Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange problems persisting after nuking drive and new PC.


  • This topic is locked This topic is locked
10 replies to this topic

#1 Rostam1994

Rostam1994

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 12 June 2018 - 09:03 PM

Background:

A few months ago back in February while playing a game on my gaming PC, the screen suddenly went black. This happens occasions with the game I play freezing and I usually just open task manager and tab out, but this time It didn't work (the screen stayed black)so I did a force shut down.

Upon reboot, i was met with a BSOD before it got to the usual login screen, and then the PC shut itself down and back up, only to get stuck in a BSOD loop.

Then after 5 times, it attempted automatic repair and was able to get to the login screen finally without a BSOD, but it didn't let me log into my user account, saying the credentials were invalid.

I ended up logging in as a guest, and upon getting to my desktop I noticed that the cursor was laggy, many drivers were "missing or corrupt" , including network, sound and graphics card drivers. The resolution of the screen had automatically shifted to 800x600 and there was no internet or sound. In my notifications bar on the right side of the windows desktop there were constant alerts saying that the drives were corrupt.

I googled stuff on my phone and was told to look in the event viewer for clues. I went in there and saw a bunch of messages "The system has been tampered" "Some data has been reset".

 

So accepting that the state my computer was in was a lost cause and grounds for a full reinstall, I plugged in an external drive and copied the photos/videos/whatever else I could onto it, as I decided i was going to wipe the drives and reinstall windows. I also exported 2 log files from the event viewer just in case someone could help read it in the future and determine what went wrong.

 

I found my original windows 10 installation boot media (Store-bought retail USB with write protection), booted off that, went into repair and used the /clean command on the drives including the one that had windows on it.

I then reinstalled windows 10 fresh. I never plugged the external drive with the things I rescued from my PC back into this PC.

The system appeared to be mostly fine, I set up a new user during windows 10 installation etc etc but it was easy to notice that my cursor on my desktop screen still had the lag. It's not low FPS, but input lag, when stuff happening on the screen is always behind some 40-50 milliseconds. This is noticeable with the cursor in windows not following my mouse / hand movements well, and makes playing games that require reaction time almost impossible.

This was right after reinstalling windows 10. I went to the event viewer to see if there are any error messages, and a bunch of audit failure notifications keep popping up. (Screenshot 18.png & screenshot 19.png)

I also could not do virus scans with malwarebytes even though the PC had nothing on it and was fresh from the wipe & reinstall.

 

Based on the corrupt warnings and the fact that my PC bluescreened before, I assumed maybe my hard drive had issues and the data was being corrupt, so I went and bought a new SSD, removed my old SSD from my PC's case then installed windows 10 on the new SSD to test. Same lag, same errors in Event viewer, same issue with not being able to scan despite being a fresh installation with no personal data.

 

At this point I borrowed a new prebuilt gaming PC from a shop and upon setting it up, the lag and other issues were there again. The event viewer on this borrowed PC is now showing similar events (screenshot 20.png). Doing a malware scan on the new PC gets stuck exactly the same way. Also, Windows apparently found corrupt system files on this brand new PC (I can provide the sfc scannow log if needed).

 

I'm baffled by what's going on. I don't want to think that it's potential malware because I understand the chances of something this strong would be super small, and can't even be a rootkit because I've changed computers, so something would have to be spreading through wifi if that were the case. But in the meantime, the lag makes the PC really hard to use and just makes gaming impossible.

If anyone could offer insight on the issue based on the strange occurences here I would be highly appreciative of it.

As I've wrote above I have the exported event viewer files from back when I initially bluescreened, but for now I've only attached screenshots of the individual error messages which are still coming up every day that I try to use the computer.

 

Thank you

Attached Files


Edited by Rostam1994, 12 June 2018 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:43 AM

Posted 13 June 2018 - 09:49 PM

Hi, Rostam1994 :)

 

Welcome to BC.

 

I believe the issue in your computer is not due to malware, but rather related to the RAM memory. Perform a memory test.

