Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows will not update, Think recovery partition is infected.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Hempwarrior

Hempwarrior

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 31 May 2017 - 11:27 PM

Running Windows 10

 

Hello and thank you in advance to anyone who is will to help me with this very aggravating issue i've been having with my laptop for about a year now. I started to notice things going wrong about a year ago and they where the smallest of things so i never thought twice of it. Settings changed, folders created. I ran all my scans (AVG, Malwarebytes, adwcleaner) after using rKill to make sure i was not infected, sure enough every time i run a scan it comes back clean. I ran the scans in safe mode a swell. I started to notice weird services pop up in my list over time and was convinced someone had gained access remotely to my cpu. all the file paths i could dig up led back to one user: S-1-5-21 OR S-1-15-3-1024. sometimes it was a variation of those numbers but always S-1-XX. The next thing i thought I would try is to scan for rootkits so i did so using TDDSKiller, and found nothing. Finally I gave up and went to re-install and noticed all my restore point disappeared, and that confirmed for me that a re-install was the only way i could get rid of this thing. Did a fresh install and to my surprise all the issues i was having were STILL present when windows booted up again with a fresh install, only now I could not update windows at all. The computer will run fine one day, then the next be sluggish or have spikes of 100% cpu usage for no reason, as well as very weird network activity going on in the background. I am stuck, i just want my computer back. So any help you be so very much appreciated. 

 

Here are my Fubar logs, if i can help answer any questions you have or go over something more in-depth just ask. I will constantly be monitoring this thread!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2017
Ran by MaxSc (administrator) on MAXGAMINGLAPTOP (31-05-2017 21:08:41)
Running from C:\Users\MaxSc\Desktop
Loaded Profiles: MaxSc (Available Profiles: defaultuser0 & MaxSc & Max)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347680 2015-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-09-15] (Realtek Semiconductor)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-05-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-08-01] (QFX Software Corporation)
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2225219609-1016624251-2408400661-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2015-06-11] (SteelSeries ApS)
HKU\S-1-5-21-2225219609-1016624251-2408400661-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-2225219609-1016624251-2408400661-1001\...\MountPoints2: {da6f79e7-6fd1-11e6-a906-806e6f6e6963} - "D:\setup.exe" 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-09-01]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1e23b800-3748-4f0f-be45-de65ce830ad8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{278b6cf2-2bbe-46be-9e84-2a73fd4c60ab}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2225219609-1016624251-2408400661-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
 
