12:35 - 00000000 ____D C:\ProgramData\HP Product Assistant
2016-11-11 12:33 - 2009-04-20 12:29 - 00136704 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l70w.dll
2016-11-11 12:33 - 2009-04-16 10:53 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2016-11-11 12:33 - 2009-02-11 09:03 - 01403904 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpost_p03b.dll
2016-11-11 12:33 - 2009-02-11 09:03 - 00880640 _____ (Hewlett-Packard) C:\Windows\system32\hposwia_p03b.dll
2016-11-11 12:33 - 2009-02-11 09:03 - 00515072 _____ (Hewlett-Packard Co.) C:\Windows\system32\hposc_p03a.dll
2016-11-11 12:33 - 2008-10-28 23:27 - 00551424 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2016-11-11 12:32 - 2016-11-11 12:38 - 00202465 _____ C:\Windows\hpoins41.dat
2016-11-11 12:31 - 2016-11-11 12:31 - 00385632 _____ C:\Windows\Minidump\111116-12230-01.dmp
2016-11-11 12:27 - 2016-11-11 12:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HP
2016-11-11 12:25 - 2016-11-11 12:03 - 00202346 ____N C:\Windows\hpoins41.dat.temp
2016-11-11 12:25 - 2009-06-05 13:14 - 00001253 ____N C:\Windows\hpomdl41.dat.temp
2016-11-11 12:02 - 2016-11-11 12:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-11 12:01 - 2016-11-11 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-11-11 12:00 - 2016-11-11 12:36 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-11 11:58 - 2016-11-11 11:58 - 00000000 ____D C:\Program Files\HP
2016-11-11 11:54 - 2016-11-11 12:38 - 00000000 ____D C:\ProgramData\HP
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-10 13:02 - 2016-10-28 18:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2016-12-10 12:58 - 2016-10-28 19:50 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\uTorrent
2016-12-10 12:57 - 2016-10-28 18:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-10 12:57 - 2016-10-28 12:06 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-10 12:57 - 2016-10-28 11:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-10 12:57 - 2009-07-14 18:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-10 02:05 - 2016-10-28 11:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-09 12:00 - 2009-07-14 17:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-09 12:00 - 2009-07-14 17:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-09 11:54 - 2016-10-28 19:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Ubisoft Game Launcher
2016-12-09 11:47 - 2016-10-30 13:38 - 00000000 ____D C:\Windows\Minidump
2016-12-08 19:01 - 2016-10-28 22:48 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-12-06 21:37 - 2016-10-28 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-06 21:37 - 2016-10-28 12:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-06 21:37 - 2009-07-14 16:20 - 00000000 ____D C:\Windows\inf
2016-12-06 21:31 - 2016-10-28 21:13 - 00003832 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-06 21:31 - 2016-10-28 21:13 - 00003832 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-06 21:31 - 2016-10-28 21:13 - 00003782 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-06 21:31 - 2016-10-28 21:13 - 00003770 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-06 21:31 - 2016-10-28 21:13 - 00003594 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-06 21:31 - 2016-10-28 21:13 - 00003534 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-06 21:31 - 2016-10-28 21:13 - 00001448 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-12-06 21:31 - 2016-10-28 12:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-06 21:31 - 2016-10-28 12:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-06 10:15 - 2008-01-01 00:09 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2016-12-06 10:08 - 2009-07-14 18:13 - 00004522 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-03 21:13 - 2009-07-14 18:08 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-02 08:52 - 2016-10-28 12:05 - 19948848 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-12-02 08:52 - 2016-10-28 12:05 - 14410120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-12-02 08:52 - 2016-10-28 12:05 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-12-02 08:52 - 2016-10-28 12:05 - 03479560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-12-02 08:52 - 2016-10-28 12:05 - 00491536 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-12-02 08:52 - 2016-10-28 12:05 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-12-02 06:33 - 2016-10-28 12:06 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-02 06:32 - 2016-10-28 12:06 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-02 06:32 - 2016-10-28 12:06 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-12-02 06:32 - 2016-10-28 12:06 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-02 06:32 - 2016-10-28 12:06 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-12-02 06:32 - 2016-10-28 12:06 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-02 06:32 - 2016-10-28 12:06 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-12-02 06:32 - 2016-10-28 12:06 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-12-01 03:48 - 2016-10-31 23:54 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2016-11-30 22:34 - 2016-10-28 12:06 - 07607057 _____ C:\Windows\system32\nvcoproc.bin
2016-11-27 01:32 - 2016-10-29 21:18 - 00000394 _____ C:\Windows\Tasks\SpyHunter4.job
2016-11-27 00:35 - 2016-10-28 20:49 - 00000000 ____D C:\Users\Admin\Documents\My Games
2016-11-26 02:17 - 2016-11-04 22:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Factorio
2016-11-18 02:45 - 2016-10-28 21:13 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-11-18 02:45 - 2016-10-28 21:13 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-11-18 02:45 - 2016-10-28 21:13 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-11-18 02:45 - 2016-10-28 21:13 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-11-18 02:45 - 2016-10-28 21:13 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-11-16 12:44 - 2016-10-31 16:22 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-16 12:39 - 2016-10-31 16:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-11-15 12:07 - 2016-10-28 11:54 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 12:07 - 2016-10-28 11:54 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 22:52 - 2016-10-28 18:24 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Games
2016-11-13 01:01 - 2016-10-30 00:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-12 15:49 - 2009-07-14 17:45 - 00436152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-11 12:38 - 2016-10-28 17:17 - 00111832 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-11 12:38 - 2009-07-14 15:34 - 00000438 _____ C:\Windows\win.ini
 