 

Use memtest. For instructions see here.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Rostam1994

Rostam1994
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 15 June 2018 - 11:07 PM

I ran memtest64 off USB stick

 

It was all clear for multiple passes



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:43 AM

Posted 16 June 2018 - 12:41 AM

Lets take a partial look at the system.
 
You will need another computer to download FRST.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system,

Boot to the Recovery Console's Command promptr.

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
    • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
      • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
      • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
      • After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.
      • On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • First press the Scan button. That will deactivate the rootkit. Once the scan is finished, press the Fix button
  • This will make a log,  Fixlog.txt. Please copy and paste its contents to a  reply.

Edited by JSntgRvr, 16 June 2018 - 12:42 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:43 AM

Posted 20 June 2018 - 11:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:43 AM

Posted 20 June 2018 - 06:55 PM

This topic has been re-opened at the request of the person who originally posted.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Rostam1994

Rostam1994
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 30 June 2018 - 08:14 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by SYSTEM on MININT-U8MROGV (30-06-2018 06:10:33)
Running from d:\
Platform: Windows 10 Pro Version 1709 16299.15 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-19] (Creative Technology Ltd)
HKU\Dan\...\Run: [OneDrive] => "C:\Users\Dan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\Dan\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [27146448 2018-03-30] (Corsair Components, Inc.)
HKU\Dan\...\Run: [YoloMouse] => C:\Program Files\YoloMouse\YoloMouse.exe
HKU\Dan\...\Run: [wtfast Tray] => C:\Program Files (x86)\wtfast\wtfast.exe [7256640 2018-06-20] (AAA Internet Publishing Inc.)
HKU\Dan\...\Run: [Discord] => C:\Users\Dan\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\Dan\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [34512 2018-03-30] (Corsair Components, Inc.)
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [113160 2015-11-25] (Creative Technology Ltd)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-29] (Microsoft Corporation)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-29] (Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-29] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [88936 2015-06-17] (Asmedia Technology)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.)
S3 cpuz146; C:\Windows\temp\cpuz146\cpuz146_x64.sys [52824 2018-06-30] (CPUID)
S3 cthda; C:\Windows\system32\drivers\cthda.sys [1067304 2015-11-25] (Creative Technology Ltd)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
S3 KillerEth; C:\Windows\System32\drivers\e24w10x64.sys [156744 2015-09-23] (Qualcomm Atheros, Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-28] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-30] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-06-30] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-30] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [103656 2018-06-30] (Malwarebytes)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31016 2018-05-20] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [68112 2018-04-27] (NVIDIA Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46592 2018-06-29] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [340008 2018-06-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-29] (Microsoft Corporation)
S2 WtfEngineDrv; C:\Windows\system32\Drivers\WtfEngineDrv.sys [40352 2016-12-16] (AAA Internet Publishing, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-30 06:09 - 2018-06-30 06:10 - 000000000 ____D C:\FRST