FireFox:
========
FF DefaultProfile: l4zatjlv.default
FF ProfilePath: C:\Users\MaxSc\AppData\Roaming\Mozilla\Firefox\Profiles\l4zatjlv.default [2017-05-31]
FF Extension: (Firefox Hotfix) - C:\Users\MaxSc\AppData\Roaming\Mozilla\Firefox\Profiles\l4zatjlv.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-19]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\MaxSc\AppData\Local\Google\Chrome\User Data\Default [2017-05-31]
CHR Extension: (Adguard AdBlocker) - C:\Users\MaxSc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-05-31]
CHR Extension: (Steam Inventory Helper) - C:\Users\MaxSc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-05-31]
CHR Extension: (PSO2 Extension) - C:\Users\MaxSc\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2017-05-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\MaxSc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MaxSc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\MaxSc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-20]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-05-23] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7396872 2017-05-23] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-05-23] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-28] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-04-17] (Hi-Rez Studios) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed]
R2 Micro Star SCM; C:\Windows\SysWoW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-17] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-20] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-05-23] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [314128 2017-05-23] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-05-23] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-05-23] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-05-23] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-05-23] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-05-23] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102280 2017-05-23] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-05-23] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-05-23] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [570320 2017-05-23] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [160008 2017-05-23] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340824 2017-05-23] (AVG Technologies CZ, s.r.o.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-09-14] (REALiX™)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [347912 2016-08-03] (Intel Corporation)
S2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [93192 2016-06-12] (Intel  Corporation)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162456 2016-02-01] (Qualcomm Atheros, Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3517192 2016-09-15] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_69ca8597af61d80b\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [758488 2016-09-15] (Realsil Semiconductor Corporation)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-10-08] (SteelSeries Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-05-31] ()
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
S3 VSScanner; C:\Windows\System32\DRIVERS\vsscanner.sys [29808 2016-08-18] (VoodooSoft, LLC)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-31 21:08 - 2017-05-31 21:09 - 00018784 _____ C:\Users\MaxSc\Desktop\FRST.txt
2017-05-31 21:08 - 2017-05-31 21:08 - 00000000 ____D C:\FRST
2017-05-31 21:05 - 2017-05-31 21:08 - 02431488 _____ (Farbar) C:\Users\MaxSc\Desktop\FRST64.exe
2017-05-31 20:49 - 2017-05-31 20:49 - 00002272 _____ C:\Users\MaxSc\Desktop\Google Chrome.lnk
2017-05-31 20:49 - 2017-05-31 20:49 - 00000000 ____D C:\Users\MaxSc\Desktop\Game related
2017-05-31 20:46 - 2017-05-31 20:46 - 00051482 _____ C:\Users\MaxSc\Documents\cc_20170531_204605.reg
2017-05-31 20:08 - 2017-05-31 20:46 - 00000099 _____ C:\Users\MaxSc\Desktop\S1153.txt
2017-05-31 19:57 - 2017-05-31 19:57 - 00026890 _____ C:\Users\MaxSc\Documents\cc_20170531_195746.reg
2017-05-31 10:06 - 2017-05-31 10:06 - 00000000 ____D C:\Users\MaxSc\AppData\Roaming\Google
2017-05-31 07:39 - 2017-05-31 07:39 - 00130208 _____ C:\Users\MaxSc\Documents\cc_20170531_073931.reg