==================== Files in the root of some directories =======
 
2016-11-04 15:59 - 2016-11-07 16:28 - 0007605 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2016-10-28 11:33 - 2016-10-28 11:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-11 11:54 - 2016-11-11 12:38 - 0007973 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Admin\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-10-28 11:04
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Admin (10-12-2016 13:02:50)
Running from C:\Users\Admin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-10-27 22:09:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-1682432959-3493480357-3839079111-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1682432959-3493480357-3839079111-500 - Administrator - Disabled)
Guest (S-1-5-21-1682432959-3493480357-3839079111-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1682432959-3493480357-3839079111-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Ansel (Version: 376.19 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C309g-m (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Call of Duty: World at War (HKLM\...\Steam App 10090) (Version:  - Treyarch)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Dying Light (HKLM\...\Steam App 239140) (Version:  - Techland)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{181AC4C7-B83C-4B5F-B566-E19BF2472429}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iSkysoft iMedia Converter Deluxe(Build 8.9.0.7) (HKLM-x32\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 8.9.0.7 - iSkysoft Software)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4875.1001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.19 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.19 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.7 - Power Software Ltd)
PS_AIO_06_C309g-m_SW_Min (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7899 - Realtek Semiconductor Corp.)
RegHunter (HKLM-x32\...\RegHunter) (Version: 2.1.7.2022 - Enigma Software Group, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.24.3.4750 - Enigma Software Group, LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 24.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0373903C-147F-449C-91E5-2AF0A9C5BDC5} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-11-04] (Enigma Software Group USA, LLC.)
Task: {0C70313D-196D-474C-BF33-EC67D54A17B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {104A4B5B-5038-4AA1-AE1D-7972F60BE4DA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-09-21] (Microsoft Corporation)
Task: {21E2980F-7150-46E3-ADF9-510F04DE1850} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-18] (NVIDIA Corporation)
Task: {52DD4C7C-A9A2-48A4-A0A8-53FB1407F24E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-18] (NVIDIA Corporation)
Task: {643BC2B6-02DC-4658-BAA4-9583C48C8261} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-18] (NVIDIA Corporation)
Task: {7289EC05-0F35-477D-A1E8-EFB64411B3DB} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-18] (NVIDIA Corporation)
Task: {9AA8EC35-0B92-40F2-A2BC-4721218E933B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {A39ADC8A-94CE-48E8-BBA2-1649F805FA7A} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-11-04] (Enigma Software Group USA, LLC.)
Task: {A471E135-0291-473A-BC78-BB5751576143} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-28] (AVAST Software)
Task: {AF7D0EDA-FA79-42B8-A6F3-DFAF3F0DD5BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-28] (Google Inc.)
Task: {C78DBF67-9F52-4DE3-B3EE-81718173C357} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-09-21] (Microsoft Corporation)
Task: {CB3A5A5C-3782-42F4-AD68-86E04A8E1DC9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
Task: {DF6C1DFB-94BC-44F0-B8D2-6E0AA29327CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-28] (Google Inc.)
Task: {E0A918DE-6B08-40D1-A28F-9ACFF0377B85} - System32\Tasks\RegHunterStartup => C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe [2016-10-28] (Enigma Software Group USA, LLC.)
Task: {F2DA175D-D9A8-47E9-91CC-18AF1248D152} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-18] (NVIDIA Corporation)