2018-06-30 05:06 - 2018-06-30 05:06 - 002412544 _____ (Farbar) C:\Users\Dan\Downloads\FRST64.exe
2018-06-30 01:14 - 2018-06-30 01:14 - 000000000 ____D C:\Users\Dan\AppData\Local\Steam
2018-06-30 01:13 - 2018-06-30 05:07 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-30 01:11 - 2018-06-30 01:11 - 001573568 _____ C:\Users\Dan\Downloads\SteamSetup.exe
2018-06-29 21:45 - 2018-06-29 21:45 - 000000000 ____D C:\Program Files\EqualizerAPO
2018-06-29 21:36 - 2018-06-29 21:36 - 008342093 _____ C:\Users\Dan\Downloads\EqualizerAPO64-1.2.exe
2018-06-29 06:39 - 2018-06-29 06:28 - 000548000 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2018-06-29 06:28 - 2018-06-29 06:28 - 000000000 ____D C:\Windows\System32\Drivers\wd
2018-06-28 07:13 - 2018-06-30 03:32 - 000103656 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-06-28 07:13 - 2018-06-30 03:28 - 000253664 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-06-28 07:13 - 2018-06-30 03:28 - 000112872 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-06-28 07:13 - 2018-06-30 03:28 - 000044768 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-06-28 07:13 - 2018-06-28 07:13 - 000190696 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-06-28 07:13 - 2018-06-28 07:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-28 07:13 - 2018-06-28 07:13 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-28 07:13 - 2018-05-24 05:55 - 000152184 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2018-06-28 05:56 - 2018-06-28 05:56 - 071970456 _____ (Malwarebytes ) C:\Users\Dan\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5649.exe
2018-06-28 05:53 - 2018-06-28 04:54 - 000000000 ____D C:\Windows\Panther
2018-06-28 05:48 - 2018-06-28 08:01 - 000000000 ____D C:\Users\Dan\AppData\Roaming\discord
2018-06-28 05:48 - 2018-06-28 05:48 - 000000000 ____D C:\Users\Dan\AppData\Local\SquirrelTemp
2018-06-28 05:48 - 2018-06-28 05:48 - 000000000 ____D C:\Users\Dan\AppData\Local\Discord
2018-06-28 05:47 - 2018-06-28 05:48 - 060074328 _____ (Discord Inc.) C:\Users\Dan\Downloads\DiscordSetup.exe
2018-06-28 05:31 - 2018-06-28 19:23 - 000000000 ____D C:\Users\Dan\AppData\Local\NVIDIA Corporation
2018-06-28 05:31 - 2018-06-28 05:31 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-06-28 05:31 - 2018-06-28 05:31 - 000000000 ____D C:\Users\Dan\AppData\Local\NVIDIA
2018-06-28 05:31 - 2018-06-28 05:31 - 000000000 ____D C:\Users\Dan\AppData\Local\CEF
2018-06-28 05:31 - 2018-06-28 05:31 - 000000000 ____D C:\Users\Dan\ansel
2018-06-28 05:31 - 2018-05-20 09:33 - 002496296 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2018-06-28 05:31 - 2018-05-20 09:33 - 002164008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-06-28 05:31 - 2018-05-20 09:33 - 001312040 _____ (NVIDIA Corporation) C:\Windows\System32\NvRtmpStreamer64.dll
2018-06-28 05:31 - 2018-05-20 07:30 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-06-28 05:31 - 2018-04-27 08:32 - 000209192 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2018-06-28 05:31 - 2018-04-27 08:32 - 000169256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2018-06-28 05:31 - 2010-05-26 10:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2018-06-28 05:31 - 2010-05-26 10:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2018-06-28 05:31 - 2010-05-26 10:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2018-06-28 05:31 - 2010-05-26 10:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2018-06-28 05:31 - 2010-05-26 10:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2018-06-28 05:31 - 2010-05-26 10:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2018-06-28 05:30 - 2018-04-27 16:25 - 000068112 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvhci.sys
2018-06-28 05:30 - 2018-03-15 00:47 - 000067432 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2018-06-28 05:26 - 2018-06-28 05:42 - 000000000 ____D C:\Users\Dan\AppData\Local\PlaceholderTileLogoFolder
2018-06-28 05:26 - 2018-06-28 05:26 - 000003350 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1720662700-1994605619-1426992207-1001
