Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Weird windows behaviour

Started by TonyStr , Sep 07 2017 12:03 PM

  • Please log in to reply

#1
TonyStr
Posted 07 September 2017 - 12:03 PM

TonyStr

    New Member

  • Member
  • Pip
  • 1 posts

My computer has been infected with some sort of virus that takes makes windows act weird. clicking on the titlebars of different windows will unpredictably fullscreen the window, marking text is extremely clunky and unpredictable, when i tried to delete the exe the virus came with, file explorer would crash. The exe has since been deleted. I have not found anyone with the same/similair issue on the internet.

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Tony (administrator) on DESKTOP-3JKIVSO (07-09-2017 19:57:09)
Running from C:\Users\Tony\Desktop
Loaded Profiles: defaultuser0 & Tony (Available Profiles: defaultuser0 & Tony)
Platform: Windows 10 Home Version 1703 (X64) Language: Norsk bokmål (Norge)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\steam\steamSSD\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) D:\Programmer\Malwarebytes Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\steam\steamSSD\steamapps\common\wallpaper_engine\wallpaper32.exe
(Malwarebytes) D:\Programmer\Malwarebytes Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\steam\steamSSD\Steam.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\steam\steamSSD\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\steam\steamSSD\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\steam\steamSSD\bin\cef\cef.win7\steamwebhelper.exe
(Discord Inc.) C:\Users\Tony\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\Tony\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\Tony\AppData\Local\Discord\app-0.0.298\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) D:\Programmer\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-19] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17361016 2016-12-20] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-07] (AVAST Software)
HKLM-x32\...\Run: [Autodesk Desktop App] => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-2252449615-2740905869-2496026800-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2252449615-2740905869-2496026800-1001\...\Run: [Discord] => C:\Users\Tony\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-2252449615-2740905869-2496026800-1001\...\Run: [Steam] => C:\steam\steamSSD\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-2252449615-2740905869-2496026800-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Tony\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2252449615-2740905869-2496026800-1001\...\Run: [Spotify Web Helper] => C:\Users\Tony\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-05] (Spotify Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{8f89e3e6-c2d7-4a7c-b959-8a21abfb51e6}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-04] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: wsyn2qpd.default
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\wsyn2qpd.default [2017-09-03]
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2252449615-2740905869-2496026800-1001: @nsroblox.roblox.com/launcher -> C:\Users\Tony\AppData\Local\Roblox\Versions\version-8756646edb404aaf\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2252449615-2740905869-2496026800-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Tony\AppData\Local\Roblox\Versions\version-8756646edb404aaf\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default [2017-09-07]
CHR Extension: (Google Slides) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-29]
CHR Extension: (Black and Red Scrollbar) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\acgecdfblegjbbejckcbldclahcdpgdp [2017-07-08]
CHR Extension: (Google Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-29]
CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-29]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-08-31]
CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-29]
CHR Extension: (GeoGebra Classic) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2017-09-07]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2017-05-22]
CHR Extension: (uBlock Origin) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-05]
CHR Extension: (Google Sheets) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-29]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-08-17]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-06-23]
CHR Extension: (HTTPS-everywhere) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-29]
CHR Extension: (Deluminate) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebboopaeangfpceklajfohhbpkkfiaa [2017-01-23]
CHR Extension: (Audio EQ) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2017-08-14]
CHR Extension: (Material Theme) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnphgdednjnpcoeamekbogoblkdajep [2017-08-04]
CHR Extension: (Chrome Nettmarked-betalinger) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-29]
CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-07] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-07] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-03-15] ()
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2016-12-20] (Logitech Inc.)