2017-05-30 13:11 - 2017-05-30 13:11 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-30 13:11 - 2017-03-10 14:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-05-30 13:11 - 2017-03-10 14:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-05-30 13:11 - 2017-03-10 14:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-05-30 13:11 - 2017-03-10 14:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-05-30 13:09 - 2017-05-18 00:35 - 40201848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 35390072 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 35282040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 28624504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 11056456 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 11028664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 10551072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 09248144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 09014976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 08808488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 03797112 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 03256440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438233.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 01606592 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438233.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 01278528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 01056704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00995736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00993912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00964032 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00914880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00775864 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00612272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00577728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-05-30 13:09 - 2017-05-18 00:35 - 00499320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-05-30 13:02 - 2017-05-30 13:05 - 441967024 _____ (NVIDIA Corporation) C:\Users\Max\Downloads\382.33-notebook-win10-64bit-international-whql.exe
2017-05-30 04:23 - 2017-05-30 04:24 - 00000000 ____D C:\getservice
2017-05-30 01:26 - 2017-05-30 01:42 - 00000000 ____D C:\Users\MaxSc\AppData\Roaming\discord
2017-05-28 23:18 - 2017-05-30 01:27 - 00002272 _____ C:\Users\Max\Desktop\Discord.lnk
2017-05-28 23:18 - 2017-05-29 07:57 - 00000000 ____D C:\Users\Max\AppData\Roaming\discord
2017-05-28 23:18 - 2017-05-28 23:18 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\Max\Downloads\DiscordSetup.exe
2017-05-28 23:18 - 2017-05-28 23:18 - 00000000 ____D C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-05-28 23:18 - 2017-05-28 23:18 - 00000000 ____D C:\Users\Max\AppData\Local\SquirrelTemp
2017-05-28 23:18 - 2017-05-28 23:18 - 00000000 ____D C:\Users\Max\AppData\Local\Discord
2017-05-28 19:13 - 2017-05-30 19:11 - 00000000 ____D C:\Users\Max\AppData\LocalLow\Mozilla
2017-05-23 21:00 - 2017-05-23 21:00 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-05-20 10:03 - 2017-05-20 10:03 - 00001346 _____ C:\Users\Max\Desktop\AddOns - Shortcut(BC).lnk
2017-05-20 09:51 - 2017-05-30 15:50 - 00000000 ____D C:\Users\Max\Desktop\WoW AddOns
2017-05-20 08:09 - 2017-05-20 08:09 - 00000218 _____ C:\Users\Max\AppData\Local\recently-used.xbel
2017-05-20 08:08 - 2017-05-31 19:10 - 00001460 _____ C:\Users\Max\Desktop\Wow.exe - BC.lnk
2017-05-20 07:20 - 2017-05-20 07:20 - 00000000 ____D C:\Users\MaxSc\Documents\Heroes of the Storm
2017-05-20 07:19 - 2017-05-20 07:19 - 00000000 ____D C:\Users\MaxSc\Documents\StarCraft II
2017-05-20 07:12 - 2017-05-20 08:12 - 00000000 ____D C:\Users\Max\Desktop\World of Warcraft - The Burning Crusade 2.4.3
2017-05-20 02:09 - 2017-05-20 02:09 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2017-05-20 01:18 - 2017-05-01 15:38 - 01988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438205.dll
2017-05-20 01:18 - 2017-05-01 15:38 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438205.dll
2017-05-20 01:13 - 2017-05-20 01:16 - 437877496 _____ (NVIDIA Corporation) C:\Users\Max\Downloads\382.05-notebook-win10-64bit-international-whql.exe
2017-05-20 01:09 - 2017-05-20 01:09 - 00004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-20 01:09 - 2017-05-03 13:21 - 00175736 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-05-20 01:09 - 2017-05-03 13:21 - 00143480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-05-19 14:08 - 2017-05-19 14:16 - 00000000 ____D C:\Users\Max\Documents\UtechSmart 16400DPI Gaming Mouse
2017-05-19 13:49 - 2017-05-19 13:52 - 00000000 ____D C:\Users\MaxSc\Documents\UtechSmart 16400DPI Gaming Mouse
2017-05-19 13:49 - 2017-05-19 13:49 - 00039536 _____ C:\Users\Max\AppData\Local\GDIPFONTCACHEV1.DAT
2017-05-19 13:49 - 2017-05-19 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UtechSmart 16400DPI VENUS Gaming Mouse
2017-05-19 13:49 - 2017-05-19 13:49 - 00000000 ____D C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse
2017-05-17 18:27 - 2017-05-17 20:04 - 00000000 ____D C:\Users\Max\Desktop\Wrath of the Lich King 3.3.5a (wod models)
2017-05-17 18:26 - 2017-05-20 07:21 - 00000000 ____D C:\Users\Max\AppData\Roaming\deluge
2017-05-17 18:25 - 2017-05-17 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2017-05-17 18:25 - 2017-05-17 18:25 - 00000000 ____D C:\Program Files (x86)\Deluge
2017-05-17 18:24 - 2017-05-17 18:25 - 16189143 _____ (Deluge Team) C:\Users\Max\Downloads\deluge-1.3.15-win32-py2.7.exe
