Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winvmx client.exe Adware Removal Help! FRST Log posted here!


  • This topic is locked This topic is locked
1 reply to this topic

#1 bobbysaggers

bobbysaggers

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 25 February 2017 - 08:33 PM

Hello, guys. I'm having an annoying issue with this certain adware that must've bypassed Windows Anti-virus. (I know, I need a better anti-virus.) It shows up in the Task Manager as 'winvmx client' and the process name is 'vmxclient.exe'. I'm positive that I have other adware as well as there is also another process named 'winscr.exe' but there are others too. What I do know is that all of these malicious processes are eating up my CPU along with my entire PC's performance. I downloaded FRST from my phone onto my computer and performed a scan so here are the results. It generated 2 .txt files. I attached them. Please help me find a solution to removing all of this junk as soon as possible. Thanks.
 
-------------FRST.txt----------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by ORLANDO (administrator) on DESKTOP-06E2V5A (25-02-2017 16:58:40)
Running from C:\Users\ORLANDO\Desktop
Loaded Profiles: ORLANDO (Available Profiles: ORLANDO)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Users\ORLANDO\AppData\Local\Temp\WS\WindowService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
(winscr) C:\Program Files (x86)\winscr\winscr.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
Failed to access process -> vmxclient.exe
Failed to access process -> vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{1dba7fbb-eac9-4385-a410-45eec5adea5f}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
 