R2 MBAMService; D:\programmer\Malwarebytes Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 Wallpaper Engine Service; C:\steam\steamSSD\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [337408 2017-06-15] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 AdAppMgrSvc; "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe"  [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 Origin Client Service; "D:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S2 Origin Web Helper Service; "D:\Program Files (x86)\Origin\OriginWebHelperService.exe" [X]
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-07] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-07] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-07] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-07] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-07] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-07] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-09-07] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-12-20] (Logitech Inc.)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-09-07] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-07] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2386fda73b467ac8\nvlddmkm.sys [15625336 2017-06-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-07 19:56 - 2017-09-07 19:56 - 000072678 _____ C:\Users\Tony\Desktop\Addition.txt
2017-09-07 19:55 - 2017-09-07 19:57 - 000018713 _____ C:\Users\Tony\Desktop\FRST.txt
2017-09-07 19:55 - 2017-09-07 19:57 - 000000000 ____D C:\FRST
2017-09-07 19:55 - 2017-09-07 19:54 - 002395648 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2017-09-07 19:27 - 2017-09-07 19:27 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-09-07 19:27 - 2017-09-07 19:27 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-09-07 19:27 - 2017-09-07 19:27 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-09-07 19:27 - 2017-09-07 19:27 - 000001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-09-07 19:27 - 2017-09-07 19:27 - 000000000 ____D C:\Users\Tony\AppData\Roaming\AVAST Software
2017-09-07 19:27 - 2017-09-07 19:27 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-09-07 19:27 - 2017-09-07 19:26 - 001016384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000590880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000343296 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000320528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000147784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-09-07 19:27 - 2017-09-07 19:26 - 000047016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-09-07 19:26 - 2017-09-07 19:26 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-09-07 19:25 - 2017-09-07 19:25 - 000000000 ____D C:\Program Files\AVAST Software
2017-09-04 16:12 - 2017-09-04 16:12 - 000733696 _____ (Qsc) C:\WINDOWS\GPInstall.exe
2017-09-04 16:12 - 2017-09-04 16:12 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Maker
2017-09-04 16:12 - 2017-09-04 16:12 - 000000000 ____D C:\Program Files (x86)\Game_Maker
2017-09-03 20:37 - 2017-09-07 19:00 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-03 20:37 - 2017-09-03 20:41 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-03 20:37 - 2017-09-03 20:41 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-03 20:37 - 2017-09-03 20:37 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-03 20:25 - 2017-09-03 20:40 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Enigma Software Group
2017-09-03 20:25 - 2017-09-03 20:25 - 000000000 _____ C:\autoexec.bat
2017-09-03 20:24 - 2017-09-03 20:24 - 000000000 ____D C:\sh4ldr
2017-09-03 20:24 - 2017-09-03 20:24 - 000000000 ____D C:\Program Files\Enigma Software Group
2017-09-03 20:20 - 2017-09-03 20:24 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-03 20:17 - 2017-09-03 20:21 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-09-02 18:18 - 2017-09-02 18:18 - 064469555 _____ C:\Users\Tony\Downloads\movie_max.webm
2017-09-01 13:22 - 2017-09-01 13:29 - 000000000 ____D C:\Users\Tony\Desktop\UpDownDuckAround by TonyStr
2017-09-01 10:21 - 2017-09-01 10:21 - 000000000 ____D C:\Users\Tony\AppData\Local\GM48_19
2017-08-31 17:56 - 2017-08-31 17:56 - 000000000 ____D C:\Users\Tony\AppData\Local\GMC_Jam_5
2017-08-31 17:42 - 2017-08-31 17:42 - 000000000 ____D C:\Users\Tony\AppData\Local\Treasure_Hunt
2017-08-30 14:59 - 2017-08-30 14:59 - 000000000 ____D C:\Users\Tony\AppData\Local\TwoSidePong
2017-08-29 23:32 - 2017-08-29 23:32 - 000000000 ____D C:\Users\Tony\AppData\Local\UpGo
2017-08-29 22:35 - 2017-08-29 22:35 - 000000000 ____D C:\Users\Tony\AppData\Local\Obverse___Reverse
2017-08-29 22:26 - 2017-08-29 22:26 - 000000000 ____D C:\Users\Tony\AppData\Local\nallebeorns_coin_flipping_tycoon
2017-08-29 21:04 - 2017-08-29 21:04 - 000000000 ____D C:\Users\Tony\AppData\LocalLow\Temp
2017-08-29 21:03 - 2017-08-29 21:03 - 000000218 _____ C:\Users\Tony\AppData\Local\recently-used.xbel
2017-08-26 09:56 - 2017-08-26 09:56 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_77568
2017-08-24 17:09 - 2017-08-24 17:09 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-08-22 18:53 - 2017-08-22 18:53 - 004315323 _____ C:\Users\Tony\Documents\SEXYAF.zip
2017-08-22 16:37 - 2017-08-22 16:38 - 000000000 ____D C:\Users\Tony\Documents\AAA KEEP DIS
2017-08-20 19:27 - 2017-08-20 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2017-08-20 19:27 - 2017-08-20 19:27 - 000000000 ____D C:\Users\Tony\AppData\Roaming\npm
2017-08-20 18:58 - 2017-08-20 18:58 - 000000459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk
2017-08-20 18:51 - 2017-08-20 18:59 - 000000000 ____D C:\Users\Tony\AppData\Local\p5
2017-08-20 18:31 - 2017-08-20 19:16 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Atom
2017-08-20 18:31 - 2017-08-20 18:36 - 000000000 ____D C:\Users\Tony\.atom
2017-08-20 18:28 - 2017-08-20 18:31 - 000000000 ____D C:\Users\Tony\AppData\Local\atom
2017-08-20 17:43 - 2017-08-20 17:43 - 000000000 ____D C:\Users\Tony\AppData\Local\GMDebug
2017-08-20 00:03 - 2017-08-20 00:03 - 000000000 ____D C:\Users\Tony\AppData\Local\BomBear
2017-08-20 00:02 - 2017-08-20 00:02 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-08-20 00:02 - 2017-08-20 00:02 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BomBear
2017-08-18 18:55 - 2017-08-18 18:55 - 000000000 ____D C:\Gamemaker2 projects
2017-08-16 17:02 - 2017-09-03 14:30 - 000000000 ____D C:\Users\Tony\Documents\GameMakerStudio2
2017-08-16 16:53 - 2017-09-06 20:49 - 000000000 ____D C:\Users\Tony\AppData\Local\GameMakerStudio2
2017-08-16 16:52 - 2017-09-04 17:41 - 000000000 ____D C:\ProgramData\GameMakerStudio2
2017-08-16 16:52 - 2017-08-16 16:53 - 000000000 ____D C:\Users\Tony\AppData\Roaming\GameMakerStudio2
2017-08-16 16:51 - 2017-08-16 16:51 - 000000000 ____D C:\Program Files\GameMaker Studio 2
2017-08-16 16:13 - 2017-08-16 16:13 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_27517
2017-08-16 16:13 - 2017-08-16 16:13 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_20504
2017-08-16 16:12 - 2017-08-16 16:12 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_54221
2017-08-16 16:11 - 2017-08-16 16:11 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_36663
2017-08-16 16:11 - 2017-08-16 16:11 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_36560
2017-08-16 16:09 - 2017-08-16 16:09 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_3722
2017-08-16 15:55 - 2017-08-16 15:55 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_80819
2017-08-16 15:54 - 2017-08-16 15:54 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_60036
2017-08-16 15:53 - 2017-08-16 15:53 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_73094
2017-08-16 15:53 - 2017-08-16 15:53 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_57278
2017-08-16 15:53 - 2017-08-16 15:53 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_56693
2017-08-16 15:52 - 2017-08-16 15:52 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_31502
2017-08-16 15:52 - 2017-08-16 15:52 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_29903
2017-08-16 15:51 - 2017-08-16 15:51 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_79020
2017-08-16 15:51 - 2017-08-16 15:51 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_58486
2017-08-16 15:51 - 2017-08-16 15:51 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_11304
2017-08-16 15:50 - 2017-08-16 15:50 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_54077
2017-08-16 15:50 - 2017-08-16 15:50 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_47309
2017-08-16 15:49 - 2017-08-16 15:49 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_59387
2017-08-16 15:49 - 2017-08-16 15:49 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_52898
2017-08-16 15:49 - 2017-08-16 15:49 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_30114
2017-08-16 15:48 - 2017-08-16 15:48 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_53135
2017-08-16 15:47 - 2017-08-16 15:47 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_79481
2017-08-16 15:47 - 2017-08-16 15:47 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_1927
2017-08-16 15:46 - 2017-08-16 15:46 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_71555
2017-08-16 15:46 - 2017-08-16 15:46 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_33191
2017-08-16 15:46 - 2017-08-16 15:46 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_12187
2017-08-16 15:45 - 2017-08-16 15:45 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_99111
2017-08-16 15:45 - 2017-08-16 15:45 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_82726
2017-08-16 15:45 - 2017-08-16 15:45 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_65367
2017-08-16 15:44 - 2017-08-16 15:44 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_12415
2017-08-16 15:43 - 2017-08-16 15:43 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_96430
2017-08-16 15:43 - 2017-08-16 15:43 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_3408
2017-08-16 15:42 - 2017-08-16 15:42 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_7161
2017-08-16 15:42 - 2017-08-16 15:42 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_63932
2017-08-16 15:42 - 2017-08-16 15:42 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_33679
2017-08-16 15:41 - 2017-08-16 15:41 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_70654
2017-08-16 15:41 - 2017-08-16 15:41 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_48304
2017-08-16 15:41 - 2017-08-16 15:41 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_42163
2017-08-16 15:40 - 2017-08-16 15:40 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_3298
2017-08-16 15:40 - 2017-08-16 15:40 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_30058
2017-08-16 15:39 - 2017-08-16 15:39 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_47920
2017-08-16 15:38 - 2017-08-16 15:38 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_82186