Task: {F6DB8A03-5D3A-4D65-875C-786DAD755C61} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-18] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-31 16:23 - 2016-10-31 16:23 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-31 16:19 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-10-28 21:13 - 2016-11-18 02:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-28 21:13 - 2016-11-18 02:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-28 21:13 - 2016-11-18 02:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-10-28 12:06 - 2016-12-02 06:32 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-28 18:10 - 2016-09-08 16:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-10-28 18:10 - 2016-09-01 14:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-10-28 18:10 - 2016-09-01 14:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-10-28 18:10 - 2016-09-01 14:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-10-28 18:10 - 2016-10-13 14:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-10-28 18:10 - 2016-01-27 20:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-10-28 18:10 - 2016-01-27 20:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-10-28 18:10 - 2016-01-27 20:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-10-28 18:10 - 2016-01-27 20:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-10-28 18:10 - 2016-01-27 20:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-10-28 18:10 - 2016-10-13 14:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-10-28 18:10 - 2016-07-05 11:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-28 21:13 - 2016-11-18 02:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-28 21:13 - 2016-11-18 02:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-28 21:13 - 2016-11-18 02:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-28 18:10 - 2016-08-05 09:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-10-28 21:13 - 2016-11-18 02:44 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-28 21:13 - 2016-11-17 23:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-28 21:13 - 2016-11-17 23:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-28 21:13 - 2016-11-17 23:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-28 21:13 - 2016-11-17 23:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-28 21:13 - 2016-11-17 23:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-28 21:13 - 2016-11-17 23:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-28 21:13 - 2016-11-17 23:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-10-31 16:20 - 2016-10-31 16:24 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-11-15 12:07 - 2016-11-09 09:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 12:07 - 2016-11-09 09:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 15:34 - 2009-06-11 10:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1682432959-3493480357-3839079111-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{6C77CF2F-E4FD-4EEB-A476-9FE9D2D1E591}G:\sdi_update\sdi_x64_r477.exe] => G:\sdi_update\sdi_x64_r477.exe
FirewallRules: [UDP Query User{3C72818E-0BA2-4245-BBDB-47B3F1B56CCF}G:\sdi_update\sdi_x64_r477.exe] => G:\sdi_update\sdi_x64_r477.exe
FirewallRules: [{877A3D40-0061-4201-9809-D825E43D9141}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F154469B-569A-46FC-A928-8D4C42495D30}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FDE3EEEA-7B0A-41A5-B09F-EFA9173CDD55}] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{76BDDD09-747D-4AB3-94B6-4282C77557D3}] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7321A6A3-98E7-4A43-9E3A-B7A7DB7BC097}] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{795CEAB0-0FBB-4DCB-B262-0F0754414B5C}] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{85CB0231-C9ED-40A0-9ACE-952750FE72A2}] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F669D1B1-8F43-4EBD-8BB1-4AF17D7D11B9}] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{55B04E92-902C-4A8C-B2D3-E2B73239A1DF}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8FE9B84C-C408-410E-94A3-06B006E5F7ED}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{AFD8CC20-61F2-4165-BA07-D3E417DADDFA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1B824CD0-4F02-4C0A-B58A-A84E55B5D625}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{59EC4B52-4999-40F5-A7BA-18CE96113F01}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{D96E4562-81F5-43DE-8517-30A0B912EDC0}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{053B802C-927A-4FFA-B6FB-DB2788996363}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{82359726-8BBE-44D5-BEE5-CEED41C99F14}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{EA68AC4D-4340-4B50-A867-86992DD3B60B}] => C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{11C6D2BA-12C2-48FD-A3D8-999EB5F191A0}] => C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{76FA4344-ADE5-4DF2-A436-48A0FE36DF22}] => C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{D3A81849-F8D8-4D4A-B868-2A21E3610508}] => C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{16D75B1D-281C-418B-BB8F-1F6637592C9D}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{988D2ABF-192C-42F3-9885-C5D3C6FE2954}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{088478D4-F3F0-4561-80FB-59157BC48CF5}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{50B7C4C2-6ADB-48D4-BF96-2F0E19