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-28]
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-25]
CHR Extension: (Adobe Acrobat) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755200 2017-02-16] (qdcomsvc Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WindowService; C:\Users\ORLANDO\AppData\Local\Temp\WS\WindowService.exe [8192 2017-02-21] () [File not signed] <==== ATTENTION
R2 windowsmanagementservice; C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe [722432 2017-02-19] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S2 ProductAgentService; "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" [X]
S2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe" /service [X]
S4 VSSERV; "C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe" /service [X]
S2 vsservp; "C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA)
R1 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [51784 2017-02-21] () [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-16] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-16] (Disc Soft Ltd)
R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. )
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-25] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U4 klhk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-25 16:58 - 2017-02-25 16:59 - 00012744 _____ C:\Users\ORLANDO\Desktop\FRST.txt
2017-02-25 16:58 - 2017-02-25 01:16 - 02423296 ____N (Farbar) C:\Users\ORLANDO\Desktop\FRST64.exe
2017-02-25 02:10 - 2017-02-25 14:09 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-25 02:10 - 2017-02-25 14:08 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-25 02:10 - 2017-02-25 02:10 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-25 01:54 - 2017-02-25 01:54 - 00000000 ____D C:\WINDOWS\pss
2017-02-25 01:24 - 2017-02-25 16:58 - 00000000 ____D C:\FRST
2017-02-25 01:22 - 2017-02-25 01:22 - 00000099 _____ C:\WINDOWS\Reimage.ini
2017-02-25 01:21 - 2017-02-25 01:22 - 00604928 _____ (Reimage) C:\Users\ORLANDO\Downloads\ReimageRepair.exe
2017-02-25 01:10 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2017-02-25 01:04 - 2017-02-25 16:53 - 00000000 ____D C:\Program Files\FreeFixer
2017-02-25 01:04 - 2017-02-25 01:04 - 02704615 _____ (Kephyr) C:\Users\ORLANDO\Downloads\freefixersetup.exe
2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\FreeFixer
2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\FreeFixer
2017-02-23 19:13 - 2017-02-23 19:13 - 02627220 _____ C:\Users\ORLANDO\Downloads\Voice_005.m4a
2017-02-23 19:13 - 2017-02-23 19:13 - 01081392 _____ C:\Users\ORLANDO\Downloads\Voice_003.m4a
2017-02-22 19:07 - 2017-02-22 19:10 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-02-21 17:58 - 2017-02-21 17:59 - 00000000 ____D C:\ProgramData\Microleaves
2017-02-21 14:54 - 2017-02-21 14:54 - 00051784 _____ C:\WINDOWS\system32\Drivers\drmkpro64.sys
2017-02-21 06:29 - 2017-02-21 06:29 - 00000000 ____D C:\ProgramData\aabda3c9-63f7-0
2017-02-21 06:24 - 2017-02-21 06:24 - 00023710 _____ C:\WINDOWS\System32\Tasks\{790C0847-7F0C-0E05-0811-7D797E7A117F}
2017-02-21 06:24 - 2017-02-21 06:24 - 00003976 _____ C:\WINDOWS\System32\Tasks\{BBB4BEE3-0C1F-0948-8EA3-08D2A598152C}
2017-02-21 06:24 - 2017-02-21 06:24 - 00003976 _____ C:\WINDOWS\System32\Tasks\{396AA97F-8EC1-1ED4-ACFE-D7C8EF2454BA}
2017-02-21 06:24 - 2017-02-21 06:24 - 00003886 _____ C:\WINDOWS\System32\Tasks\{40E0C924-AEBF-C93F-C8A3-BDAAF2E35E0E}
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\aabda3c9-0e83-0
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\6d2d265c
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{C4E82169-7343-96C2-F783-DCC4A24FDF70}
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{7b0c73be-212c-0}
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{606a5394-312c-1}
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{4246D972-F5ED-6ED9-8DA9-CC01E447DE73}
2017-02-20 18:24 - 2017-02-20 18:24 - 00000000 ____D C:\Program Files (x86)\regtool
2017-02-20 18:20 - 2017-02-20 18:20 - 00216089 _____ C:\ProgramData\cl.1487643569.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 00028714 _____ C:\ProgramData\agent.1487643631.bdinstall.bin
2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\llssoft
2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-02-20 18:15 - 2017-02-22 18:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-20 18:15 - 2017-02-20 18:15 - 00001310 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-02-20 18:15 - 2017-02-20 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-02-20 18:13 - 2017-02-20 18:13 - 00001159 _____ C:\Users\ORLANDO\Desktop\Install Kaspersky Security Scan version 16.0.0.1344.lnk
2017-02-20 18:12 - 2017-02-20 18:12 - 00027972 _____ C:\ProgramData\agent.1487643129.bdinstall.bin
2017-02-20 18:07 - 2017-02-20 18:13 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\BitTorrent
2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\Desktop\BitTorrent.lnk
2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2017-02-20 18:06 - 2017-02-22 18:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-02-20 18:06 - 2017-02-20 18:19 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-20 18:04 - 2017-02-20 18:05 - 177912864 _____ (Kaspersky Lab) C:\Users\ORLANDO\Downloads\kis17.0.0.611en_10743.exe
2017-02-20 18:00 - 2017-02-20 18:01 - 118423206 _____ C:\Users\ORLANDO\Downloads\Unconfirmed 522685.crdownload
2017-02-20 17:59 - 2017-02-20 17:59 - 01800192 _____ C:\Users\ORLANDO\Downloads\Kaspersky Internet Security 2016 Final Crack is Here.iso
2017-02-20 17:59 - 2017-02-20 17:59 - 00000000 ____D C:\Program Files (x86)\winscr