2017-05-17 15:58 - 2017-05-17 18:22 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-05-17 15:56 - 2017-05-17 15:56 - 03190256 _____ (Blizzard Entertainment) C:\Users\Max\Downloads\World-of-Warcraft-Setup.exe
2017-05-09 07:47 - 2017-05-09 07:47 - 00000000 ____D C:\Users\Max\AppData\Local\Sony Corporation
2017-05-09 07:43 - 2017-05-09 07:43 - 00000000 ____D C:\Users\MaxSc\AppData\Local\Sony Corporation
2017-05-09 07:41 - 2017-05-09 07:41 - 00002150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS4 Remote Play.lnk
2017-05-09 07:41 - 2017-05-09 07:41 - 00000000 ____D C:\Program Files (x86)\Sony
2017-05-09 07:40 - 2017-05-09 07:40 - 17926280 _____ (Sony Interactive Entertainment Inc.) C:\Users\Max\Downloads\RemotePlayInstaller.exe
2017-05-05 02:30 - 2017-05-05 02:30 - 00000000 ____D C:\Users\Max\.jagex_cache_32
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-31 21:07 - 2016-07-16 04:36 - 00000000 ____D C:\Windows\CbsTemp
2017-05-31 21:05 - 2016-09-19 23:36 - 00000000 ____D C:\Users\MaxSc\AppData\Local\ClassicShell
2017-05-31 21:02 - 2017-04-21 23:17 - 00003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-05-31 20:51 - 2016-08-31 15:32 - 02596710 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-31 20:50 - 2016-08-31 21:08 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-31 20:50 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\AppReadiness
2017-05-31 20:49 - 2016-09-01 04:23 - 00000000 ___RD C:\Users\MaxSc\Desktop\Technical ToolKit & AntiM Tools for Repair
2017-05-31 20:48 - 2016-08-31 16:50 - 00000000 __SHD C:\Users\MaxSc\IntelGraphicsProfiles
2017-05-31 20:47 - 2017-04-28 04:09 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-05-31 20:47 - 2016-08-31 16:48 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-31 20:47 - 2016-08-31 15:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-31 20:46 - 2016-07-15 23:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-05-31 20:45 - 2016-09-22 09:16 - 00000000 ____D C:\Windows\Minidump
2017-05-31 20:45 - 2016-07-16 04:45 - 00000000 ____D C:\Windows\INF
2017-05-31 20:33 - 2016-08-31 16:56 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18F9CCE7-C695-4C75-A175-7977BD217908}
2017-05-31 20:29 - 2016-09-01 05:55 - 00000000 ____D C:\Users\Max
2017-05-31 20:27 - 2016-09-01 06:08 - 00000000 ___RD C:\Users\Max\Desktop\Technical ToolKit & AntiM Tools for Repair
2017-05-31 20:02 - 2016-09-02 18:52 - 00000000 ____D C:\Users\MaxSc\AppData\Local\Android
2017-05-31 20:02 - 2016-09-02 17:07 - 00000000 ____D C:\Users\MaxSc\.android
2017-05-31 19:59 - 2016-09-02 18:51 - 00000000 ____D C:\Program Files\Android
2017-05-31 19:57 - 2016-09-01 04:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-05-31 19:57 - 2016-08-31 17:02 - 00000000 ____D C:\Users\MaxSc\AppData\Roaming\TweakNow PowerPack
2017-05-31 19:54 - 2016-09-08 11:01 - 00000000 ____D C:\Users\Max\AppData\Local\ClassicShell
2017-05-31 19:14 - 2016-09-04 04:34 - 00000000 ____D C:\Users\MaxSc\AppData\Local\ElevatedDiagnostics
2017-05-31 19:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\NDF
2017-05-31 17:01 - 2016-09-01 05:55 - 00000000 __SHD C:\Users\Max\IntelGraphicsProfiles
2017-05-31 17:01 - 2016-09-01 02:48 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-05-31 17:00 - 2016-08-31 15:23 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-05-31 09:55 - 2016-08-31 16:47 - 00000000 ____D C:\Users\MaxSc
2017-05-31 08:48 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-31 08:42 - 2016-08-31 15:23 - 00230232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-31 07:43 - 2016-09-22 09:25 - 00000000 ____D C:\Windows\pss
2017-05-31 07:09 - 2017-04-21 23:35 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-31 07:09 - 2016-09-19 21:26 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-05-31 06:20 - 2016-09-01 04:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-31 06:15 - 2016-09-22 09:39 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-05-31 04:11 - 2016-09-02 17:03 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8FA574F9-2BA8-4F8B-ABD4-8D7287BBF3E0}
2017-05-30 13:23 - 2016-08-31 21:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-30 13:11 - 2017-04-21 23:36 - 00004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-30 13:11 - 2017-04-21 23:36 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-30 13:11 - 2017-04-21 23:36 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-30 13:11 - 2017-04-21 23:36 - 00003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-30 13:11 - 2017-04-21 23:36 - 00003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-30 13:11 - 2017-04-21 23:36 - 00003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-30 13:11 - 2016-08-31 16:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-30 13:11 - 2016-08-31 16:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-30 04:43 - 2016-09-01 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-30 04:43 - 2016-09-01 20:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-30 04:28 - 2016-08-31 16:50 - 00000000 ____D C:\Users\MaxSc\AppData\Local\Packages
