Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installed cracked video converter and get virus messed with system files!


  • This topic is locked This topic is locked
2 replies to this topic

#1 pongpeera054

pongpeera054

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 20 August 2017 - 10:59 AM

Hello,

I'm having trouble with my PC since I installed a cracked premium video converter. My PC freezes and rebooted itself, after rebooting it got a message "The program can't start because %hs is missing from your computer" I tried scanning with FRST and here are the results.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by SYSTEM on MININT-4T3U9V0 (20-08-2017 22:40:22)
Running from F:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-08-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartFirstrun.cmd.lnk [2014-06-27]
ShortcutTarget: StartFirstrun.cmd.lnk -> C:\Windows\KKDTools\Config\Firstrun.cmd (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartFirstrun.cmd.lnk [2014-06-27]
ShortcutTarget: StartFirstrun.cmd.lnk -> C:\Windows\KKDTools\Config\Firstrun.cmd (No File)
BootExecute: 
GroupPolicyScripts-x32\User: Restriction <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-08-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-08-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-08-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-08-05] (Avira Operations GmbH & Co. KG)
S2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [36600 2013-09-09] (APC)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-02] (Apple Inc.)
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-12] (Avira Operations GmbH & Co. KG)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-08-11] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [381992 2017-03-24] (EasyAntiCheat Ltd)
S2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [11774544 2017-08-19] ()
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [174760 2017-02-13] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28768528 2005-10-13] (Microsoft Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4476096 2005-09-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-20] ()
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-07-26] (NVIDIA Corporation)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-18] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-07-26] (NVIDIA Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-01-19] (SHAREit Technologies Co.Ltd)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Windows; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-20] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-14] (Avira Operations GmbH & Co. KG)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [189256 2017-08-05] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-05] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-21] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-21] (Avira Operations GmbH & Co. KG)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87528 2015-10-13] (Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [144872 2016-03-29] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1546216 2016-07-21] (Motorola Solutions, Inc.)
S3 cpuz140; C:\Users\Administrator\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2017-08-20] (CPUID) <==== ATTENTION
S3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2017-06-02] (Dev47Apps)
S3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2017-06-02] (Dev47Apps)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-14] ()
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [215560 2017-02-27] (Intel Corporation)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-28] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-20] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-05-28] (Malwarebytes)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3424512 2017-04-12] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-07-26] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-07-26] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-03-31] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [5597216 2016-12-09] (Realtek Semiconductor Corporation )
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
S0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-29] (VMware, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-08-09 17:02 - 2016-12-09 01:47 - 005597216 _____ (Realtek Semiconductor Corporation ) C:\Windows\System32\Drivers\rtwlanu.sys
2099-08-09 17:02 - 2016-12-09 01:26 - 000011148 _____ C:\Windows\System32\Drivers\TXPWR_LMT_184C.txt
2099-08-09 17:02 - 2016-12-09 01:25 - 000004626 _____ C:\Windows\System32\Drivers\PHY_REG_PG_184C.txt
2099-08-09 17:02 - 2012-02-14 04:37 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\System32\Rtlihvs.dll
2099-08-09 16:12 - 2099-08-09 17:03 - 000000000 ____D C:\Program Files (x86)\ASUS USB-AC53 Nano USB Wireless adapter Driver
2099-08-09 16:12 - 2012-02-14 04:37 - 000594432 ____N (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2099-08-09 16:12 - 2010-11-30 18:31 - 000451072 ____N C:\Windows\SysWOW64\ISSRemoveSP.exe
2017-08-20 22:40 - 2017-08-20 22:40 - 000000000 ____D C:\FRST
2017-08-20 05:57 - 2017-08-20 05:57 - 000000000 ____D C:\avrescue
2017-08-20 05:30 - 2017-08-20 05:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\BrowserModule