2017-08-16 15:38 - 2017-08-16 15:38 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_81548
2017-08-16 15:38 - 2017-08-16 15:38 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_645
2017-08-16 15:37 - 2017-08-16 15:37 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_96818
2017-08-16 15:37 - 2017-08-16 15:37 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_91565
2017-08-16 15:37 - 2017-08-16 15:37 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_5659
2017-08-16 15:36 - 2017-08-16 15:36 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_63291
2017-08-16 15:36 - 2017-08-16 15:36 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_49733
2017-08-16 15:36 - 2017-08-16 15:36 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_19662
2017-08-16 15:35 - 2017-08-16 15:35 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_81049
2017-08-16 15:35 - 2017-08-16 15:35 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_78935
2017-08-16 15:35 - 2017-08-16 15:35 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_66648
2017-08-16 15:34 - 2017-08-16 15:34 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_86601
2017-08-16 15:34 - 2017-08-16 15:34 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_79879
2017-08-16 15:33 - 2017-08-16 15:33 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_1025
2017-08-16 15:32 - 2017-08-16 15:32 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_42227
2017-08-16 15:32 - 2017-08-16 15:32 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_28762
2017-08-16 15:30 - 2017-08-16 15:30 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_95498
2017-08-16 15:30 - 2017-08-16 15:30 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_86004
2017-08-16 15:29 - 2017-08-16 15:29 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_98432
2017-08-16 15:29 - 2017-08-16 15:29 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_94071
2017-08-16 15:29 - 2017-08-16 15:29 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_59401
2017-08-16 15:28 - 2017-08-16 15:28 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_66944
2017-08-16 15:28 - 2017-08-16 15:28 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_54837
2017-08-16 15:27 - 2017-08-16 15:27 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_39785
2017-08-16 15:26 - 2017-08-16 15:26 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_55316
2017-08-16 13:54 - 2017-08-16 14:32 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_72968
2017-08-14 11:54 - 2017-08-14 11:55 - 000000000 ____D C:\Users\Tony\AppData\Local\Adobe
2017-08-14 11:54 - 2017-08-14 11:54 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-14 11:54 - 2017-08-14 11:54 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-12 13:54 - 2017-08-12 14:34 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_99983
2017-08-12 00:39 - 2017-08-12 00:50 - 000000000 ____D C:\Users\Tony\AppData\Local\Bunker_Busters__New_UI_
2017-08-09 13:14 - 2017-08-01 04:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 13:14 - 2017-08-01 04:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 13:14 - 2017-08-01 04:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 13:14 - 2017-08-01 04:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 13:14 - 2017-08-01 04:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 13:14 - 2017-08-01 04:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 13:14 - 2017-08-01 04:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 13:14 - 2017-08-01 04:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 13:14 - 2017-08-01 04:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 13:14 - 2017-08-01 04:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 13:14 - 2017-08-01 04:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 13:14 - 2017-08-01 04:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 13:14 - 2017-08-01 04:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 13:14 - 2017-08-01 04:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 13:14 - 2017-08-01 04:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 13:14 - 2017-08-01 04:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 13:14 - 2017-08-01 04:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 13:14 - 2017-08-01 04:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 13:14 - 2017-08-01 04:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 13:14 - 2017-08-01 04:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 13:14 - 2017-08-01 04:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 13:14 - 2017-08-01 04:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 13:14 - 2017-08-01 04:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 13:14 - 2017-08-01 04:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 13:14 - 2017-08-01 04:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 13:14 - 2017-08-01 04:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 13:14 - 2017-08-01 04:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 13:14 - 2017-08-01 04:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 13:14 - 2017-08-01 04:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 13:14 - 2017-08-01 04:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 13:14 - 2017-08-01 04:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 13:14 - 2017-08-01 04:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 13:14 - 2017-08-01 04:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 