Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes will not start. 'The Parameter is incorrect.' FRST LOG


  • This topic is locked This topic is locked
1 reply to this topic

#1 bobbysaggers

bobbysaggers

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 25 February 2017 - 11:02 PM

Okay, I've installed the free trial of Malwarebytes but it will not start no matter what. The error comes up saying, "The parameter is incorrect." Something having to do with the mbam.exe. Please keep in mind that my computer is infected with multiple adware that I would love to remove. They all must've bypassed my anti-virus.. A couple that I noticed were named 'vmxclient.exe' and 'winscr.exe'. Those are obviously eating away at my computers performance. But enough of that. Here is the log from FRST. I will copy and paste the FRST.txt. If you need the log from the addition.txt then let me know. Thank you.

------------------------------------------------------------------FRST.txt----------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by ORLANDO (administrator) on DESKTOP-06E2V5A (25-02-2017 19:10:09)
Running from C:\Users\ORLANDO\Desktop
Loaded Profiles: ORLANDO (Available Profiles: ORLANDO)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\dataup\dataup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
() C:\Program Files (x86)\svcvmx\svcvmx.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe
(qdcomsvc Inc.) C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe
(ct Corp.) C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe
(splsrv Corp.) C:\Windows\SysWOW64\splsrv.exe
(winscr) C:\Program Files (x86)\winscr\winscr.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe
() C:\Program Files (x86)\svcvmx\vmxclient.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\...\Run: [Kaspersky Software Updater] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{1dba7fbb-eac9-4385-a410-45eec5adea5f}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26}: [NameServer] 82.163.143.157 82.163.142.159
Tcpip\..\Interfaces\{57e4a55b-649a-41e8-bbbf-474239d6ba26}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-938885844-2572887661-1113377308-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-28]
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-02-25]
CHR Extension: (Adobe Acrobat) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR Profile: C:\Users\ORLANDO\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-26] (AO Kaspersky Lab)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
R2 qdcomsvc; C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe [755200 2017-02-16] (qdcomsvc Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\ORLANDO\AppData\Local\Temp\20170221\ct.exe [722432 2017-02-19] (ct Corp.) [File not signed] <==== ATTENTION <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S2 ProductAgentService; "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" [X]
S2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe" /service [X]
S4 VSSERV; "C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe" /service [X]
S2 vsservp; "C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2015-11-25] (C-MEDIA)
R1 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [51784 2017-02-21] () [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-16] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-16] (Disc Soft Ltd)
R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. )
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-25] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U4 klhk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 19:10 - 2017-02-25 19:10 - 00012915 _____ C:\Users\ORLANDO\Desktop\FRST.txt
2017-02-25 18:14 - 2017-02-25 18:14 - 55566792 _____ (Malwarebytes ) C:\Users\ORLANDO\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-25 18:14 - 2017-02-25 18:14 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-25 18:14 - 2017-02-25 18:14 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-25 18:14 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-25 17:38 - 2017-02-25 17:38 - 00000000 ____D C:\Program Files (x86)\regtool
2017-02-25 17:20 - 2017-02-25 17:20 - 00044153 _____ C:\Users\ORLANDO\Downloads\Addition.txt
2017-02-25 16:58 - 2017-02-25 01:16 - 02423296 ____N (Farbar) C:\Users\ORLANDO\Desktop\FRST64.exe
2017-02-25 02:10 - 2017-02-25 17:04 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-25 02:10 - 2017-02-25 14:08 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-25 02:10 - 2017-02-25 02:10 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-25 02:10 - 2017-02-25 02:10 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-25 01:54 - 2017-02-25 01:54 - 00000000 ____D C:\WINDOWS\pss
2017-02-25 01:24 - 2017-02-25 19:10 - 00000000 ____D C:\FRST
2017-02-25 01:21 - 2017-02-25 01:22 - 00604928 _____ (Reimage) C:\Users\ORLANDO\Downloads\ReimageRepair.exe