2017-08-20 05:29 - 2017-08-20 05:43 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Sysfiles
2017-08-20 05:29 - 2017-08-20 05:37 - 000016698 _____ C:\Windows\System32\Tasks\SportLogo
2017-08-20 05:28 - 2017-08-20 05:28 - 000073216 _____ C:\Windows\taskmgr.exe
2017-08-20 05:28 - 2017-08-20 05:28 - 000001993 ___RS C:\Users\Administrator\Desktop\LINЕ.lnk
2017-08-20 05:28 - 2017-08-20 05:28 - 000000000 ____D C:\Windows\Azart
2017-08-20 05:28 - 2017-08-20 05:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\SPI
2017-08-20 05:28 - 2017-08-20 05:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Browsers
2017-08-20 05:28 - 2017-08-20 05:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\1337
2017-08-20 05:02 - 2017-08-20 05:02 - 045099207 _____ C:\Users\Administrator\Desktop\GenYoutube.net_Monster_Action_Metal_1_-_Magnus_Melander_1_Hour.WEBM
2017-08-20 05:01 - 2017-08-20 05:01 - 002336513 _____ C:\Users\Administrator\Desktop\GenYoutube.net_Thors_Hammer_-_Ethan_Meixsell.WEBM
2017-08-20 05:01 - 2017-08-20 05:01 - 000506365 _____ C:\Users\Administrator\Desktop\GenYoutube.net_Johnny_Berglund_-_Fast_Aggressive_Melodic_Metal_Trailer_No2_-_Trailers.WEBM
2017-08-19 19:29 - 2017-08-20 04:23 - 000000138 _____ C:\Users\Administrator\Desktop\aapl.txt
2017-08-19 09:19 - 2017-08-19 09:19 - 000001104 _____ C:\Users\Public\Desktop\Movavi Video Converter 17.lnk
2017-08-19 09:19 - 2017-08-19 09:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\converter
2017-08-19 09:19 - 2017-08-19 09:19 - 000000000 ____D C:\Program Files (x86)\Movavi Video Converter 17
2017-08-19 09:14 - 2017-08-19 09:14 - 000005108 _____ C:\ProgramData\mudtcpaz.vzs
2017-08-19 09:14 - 2017-08-19 09:14 - 000000000 ____D C:\ProgramData\Movavi Video Converter 17
2017-08-19 09:13 - 2017-08-19 09:13 - 042819192 _____ (Movavi) C:\Users\Administrator\Desktop\MovaviVideoConverterSetupO.exe
2017-08-19 08:59 - 2017-08-19 09:01 - 107958275 _____ C:\Users\Administrator\Desktop\englishconversation.mp4
2017-08-19 06:14 - 2017-08-19 08:58 - 111558672 _____ C:\Users\Administrator\Desktop\theface.mp4
2017-08-19 05:07 - 2017-08-19 05:07 - 003854433 _____ C:\Users\Administrator\Desktop\GenYoutube.net_Over_The_Horizon_2015.WEBM
2017-08-18 22:45 - 2017-08-18 22:45 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-08-18 22:41 - 2017-08-18 22:41 - 000003380 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2017-08-18 22:41 - 2017-08-18 22:41 - 000000000 ____D C:\Program Files\KMSpico
2017-08-18 22:41 - 2010-12-05 18:16 - 000090112 _____ (Vestris Inc.) C:\Windows\System32\Vestris.ResourceLib.dll
2017-08-18 22:10 - 2017-08-18 22:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-18 21:41 - 2017-08-18 21:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Sony
2017-08-18 21:41 - 2017-08-18 21:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Publish Providers
2017-08-18 21:40 - 2017-08-18 21:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Sony
2017-08-18 21:40 - 2017-08-18 21:40 - 000001051 _____ C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2017-08-18 21:40 - 2017-08-18 21:40 - 000000000 ____D C:\ProgramData\Sony
2017-08-18 21:40 - 2017-08-18 21:40 - 000000000 ____D C:\Program Files\Sony
2017-08-18 21:40 - 2017-08-18 21:40 - 000000000 ____D C:\Program Files (x86)\Sony
2017-08-17 03:21 - 2017-08-17 03:21 - 000000000 ____D C:\Program Files (x86)\Movavi Video Editor 12
2017-08-11 08:44 - 2017-08-19 08:54 - 000001104 _____ C:\Users\Public\Desktop\Movavi Video Converter 16.lnk
2017-08-10 08:26 - 2017-08-19 06:20 - 000899816 _____ C:\Users\Administrator\Desktop\theface.mepx
2017-08-06 02:37 - 2017-08-06 02:45 - 000000000 ____D C:\Users\Administrator\Desktop\converted
2017-08-06 01:58 - 2017-08-06 01:58 - 000000000 ____D C:\Users\Administrator\AppData\Local\MediaHuman
2017-08-04 06:56 - 2017-05-21 22:50 - 000162000 _____ (Qualcomm Atheros, Inc.) C:\Windows\System32\Drivers\L1C63x64.sys
2017-08-04 06:15 - 2017-08-20 05:39 - 000003396 _____ C:\Windows\System32\Tasks\DriverMaxAgent
2017-08-04 06:15 - 2017-08-20 05:38 - 000003478 _____ C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c
2017-08-04 06:15 - 2017-08-04 06:15 - 000003712 _____ C:\Windows\System32\Tasks\DriverMaxWelcome
2017-08-04 06:15 - 2017-08-04 06:15 - 000003408 _____ C:\Windows\System32\Tasks\DriverMax Notification
2017-08-04 06:15 - 2017-08-04 06:15 - 000000000 ____D C:\Users\Administrator\My Drivers
2017-08-04 06:15 - 2017-08-04 06:15 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Innovative Solutions
2017-08-04 06:15 - 2017-08-04 06:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\Innovative Solutions
2017-08-04 06:15 - 2017-08-04 06:15 - 000000000 ____D C:\My Drivers
2017-08-04 06:14 - 2017-08-04 06:14 - 000000000 ____D C:\Program Files (x86)\Innovative Solutions
2017-08-04 05:57 - 2017-08-04 05:57 - 000000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2017-07-29 12:34 - 2017-07-29 12:34 - 000000000 __SHD C:\found.000
2017-07-28 09:12 - 2017-07-28 09:12 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-28 09:12 - 2017-07-18 14:38 - 000135800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-07-28 09:12 - 2017-03-10 13:17 - 000536864 _____ C:\Windows\System32\vulkan-1.dll
2017-07-28 09:12 - 2017-03-10 13:17 - 000525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-07-28 09:12 - 2017-03-10 13:17 - 000254240 _____ C:\Windows\System32\vulkaninfo.exe