13:14 - 2017-08-01 04:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 13:14 - 2017-08-01 04:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 13:14 - 2017-08-01 04:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 13:14 - 2017-08-01 04:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 13:14 - 2017-08-01 04:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 13:14 - 2017-08-01 04:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 13:14 - 2017-08-01 04:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 13:14 - 2017-08-01 04:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 13:14 - 2017-08-01 04:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 13:14 - 2017-08-01 04:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 13:14 - 2017-08-01 04:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 13:14 - 2017-08-01 04:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 13:14 - 2017-08-01 04:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 13:14 - 2017-08-01 04:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 13:14 - 2017-08-01 04:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 13:14 - 2017-08-01 04:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 13:14 - 2017-08-01 04:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 13:14 - 2017-08-01 04:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 13:14 - 2017-08-01 03:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 13:14 - 2017-08-01 03:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 13:14 - 2017-08-01 03:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 13:14 - 2017-08-01 03:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 13:14 - 2017-08-01 03:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 13:14 - 2017-08-01 03:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 13:14 - 2017-08-01 03:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 13:14 - 2017-08-01 03:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 13:14 - 2017-08-01 03:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 13:14 - 2017-08-01 03:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-08-09 13:14 - 2017-08-01 03:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 13:14 - 2017-08-01 03:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 13:14 - 2017-08-01 03:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 13:14 - 2017-08-01 03:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 13:14 - 2017-08-01 03:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 13:14 - 2017-08-01 03:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 13:14 - 2017-08-01 03:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 13:14 - 2017-08-01 03:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 13:14 - 2017-08-01 03:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 13:14 - 2017-08-01 03:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 13:14 - 2017-08-01 03:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 13:14 - 2017-08-01 03:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 13:14 - 2017-08-01 03:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 13:14 - 2017-08-01 03:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 13:14 - 2017-08-01 03:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 13:14 - 2017-08-01 03:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 13:14 - 2017-08-01 03:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 13:14 - 2017-08-01 03:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 13:14 - 2017-08-01 03:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 13:14 - 2017-08-01 03:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 13:14 - 2017-08-01 03:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 13:14 - 2017-08-01 03:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 13:14 - 2017-08-01 03:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 13:14 - 2017-08-01 03:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 13:14 - 2017-08-01 03:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 13:14 - 2017-08-01 03:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 13:14 - 2017-08-01 03:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 13:14 - 2017-08-01 03:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 13:14 - 2017-08-01 03:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 13:14 - 2017-08-01 03:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 13:14 - 2017-08-01 03:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 13:14 - 2017-08-01 03:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 13:14 - 2017-08-01 03:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 13:14 - 2017-08-01 03:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 13:14 - 2017-08-01 03:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 13:14 - 2017-08-01 00:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 13:12 - 2017-08-09 13:12 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-08 18:00 - 2017-08-08 18:02 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_7000
2017-08-08 17:57 - 2017-08-08 17:58 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_67105
2017-08-08 16:47 - 2017-08-08 16:56 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_67080
2017-08-08 15:28 - 2017-08-08 16:14 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_59259
2017-08-08 13:54 - 2017-08-08 15:04 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_20218