D678BF}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C18D278B-9992-4A67-B8F1-A1A727329D69}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{AECC3F7F-3DCA-418C-BCAF-60BA3C920A3E}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{509AAE3B-777E-49DC-A6BA-82152C2BDB16}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{09A56E28-68F0-4C05-828C-06F1F8B81A47}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{39987D60-2FC3-43A0-8D58-8CB6C0D57449}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{ABBB9A6C-62F9-4559-B96E-8DFAB5B38A80}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{953949E8-AD56-4270-93A6-87D892266595}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{DFDD822A-BDA3-4962-B25A-264D210D9FFF}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{E7C72866-819F-4FF8-B670-4E9BC124A653}] => C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{383333C6-0944-438B-9F4E-A840CC5D7927}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{DDCF63AF-0689-4636-A990-A81B0FCCF289}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{CB4154D2-13F9-4156-A854-D30CA166B49D}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{15859270-C67B-41CA-ACB5-F494DA005753}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E66223BC-F9C3-4D6A-B2C4-9E8102FCF25A}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{AB44E734-1383-4FE2-B643-AA8616A1C300}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{CA32B0A9-C1DC-449C-A226-CB669224598E}] => F:\setup\hpznui40.exe
FirewallRules: [{5A78CF3F-5E76-4111-90E9-B30B6EB4E03A}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8B99D199-E28D-4FDA-BA05-713367B9EDA1}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F98A75F8-14C3-4D58-A717-30F0EBFA415B}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B340F85D-B82F-4B47-8210-4522EA7D1A59}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{04EBAD42-FE14-4DA6-B5CB-0EA658355496}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6FE7D62D-ED34-41CB-8FA3-BF31DB5E4C25}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF6B4244-8FBC-4C54-BC24-71155020591F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1470CB46-D855-48BC-AD93-B945189E3E2F}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0DA9C04-19F1-4F22-8B31-97F1470F81A4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BA04A3E-F774-4683-9DD8-2F0EE74DB014}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9515473A-0D11-4A83-A08E-31CF2F3BB099}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E1FA3AC3-A6F9-46E3-AE2E-6E84936AFA73}D:\games\doom\doom\doomx64.exe] => D:\games\doom\doom\doomx64.exe
FirewallRules: [UDP Query User{7BD40363-1472-47C7-A9CD-987225227D55}D:\games\doom\doom\doomx64.exe] => D:\games\doom\doom\doomx64.exe
FirewallRules: [{A880730A-690D-4958-9BAA-31DFA002A95D}] => C:\Program Files (x86)\Steam\steamapps\common\Steep Open Beta\steep.exe
FirewallRules: [{EBF408B3-53FD-462C-9D02-D650A82E1F92}] => C:\Program Files (x86)\Steam\steamapps\common\Steep Open Beta\steep.exe
FirewallRules: [{B47D2179-41B0-4841-B8BC-6BB3B1B5FA81}] => C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{5E5FFE55-0856-40FC-8AAA-CADA18FA5A76}] => C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{740CAB95-E49D-42EE-A242-BC060C566EA0}] => C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{4E2ACB96-7DB3-456C-B52E-FB8FF95A3402}] => C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{80D2A4DE-06D3-4119-AFCF-58EF86C25674}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{0FB12190-21B7-46EF-9B2E-DE5C3C36CEB5}] => C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{D25B013E-2B7C-42E5-85FD-586E14E9343F}] => C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2016 12:58:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/10/2016 12:57:04 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (12/09/2016 11:59:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (12/09/2016 11:55:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/09/2016 11:53:33 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (12/09/2016 11:49:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/09/2016 11:47:29 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (12/09/2016 11:04:54 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (12/09/2016 08:57:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (12/09/2016 08:51:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (12/10/2016 12:57:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/10/2016 12:57:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/09/2016 11:53:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/09/2016 11:53:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/09/2016 11:53:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:52:17 a.m. on ‎9/‎12/‎2016 was unexpected.
 