2018-06-28 05:24 - 2018-06-28 05:24 - 000000000 ____D C:\Users\Dan\AppData\Local\AAA_Internet_Publishing_I
2018-06-28 05:23 - 2018-06-30 05:05 - 000000000 ____D C:\Program Files\YoloMouse
2018-06-28 05:23 - 2018-06-28 05:50 - 000000000 ____D C:\Users\Dan\AppData\Local\YoloMouse
2018-06-28 05:23 - 2018-06-28 05:24 - 000000000 ____D C:\Program Files (x86)\wtfast
2018-06-28 05:23 - 2018-06-28 05:23 - 000000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_WtfEngineDrv_01009.Wdf
2018-06-28 05:23 - 2018-06-28 05:23 - 000000000 ____D C:\Users\Dan\AppData\Local\PeerDistRepub
2018-06-28 05:23 - 2016-12-16 15:41 - 000040352 _____ (AAA Internet Publishing, Inc.) C:\Windows\System32\Drivers\WtfEngineDrv.sys
2018-06-28 05:22 - 2018-06-28 05:22 - 029528376 _____ (Initex & AAA Internet Publishing ) C:\Users\Dan\Downloads\wtfastSetup.4.7.6.1520.exe
2018-06-28 05:22 - 2018-06-28 05:22 - 001331200 _____ C:\Users\Dan\Downloads\YoloMouse64.msi
2018-06-28 05:22 - 2018-06-28 05:22 - 000000000 ____D C:\Guild Wars 2
2018-06-28 05:21 - 2018-06-30 05:05 - 000000000 ____D C:\Windows\ShellNew
2018-06-28 05:21 - 2018-06-30 05:05 - 000000000 ____D C:\Program Files\AutoHotkey
2018-06-28 05:20 - 2018-06-28 05:21 - 003060452 _____ C:\Users\Dan\Downloads\AutoHotkey_1.1.29.01_setup.exe
2018-06-28 05:20 - 2018-06-28 05:20 - 000486400 _____ C:\Users\Dan\Downloads\sharpkeys35.msi
2018-06-28 05:18 - 2018-06-28 05:18 - 000000000 ____D C:\Users\Dan\AppData\Local\Logitech
2018-06-28 05:18 - 2018-06-28 05:18 - 000000000 ____D C:\ProgramData\LogiShrd
2018-06-28 05:17 - 2018-06-28 05:18 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2018-06-28 05:17 - 2018-06-28 05:17 - 000018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2018-06-28 05:17 - 2018-06-28 05:17 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Logitech
2018-06-28 05:17 - 2018-06-28 05:17 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Logishrd
2018-06-28 05:16 - 2018-06-30 05:02 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-28 05:16 - 2018-06-28 05:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-06-28 05:16 - 2018-06-28 05:31 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-06-28 05:16 - 2018-06-28 05:31 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-06-28 05:16 - 2018-06-28 05:17 - 000000000 ____D C:\ProgramData\CLink4
2018-06-28 05:16 - 2018-06-28 05:16 - 000000000 ____D C:\Program Files\DIFX
2018-06-28 05:16 - 2018-06-28 05:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-06-28 05:16 - 2018-06-28 05:16 - 000000000 ____D C:\Program Files (x86)\CorsairLink4
2018-06-28 05:16 - 2018-04-26 22:49 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-06-28 05:16 - 2017-11-09 03:43 - 000540784 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2018-06-28 05:16 - 2017-10-27 08:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2018-06-28 05:16 - 2017-10-27 08:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2018-06-28 05:16 - 2017-10-27 08:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2018-06-28 05:16 - 2017-10-27 08:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2018-06-28 05:16 - 2017-10-27 08:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2018-06-28 05:16 - 2017-10-27 08:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2018-06-28 05:16 - 2017-10-27 08:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2018-06-28 05:16 - 2017-10-27 08:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-06-28 05:16 - 2017-10-25 02:33 - 007802921 _____ C:\Windows\System32\nvcoproc.bin
2018-06-28 05:16 - 2017-09-13 15:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-06-28 05:16 - 2017-09-13 15:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-06-28 05:16 - 2017-09-13 15:19 - 000927544 _____ C:\Windows\System32\vulkan-1.dll
2018-06-28 05:16 - 2017-09-13 15:19 - 000591160 _____ C:\Windows\System32\vulkaninfo.exe
2018-06-28 05:14 - 2018-06-28 05:14 - 042371046 _____ C:\Users\Dan\Downloads\Corsair-LINK-Installer-v4.9.7.35.zip
2018-06-28 05:13 - 2018-06-28 05:13 - 090998600 _____ (NVIDIA Corporation) C:\Users\Dan\Downloads\GeForce_Experience_v3.14.0.139.exe
