Okay. Brand new, fresh from re-imaging from WindowsImageBackup, I run FRST64 and this message pops up:
This pops up on top of the Farbar Recovery Scan Tool "Disclaimer of Warranty" confirmation box. I hit OK, then Yes, then tried to scan, but that warning popped up for every file being scanned. I had to restart the PC. So I ran chkdsk, then scanned with FRST64, and got the following fixlog:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by SYSTEM on MININT-9RG957P (10-09-2015 13:17:07)
Running from F:\
Platform: WIN_7 Service Pack 1 (X64) Language: English (United States)
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [X]
HKLM\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST\AvastSvc.exe [146600 2015-08-08] (AVAST Software)
S2 dkab_device; C:\Windows\system32\DKabcoms.exe [1034480 2008-07-01] ( )
S2 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [586992 2008-07-01] ( )
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] ()
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST\ng\vbox\AvastVBoxSVC.exe" [X]
S3 msiserver; %systemroot%\system32\msiexec.exe /V [X]
S3 SysMain; %systemroot%\system32\sysmain.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODDriver4.1; C:\Program Files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-08] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-08] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-08] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-08] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-15] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-08] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-08] (AVAST Software)
S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
S0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2015-04-13] (Acronis)
S0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2015-04-13] (Acronis)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
S2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2008-04-09] (Nicomsoft Ltd.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 AtiDCM; \??\C:\Users\senselocke\AppData\Local\Temp\atdcm64a.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-10 12:30 - 2015-09-10 12:30 - 00000000 __SHD C:\found.000
2015-09-10 12:19 - 2015-09-10 13:17 - 00000000 ____D C:\FRST
2015-08-25 05:41 - 2015-08-25 05:41 - 01048576 ___SH C:\Windows\System32\config\CO7AE4~1.REG
2015-08-25 05:41 - 2015-08-25 05:41 - 01048576 ___SH C:\Windows\System32\config\CO55CA~1.REG
2015-08-25 05:41 - 2015-08-25 05:41 - 01048576 ___SH C:\Windows\System32\config\CO11E9~1.REG
2015-08-17 11:58 - 2015-08-17 11:58 - 00000000 ____D C:\Program Files\Dell_HostCD
2015-08-17 11:58 - 2008-09-08 13:22 - 00594432 _____ ( ) C:\Windows\System32\lexlog.dll
2015-08-17 11:58 - 2008-06-26 06:59 - 00928256 _____ C:\Windows\System32\softcoin.dll
2015-08-17 11:58 - 2008-06-26 06:59 - 00420864 _____ C:\Windows\System32\gencoin.dll
2015-08-17 11:57 - 2015-08-17 11:59 - 00039146 _____ C:\Windows\System32\LexFiles.ulf
2015-08-17 11:57 - 2015-08-17 11:57 - 00000000 ____D C:\Program Files\Dell
2015-08-17 11:57 - 2008-09-08 13:22 - 00020152 _____ C:\Windows\System32\DKabpmui.chm
2015-08-17 11:57 - 2008-07-01 18:03 - 01034480 _____ ( ) C:\Windows\System32\DKabcoms.exe
2015-08-17 11:57 - 2008-07-01 18:03 - 00586992 _____ ( ) C:\Windows\SysWOW64\DKabcoms.exe
2015-08-17 11:57 - 2008-06-25 11:06 - 00982528 _____ ( ) C:\Windows\System32\dkabpmui.dll
2015-08-17 11:57 - 2008-06-25 11:03 - 01620992 _____ ( ) C:\Windows\System32\dkabserv.dll
2015-08-17 11:57 - 2008-06-25 11:03 - 01386496 _____ ( ) C:\Windows\System32\dkabip1.dll
2015-08-17 11:57 - 2008-06-25 11:01 - 01331712 _____ ( ) C:\Windows\System32\dkabusb1.dll
2015-08-17 11:57 - 2008-06-25 10:59 - 00752128 _____ ( ) C:\Windows\System32\dkabpar1.dll
2015-08-17 11:57 - 2008-06-25 10:59 - 00676864 _____ ( ) C:\Windows\System32\dkabhcp.dll