2017-02-20 17:56 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\d0dfc1ff-67a5-0
2017-02-20 17:56 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\d0dfc1ff-24f1-1
2017-02-20 17:56 - 2017-02-20 18:02 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2017-02-20 17:56 - 2017-02-20 17:57 - 00000406 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-20 17:56 - 2017-02-20 17:56 - 01852928 _____ (splsrv Corp.) C:\WINDOWS\SysWOW64\splsrv.exe
2017-02-20 17:56 - 2017-02-20 17:56 - 00006549 _____ C:\WINDOWS\TEMPcoral.vbs
2017-02-20 17:56 - 2017-02-20 17:56 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
2017-02-20 17:56 - 2017-02-20 17:56 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
2017-02-20 17:56 - 2017-02-20 17:56 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
2017-02-20 17:56 - 2017-02-20 17:56 - 00003294 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\dataup
2017-02-20 17:55 - 2017-02-20 18:02 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-02-20 17:55 - 2017-02-20 17:57 - 00000420 _____ C:\WINDOWS\Tasks\Online Application Updater.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
2017-02-20 17:55 - 2017-02-20 17:56 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\Microleaves
2017-02-20 17:55 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-02-20 17:55 - 2017-02-20 17:55 - 00003722 _____ C:\WINDOWS\System32\Tasks\Online Application Guardian
2017-02-20 17:55 - 2017-02-20 17:55 - 00003716 _____ C:\WINDOWS\System32\Tasks\Online Application Guard
2017-02-20 17:55 - 2017-02-20 17:55 - 00003704 _____ C:\WINDOWS\System32\Tasks\Online Application
2017-02-20 17:55 - 2017-02-20 17:55 - 00003314 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
2017-02-20 17:55 - 2017-02-20 17:55 - 00003280 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-02-20 17:55 - 2017-02-20 17:55 - 00003274 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-02-20 17:55 - 2017-02-20 17:55 - 00003266 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
2017-02-20 17:55 - 2017-02-20 17:55 - 00003262 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-02-20 17:55 - 2017-02-20 17:55 - 00003260 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
2017-02-20 17:55 - 2017-02-20 17:55 - 00003248 _____ C:\WINDOWS\System32\Tasks\Online Application v2
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\c
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\AGData
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\ProgramData\1487642148
2017-02-20 17:54 - 2017-02-20 17:54 - 01800192 _____ C:\Users\ORLANDO\Downloads\FL Studio 11 (2014) With Crack Full Version.iso
2017-02-20 17:50 - 2017-02-20 17:50 - 00834214 _____ C:\Users\ORLANDO\Downloads\FL5tud1o123licencekeyCrackcg.zip
2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\Mozilla
2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Macromedia
2017-02-17 15:50 - 2016-11-23 05:37 - 00000570 _____ C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json
2017-02-17 15:48 - 2017-02-25 16:54 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Bluestacks
2017-02-17 15:48 - 2017-02-17 15:50 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-17 15:36 - 2017-02-17 15:47 - 335132976 _____ (BlueStack Systems Inc.) C:\Users\ORLANDO\Downloads\BlueStacks2_native_7399b918738d3feb7696e539a4902efa.exe
2017-02-16 21:38 - 2017-02-16 21:38 - 00000000 _____ C:\Users\ORLANDO\Documents\New Text Document (2).txt
2017-02-16 19:11 - 2017-02-16 19:11 - 00000000 ____D C:\WINDOWS\Panther
2017-02-16 13:47 - 2017-02-16 13:47 - 00000201 _____ C:\Users\ORLANDO\Documents\2nd SONG CRAZY.txt
2017-02-14 14:53 - 2017-02-14 14:53 - 09477678 _____ C:\Users\ORLANDO\Downloads\vnROM.net.rar
2017-02-14 14:43 - 2017-02-14 14:43 - 29419520 _____ C:\Users\ORLANDO\Desktop\AdbEnabled_G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME.tar
2017-02-14 14:43 - 2017-02-14 14:43 - 00000000 ____D C:\Users\ORLANDO\Desktop\AdbEnabled_G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME
2017-02-14 14:39 - 2017-02-14 14:39 - 00000000 ____D C:\Users\ORLANDO\Downloads\usb debugging enabler pc tricks zone
2017-02-14 13:42 - 2017-02-14 15:01 - 00000591 _____ C:\Users\ORLANDO\Documents\Beautiful Song That I Like.txt
2017-02-09 22:06 - 2017-02-09 22:07 - 00000000 ____D C:\Users\ORLANDO\Downloads\CF-Auto-Root-zeroltetmo-zeroltetmo-smg925t
2017-02-09 21:20 - 2016-11-17 13:48 - 4042680488 _____ C:\Users\ORLANDO\Downloads\G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME.tar.md5
2017-02-09 00:13 - 2017-02-09 02:22 - 00000102 _____ C:\Users\ORLANDO\Documents\Five Hundred Dollar PC.txt
2017-02-08 19:34 - 2017-02-08 22:21 - 1955906374 _____ C:\Users\ORLANDO\Downloads\G925TUVU5EPK5_G925TTMB5EPK5_TMB.zip
2017-02-08 19:18 - 2016-05-19 17:20 - 65536081 _____ C:\Users\ORLANDO\Desktop\CF-Auto-Root-zeroltetmo-zeroltetmo-smg925t.tar.md5
2017-02-08 19:16 - 2017-02-08 19:16 - 09330032 _____ (Samsung Electronics Co., Ltd.) C:\Users\ORLANDO\Downloads\Samsung-Usb-Driver-v1.5.55.0.exe
2017-02-08 19:10 - 2017-02-08 19:10 - 01107376 _____ C:\Users\ORLANDO\Downloads\odin3_v3.10.7.zip
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\ProgramData\Samsung
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\Program Files\Samsung
2017-02-08 01:00 - 2015-05-20 22:02 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2017-02-08 01:00 - 2015-05-20 22:02 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2017-02-08 01:00 - 2015-05-20 22:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2017-02-08 01:00 - 2015-05-20 22:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2017-02-03 23:29 - 2017-02-03 23:30 - 00000000 ____D C:\Users\ORLANDO\Documents\PCSX2