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-07 19:26 - 2017-05-18 18:34 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-07 16:45 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-07 16:45 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-07 16:41 - 2017-05-13 21:20 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-07 16:40 - 2017-05-13 21:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-06 21:46 - 2017-05-13 21:20 - 000000000 ____D C:\Users\Tony
2017-09-06 20:39 - 2017-01-03 23:30 - 000000000 ____D C:\Users\Tony\AppData\Local\Spotify
2017-09-06 20:39 - 2017-01-03 23:29 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Spotify
2017-09-05 19:23 - 2016-12-29 15:04 - 000000000 ____D C:\Users\Tony\AppData\Roaming\discord
2017-09-04 16:13 - 2016-12-29 14:58 - 000000000 ____D C:\Users\Tony\Documents\GameMaker
2017-09-03 20:47 - 2017-05-13 21:20 - 002683978 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-03 20:47 - 2017-03-20 05:15 - 001067458 _____ C:\WINDOWS\system32\perfh014.dat
2017-09-03 20:47 - 2017-03-20 05:15 - 000277546 _____ C:\WINDOWS\system32\perfc014.dat
2017-09-03 20:41 - 2017-05-13 21:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-03 20:41 - 2017-03-18 13:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-09-03 20:41 - 2017-03-07 19:59 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-03 20:37 - 2017-03-07 19:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-03 20:17 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-09-03 20:17 - 2016-07-16 13:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-02 02:12 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-01 10:24 - 2017-03-04 15:16 - 000000000 ____D C:\Users\Tony\AppData\Roaming\vlc
2017-08-31 17:08 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-29 00:25 - 2017-08-04 13:17 - 000000000 ____D C:\Users\Tony\AppData\Roaming\GitHub Desktop
2017-08-28 22:08 - 2016-12-29 15:01 - 000002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-25 12:51 - 2017-05-13 21:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-24 19:36 - 2017-01-04 19:15 - 000000000 ____D C:\Users\Tony\AppData\Roaming\deluge
2017-08-24 17:10 - 2017-05-17 14:49 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-24 17:10 - 2017-05-13 21:27 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-24 17:10 - 2017-05-13 21:27 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-24 17:10 - 2017-05-13 21:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-24 17:10 - 2017-05-13 21:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-24 17:09 - 2017-05-13 21:27 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-24 17:09 - 2017-05-13 21:27 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-24 17:09 - 2017-05-13 21:27 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-24 17:09 - 2017-05-13 21:27 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-24 17:09 - 2017-05-13 21:27 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-24 11:27 - 2017-03-07 19:55 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-22 17:12 - 2017-01-29 21:55 - 000000000 ____D C:\Users\Tony\AppData\Local\CrashDumps
2017-08-21 17:17 - 2017-08-04 13:17 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-08-21 17:17 - 2017-08-04 13:17 - 000000000 ____D C:\Users\Tony\AppData\Local\GitHubDesktop
2017-08-21 17:17 - 2016-12-29 15:03 - 000000000 ____D C:\Users\Tony\AppData\Local\SquirrelTemp
2017-08-18 13:38 - 2016-12-29 15:14 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-18 06:37 - 2017-04-25 17:06 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-08-18 06:37 - 2017-04-25 16:28 - 000048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-08-18 06:37 - 2017-01-17 19:12 - 001923008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-08-18 06:37 - 2017-01-17 19:12 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-08-18 06:37 - 2017-01-17 19:12 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-08-18 06:37 - 2017-01-17 19:12 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-08-18 06:37 - 2017-01-17 19:12 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-08-18 06:36 - 2017-06-29 21:50 - 000179136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-08-18 06:36 - 2017-06-29 21:50 - 000146368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-08-17 20:11 - 2017-05-13 21:20 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-17 18:26 - 2017-04-10 20:57 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-08-14 11:54 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-14 11:54 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-12 10:41 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-11 20:33 - 2017-01-17 18:45 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-08-11 20:33 - 2017-01-17 18:45 - 000000000 ____D C:\Program Files\paint.net
2017-08-10 11:40 - 2017-05-13 21:19 - 000252280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-09 13:16 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 13:15 - 2016-12-29 15:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 13:14 - 2016-12-29 15:27 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 13:12 - 2016-12-29 15:03 - 000000000 ____D C:\Users\Tony\AppData\Local\Discord
2017-08-08 21:49 - 2016-12-29 03:43 - 000000000 ____D C:\Users\Tony\AppData\Local\Packages
2017-08-08 00:29 - 2017-08-07 20:04 - 000000000 ____D C:\Users\Tony\AppData\Local\gm_ttt_48745
 