2017-02-25 01:10 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\WINDOWS\system32\ffnd.exe
2017-02-25 01:04 - 2017-02-25 16:53 - 00000000 ____D C:\Program Files\FreeFixer
2017-02-25 01:04 - 2017-02-25 01:04 - 02704615 _____ (Kephyr) C:\Users\ORLANDO\Downloads\freefixersetup.exe
2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\FreeFixer
2017-02-25 01:04 - 2017-02-25 01:04 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\FreeFixer
2017-02-23 19:13 - 2017-02-23 19:13 - 02627220 _____ C:\Users\ORLANDO\Downloads\Voice_005.m4a
2017-02-23 19:13 - 2017-02-23 19:13 - 01081392 _____ C:\Users\ORLANDO\Downloads\Voice_003.m4a
2017-02-22 19:07 - 2017-02-22 19:10 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-02-21 17:58 - 2017-02-21 17:59 - 00000000 ____D C:\ProgramData\Microleaves
2017-02-21 14:54 - 2017-02-21 14:54 - 00051784 _____ C:\WINDOWS\system32\Drivers\drmkpro64.sys
2017-02-21 06:29 - 2017-02-21 06:29 - 00000000 ____D C:\ProgramData\aabda3c9-63f7-0
2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{C4E82169-7343-96C2-F783-DCC4A24FDF70}
2017-02-21 06:24 - 2017-02-25 17:35 - 00000000 ____D C:\ProgramData\{4246D972-F5ED-6ED9-8DA9-CC01E447DE73}
2017-02-21 06:24 - 2017-02-21 06:24 - 00023710 _____ C:\WINDOWS\System32\Tasks\{790C0847-7F0C-0E05-0811-7D797E7A117F}
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\aabda3c9-0e83-0
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\6d2d265c
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{7b0c73be-212c-0}
2017-02-21 06:24 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\{606a5394-312c-1}
2017-02-20 18:20 - 2017-02-20 18:20 - 00216089 _____ C:\ProgramData\cl.1487643569.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 00028714 _____ C:\ProgramData\agent.1487643631.bdinstall.bin
2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\llssoft
2017-02-20 18:16 - 2017-02-20 18:24 - 00000000 ____D C:\Program Files (x86)\svcvmx
2017-02-20 18:15 - 2017-02-22 18:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-20 18:15 - 2017-02-20 18:15 - 00001310 _____ C:\Users\Public\Desktop\Kaspersky Software Updater.lnk
2017-02-20 18:15 - 2017-02-20 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater
2017-02-20 18:13 - 2017-02-20 18:13 - 00001159 _____ C:\Users\ORLANDO\Desktop\Install Kaspersky Security Scan version 16.0.0.1344.lnk
2017-02-20 18:12 - 2017-02-20 18:12 - 00027972 _____ C:\ProgramData\agent.1487643129.bdinstall.bin
2017-02-20 18:07 - 2017-02-20 18:13 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\BitTorrent
2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\Desktop\BitTorrent.lnk
2017-02-20 18:07 - 2017-02-20 18:07 - 00002734 _____ C:\Users\ORLANDO\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2017-02-20 18:06 - 2017-02-22 18:58 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-02-20 18:06 - 2017-02-20 18:19 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-20 18:04 - 2017-02-20 18:05 - 177912864 _____ (Kaspersky Lab) C:\Users\ORLANDO\Downloads\kis17.0.0.611en_10743.exe
2017-02-20 18:00 - 2017-02-20 18:01 - 118423206 _____ C:\Users\ORLANDO\Downloads\Unconfirmed 522685.crdownload
2017-02-20 17:59 - 2017-02-20 17:59 - 01800192 _____ C:\Users\ORLANDO\Downloads\Kaspersky Internet Security 2016 Final Crack is Here.iso
2017-02-20 17:59 - 2017-02-20 17:59 - 00000000 ____D C:\Program Files (x86)\winscr
2017-02-20 17:56 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\d0dfc1ff-67a5-0
2017-02-20 17:56 - 2017-02-21 06:24 - 00000000 ____D C:\ProgramData\d0dfc1ff-24f1-1
2017-02-20 17:56 - 2017-02-20 17:57 - 00000406 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-20 17:56 - 2017-02-20 17:57 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-20 17:56 - 2017-02-20 17:56 - 01852928 _____ (splsrv Corp.) C:\WINDOWS\SysWOW64\splsrv.exe
2017-02-20 17:56 - 2017-02-20 17:56 - 00006549 _____ C:\WINDOWS\TEMPcoral.vbs
2017-02-20 17:56 - 2017-02-20 17:56 - 00003294 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-02-20 17:56 - 2017-02-20 17:56 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-20 17:56 - 2017-02-20 17:56 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\qdcomsvc
2017-02-20 17:56 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\dataup
2017-02-20 17:55 - 2017-02-20 17:57 - 00000420 _____ C:\WINDOWS\Tasks\Online Application Updater.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
2017-02-20 17:55 - 2017-02-20 17:57 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
2017-02-20 17:55 - 2017-02-20 17:56 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-02-20 17:55 - 2017-02-20 17:55 - 00003314 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