2018-06-28 05:12 - 2018-06-28 05:23 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Guild Wars 2
2018-06-28 05:12 - 2018-06-28 05:12 - 032953000 _____ (ArenaNet) C:\Users\Dan\Downloads\Gw2Setup-64.tmp
2018-06-28 05:12 - 2018-06-28 05:12 - 000000000 ____D C:\Users\Dan\Downloads\bin64
2018-06-28 05:12 - 2018-06-28 05:12 - 000000000 _____ C:\Users\Dan\Downloads\Gw2.tmp
2018-06-28 05:12 - 2018-06-28 05:12 - 000000000 _____ C:\Users\Dan\Downloads\Gw2.dat
2018-06-28 05:11 - 2018-06-28 05:12 - 032953000 _____ (ArenaNet) C:\Users\Dan\Downloads\Gw2Setup-64.exe
2018-06-28 05:11 - 2018-06-28 05:11 - 122315088 _____ (Logitech Inc.) C:\Users\Dan\Downloads\LGS_8.82.151_x64_Logitech.exe
2018-06-28 05:10 - 2018-06-28 05:18 - 000000000 ____D C:\Users\Dan\AppData\Local\Google
2018-06-28 05:10 - 2018-06-28 05:10 - 001130840 _____ (Google Inc.) C:\Users\Dan\Downloads\ChromeSetup.exe
2018-06-28 05:10 - 2018-06-28 05:10 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-28 05:10 - 2018-06-28 05:10 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-28 05:10 - 2018-06-28 05:10 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-28 05:09 - 2018-06-28 05:09 - 000000000 ___HD C:\Users\Dan\MicrosoftEdgeBackups
2018-06-28 05:07 - 2018-06-28 05:07 - 000000000 ____D C:\Users\Dan\AppData\Local\Comms
2018-06-28 05:06 - 2018-06-28 05:06 - 000000000 ____D C:\Windows\System32\Tasks\Intel
2018-06-28 05:05 - 2018-06-28 05:09 - 000000000 ____D C:\ProgramData\Killer
2018-06-28 05:05 - 2018-06-28 05:05 - 000876816 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-06-28 05:05 - 2018-06-28 05:05 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Intel Corporation
2018-06-28 05:05 - 2018-06-28 05:05 - 000000000 ____D C:\Program Files\Killer Networking
2018-06-28 05:05 - 2018-06-28 05:05 - 000000000 ____D C:\Program Files (x86)\ASM106xSATA
2018-06-28 05:04 - 2018-06-28 05:04 - 000466520 _____ (Creative Labs) C:\Windows\System32\wrap_oal.dll
2018-06-28 05:04 - 2018-06-28 05:04 - 000445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2018-06-28 05:04 - 2018-06-28 05:04 - 000123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2018-06-28 05:04 - 2018-06-28 05:04 - 000109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2018-06-28 05:04 - 2018-06-28 05:04 - 000000000 ____D C:\ProgramData\USOShared
2018-06-28 05:04 - 2018-06-28 05:04 - 000000000 ____D C:\ProgramData\Downloaded Installations
2018-06-28 05:04 - 2015-06-18 08:54 - 000003130 _____ C:\Windows\System32\e1d65x64.din
2018-06-28 05:04 - 2015-06-18 08:38 - 000530416 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1d65x64.sys
2018-06-28 05:04 - 2015-06-17 00:28 - 000090608 _____ (Intel Corporation) C:\Windows\System32\NicInstD.dll
2018-06-28 05:04 - 2015-05-07 14:31 - 000404752 ____R (Intel Corporation) C:\Windows\System32\PROUnstl.exe
2018-06-28 05:04 - 2015-05-07 14:17 - 000001904 ____N C:\Windows\System32\SetupBD.din
2018-06-28 05:04 - 2015-04-02 03:46 - 000075288 _____ (Intel Corporation) C:\Windows\System32\e1dmsg.dll
2018-06-28 05:04 - 2015-03-09 10:21 - 001898496 ____N (Creative) C:\Windows\System32\Sens_oal.dll
2018-06-28 05:04 - 2015-03-09 10:17 - 001609728 ____N (Creative) C:\Windows\SysWOW64\Sens_oal.dll
2018-06-28 05:04 - 2014-04-18 12:17 - 000125728 _____ (Intel Corporation) C:\Windows\System32\NicCo4.dll
2018-06-28 05:04 - 2009-12-23 18:49 - 000809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp9A27.tmp
2018-06-28 05:04 - 2009-12-23 18:49 - 000809560 ____R (Creative Labs Inc.) C:\Windows\SysWOW64\tmp9A16.tmp
2018-06-28 05:04 - 2003-06-12 22:25 - 000007062 _____ C:\Windows\SysWOW64\audiopid.vxd
2018-06-28 05:04 - 2000-05-11 00:00 - 000090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2018-06-28 05:03 - 2018-06-28 05:06 - 000000000 ____D C:\Program Files (x86)\Intel
2018-06-28 05:03 - 2018-06-28 05:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-28 05:03 - 2018-06-28 05:04 - 000000000 ____D C:\Program Files (x86)\Creative
2018-06-28 05:03 - 2018-06-28 05:03 - 000000078 ___RH C:\Windows\ctfile.rfc
2018-06-28 05:03 - 2018-06-28 05:03 - 000000000 ____D C:\Users\Public\Creative