2015-08-17 11:57 - 2008-06-25 10:59 - 00582144 _____ ( ) C:\Windows\System32\dkabcomm.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 01395200 _____ ( ) C:\Windows\System32\dkabcomc.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 00893440 _____ ( ) C:\Windows\System32\dkablmpm.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 00674816 _____ ( ) C:\Windows\System32\dkabiobj.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 00549376 _____ ( ) C:\Windows\System32\dkabinpa.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 00514048 _____ ( ) C:\Windows\System32\dkabiesc.dll
2015-08-17 11:57 - 2008-06-25 10:29 - 01044480 _____ ( ) C:\Windows\SysWOW64\dkabserv.dll
2015-08-17 11:57 - 2008-06-25 10:24 - 00819200 _____ ( ) C:\Windows\SysWOW64\dkabcomc.dll
2015-08-17 11:57 - 2008-06-25 10:24 - 00438272 _____ ( ) C:\Windows\SysWOW64\dkabhcp.dll
2015-08-17 11:57 - 2008-06-25 10:24 - 00376832 _____ ( ) C:\Windows\SysWOW64\dkabcomm.dll
2015-08-17 11:57 - 2008-04-15 11:50 - 00002590 _____ C:\Windows\SysWOW64\dkab.loc
2015-08-17 11:57 - 2008-04-15 11:50 - 00002590 _____ C:\Windows\System32\dkab.loc
2015-08-13 05:13 - 2015-08-13 05:13 - 00000000 ____D C:\Users\senselocke\Desktop\com.gamehivecorp.taptitans --tourney 2874
2015-08-12 13:13 - 2015-08-12 13:13 - 00000000 ____D C:\Program Files (x86)\HFSExplorer
2015-08-12 13:12 - 2015-08-12 13:12 - 01688563 ____X C:\Users\senselocke\Desktop\hfsexplorer-0.23-setup.exe
2015-08-11 18:50 - 2015-08-11 18:50 - 00003118 _____ C:\Windows\System32\Tasks\{227D5253-E7AB-437E-8500-A5BA6259000F}
2015-08-11 18:38 - 2015-08-11 18:38 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2015-08-11 10:42 - 2015-08-11 10:42 - 00000000 ____D C:\Users\senselocke\Desktop\DE=HRDC hard save files
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-27 05:58 - 2015-04-05 16:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 05:58 - 2015-04-05 12:58 - 01530780 _____ C:\Windows\WindowsUpdate.log
2015-08-26 13:15 - 2009-07-13 20:45 - 00026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-26 13:15 - 2009-07-13 20:45 - 00026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-26 13:13 - 2009-07-13 21:13 - 00781298 _____ C:\Windows\System32\PerfStringBackup.INI
2015-08-26 13:07 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 13:07 - 2009-07-13 20:51 - 00068302 _____ C:\Windows\setupact.log
2015-08-26 07:00 - 2015-04-05 17:31 - 00034559 _____ C:\Users\senselocke\Desktop\bills paid.txt
2015-08-26 04:33 - 2015-04-05 16:29 - 00002385 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-25 20:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-08-25 05:39 - 2010-11-20 19:47 - 00183394 _____ C:\Windows\PFRO.log
2015-08-25 05:39 - 2009-07-13 20:45 - 02272232 _____ C:\Windows\System32\FNTCACHE.DAT
2015-08-20 18:17 - 2015-04-05 16:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-19 03:28 - 2015-05-21 15:53 - 00017950 _____ C:\Users\senselocke\Desktop\tempuh.txt
2015-08-18 09:27 - 2015-04-10 17:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-18 09:25 - 2015-08-08 03:53 - 00000000 ____D C:\Users\senselocke\AppData\Local\dxhr
2015-08-17 16:51 - 2015-08-06 17:36 - 00000000 ____D C:\Users\senselocke\Desktop\Barrister Jobs
2015-08-17 16:49 - 2015-04-05 17:29 - 00000000 ____D C:\Users\senselocke\Desktop\Eli Job
2015-08-17 16:48 - 2015-07-31 17:51 - 00000000 ____D C:\Users\senselocke\Desktop\Tina job
2015-08-16 17:15 - 2015-04-05 17:31 - 00016004 _____ C:\Users\senselocke\Desktop\rando.txt
2015-08-15 05:46 - 2015-04-06 05:08 - 01048344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2015-08-11 18:50 - 2015-07-29 08:17 - 00000146 _____ C:\Windows\FolderSort.ini
==================== Known DLLs (Whitelisted) =========================
C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 8%
Total physical RAM: 8173.55 MB
Available physical RAM: 7442.3 MB
Total Virtual: 8171.75 MB
Available Virtual: 7444.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:43.43 GB) NTFS
Drive f: (TI102782W0E) (Removable) (Total:29.82 GB) (Free:11.79 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 5E56B0F6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 29.8 GB) (Disk ID: 00000000)
Partition: GPT.
LastRegBack: 2015-08-12 03:34
==================== End of FRST.txt ============================