2017-02-20 17:55 - 2017-02-20 17:55 - 00003280 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-02-20 17:55 - 2017-02-20 17:55 - 00003274 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-02-20 17:55 - 2017-02-20 17:55 - 00003266 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
2017-02-20 17:55 - 2017-02-20 17:55 - 00003262 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-02-20 17:55 - 2017-02-20 17:55 - 00003260 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
2017-02-20 17:55 - 2017-02-20 17:55 - 00003248 _____ C:\WINDOWS\System32\Tasks\Online Application v2
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\c
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-20 17:55 - 2017-02-20 17:55 - 00000000 ____D C:\ProgramData\1487642148
2017-02-20 17:54 - 2017-02-20 17:54 - 01800192 _____ C:\Users\ORLANDO\Downloads\FL Studio 11 (2014) With Crack Full Version.iso
2017-02-20 17:50 - 2017-02-20 17:50 - 00834214 _____ C:\Users\ORLANDO\Downloads\FL5tud1o123licencekeyCrackcg.zip
2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\Mozilla
2017-02-17 15:51 - 2017-02-17 15:51 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Macromedia
2017-02-17 15:50 - 2016-11-23 05:37 - 00000570 _____ C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json
2017-02-17 15:48 - 2017-02-25 16:54 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Bluestacks
2017-02-17 15:48 - 2017-02-17 15:50 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-17 15:36 - 2017-02-17 15:47 - 335132976 _____ (BlueStack Systems Inc.) C:\Users\ORLANDO\Downloads\BlueStacks2_native_7399b918738d3feb7696e539a4902efa.exe
2017-02-16 21:38 - 2017-02-16 21:38 - 00000000 _____ C:\Users\ORLANDO\Documents\New Text Document (2).txt
2017-02-16 19:11 - 2017-02-16 19:11 - 00000000 ____D C:\WINDOWS\Panther
2017-02-16 13:47 - 2017-02-16 13:47 - 00000201 _____ C:\Users\ORLANDO\Documents\2nd SONG CRAZY.txt
2017-02-14 14:53 - 2017-02-14 14:53 - 09477678 _____ C:\Users\ORLANDO\Downloads\vnROM.net.rar
2017-02-14 14:43 - 2017-02-14 14:43 - 29419520 _____ C:\Users\ORLANDO\Desktop\AdbEnabled_G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME.tar
2017-02-14 14:43 - 2017-02-14 14:43 - 00000000 ____D C:\Users\ORLANDO\Desktop\AdbEnabled_G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME
2017-02-14 14:39 - 2017-02-14 14:39 - 00000000 ____D C:\Users\ORLANDO\Downloads\usb debugging enabler pc tricks zone
2017-02-14 13:42 - 2017-02-14 15:01 - 00000591 _____ C:\Users\ORLANDO\Documents\Beautiful Song That I Like.txt
2017-02-09 22:06 - 2017-02-09 22:07 - 00000000 ____D C:\Users\ORLANDO\Downloads\CF-Auto-Root-zeroltetmo-zeroltetmo-smg925t
2017-02-09 21:20 - 2016-11-17 13:48 - 4042680488 _____ C:\Users\ORLANDO\Downloads\G925TUVU5EPK5_G925TTMB5EPK5_G925TUVU5EPK5_HOME.tar.md5
2017-02-09 00:13 - 2017-02-09 02:22 - 00000102 _____ C:\Users\ORLANDO\Documents\Five Hundred Dollar PC.txt
2017-02-08 19:34 - 2017-02-08 22:21 - 1955906374 _____ C:\Users\ORLANDO\Downloads\G925TUVU5EPK5_G925TTMB5EPK5_TMB.zip
2017-02-08 19:18 - 2016-05-19 17:20 - 65536081 _____ C:\Users\ORLANDO\Desktop\CF-Auto-Root-zeroltetmo-zeroltetmo-smg925t.tar.md5
2017-02-08 19:16 - 2017-02-08 19:16 - 09330032 _____ (Samsung Electronics Co., Ltd.) C:\Users\ORLANDO\Downloads\Samsung-Usb-Driver-v1.5.55.0.exe
2017-02-08 19:10 - 2017-02-08 19:10 - 01107376 _____ C:\Users\ORLANDO\Downloads\odin3_v3.10.7.zip
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\ProgramData\Samsung
2017-02-08 01:00 - 2017-02-08 01:00 - 00000000 ____D C:\Program Files\Samsung
2017-02-08 01:00 - 2015-05-20 22:02 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2017-02-08 01:00 - 2015-05-20 22:02 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll
2017-02-08 01:00 - 2015-05-20 22:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2017-02-08 01:00 - 2015-05-20 22:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2017-02-03 23:29 - 2017-02-03 23:30 - 00000000 ____D C:\Users\ORLANDO\Documents\PCSX2
2017-02-03 23:28 - 2017-02-03 23:29 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2017-02-03 23:28 - 2017-02-03 23:28 - 00002008 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2017-02-03 23:27 - 2017-02-03 23:27 - 00000020 _____ C:\Users\ORLANDO\Documents\ass ins creed synister.txt
2017-02-02 23:31 - 2017-02-02 23:31 - 00000222 _____ C:\Users\ORLANDO\Desktop\Grand Theft Auto V.url
2017-01-30 19:26 - 2017-01-30 19:27 - 05596617 _____ (UserBenchmark.com) C:\Users\ORLANDO\Downloads\UserBenchMark.exe
2017-01-28 19:22 - 2017-01-28 19:22 - 18495884 _____ C:\Users\ORLANDO\Desktop\kart sav.sav
2017-01-28 16:45 - 2017-02-25 16:53 - 00000000 ____D C:\Users\ORLANDO\Valley
2017-01-28 16:44 - 2017-01-28 16:51 - 01307648 _____ C:\Users\ORLANDO\AppData\Local\file__0.localstorage
2017-01-28 16:23 - 2017-01-28 16:42 - 358226169 _____ (Unigine Corp. ) C:\Users\ORLANDO\Downloads\Unigine_Valley-1.0.exe
2017-01-27 20:12 - 2017-01-27 20:12 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\Fallout4