2017-02-03 23:28 - 2017-02-03 23:29 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2017-02-03 23:28 - 2017-02-03 23:28 - 00002008 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2017-02-03 23:27 - 2017-02-03 23:27 - 00000020 _____ C:\Users\ORLANDO\Documents\ass ins creed synister.txt
2017-02-02 23:31 - 2017-02-02 23:31 - 00000222 _____ C:\Users\ORLANDO\Desktop\Grand Theft Auto V.url
2017-01-30 19:26 - 2017-01-30 19:27 - 05596617 _____ (UserBenchmark.com) C:\Users\ORLANDO\Downloads\UserBenchMark.exe
2017-01-28 19:22 - 2017-01-28 19:22 - 18495884 _____ C:\Users\ORLANDO\Desktop\kart sav.sav
2017-01-28 16:45 - 2017-02-25 16:53 - 00000000 ____D C:\Users\ORLANDO\Valley
2017-01-28 16:44 - 2017-01-28 16:51 - 01307648 _____ C:\Users\ORLANDO\AppData\Local\file__0.localstorage
2017-01-28 16:23 - 2017-01-28 16:42 - 358226169 _____ (Unigine Corp. ) C:\Users\ORLANDO\Downloads\Unigine_Valley-1.0.exe
2017-01-27 20:12 - 2017-01-27 20:12 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Fallout4
2017-01-27 20:10 - 2017-01-27 20:10 - 00000000 ____D C:\Users\ORLANDO\Documents\My Games
2017-01-27 18:04 - 2017-01-27 18:04 - 00000222 _____ C:\Users\ORLANDO\Desktop\Fallout 4.url
2017-01-27 00:38 - 2017-01-27 00:38 - 00000000 ____D C:\Users\ORLANDO\Documents\Dolphin Emulator
2017-01-27 00:36 - 2017-01-27 00:36 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-27 00:36 - 2017-01-20 06:07 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-27 00:36 - 2016-12-15 16:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-27 00:36 - 2016-12-15 16:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-27 00:36 - 2016-12-15 16:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-27 00:36 - 2016-12-15 16:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-27 00:34 - 2017-01-23 16:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00719160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00618232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00609216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00573120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00447800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-25 16:54 - 2016-07-16 03:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-25 16:25 - 2016-12-30 16:32 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\CrashDumps
2017-02-25 16:19 - 2016-12-26 19:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-25 16:19 - 2016-12-22 02:56 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{560433F8-5C21-4B4B-8D8A-0670D55FB686}
2017-02-25 16:19 - 2016-09-16 18:49 - 02685514 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-25 16:15 - 2016-12-23 12:33 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-25 16:13 - 2016-09-24 02:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-25 16:13 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-25 15:51 - 2016-09-24 02:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-25 02:27 - 2015-10-29 23:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-25 02:02 - 2016-12-23 15:15 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\ElevatedDiagnostics
2017-02-25 01:59 - 2016-12-23 15:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-25 01:11 - 2017-01-09 00:33 - 00119296 _____ C:\WINDOWS\SysWOW64\zlib.dll
2017-02-25 01:11 - 2016-09-24 02:51 - 00000000 ____D C:\Users\ORLANDO
2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 19:26 - 2016-10-30 17:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 19:07 - 2010-01-31 14:00 - 00000000 ____D C:\Users\ORLANDO\Desktop\OpenHardwareMonitor
2017-02-22 18:58 - 2016-09-23 18:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-02-21 18:49 - 2016-09-20 14:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-21 18:48 - 2016-09-20 14:29 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 00:26 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 18:21 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-02-20 18:21 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-20 18:21 - 2016-07-15 22:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2017-02-20 17:59 - 2016-09-16 19:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-20 17:56 - 2016-12-09 17:41 - 00019627 _____ C:\bdlog.txt
2017-02-12 14:54 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 23:17 - 2016-09-16 19:49 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 23:17 - 2016-09-16 19:49 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 23:28 - 2016-12-30 16:41 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-02 23:22 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-02-02 21:09 - 2016-12-30 16:41 - 00001155 _____ C:\Users\ORLANDO\Desktop\MSI Afterburner.lnk
2017-02-02 17:38 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-29 22:44 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-01-27 22:28 - 2016-12-27 12:37 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\NVIDIA
2017-01-27 00:45 - 2016-12-26 19:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-27 00:37 - 2016-12-26 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-27 00:36 - 2016-12-26 19:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 00:28 - 2017-01-07 21:25 - 00000565 _____ C:\Users\ORLANDO\Desktop\Fraps.lnk
2017-01-26 22:30 - 2016-12-27 12:35 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:30 - 2016-12-26 19:14 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-26 22:30 - 2016-12-26 19:13 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:30 - 2016-12-26 19:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-26 22:29 - 2016-12-26 19:13 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
 