==================== Files in the root of some directories =======
 
2017-08-04 17:13 - 2017-08-04 17:13 - 000015634 _____ () C:\Users\Tony\AppData\Local\2bj4am0h.3wf
2017-08-04 17:15 - 2017-08-04 17:15 - 000015634 _____ () C:\Users\Tony\AppData\Local\2nqakb1q.tu3
2017-08-04 17:08 - 2017-08-04 17:08 - 000000106 _____ () C:\Users\Tony\AppData\Local\2vje0jam.2c2
2017-08-04 17:03 - 2017-08-04 17:03 - 000002283 _____ () C:\Users\Tony\AppData\Local\3edwv2uv.epe
2017-08-04 17:09 - 2017-08-04 17:09 - 000015634 _____ () C:\Users\Tony\AppData\Local\4sm2x2w1.xkw
2017-08-04 17:14 - 2017-08-04 17:14 - 000021264 _____ () C:\Users\Tony\AppData\Local\4w3r15eu.ahp
2017-08-04 17:15 - 2017-08-04 17:15 - 000000106 _____ () C:\Users\Tony\AppData\Local\5fwgyht4.pxg
2017-08-04 17:15 - 2017-08-04 17:15 - 000000106 _____ () C:\Users\Tony\AppData\Local\5ul1ckno.fev
2017-08-04 17:08 - 2017-08-04 17:08 - 000000106 _____ () C:\Users\Tony\AppData\Local\du4fa335.qfo
2017-08-04 17:11 - 2017-08-04 17:11 - 000021264 _____ () C:\Users\Tony\AppData\Local\ggptvjfe.dqr
2017-08-04 17:13 - 2017-08-04 17:13 - 000021264 _____ () C:\Users\Tony\AppData\Local\i331soyu.z2h
2017-08-04 17:09 - 2017-08-04 17:09 - 000021264 _____ () C:\Users\Tony\AppData\Local\l1kwqpal.kh3
2017-08-04 17:14 - 2017-08-04 17:14 - 000015634 _____ () C:\Users\Tony\AppData\Local\lrylaoeu.tgp
2017-08-04 17:15 - 2017-08-04 17:15 - 000021264 _____ () C:\Users\Tony\AppData\Local\nztvy3so.qbf
2017-08-04 17:11 - 2017-08-04 17:11 - 000021264 _____ () C:\Users\Tony\AppData\Local\ogpjmzbs.zcx
2017-08-04 17:09 - 2017-08-04 17:09 - 000021264 _____ () C:\Users\Tony\AppData\Local\piobnsb4.xzn
2017-08-04 17:03 - 2017-08-04 17:03 - 000002283 _____ () C:\Users\Tony\AppData\Local\popm2tzv.dvt
2017-08-04 17:11 - 2017-08-04 17:11 - 000015634 _____ () C:\Users\Tony\AppData\Local\pv0rtqax.cqp
2017-08-29 21:03 - 2017-08-29 21:03 - 000000218 _____ () C:\Users\Tony\AppData\Local\recently-used.xbel
2017-05-01 12:23 - 2017-05-01 12:23 - 000007605 _____ () C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
2017-08-04 17:11 - 2017-08-04 17:11 - 000015634 _____ () C:\Users\Tony\AppData\Local\vyl53vmq.iye
2017-08-04 17:09 - 2017-08-04 17:09 - 000015634 _____ () C:\Users\Tony\AppData\Local\xzq5zzrx.ocy
2017-05-13 21:20 - 2017-05-13 21:20 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-05-21 22:11 - 2017-01-18 04:50 - 000066472 _____ (Autodesk, Inc.) C:\Users\Tony\AppData\Local\Temp\AcDeltree.exe
2017-06-05 19:43 - 2017-06-05 19:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-1128246684495064058.dll
2017-06-05 19:50 - 2017-06-05 19:50 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-1497905854273416708.dll
2017-06-05 21:16 - 2017-06-05 21:16 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-1665199707706806315.dll
2017-06-05 20:03 - 2017-06-05 20:03 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-1687665362528737545.dll
2017-06-05 20:56 - 2017-06-05 20:56 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-2184736903336790009.dll
2017-06-05 20:08 - 2017-06-05 20:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-2206468072474106857.dll