2017-01-27 20:10 - 2017-01-27 20:10 - 00000000 ____D C:\Users\ORLANDO\Documents\My Games
2017-01-27 18:04 - 2017-01-27 18:04 - 00000222 _____ C:\Users\ORLANDO\Desktop\Fallout 4.url
2017-01-27 00:38 - 2017-01-27 00:38 - 00000000 ____D C:\Users\ORLANDO\Documents\Dolphin Emulator
2017-01-27 00:36 - 2017-01-27 00:36 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-27 00:36 - 2017-01-20 06:07 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-01-27 00:36 - 2016-12-15 16:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-27 00:36 - 2016-12-15 16:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-27 00:36 - 2016-12-15 16:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-27 00:36 - 2016-12-15 16:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-27 00:34 - 2017-01-23 16:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00719160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00618232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00609216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00573120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00447800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 00:34 - 2017-01-20 08:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 18:52 - 2016-09-24 02:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-25 17:55 - 2016-12-30 16:32 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\CrashDumps
2017-02-25 17:42 - 2016-09-16 18:49 - 02703564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-25 17:38 - 2016-12-26 19:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-25 17:37 - 2016-12-23 12:33 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-25 17:36 - 2016-09-24 02:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-25 17:36 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-25 16:54 - 2016-07-16 03:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-25 16:19 - 2016-12-22 02:56 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{560433F8-5C21-4B4B-8D8A-0670D55FB686}
2017-02-25 02:27 - 2015-10-29 23:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-25 02:02 - 2016-12-23 15:15 - 00000000 ____D C:\Users\ORLANDO\AppData\Local\ElevatedDiagnostics
2017-02-25 01:59 - 2016-12-23 15:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-25 01:11 - 2017-01-09 00:33 - 00119296 _____ C:\WINDOWS\SysWOW64\zlib.dll
2017-02-25 01:11 - 2016-09-24 02:51 - 00000000 ____D C:\Users\ORLANDO
2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 22:06 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 19:26 - 2016-10-30 17:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 19:07 - 2010-01-31 14:00 - 00000000 ____D C:\Users\ORLANDO\Desktop\OpenHardwareMonitor
2017-02-22 18:58 - 2016-09-23 18:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-02-21 18:49 - 2016-09-20 14:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-21 18:48 - 2016-09-20 14:29 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 00:26 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 18:21 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-02-20 18:21 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-20 18:21 - 2016-07-15 22:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2017-02-20 17:59 - 2016-09-16 19:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-20 17:56 - 2016-12-09 17:41 - 00019627 _____ C:\bdlog.txt
2017-02-12 14:54 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 23:17 - 2016-09-16 19:49 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 23:17 - 2016-09-16 19:49 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-03 23:28 - 2016-12-30 16:41 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-02 23:22 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-02-02 21:09 - 2016-12-30 16:41 - 00001155 _____ C:\Users\ORLANDO\Desktop\MSI Afterburner.lnk
2017-02-02 17:38 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-29 22:44 - 2016-12-30 16:41 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-01-27 22:28 - 2016-12-27 12:37 - 00000000 ____D C:\Users\ORLANDO\AppData\Roaming\NVIDIA
2017-01-27 00:45 - 2016-12-26 19:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-27 00:37 - 2016-12-26 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-27 00:36 - 2016-12-26 19:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 00:28 - 2017-01-07 21:25 - 00000565 _____ C:\Users\ORLANDO\Desktop\Fraps.lnk
2017-01-26 22:30 - 2016-12-27 12:35 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:30 - 2016-12-26 19:14 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-26 22:30 - 2016-12-26 19:13 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:30 - 2016-12-26 19:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-26 22:29 - 2016-12-26 19:13 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-26 22:29 - 2016-12-26 19:13 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