Error: (12/09/2016 11:47:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/09/2016 11:47:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/09/2016 11:47:23 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff1000ec5dae8, 0x0000000000000000, 0xfffff800031ea19a, 0x0000000000000007). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120916-11138-01.
 
Error: (12/09/2016 11:47:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:04:49 a.m. on ‎9/‎12/‎2016 was unexpected.
 
Error: (12/09/2016 11:04:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8150 Eight-Core Processor 
Percentage of memory in use: 27%
Total physical RAM: 16348.61 MB
Available physical RAM: 11907.51 MB
Total Virtual: 32695.41 MB
Available Virtual: 27343.33 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.37 GB) (Free:24.94 GB) NTFS
Drive d: (General ) (Fixed) (Total:1863.01 GB) (Free:840.31 GB) NTFS
Drive e: (Movies and TV) (Fixed) (Total:3725.9 GB) (Free:1006.05 GB) NTFS
Drive f: (PS_AIO_06_C309g-) (CDROM) (Total:0.33 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: C5F87DC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 21F16E0C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
 
thank you for your help i will be checking the forum at least daily.
and call me Aaron

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:05 PM

Posted 09 December 2016 - 07:30 PM

Thank you for the information Aaron.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

RegHunter
SpyHunter 4

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1682432959-3493480357-3839079111-1000\...\MountPoints2: {41b3dca6-9c91-11e6-add4-806e6f6e6963} - F:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
U0 aswVmm; no ImagePath
2016-12-08 21:57 - 2016-12-08 21:57 - 00104853 _____ C:\Users\Admin\Downloads\eJwdyMsNwyAMANBdGABj82mabRBBJGqCEXbUQ9XdK_Ud38fc8zSr2VWHrADbIYXnZkV55lZtY25nzeMQW_iCrJrLftWuAuQpIDr3cDEl96QFgWLyPoQF_xciEtz91fnd7ejNfH8DcyLF.pG-SPigmjw7gC26NekKOepOryuQ
Task: {0373903C-147F-449C-91E5-2AF0A9C5BDC5} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-11-04] (Enigma Software Group USA, LLC.)
C:\Program Files\Enigma Software Group
Task: {A39ADC8A-94CE-48E8-BBA2-1649F805FA7A} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-11-04] (Enigma Software Group USA, LLC.)
Task: {A471E135-0291-473A-BC78-BB5751576143} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-28] (AVAST Software)
Task: {E0A918DE-6B08-40D1-A28F-9ACFF0377B85} - System32\Tasks\RegHunterStartup => C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe [2016-10-28] (Enigma Software Group USA, LLC.)
Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
FirewallRules: [TCP Query User{6C77CF2F-E4FD-4EEB-A476-9FE9D2D1E591}G:\sdi_update\sdi_x64_r477.exe] => G:\sdi_update\sdi_x64_r477.exe
FirewallRules: [UDP Query User{3C72818E-0BA2-4245-BBDB-47B3F1B56CCF}G:\sdi_update\sdi_x64_r477.exe] => G:\sdi_update\sdi_x64_r477.exe
zip: C:\Windows\Minidump
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a zip file with today's date and time, example 05.12.2016_13.04.06.zip. Please attach that file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall?
  • Fixlog
  • Attached zip file

Edited by Oh My!, 09 December 2016 - 07:36 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 dutchy510

dutchy510
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 09 December 2016 - 07:46 PM

i am confused the two programs you have listed are not torrent programs and are legitimate virus scanning software?



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:05 PM

Posted 09 December 2016 - 08:04 PM

In my opinion those are not programs I would recommend using because of what I believe are substandard performances. As is stated in the instructions, if you choose to keep them you can reinstall the programs once we are finished. If you want you can leave them and disable them while we are working together.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 dutchy510

dutchy510
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 09 December 2016 - 08:15 PM

the programs are gone from the files and from my desktop but are still in my "uninstall programs" list in the control panel but without there logos