==================== Files in the root of some directories =======
 
2017-01-28 16:44 - 2017-01-28 16:51 - 1307648 _____ () C:\Users\ORLANDO\AppData\Local\file__0.localstorage
2017-02-17 15:50 - 2016-11-23 05:37 - 0000570 _____ () C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json
2016-11-14 20:38 - 2016-11-14 20:38 - 0047421 _____ () C:\ProgramData\agent.1479184695.bdinstall.bin
2016-12-30 16:31 - 2016-12-30 16:31 - 0028190 _____ () C:\ProgramData\agent.1483144259.bdinstall.bin
2017-02-20 18:12 - 2017-02-20 18:12 - 0027972 _____ () C:\ProgramData\agent.1487643129.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 0028714 _____ () C:\ProgramData\agent.1487643631.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 0216089 _____ () C:\ProgramData\cl.1487643569.bdinstall.bin
2016-09-24 02:50 - 2016-09-24 02:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-27 12:35 - 2017-01-04 22:15 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-27 12:35 - 2017-01-04 22:13 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Some files in TEMP:
====================
2017-02-25 02:10 - 2016-11-11 02:13 - 1886344 _____ (Microsoft Corporation) C:\Users\ORLANDO\AppData\Local\Temp\dllnt_dump.dll
2017-02-25 16:54 - 2017-02-14 02:05 - 0897048 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-Common.dll
2017-02-25 16:54 - 2017-02-14 02:05 - 0515608 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-InstallerUtils.dll
2017-02-25 16:54 - 2017-02-14 01:56 - 0187416 _____ (BlueStack Systems) C:\Users\ORLANDO\AppData\Local\Temp\HD-LibraryHandler.dll
2017-02-25 16:54 - 2017-02-14 01:55 - 0246808 _____ (BlueStack Systems) C:\Users\ORLANDO\AppData\Local\Temp\HD-Logger-Native.dll
2017-02-25 16:54 - 2017-02-14 02:05 - 0426008 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-Uninstaller.exe
2016-12-26 19:13 - 2016-12-11 10:23 - 0860776 _____ (NVIDIA Corporation) C:\Users\ORLANDO\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-27 00:19 - 2016-12-11 10:23 - 0353336 _____ (NVIDIA Corporation) C:\Users\ORLANDO\AppData\Local\Temp\nvStInst.exe
2016-08-15 23:48 - 2016-08-15 23:48 - 0488960 _____ () C:\Users\ORLANDO\AppData\Local\Temp\sqlite3.exe
2017-02-19 18:53 - 2017-02-19 18:53 - 0061440 _____ () C:\Users\ORLANDO\AppData\Local\Temp\wzjyhvht.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-21 14:54
 
==================== End of FRST.txt ============================

Attached Files


Edited by Al1000, 26 February 2017 - 09:37 AM.
moved from Windows 10 Support


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:32 AM

Posted 26 February 2017 - 10:07 AM

Hello,

Sorry. Duplicate topic. Please look.

https://www.bleepingcomputer.com/forums/t/640852/malwarebytes-will-not-start-the-parameter-is-incorrect-help-is-appreciated/


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users