==================== Files in the root of some directories =======

2017-01-28 16:44 - 2017-01-28 16:51 - 1307648 _____ () C:\Users\ORLANDO\AppData\Local\file__0.localstorage
2017-02-17 15:50 - 2016-11-23 05:37 - 0000570 _____ () C:\Users\ORLANDO\AppData\Local\TroubleshooterConfig.json
2016-11-14 20:38 - 2016-11-14 20:38 - 0047421 _____ () C:\ProgramData\agent.1479184695.bdinstall.bin
2016-12-30 16:31 - 2016-12-30 16:31 - 0028190 _____ () C:\ProgramData\agent.1483144259.bdinstall.bin
2017-02-20 18:12 - 2017-02-20 18:12 - 0027972 _____ () C:\ProgramData\agent.1487643129.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 0028714 _____ () C:\ProgramData\agent.1487643631.bdinstall.bin
2017-02-20 18:20 - 2017-02-20 18:20 - 0216089 _____ () C:\ProgramData\cl.1487643569.bdinstall.bin
2016-09-24 02:50 - 2016-09-24 02:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-27 12:35 - 2017-01-04 22:15 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-27 12:35 - 2017-01-04 22:13 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-25 02:10 - 2016-11-11 02:13 - 1886344 _____ (Microsoft Corporation) C:\Users\ORLANDO\AppData\Local\Temp\dllnt_dump.dll
2017-02-25 16:54 - 2017-02-14 02:05 - 0897048 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-Common.dll
2017-02-25 16:54 - 2017-02-14 02:05 - 0515608 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-InstallerUtils.dll
2017-02-25 16:54 - 2017-02-14 01:56 - 0187416 _____ (BlueStack Systems) C:\Users\ORLANDO\AppData\Local\Temp\HD-LibraryHandler.dll
2017-02-25 16:54 - 2017-02-14 01:55 - 0246808 _____ (BlueStack Systems) C:\Users\ORLANDO\AppData\Local\Temp\HD-Logger-Native.dll
2017-02-25 16:54 - 2017-02-14 02:05 - 0426008 _____ (BlueStack Systems, Inc.) C:\Users\ORLANDO\AppData\Local\Temp\HD-Uninstaller.exe
2016-12-26 19:13 - 2016-12-11 10:23 - 0860776 _____ (NVIDIA Corporation) C:\Users\ORLANDO\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-27 00:19 - 2016-12-11 10:23 - 0353336 _____ (NVIDIA Corporation) C:\Users\ORLANDO\AppData\Local\Temp\nvStInst.exe
2016-08-15 23:48 - 2016-08-15 23:48 - 0488960 _____ () C:\Users\ORLANDO\AppData\Local\Temp\sqlite3.exe
2017-02-19 18:53 - 2017-02-19 18:53 - 0061440 _____ () C:\Users\ORLANDO\AppData\Local\Temp\wzjyhvht.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-21 14:54

==================== End of FRST.txt ============================

 

If you need the addition.txt log then let me know.


Edited by bobbysaggers, 25 February 2017 - 11:03 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:04 AM

Posted 26 February 2017 - 05:20 PM

Member has open topic at Malwarebytes forum, https://www.bleepingcomputer.com/forums/t/640844/winvmx-clientexe-adware-removal-help-frst-log-posted-here/ .

 

This topic is closed, please pursue your topic at the Malwarebytes website..

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users