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Admin (10-12-2016 14:09:21) Run:1
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1682432959-3493480357-3839079111-1000\...\MountPoints2: {41b3dca6-9c91-11e6-add4-806e6f6e6963} - F:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
U0 aswVmm; no ImagePath
2016-12-08 21:57 - 2016-12-08 21:57 - 00104853 _____ C:\Users\Admin\Downloads\eJwdyMsNwyAMANBdGABj82mabRBBJGqCEXbUQ9XdK_Ud38fc8zSr2VWHrADbIYXnZkV55lZtY25nzeMQW_iCrJrLftWuAuQpIDr3cDEl96QFgWLyPoQF_xciEtz91fnd7ejNfH8DcyLF.pG-SPigmjw7gC26NekKOepOryuQ
Task: {0373903C-147F-449C-91E5-2AF0A9C5BDC5} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-11-04] (Enigma Software Group USA, LLC.)
C:\Program Files\Enigma Software Group
Task: {A39ADC8A-94CE-48E8-BBA2-1649F805FA7A} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-11-04] (Enigma Software Group USA, LLC.)
Task: {A471E135-0291-473A-BC78-BB5751576143} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-28] (AVAST Software)
Task: {E0A918DE-6B08-40D1-A28F-9ACFF0377B85} - System32\Tasks\RegHunterStartup => C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe [2016-10-28] (Enigma Software Group USA, LLC.)
Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
FirewallRules: [TCP Query User{6C77CF2F-E4FD-4EEB-A476-9FE9D2D1E591}G:\sdi_update\sdi_x64_r477.exe] => G:\sdi_update\sdi_x64_r477.exe
FirewallRules: [UDP Query User{3C72818E-0BA2-4245-BBDB-47B3F1B56CCF}G:\sdi_update\sdi_x64_r477.exe] => G:\sdi_update\sdi_x64_r477.exe
zip: C:\Windows\Minidump
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1682432959-3493480357-3839079111-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41b3dca6-9c91-11e6-add4-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{41b3dca6-9c91-11e6-add4-806e6f6e6963} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully
aswVmm => service removed successfully
C:\Users\Admin\Downloads\eJwdyMsNwyAMANBdGABj82mabRBBJGqCEXbUQ9XdK_Ud38fc8zSr2VWHrADbIYXnZkV55lZtY25nzeMQW_iCrJrLftWuAuQpIDr3cDEl96QFgWLyPoQF_xciEtz91fnd7ejNfH8DcyLF.pG-SPigmjw7gC26NekKOepOryuQ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0373903C-147F-449C-91E5-2AF0A9C5BDC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0373903C-147F-449C-91E5-2AF0A9C5BDC5}" => key removed successfully
C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
C:\Program Files\Enigma Software Group => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A39ADC8A-94CE-48E8-BBA2-1649F805FA7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A39ADC8A-94CE-48E8-BBA2-1649F805FA7A}" => key removed successfully
C:\Windows\System32\Tasks\SpyHunter4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A471E135-0291-473A-BC78-BB5751576143}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A471E135-0291-473A-BC78-BB5751576143}" => key removed successfully
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0A918DE-6B08-40D1-A28F-9ACFF0377B85} => key not found.
C:\Windows\System32\Tasks\RegHunterStartup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegHunterStartup" => key removed successfully
C:\Windows\Tasks\SpyHunter4.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C77CF2F-E4FD-4EEB-A476-9FE9D2D1E591}G:\sdi_update\sdi_x64_r477.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3C72818E-0BA2-4245-BBDB-47B3F1B56CCF}G:\sdi_update\sdi_x64_r477.exe => value removed successfully
================== Zip: ===================
C:\Windows\Minidump -> copied successfully to C:\Users\Admin\Desktop\10.12.2016_14.09.37.zip
=========== Zip: End ===========


The system needed a reboot.

==== End of Fixlog 14:09:38 ====

Attached Files


Edited by Oh My!, 09 December 2016 - 08:33 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:05 PM

Posted 09 December 2016 - 08:17 PM

OK thank you. It is going to take me some time to examine the contents of the zip file.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:05 PM

Posted 09 December 2016 - 09:10 PM

Thank you for your continued patience.

The crash dump reports are clearly pointing to a hardware issue. This is by no means my area of expertise but if I had to offer a troubleshooting step I would say to disable your wireless network adapter and see if you BSOD. If you are able, you can connect an ethernet cable and access the Internet that way.

 

Since there are a variety of possibilities, if the above does not help or you prefer assistance in troubleshooting you issue I would recommend you start a topic in the Internal Hardware Forum.

 

Please let me know what you would like to do. If you want to post in the Internal Hardware Forum I will have to immediately close this topic otherwise they will not assist you while there is an open malware topic.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 dutchy510

dutchy510
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 12 December 2016 - 05:32 AM

i might open a topic in the hardware forum so you can delete this topic

thank you for your help

aaron



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:05 PM

Posted 12 December 2016 - 10:23 AM

Very good Aaron, sorry we couldn't solve it here.

Good luck in the Hardware Forum.

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:05 PM

Posted 12 December 2016 - 10:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users