2017-05-30 04:23 - 2016-09-01 17:21 - 00000000 ____D C:\Users\MaxSc\AppData\Local\Nvidia Corporation
2017-05-29 20:45 - 2017-04-21 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-23 21:00 - 2017-04-21 23:39 - 00570320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-05-23 21:00 - 2017-04-21 23:39 - 00340824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-05-23 21:00 - 2017-04-21 23:39 - 00160008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
2017-05-23 21:00 - 2017-04-21 23:39 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.149559841920301
2017-05-23 21:00 - 2017-04-21 23:39 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-05-23 21:00 - 2017-04-21 23:39 - 00102280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-05-23 21:00 - 2017-04-21 23:39 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-05-23 21:00 - 2017-04-21 23:39 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-05-23 21:00 - 2017-04-21 23:39 - 00004008 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-05-23 20:59 - 2017-04-21 23:39 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-05-23 20:59 - 2017-04-21 23:39 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-05-23 20:59 - 2017-04-21 23:39 - 00314128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-05-23 20:59 - 2017-04-21 23:39 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-05-23 20:59 - 2017-04-21 23:39 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-05-23 20:59 - 2017-04-21 23:39 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-05-23 05:43 - 2016-08-31 17:04 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 05:42 - 2016-08-31 17:04 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-23 01:32 - 2016-09-01 17:07 - 00000000 ____D C:\Users\Max\AppData\Local\NVIDIA Corporation
2017-05-20 02:10 - 2016-09-02 17:00 - 00000000 ____D C:\Users\Max\AppData\Roaming\HTC
2017-05-20 02:09 - 2016-09-01 23:55 - 00000000 ____D C:\Users\Max\AppData\Local\Razer
2017-05-20 02:09 - 2016-08-31 16:48 - 00000000 ____D C:\ProgramData\Razer
2017-05-20 01:33 - 2016-08-31 17:49 - 00000000 ____D C:\Users\MaxSc\AppData\Local\Google
2017-05-20 01:26 - 2016-09-01 17:28 - 00000000 ____D C:\Users\Max\AppData\Local\Battle.net
2017-05-20 01:09 - 2017-04-21 23:37 - 00003994 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 00:35 - 2017-04-21 23:36 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-05-18 00:35 - 2017-04-21 23:36 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-05-18 00:35 - 2017-04-21 23:35 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-05-18 00:35 - 2015-07-23 04:02 - 04114248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-05-18 00:35 - 2015-07-23 04:02 - 03624784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-05-18 00:35 - 2015-07-23 04:02 - 00045061 _____ C:\Windows\system32\nvinfo.pb
2017-05-17 22:48 - 2016-08-31 16:46 - 06437824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-05-17 22:48 - 2016-08-31 16:46 - 02479736 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-05-17 22:48 - 2016-08-31 16:46 - 01762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-05-17 22:48 - 2016-08-31 16:46 - 00548984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-05-17 22:48 - 2016-08-31 16:46 - 00392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-05-17 22:48 - 2016-08-31 16:46 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-05-17 22:48 - 2016-08-31 16:46 - 00069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-05-17 18:12 - 2016-09-01 17:25 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-17 17:47 - 2016-09-02 07:31 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-05-16 11:09 - 2016-08-31 16:46 - 07993157 _____ C:\Windows\system32\nvcoproc.bin
2017-05-12 14:10 - 2016-09-01 17:05 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-12 02:34 - 2016-08-31 17:50 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-09 20:50 - 2016-09-01 05:55 - 00000000 ____D C:\Users\Max\AppData\Local\Packages
2017-05-05 06:19 - 2017-04-28 06:55 - 00000024 _____ C:\Users\Max\random.dat
2017-05-05 03:40 - 2017-04-28 06:55 - 00000024 _____ C:\Users\Max\jagexappletviewer.preferences
2017-05-05 02:30 - 2017-04-28 06:55 - 00000042 _____ C:\Users\Max\jagex_cl_oldschool_LIVE.dat
2017-05-03 13:21 - 2017-04-21 23:37 - 01893496 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-05-03 13:21 - 2017-04-21 23:37 - 01755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-05-03 13:21 - 2017-04-21 23:37 - 01477240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-05-03 13:21 - 2017-04-21 23:37 - 01317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-05-03 13:21 - 2017-04-21 23:37 - 00121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-05-03 13:21 - 2016-09-01 17:03 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
 