2018-06-28 05:03 - 2018-06-28 05:03 - 000000000 ____D C:\ProgramData\Intel
2018-06-28 05:03 - 2015-11-25 08:15 - 000004850 _____ C:\Windows\cthdaENG.reg
2018-06-28 05:02 - 2018-06-28 05:31 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-28 05:02 - 2018-06-28 05:05 - 000000000 ____D C:\Program Files\Intel
2018-06-28 05:02 - 2018-06-28 05:02 - 000026192 ____N (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-06-28 05:02 - 2018-06-28 05:02 - 000000010 _____ C:\Windows\GSetup.ini
2018-06-28 05:02 - 2018-06-28 05:02 - 000000000 ____D C:\Users\Dan\Intel
2018-06-28 05:02 - 2009-08-26 23:04 - 000207400 ____R () C:\Windows\GSetup.exe
2018-06-28 05:01 - 2018-06-28 05:01 - 000002438 __RSH C:\ProgramData\ntuser.pol
2018-06-28 05:01 - 2018-06-28 05:01 - 000000000 ____D C:\Users\Dan\AppData\Local\MicrosoftEdge
2018-06-28 04:59 - 2018-06-30 03:34 - 000931592 _____ C:\Windows\System32\PerfStringBackup.INI
2018-06-28 04:59 - 2018-06-28 05:26 - 000000000 ___RD C:\Users\Dan\OneDrive
2018-06-28 04:59 - 2018-06-28 04:59 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-06-28 04:58 - 2018-06-30 05:05 - 000000000 ____D C:\Users\Dan\AppData\Local\Packages
2018-06-28 04:58 - 2018-06-28 05:32 - 000000000 ____D C:\Users\Dan\AppData\Local\Publishers
2018-06-28 04:58 - 2018-06-28 04:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-28 04:58 - 2018-06-28 04:58 - 000000000 ___RD C:\Users\Dan\3D Objects
2018-06-28 04:58 - 2018-06-28 04:58 - 000000000 ____D C:\Users\Dan\AppData\Roaming\Adobe
2018-06-28 04:58 - 2018-06-28 04:58 - 000000000 ____D C:\Users\Dan\AppData\Local\VirtualStore
2018-06-28 04:58 - 2018-06-28 04:58 - 000000000 ____D C:\Users\Dan\AppData\Local\ConnectedDevicesPlatform
2018-06-28 04:57 - 2018-06-28 05:31 - 000000000 ____D C:\users\Dan
2018-06-28 04:57 - 2018-06-28 04:57 - 000000020 ___SH C:\Users\Dan\ntuser.ini
2018-06-28 04:55 - 2018-06-28 04:55 - 000000000 ____D C:\Windows\CSC
2018-06-28 04:55 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-06-28 04:54 - 2018-06-30 05:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-28 04:54 - 2018-06-28 04:54 - 000000000 _SHDL C:\Documents and Settings
2018-06-28 04:54 - 2018-06-28 04:54 - 000000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-06-28 04:53 - 2018-06-30 02:16 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-06-28 04:53 - 2018-06-28 04:53 - 000221968 _____ C:\Windows\System32\FNTCACHE.DAT
2018-06-28 04:53 - 2018-06-28 04:53 - 000000000 ____D C:\Windows\ServiceProfiles
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-30 05:08 - 2017-09-29 00:45 - 000524288 _____ C:\Windows\System32\config\BBI
2018-06-30 05:05 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-30 05:05 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-06-29 21:51 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-06-29 06:28 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-29 06:20 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\appcompat
2018-06-28 05:53 - 2017-09-29 05:46 - 000028672 _____ C:\Windows\System32\config\BCD-Template
2018-06-28 05:33 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-06-28 05:25 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-06-28 05:23 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-28 05:16 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\Help
2018-06-28 05:04 - 2017-09-29 05:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-06-28 05:00 - 2017-09-29 05:46 - 000000000 ___HD C:\Windows\System32\GroupPolicy
2018-06-28 04:55 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\WinBioDatabase
2018-06-28 04:55 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\spool
2018-06-28 04:55 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\FxsTmp
2018-06-28 04:54 - 2017-09-29 05:46 - 000000000 ___RD C:\Windows\PrintDialog
2018-06-28 04:54 - 2017-09-29 05:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-06-28 04:54 - 2017-09-29 00:45 - 000032768 _____ C:\Windows\System32\config\ELAM
2018-06-28 04:54 - 2017-09-29 00:45 - 000000000 ____D C:\Windows\System32\Sysprep
 