2017-07-28 09:12 - 2017-03-10 13:17 - 000233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-07-28 09:10 - 2017-07-18 16:37 - 040239736 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 035803256 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 035314296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 028928120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 017808120 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 015482488 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2017-07-28 09:10 - 2017-07-18 16:37 - 014689632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 013655672 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 012451608 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 012133112 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 011591392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 010487760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 009982968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 003803768 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 003359168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 001988216 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6438494.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 001598072 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6438494.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 001067640 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 001005176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000972920 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000924280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000689992 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000609912 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000512856 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000499320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000429920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000171384 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000154208 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000149224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-07-28 09:10 - 2017-07-18 16:37 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-07-28 09:07 - 2017-07-26 09:11 - 000048248 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2017-07-28 05:48 - 2017-08-19 08:15 - 000738244 _____ C:\Users\Administrator\Desktop\englishconversation.mepx
2017-07-28 04:59 - 2017-08-10 07:26 - 000000000 ____D C:\Users\Administrator\Desktop\videostuff
2017-07-27 02:56 - 2017-07-27 02:56 - 000001484 ____H C:\Users\Administrator\Desktop\Opera.lnk
2017-07-27 02:49 - 2017-06-29 02:34 - 011473488 _____ C:\Users\Administrator\Desktop\gramblr.exe
2017-07-27 02:43 - 2017-08-20 05:32 - 000000000 ____D C:\ProgramData\Gramblr
2017-07-27 02:43 - 2017-08-19 18:25 - 000000000 ____D C:\Program Files\Gramblr
2017-07-26 03:18 - 2017-07-26 03:18 - 000000000 ____D C:\Windows\System32\Tasks\ASUS
2017-07-26 03:17 - 2017-07-26 03:18 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-07-26 03:17 - 2017-07-26 03:17 - 000016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2017-07-26 03:17 - 2017-07-26 03:17 - 000001769 _____ C:\Windows\Language_trs.ini
2017-07-26 03:17 - 2010-08-24 00:16 - 000013440 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2017-07-26 03:17 - 2010-06-29 00:41 - 000028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2017-07-26 03:17 - 2009-07-15 20:38 - 000015416 _____ () C:\Windows\System32\Drivers\ASACPI.sys
2017-07-26 03:07 - 2017-08-19 08:21 - 000003036 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-07-26 02:50 - 2017-07-26 02:50 - 000000980 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk
2017-07-21 05:12 - 2017-08-10 21:47 - 000003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1500642731
2017-07-21 05:12 - 2017-08-10 21:47 - 000000000 ____D C:\Program Files (x86)\Opera developer
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-08-09 17:17 - 2017-05-20 06:38 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS
2099-08-09 17:02 - 2009-07-13 18:34 - 000000570 _____ C:\Windows\win.ini
2017-08-20 21:35 - 2010-11-20 19:24 - 000605552 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2017-08-20 21:35 - 2010-11-20 19:24 - 000518672 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2017-08-20 05:58 - 2017-03-24 19:15 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-20 05:57 - 2009-07-13 21:08 - 000032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-20 05:56 - 2009-07-13 20:45 - 000020960 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-20 05:56 - 2009-07-13 20:45 - 000020960 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-20 05:39 - 2017-04-26 02:07 - 000000000 ___RD C:\Users\Administrator\OneDrive
2017-08-20 05:39 - 2017-03-24 19:36 - 000000000 ___RD C:\Users\Administrator\Google Drive
2017-08-20 05:38 - 2017-07-01 08:27 - 000000000 ____D C:\ProgramData\VMware
2017-08-20 05:38 - 2017-05-14 16:25 - 000253856 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-08-20 05:35 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-20 05:29 - 2017-03-24 23:22 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-08-20 05:23 - 2017-04-03 04:46 - 000000000 ____D C:\Program Files (x86)\Movavi Video Converter 16
2017-08-20 04:28 - 2017-07-05 07:42 - 000000000 ____D C:\OSX
2017-08-20 04:28 - 2017-07-01 08:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\VMware
2017-08-20 02:34 - 2017-07-01 08:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VMware
2017-08-19 16:51 - 2014-06-25 01:42 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-19 10:02 - 2014-06-25 01:50 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-08-19 09:20 - 2017-03-25 11:10 - 000000000 ____D C:\Users\Administrator\.fontconfig
2017-08-19 08:39 - 2017-03-24 20:44 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\AIMP
2017-08-19 08:31 - 2017-03-28 07:38 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2017-08-19 08:00 - 2017-06-15 06:08 - 005146048 _____ C:\Windows\System32\FNTCACHE.DAT
2017-08-19 07:37 - 2017-06-22 06:40 - 000000000 ____D C:\Program Files\Opera
2017-08-19 05:01 - 2009-07-13 21:13 - 000857250 _____ C:\Windows\System32\PerfStringBackup.INI
2017-08-19 05:01 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-08-18 22:58 - 2017-06-15 06:13 - 000124784 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-18 22:54 - 2014-06-25 14:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-18 22:44 - 2009-07-13 19:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-08-18 20:09 - 2017-07-09 17:26 - 000000000 ____D C:\Users\Administrator\Desktop\wallpaper
2017-08-17 14:33 - 2017-03-24 19:04 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2017-08-17 14:33 - 2017-03-24 19:04 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2017-08-17 03:22 - 2017-04-15 04:55 - 000002009 _____ C:\Users\Public\Desktop\Movavi Video Editor 12.lnk
2017-08-17 03:21 - 2017-03-24 19:55 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-08-17 02:58 - 2017-03-25 12:15 - 000000000 ____D C:\ProgramData\Avira
2017-08-16 04:36 - 2017-06-22 06:40 - 000003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1498142439
2017-08-15 21:26 - 2017-04-07 07:19 - 000000132 _____ C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CC Prefs
2017-08-14 19:13 - 2009-07-13 21:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-08-14 04:13 - 2017-07-16 02:53 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-14 04:13 - 2014-06-25 01:42 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-14 04:13 - 2014-06-25 01:42 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-14 04:13 - 2014-06-25 01:42 - 000000000 ____D C:\Windows\System32\Macromed
2017-08-14 02:49 - 2017-07-16 02:53 - 000004488 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-14 02:49 - 2017-03-24 19:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2017-08-09 06:33 - 2014-06-25 00:51 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-05 06:16 - 2017-04-01 07:07 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2017-08-05 04:19 - 2017-03-25 12:21 - 000189256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2017-08-05 04:19 - 2017-03-25 12:21 - 000151128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2017-08-04 06:15 - 2017-03-24 19:10 - 000000000 ____D C:\users\Administrator
2017-08-03 19:42 - 2017-07-01 22:12 - 000000932 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-07-30 05:00 - 2017-03-25 10:36 - 000000000 ____D C:\Users\Administrator\Documents\DAVAProject
2017-07-28 22:03 - 2017-03-24 20:31 - 000007644 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2017-07-28 21:12 - 2017-06-23 23:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2017-07-28 21:12 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2017-07-28 09:13 - 2017-03-24 19:15 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-28 09:07 - 2017-05-05 06:11 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 09:07 - 2017-04-28 06:33 - 000001385 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-07-28 09:07 - 2017-04-28 06:31 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-28 09:07 - 2017-04-28 06:27 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-28 09:07 - 2017-03-24 19:17 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 09:07 - 2017-03-24 19:17 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 09:07 - 2017-03-24 19:16 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 09:07 - 2017-03-24 19:16 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 09:07 - 2017-03-24 19:16 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 09:07 - 2017-03-24 19:16 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 09:07 - 2017-03-24 19:16 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-26 09:12 - 2017-03-24 19:17 - 001763448 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2017-07-26 09:12 - 2017-03-24 19:17 - 001545848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-07-26 09:12 - 2017-03-24 19:17 - 000919160 _____ (NVIDIA Corporation) C:\Windows\System32\NvRtmpStreamer64.dll
2017-07-26 09:11 - 2017-06-24 19:45 - 000179320 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2017-07-26 09:11 - 2017-06-24 19:45 - 000146552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-07-26 05:40 - 2017-04-08 21:12 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-07-26 03:18 - 2014-06-25 23:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-26 02:50 - 2017-04-01 07:07 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2017-07-21 05:12 - 2017-06-22 06:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2017-07-21 05:12 - 2017-06-22 06:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Opera Software
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 8191.12 MB
Available physical RAM: 7146.46 MB
Total Virtual: 8189.32 MB
Available Virtual: 7210.49 MB
 