==================== Files in the root of some directories =======
 
2012-11-27 22:45 - 2012-11-27 22:45 - 0177152 ____N () C:\Program Files\madbasic_.bpl
2012-11-27 22:45 - 2012-11-27 22:45 - 0044544 ____N () C:\Program Files\maddisAsm_.bpl
2012-11-27 22:45 - 2012-11-27 22:45 - 0345088 ____N () C:\Program Files\madexcept_.bpl
2016-08-31 06:49 - 2016-08-31 06:49 - 0000142 ____N () C:\Program Files\News.dat
2012-11-27 22:46 - 2012-11-27 22:46 - 0062320 ____N (ImIdea) C:\Program Files\PowerConfig.dll
2012-11-27 22:45 - 2012-11-27 22:45 - 1095168 ____N (Embarcadero Technologies, Inc.) C:\Program Files\rtl120.bpl
2012-11-27 22:46 - 2012-11-27 22:46 - 0516976 ____N () C:\Program Files\sqlite3.dll
2012-11-27 22:46 - 2012-11-27 22:46 - 0327536 ____N () C:\Program Files\taskMgr.dll
2012-11-27 22:46 - 2012-11-27 22:46 - 0083824 ____N (BlueSprig) C:\Program Files\TaskSchedule.exe
2016-08-31 06:49 - 2016-08-31 06:49 - 0025257 ____N () C:\Program Files\unins000.dat
2016-08-31 06:49 - 2016-08-31 06:49 - 1182576 ____N () C:\Program Files\unins000.exe
2016-08-31 06:49 - 2016-08-31 06:49 - 0022357 ____N () C:\Program Files\unins000.msg
2012-11-27 22:45 - 2012-11-27 22:45 - 1995776 ____N (Embarcadero Technologies, Inc.) C:\Program Files\vcl120.bpl
2016-09-01 02:07 - 2016-09-01 02:07 - 0000000 _____ () C:\Users\MaxSc\AppData\Local\Driver_LOM_8161Present.flag
2016-09-01 20:08 - 2016-09-01 20:08 - 0000017 _____ () C:\Users\MaxSc\AppData\Local\resmon.resmoncfg
 
Files to move or delete:
====================
C:\Users\MaxSc\installshield_scm.reg
C:\Users\MaxSc\scm.reg
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-31 00:48
 
==================== End of FRST.txt ============================

Attached Files


Edited by Hempwarrior, 31 May 2017 - 11:30 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 05 June 2017 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Repair these services.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How i

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 11 June 2017 - 07:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users