Some files in TEMP:
====================
2018-06-28 05:12 - 2018-06-28 05:12 - 032953000 _____ (ArenaNet) C:\Users\Dan\AppData\Local\Temp\Gw2.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2017-09-29 05:41] - [2017-09-29 05:41] - 001633744 _____ (Microsoft Corporation) DE25E621D0372403244268CCF8EB5526
 
C:\Windows\SysWOW64\User32.dll
[2017-09-29 05:42] - [2017-09-29 05:42] - 001528904 _____ (Microsoft Corporation) 2A821F9B6DA7034F56012DDF561BEE63
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2017-09-29 05:41] - [2017-09-29 05:41] - 000738808 _____ (Microsoft Corporation) 30C28923FB3CBC037D5B2972AB428A68
 
C:\Windows\SysWOW64\dnsapi.dll
[2017-09-29 05:42] - [2017-09-29 05:42] - 000597160 _____ (Microsoft Corporation) F877880896DF2AEED8837DF5D29437F2
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point date: 2018-06-30 05:04
Restore point date: 2018-06-30 05:04
 
==================== Memory info =========================== 
 
Percentage of memory in use: 3%
Total physical RAM: 32724.74 MB
Available physical RAM: 31603.86 MB
Total Virtual: 32724.74 MB
Available Virtual: 31625.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.29 GB) (Free:182.92 GB) NTFS
Drive d: (FLASHBLU) (Removable) (Total:7.37 GB) (Free:7.36 GB) FAT32
Drive e: (GIGABYTE) (CDROM) (Total:4.01 GB) (Free:0 GB) CDFS
Drive f: (Recovery) (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
\\?\Volume{bb597022-f46c-4f51-b76c-adbdab9543bb}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.4 GB) (Disk ID: 740A696C)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0C)
 
LastRegBack: 2018-06-28 04:53
 
==================== End of FRST.txt ============================


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:43 AM

Posted 30 June 2018 - 03:20 PM

I see no issues in that report. Lets scan in Normal Mode.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Rostam1994

Rostam1994
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 01 July 2018 - 12:15 AM

I see no issues in that report. Lets scan in Normal Mode.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

 

Is it possible that I sent the resulting logs as a private message? I'm slightly worried about the privacy since it appears to give away so much



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:43 AM

Posted 01 July 2018 - 06:22 AM

Sure.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:43 AM

Posted 25 July 2018 - 07:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users