==================== Drives ================================
 
Drive c: (Windows 7 x64) (Fixed) (Total:233.33 GB) (Free:79.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Local Disk) (Fixed) (Total:232.42 GB) (Free:93.11 GB) NTFS
Drive f: (T-62A) (Removable) (Total:14.8 GB) (Free:13.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 69BE2968)
Partition 1: (Active) - (Size=233.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 82B833FC)
Partition 1: (Not Active) - (Size=14.8 GB) - (Type=0C)
 
LastRegBack: 2099-08-09 16:43
 
==================== End of FRST.txt ============================
All helps are appreciated


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:30 PM

Posted 22 August 2017 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartFirstrun.cmd.lnk [2014-06-27]
ShortcutTarget: StartFirstrun.cmd.lnk -> C:\Windows\KKDTools\Config\Firstrun.cmd (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartFirstrun.cmd.lnk [2014-06-27]
ShortcutTarget: StartFirstrun.cmd.lnk -> C:\Windows\KKDTools\Config\Firstrun.cmd (No File)
GroupPolicyScripts-x32\User: Restriction <==== ATTENTION
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI)
S2 Windows; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartFirstrun.cmd.lnk
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartFirstrun.cmd.lnk
C:\Program Files\KMSpico
C:\Windows\System32\Tasks\AutoKMS

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and include the Addition.txt log that was created by the Farbar Program.

Let me know if the computer is bootable in normal mode.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:30 PM

Posted 29 August 2017 - 08:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users