2017-06-05 20:09 - 2017-06-05 20:09 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-2744074428191778083.dll
2017-06-05 21:03 - 2017-06-05 21:03 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-2962665770060558269.dll
2017-06-05 20:18 - 2017-06-05 20:18 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-3028632417460934593.dll
2017-06-05 20:06 - 2017-06-05 20:06 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-3317015913304486526.dll
2017-06-05 20:42 - 2017-06-05 20:42 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-3319605798707613663.dll
2017-06-05 20:08 - 2017-06-05 20:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-4868576845023164160.dll
2017-06-05 21:16 - 2017-06-05 21:16 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-4881161672278782297.dll
2017-06-05 20:33 - 2017-06-05 20:33 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-6213667230565743794.dll
2017-06-05 19:50 - 2017-06-05 19:50 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-6367657210135774359.dll
2017-06-05 21:11 - 2017-06-05 21:11 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-6508982698941986559.dll
2017-06-05 20:18 - 2017-06-05 20:18 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-7385971964440317547.dll
2017-06-05 20:07 - 2017-06-05 20:07 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-7437348596012056170.dll
2017-06-05 20:01 - 2017-06-05 20:01 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-8051994720328716240.dll
2017-06-05 20:02 - 2017-06-05 20:02 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-8112922618428637155.dll
2017-06-05 20:09 - 2017-06-05 20:09 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-8147960508616916087.dll
2017-06-05 19:53 - 2017-06-05 19:53 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-8720636330487600480.dll
2017-06-05 20:59 - 2017-06-05 20:59 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Tony\AppData\Local\Temp\jansi-64-967743060701163551.dll
2017-05-17 15:05 - 2017-05-18 07:21 - 000754864 _____ (NVIDIA Corporation) C:\Users\Tony\AppData\Local\Temp\nvSCPAPI.dll
2017-04-25 17:08 - 2017-05-18 07:21 - 000869200 _____ (NVIDIA Corporation) C:\Users\Tony\AppData\Local\Temp\nvSCPAPI64.dll
2017-05-17 15:04 - 2017-05-18 07:21 - 000367552 _____ (NVIDIA Corporation) C:\Users\Tony\AppData\Local\Temp\nvStInst.exe
2016-10-11 11:53 - 2016-10-11 11:53 - 014572000 _____ (Microsoft Corporation) C:\Users\Tony\AppData\Local\Temp\vcredist_x64_2015.exe
2017-05-25 20:22 - 2017-05-25 20:22 - 030950664 _____ () C:\Users\Tony\AppData\Local\Temp\vlc-2.2.6-win32.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-30 21:53
 
==================== End of FRST.txt ============================

  • 0

Advertisements

#2
RKinner
Posted 07 September 2017 - 06:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
[attachment=85977:fixlist.txt]
 
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Tonight while you sleep let Avast do a boot-time scan:
 
 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
 
Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.
 
  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.
 

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP