Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 black screen with pointer after login


  • This topic is locked This topic is locked
20 replies to this topic

#1 whoisthat

whoisthat

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 24 May 2016 - 06:52 AM

hello this is my first topic here and i really need help on this

 

yesterday i found that my pc has been attacked by virus from adware (trojan) and somehow i managed to get rid of them  and this morning when i tried to restart my pc (after i scan my whole pc with antivirus and malwarebytes), my pc screen become blank and there was only pointer and windows script host setting popped up out of nothing (do we really need this be concerned of too?) but i could fix them with accesing through task manager and i managed to emerge the screen but i think this doesnt really fix my problem because when i tried to shut my pc off and turn it on again, it booted into a black screen again.

 

 

then i found some topic concerning what i had through in bleeping computer. i tried to do the steps that i should take  but here my low experience about this make me so hard to fix this only by myself (btw i 'm working on this Farbar Recovery Scan Tool but i dont quite understand how i fix the problem with this). Since i'm out ideas. and i dont want to format or repair that could erase my data. i'm asking for your help. please go soft and slow on me too.

 

I expect a help from the community and last but not least Thanks



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 28 May 2016 - 03:11 PM

Greetings whoisthat and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Could you please post the FRST.txt and Addition.txt files? Copy and paste the information in your reply.

In addition, please do this.

===================================================

Last Known Good Configuration

--------------------
  • Reboot your computer
  • Gently tap the F8 key repeatedly until you are presented with a Windows Advanced Options menu
  • Select Last Known Good Configuration using the arrow keys
  • Press Enter on your keyboard and attempt to boot into Normal Mode
  • If this doesn't boot properly perform the next step
===================================================

Attempt to boot into Safe Mode with Networking.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Can you boot properly into Normal Mode?
  • Safe Mode with Networking, if necessary
  • FRST.txt
  • Addition.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 31 May 2016 - 08:47 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 03 June 2016 - 09:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 10 June 2016 - 08:55 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 whoisthat

whoisthat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 10 June 2016 - 09:26 AM

Greetings whoisthat and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Could you please post the FRST.txt and Addition.txt files? Copy and paste the information in your reply.

In addition, please do this.

===================================================

Last Known Good Configuration

--------------------
  • Reboot your computer
  • Gently tap the F8 key repeatedly until you are presented with a Windows Advanced Options menu
  • Select Last Known Good Configuration using the arrow keys
  • Press Enter on your keyboard and attempt to boot into Normal Mode
  • If this doesn't boot properly perform the next step
===================================================

Attempt to boot into Safe Mode with Networking.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Can you boot properly into Normal Mode?
  • Safe Mode with Networking, if necessary
  • FRST.txt
  • Addition.txt

 

 

hello gary, thank you for reopening this thread

so lets cut to the chase

i couldnt go into last known good configuration because from what i've read there is no such option in windows 8 so i skipped this step

 

i cannot boot properly from either normal mode and safe mode with networking. it will always boot into blank screen with pointer ( as i already posted )

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-05-2016
Ran by SYSTEM on MININT-H4J46QJ (10-06-2016 09:16:49)
Running from e:\
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] wscript,
HKLM-x32\...\Winlogon: [Userinit] wscript, [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\A46C\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-04-20] (Tonec Inc.)
HKU\Administrator\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\Administrator\...\Policies\Explorer: [HideSCAHealth] 0
HKU\user\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-04-20] (Tonec Inc.)
HKU\user\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-10-14] (Sony)
HKU\user\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\user\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\user\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\user\...\Policies\Explorer: [HideSCAHealth] 0
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178136 2016-06-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-06-02] (NVIDIA Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute:

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-04] (Adobe Systems, Incorporated)
S2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] ()
S2 CDROM_Eject_Smart_907; C:\Program Files (x86)\Andromax M2Y\FI_Eject.exe [346624 2016-03-18] ()
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-17] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-17] (Intel Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192192 2015-05-04] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-05-04] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 QQRepair246c; no ImagePath
S2 QQRepairFixSVC; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-17] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-17] ()
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-13] (Qualcomm Atheros Communications, Inc.)
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-17] (Intel Corporation)
S3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-17] (Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-17] (Intel Corporation)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [97680 2013-01-17] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-17] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-17] (Intel Corporation)
S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-01-19] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-06] (Sony Mobile Communications)
S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
S1 QMUdisk; no ImagePath
S3 REN2CAP_DRIVER; C:\Windows\system32\drivers\ren2cap.sys [46728 2012-01-05] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-19] (Microsoft Corporation)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S1 softaal; no ImagePath
S1 SRepairDrv; no ImagePath
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 tsnethlpx64; no ImagePath
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-07 20:42 - 2016-06-07 20:42 - 00000000 ____D C:\Windows\SysWOW64\NV
2016-06-07 20:42 - 2016-06-07 20:42 - 00000000 ____D C:\Windows\System32\NV
2016-06-07 20:40 - 2016-06-07 20:41 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-06-07 20:39 - 2016-06-02 23:38 - 39979576 _____ C:\Windows\System32\nvcompiler.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 35115456 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 31603768 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 25377848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 21802280 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 21346712 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 19180152 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 18143912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 17738592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 17290416 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 16756888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 13460536 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2016-06-07 20:39 - 2016-06-02 23:38 - 10643240 _____ C:\Windows\System32\nvptxJitCompiler.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 08733608 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 03512888 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 03065280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 01922616 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6436839.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 01571776 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6436839.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00985144 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00908736 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00769984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00707520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00669952 _____ C:\Windows\System32\nvfatbinaryLoader.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00502080 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00425016 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00422752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00153416 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00131768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-06-07 20:39 - 2016-06-02 23:38 - 00039992 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2016-06-06 09:15 - 2016-06-06 09:19 - 102681501 _____ C:\Users\user\Downloads\Sakamoto_08_HD_HS_ACB.mkv
2016-06-06 09:14 - 2016-06-06 09:18 - 133916230 _____ C:\Users\user\Downloads\Sakamoto_07_HD_HS_ACB.mkv
2016-06-02 02:42 - 2016-06-03 07:15 - 00000000 ____D C:\Users\user\Documents\The Witcher 3
2016-06-02 02:38 - 2016-06-02 02:38 - 00000976 _____ C:\Users\user\Desktop\The Witcher 3 Wild Hunt Blood and Wine.lnk
2016-06-02 01:19 - 2016-06-02 01:19 - 00000895 _____ C:\Users\user\Downloads\Documents - Shortcut.lnk
2016-05-28 02:33 - 2016-05-28 02:33 - 00000000 ____D C:\Program Files (x86)\Andromax M2Y
2016-05-25 22:07 - 2016-05-25 22:13 - 131930703 _____ C:\Users\user\Downloads\Sakamoto_06_HD_HS_ACB.mkv
2016-05-24 19:39 - 2013-11-12 00:18 - 00000000 ____D C:\Users\user\Downloads\settings
2016-05-24 19:09 - 2016-05-24 19:10 - 00000000 ____D C:\RefreshImage
2016-05-24 17:48 - 2016-05-24 17:55 - 00000000 ____D C:\FRST
2016-05-24 09:39 - 2016-05-26 10:43 - 00000000 _____ C:\Recovery.txt
2016-05-23 20:12 - 2016-05-03 18:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-23 20:12 - 2016-05-03 18:22 - 00130848 _____ C:\Windows\System32\vulkan-1.dll
2016-05-23 20:12 - 2016-05-03 18:22 - 00045344 _____ C:\Windows\System32\vulkaninfo.exe
2016-05-23 20:12 - 2016-05-03 18:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-23 20:06 - 2016-06-02 23:38 - 00039124 _____ C:\Windows\System32\nvinfo.pb
2016-05-23 20:06 - 2016-05-19 23:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6436822.dll
2016-05-23 20:06 - 2016-05-19 23:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6436822.dll
2016-05-23 20:06 - 2016-05-19 23:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-23 20:06 - 2016-05-19 23:01 - 00000594 _____ C:\Windows\System32\nv-vk64.json
2016-05-23 19:27 - 2016-06-09 09:39 - 00792400 _____ C:\Windows\ntbtlog.txt
2016-05-23 17:11 - 2016-05-23 17:11 - 01163176 _____ C:\Windows\SysWOW64\vns18EB.tmp
2016-05-23 15:13 - 2016-05-23 15:14 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-05-23 15:12 - 2016-05-23 19:35 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2016-05-23 08:34 - 2016-05-23 08:32 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\System32\Drivers\TAOKernelEx64.sys
2016-05-23 08:33 - 2016-05-23 19:34 - 00000000 ____D C:\ProgramData\TXQMPC
2016-05-23 08:33 - 2016-05-23 08:33 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-05-23 08:32 - 2016-05-23 08:32 - 00097400 _____ (电脑管家) C:\Windows\System32\Drivers\TFsFltX64.sys
2016-05-23 08:31 - 2016-05-23 19:57 - 00000000 ____D C:\ProgramData\Tencent
2016-05-23 08:31 - 2016-05-23 09:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Tencent
2016-05-23 08:14 - 2016-05-23 08:14 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-05-23 08:14 - 2016-05-23 08:14 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-05-23 08:13 - 2016-05-23 15:24 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-05-23 08:09 - 2016-05-23 08:09 - 02279413 _____ C:\Users\user\AppData\Roaming\Trustdox.bin
2016-05-23 08:09 - 2016-05-23 08:09 - 00000000 ____D C:\ProgramData\Logic Handler
2016-05-23 08:08 - 2016-05-23 08:08 - 06859776 _____ C:\Users\user\AppData\Roaming\agent.dat
2016-05-23 08:08 - 2016-05-23 08:08 - 00076565 _____ C:\Users\user\AppData\Roaming\Lightantouch.bin
2016-05-23 08:08 - 2016-05-23 08:08 - 00018432 _____ C:\Users\user\AppData\Roaming\Main.dat
2016-05-23 08:07 - 2016-05-23 08:07 - 00127488 _____ C:\Users\user\AppData\Roaming\Installer.dat
2016-05-23 08:07 - 2016-05-23 08:07 - 00000000 ____D C:\Program Files (x86)\badu
2016-05-23 07:19 - 2016-05-23 07:19 - 00000000 ____D C:\Users\Public\Thunder Network
2016-05-23 07:19 - 2016-05-23 07:19 - 00000000 ____D C:\ProgramData\Thunder Network
2016-05-23 07:19 - 2016-05-23 07:19 - 00000000 ____D C:\ProgramData\Origin
2016-05-23 07:18 - 2016-05-23 07:18 - 00008832 _____ C:\Windows\System32\Tasks\Prehuph Manager
2016-05-23 07:18 - 2016-05-23 07:14 - 00001188 _____ C:\Windows\System32\Drivers\etc\hp.bak
2016-05-23 07:17 - 2016-05-23 17:33 - 00000000 ____D C:\Program Files (x86)\00000011-1464016640-0000-0000-74D02B76A879
2016-05-23 07:16 - 2016-05-23 16:04 - 00000000 ____D C:\Program Files (x86)\Prehuph
2016-05-23 07:16 - 2016-05-23 07:18 - 00000000 ____D C:\Program Files (x86)\Pfelywuru
2016-05-23 07:16 - 2016-05-23 07:16 - 00000000 ____D C:\Program Files (x86)\Sicotion
2016-05-23 07:14 - 2016-05-23 13:57 - 00000000 ____D C:\ProgramData\download
2016-05-23 07:14 - 2016-05-23 07:14 - 00293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll
2016-05-21 19:58 - 2016-05-21 19:59 - 00000000 ____D C:\Program Files (x86)\chichimiko
2016-05-21 07:08 - 2016-05-21 07:08 - 00000000 ____D C:\Users\user\Documents\team-tanabe
2016-05-21 06:01 - 2016-05-21 06:12 - 00000000 ____D C:\Users\user\AppData\Local\tyranoscript
2016-05-19 16:05 - 2016-05-19 16:05 - 00000247 _____ C:\Users\user\Downloads\uaspengpro5.m
2016-05-14 15:20 - 2016-05-09 20:07 - 01922496 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6436519.dll
2016-05-14 15:20 - 2016-05-09 20:07 - 01573432 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6436519.dll
2016-05-14 07:49 - 2016-04-13 21:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2016-05-14 07:49 - 2016-04-13 21:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-14 07:49 - 2016-04-13 21:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-09 18:09 - 2014-03-12 09:27 - 00000000 ____D C:\Users\user\AppData\Roaming\DMCache
2016-06-09 18:09 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-09 18:08 - 2014-03-11 08:31 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-233090218-3463545560-146620939-1004
2016-06-09 18:04 - 2014-02-28 16:19 - 01073690 _____ C:\Windows\System32\PerfStringBackup.INI
2016-06-09 18:04 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2016-06-09 17:59 - 2014-02-28 20:52 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-09 17:56 - 2014-03-15 05:44 - 00000737 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2016-06-09 12:36 - 2014-04-29 06:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-09 11:00 - 2014-09-14 00:39 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-06-09 09:42 - 2014-03-11 08:27 - 00000062 _____ C:\Users\user\AppData\Roaming\sp_data.sys
2016-06-09 09:41 - 2015-11-26 07:55 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-06-09 09:20 - 2013-08-22 05:25 - 00524288 ___SH C:\Windows\System32\config\BBI
2016-06-07 20:45 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\System32\NDF
2016-06-07 20:42 - 2014-02-28 16:42 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-07 01:58 - 2014-03-12 09:27 - 00000000 ____D C:\Users\user\Downloads\Compressed
2016-06-06 23:27 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-06 18:58 - 2014-11-08 16:29 - 00000000 ____D C:\users\MSSQL$SQLEXPRESS
2016-06-06 04:33 - 2014-02-28 22:06 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-06-05 20:19 - 2015-12-22 07:26 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-06-05 01:23 - 2014-03-12 09:27 - 00000000 ____D C:\Users\user\Downloads\Video
2016-06-03 08:16 - 2015-04-04 14:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-06-03 08:16 - 2015-04-04 14:53 - 00000000 ___SD C:\Windows\System32\GWX
2016-06-03 08:15 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-02 23:38 - 2015-11-20 18:57 - 00476664 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2016-06-02 23:38 - 2015-10-12 06:19 - 14346320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-06-02 23:38 - 2015-10-12 06:19 - 03383472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-06-02 23:38 - 2014-02-28 16:41 - 03825896 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2016-06-02 23:38 - 2014-02-28 16:41 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-06-02 23:38 - 2014-02-28 16:41 - 00178136 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2016-06-02 23:38 - 2014-02-28 16:41 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-06-02 19:26 - 2014-02-28 16:42 - 06362560 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2016-06-02 19:26 - 2014-02-28 16:42 - 02453952 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2016-06-02 19:26 - 2014-02-28 16:42 - 01764408 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2016-06-02 19:26 - 2014-02-28 16:42 - 01351104 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2016-06-02 19:26 - 2014-02-28 16:42 - 00534072 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2016-06-02 19:26 - 2014-02-28 16:42 - 00392128 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2016-06-02 19:26 - 2014-02-28 16:42 - 00081856 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2016-06-02 19:26 - 2014-02-28 16:42 - 00071224 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2016-06-02 04:19 - 2014-02-28 16:42 - 06452948 _____ C:\Windows\System32\nvcoproc.bin
2016-06-01 18:24 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-29 05:48 - 2014-04-03 11:15 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-05-25 20:06 - 2014-11-23 07:37 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-05-25 17:17 - 2015-11-25 18:07 - 00027138 _____ C:\Windows\diagwrn.xml
2016-05-25 17:17 - 2015-11-25 18:07 - 00023000 _____ C:\Windows\diagerr.xml
2016-05-24 19:43 - 2014-09-21 18:15 - 00001024 ____H C:\AMTAG.BIN
2016-05-23 23:19 - 2014-03-28 06:11 - 00000000 ____D C:\Program Files (x86)\osu!
2016-05-23 22:16 - 2015-07-25 02:49 - 00000000 ____D C:\Windows\softwaredistribution.bak
2016-05-23 20:17 - 2014-02-28 16:17 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-05-23 18:09 - 2015-03-06 06:34 - 00007605 _____ C:\Users\user\AppData\Local\resmon.resmoncfg
2016-05-23 17:33 - 2013-08-22 11:11 - 00000000 ____D C:\Windows\ShellNew
2016-05-23 16:49 - 2014-12-23 15:57 - 00001512 _____ C:\Users\user\Desktop\Mozilla Firefox.lnk
2016-05-23 16:25 - 2014-02-28 20:52 - 00000975 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-23 16:25 - 2014-02-28 17:36 - 00001100 _____ C:\Users\Public\Desktop\Splendid Utility.Lnk
2016-05-23 15:18 - 2014-11-23 07:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-23 15:13 - 2015-06-17 14:35 - 00001920 _____ C:\Windows\System32\Tasks\RTKCPL
2016-05-23 15:13 - 2015-06-17 12:52 - 00002980 _____ C:\Windows\System32\Tasks\DriverEasy Scheduled Scan
2016-05-23 15:13 - 2015-04-25 03:26 - 00001750 _____ C:\Windows\System32\Tasks\{55F63C47-4516-4006-9602-7FFE6DCBA4D4}
2016-05-23 15:13 - 2014-11-23 06:00 - 00001662 _____ C:\Windows\System32\Tasks\{C6CCD174-74FD-475D-911E-CB586995E6AF}
2016-05-23 15:13 - 2014-09-14 00:49 - 00002018 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ASUS-user
2016-05-23 15:13 - 2014-03-09 02:56 - 00002834 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-233090218-3463545560-146620939-500
2016-05-23 15:13 - 2014-03-01 11:47 - 00001904 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2016-05-23 15:13 - 2014-02-28 17:36 - 00001856 _____ C:\Windows\System32\Tasks\ASUS Splendid ColorU
2016-05-23 15:13 - 2014-02-28 17:36 - 00001840 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2016-05-23 15:13 - 2014-02-28 17:36 - 00001838 _____ C:\Windows\System32\Tasks\AsusVibeSchedule
2016-05-23 15:13 - 2014-02-28 16:50 - 00002400 _____ C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2016-05-23 15:13 - 2014-02-28 16:37 - 00000000 ____D C:\ProgramData\Intel
2016-05-23 15:13 - 2014-02-28 16:22 - 00002756 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-233090218-3463545560-146620939-1001
2016-05-23 15:13 - 2014-02-28 16:20 - 00002602 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{50F37B1D-639C-44E6-98F9-D5B9529BCAD3}
2016-05-23 15:10 - 2013-08-22 06:44 - 05156064 _____ C:\Windows\System32\FNTCACHE.DAT
2016-05-20 19:45 - 2014-09-13 17:14 - 00000000 ____D C:\Users\user\Documents\MATLAB
2016-05-17 17:21 - 2015-06-17 12:52 - 00000414 _____ C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2016-05-16 19:34 - 2016-04-06 06:51 - 00000000 ____D C:\Users\user\Downloads\Proposal KP
2016-05-15 20:10 - 2014-03-11 08:26 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-05-14 15:23 - 2016-03-11 04:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-14 07:50 - 2014-05-07 14:36 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA
2016-05-12 09:36 - 2016-03-13 03:38 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-12 09:36 - 2014-04-29 06:05 - 00003582 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-11 19:58 - 2014-12-14 19:42 - 00000000 ____D C:\Windows\System32\appraiser
2016-05-11 19:58 - 2013-08-22 11:11 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 12:08 - 2016-04-13 20:14 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 12:08 - 2016-04-13 20:14 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 06:58 - 2013-08-22 05:25 - 00000167 _____ C:\Windows\win.ini
2016-05-11 06:53 - 2014-03-01 20:14 - 00000000 ____D C:\Windows\System32\MRT
2016-05-11 06:39 - 2014-03-01 20:14 - 139319312 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\xldl.dll
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\A46C\AppData\Local\Temp\ExPromo.exe
C:\Users\A46C\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\A46C\AppData\Local\Temp\MSETUP4.EXE
C:\Users\user\AppData\Local\Temp\23333.exe
C:\Users\user\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\user\AppData\Local\Temp\Browser_V5.6.12150.8_f_4730_(Build1604251144).exe
C:\Users\user\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\user\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_72623_Silence.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2016-03-08 17:15] - [2016-01-05 07:00] - 0570880 ____A (Microsoft Corporation) B1102BBDDD9C87B3D609D6C08F7A3DBD

C:\Windows\System32\wininit.exe
[2015-12-08 13:01] - [2015-10-05 10:28] - 0146432 ____A (Microsoft Corporation) EC302D06155F8E3C383750993FCB6B27

C:\Windows\explorer.exe
[2016-04-13 09:16] - [2016-02-08 17:31] - 2757616 ____A (Microsoft Corporation) B3541A5A20C6264781909B1B7FE54836

C:\Windows\SysWOW64\explorer.exe
[2016-04-13 09:16] - [2016-02-08 17:31] - 2412576 ____A (Microsoft Corporation) 97A7A0521E059D242907EFB73A844F29

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2015-05-13 01:56] - [2015-04-08 14:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45

C:\Windows\System32\User32.dll
[2015-12-08 13:03] - [2015-11-08 16:41] - 1540728 ____A (Microsoft Corporation) 33094E2182C451BCFCFD60F734B1C4EF

C:\Windows\SysWOW64\User32.dll
[2015-12-08 13:03] - [2015-11-08 12:48] - 1376256 ____A (Microsoft Corporation) 72DF14DA8F1CC15F7BE4176DE0404D9E

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2016-04-13 09:16] - [2016-01-27 07:18] - 0817664 ____A (Microsoft Corporation) E4220FD9C7F1579D9C5F9DFB00427841

C:\Windows\System32\dnsapi.dll
[2014-12-28 06:36] - [2014-11-04 17:44] - 0657920 ____A (Microsoft Corporation) 0B082D6D7A53D91678E7409DD145E89C

C:\Windows\SysWOW64\dnsapi.dll
[2014-12-28 06:36] - [2014-11-04 17:20] - 0498688 ____A (Microsoft Corporation) 205BDB00F4C032AF45A6BFD18EA7886C

C:\Windows\System32\Drivers\volsnap.sys
[2016-05-10 22:23] - [2016-03-14 08:50] - 0316760 ____A (Microsoft Corporation) 17F7B0F2298D97F4B6C7A69511033D3D


==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2016-06-09 09:14

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8077.59 MB
Available physical RAM: 7175.37 MB
Total Virtual: 8077.59 MB
Available Virtual: 7200.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.24 GB) (Free:32.36 GB) NTFS
Drive d: (DATA) (Fixed) (Total:180 GB) (Free:62.52 GB) NTFS
Drive e: (USER) (Removable) (Total:14.52 GB) (Free:14.15 GB) FAT32
Drive g: (Recovery) (Fixed) (Total:0.29 GB) (Free:0.06 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A8800A82)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.5 GB) (Disk ID: 00000000)

Partition: GPT.


LastRegBack: 2015-11-17 08:02

==================== End of FRST.txt ============================

 

=============================================================

 

but there wasnt any of this addition.txt that you expected in my flash drive

if it is necessary, how can i bring it out?

thanks :)
 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 10 June 2016 - 10:35 AM

Greetings and welcome,

You can skip quoting from the previous post. Thanks for the updated information.

When you run FRST in the Recovery Environment there won't be an Addition.txt report.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM\...\Winlogon: [Userinit] wscript,
HKLM-x32\...\Winlogon: [Userinit] wscript, [X]
BootExecute:
S2 QQRepair246c; no ImagePath
S2 QQRepairFixSVC; no ImagePath
S1 QMUdisk; no ImagePath
S1 softaal; no ImagePath
S1 SRepairDrv; no ImagePath
S2 tsnethlpx64; no ImagePath
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]
2016-05-23 08:09 - 2016-05-23 08:09 - 02279413 _____ C:\Users\user\AppData\Roaming\Trustdox.bin
2016-05-23 08:09 - 2016-05-23 08:09 - 00000000 ____D C:\ProgramData\Logic Handler
2016-05-23 08:08 - 2016-05-23 08:08 - 06859776 _____ C:\Users\user\AppData\Roaming\agent.dat
2016-05-23 08:08 - 2016-05-23 08:08 - 00076565 _____ C:\Users\user\AppData\Roaming\Lightantouch.bin
2016-05-23 08:08 - 2016-05-23 08:08 - 00018432 _____ C:\Users\user\AppData\Roaming\Main.dat
2016-05-23 08:07 - 2016-05-23 08:07 - 00127488 _____ C:\Users\user\AppData\Roaming\Installer.dat
2016-05-23 08:07 - 2016-05-23 08:07 - 00000000 ____D C:\Program Files (x86)\badu
2016-05-23 07:18 - 2016-05-23 07:18 - 00008832 _____ C:\Windows\System32\Tasks\Prehuph Manager
2016-05-23 07:18 - 2016-05-23 07:14 - 00001188 _____ C:\Windows\System32\Drivers\etc\hp.bak
2016-05-23 07:17 - 2016-05-23 17:33 - 00000000 ____D C:\Program Files (x86)\00000011-1464016640-0000-0000-74D02B76A879
2016-05-23 07:16 - 2016-05-23 16:04 - 00000000 ____D C:\Program Files (x86)\Prehuph
2016-05-23 07:16 - 2016-05-23 07:18 - 00000000 ____D C:\Program Files (x86)\Pfelywuru
2016-05-23 07:16 - 2016-05-23 07:16 - 00000000 ____D C:\Program Files (x86)\Sicotion
2016-05-23 07:14 - 2016-05-23 13:57 - 00000000 ____D C:\ProgramData\download
2016-05-23 07:14 - 2016-05-23 07:14 - 00293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll
2016-05-19 16:05 - 2016-05-19 16:05 - 00000247 _____ C:\Users\user\Downloads\uaspengpro5.m
C:\ProgramData\xldl.dll
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\A46C\AppData\Local\Temp\ExPromo.exe
C:\Users\A46C\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\A46C\AppData\Local\Temp\MSETUP4.EXE
C:\Users\user\AppData\Local\Temp\23333.exe
C:\Users\user\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\user\AppData\Local\Temp\Browser_V5.6.12150.8_f_4730_(Build1604251144).exe
C:\Users\user\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\user\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_72623_Silence.exe
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
  • If you can boot, run another FRST scan making sure Addition.txt is checked.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • Can you boot?
  • FRST reports, if applicable

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 whoisthat

whoisthat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 10 June 2016 - 01:02 PM

i'm glad that the problems have been fixed

 

yes, i can boot normally into desktop without going into the black screen with pointer anymore

and please let me know if there is another problems :thumbup2:

==================================================================================

 

 

did u mean fixlog.txt instead of fixlist

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:23-05-2016
Ran by SYSTEM (2016-06-11 00:29:47) Run:1
Running from e:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM\...\Winlogon: [Userinit] wscript,
HKLM-x32\...\Winlogon: [Userinit] wscript, [X]
BootExecute:
S2 QQRepair246c; no ImagePath
S2 QQRepairFixSVC; no ImagePath
S1 QMUdisk; no ImagePath
S1 softaal; no ImagePath
S1 SRepairDrv; no ImagePath
S2 tsnethlpx64; no ImagePath
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]
2016-05-23 08:09 - 2016-05-23 08:09 - 02279413 _____ C:\Users\user\AppData\Roaming\Trustdox.bin
2016-05-23 08:09 - 2016-05-23 08:09 - 00000000 ____D C:\ProgramData\Logic Handler
2016-05-23 08:08 - 2016-05-23 08:08 - 06859776 _____ C:\Users\user\AppData\Roaming\agent.dat
2016-05-23 08:08 - 2016-05-23 08:08 - 00076565 _____ C:\Users\user\AppData\Roaming\Lightantouch.bin
2016-05-23 08:08 - 2016-05-23 08:08 - 00018432 _____ C:\Users\user\AppData\Roaming\Main.dat
2016-05-23 08:07 - 2016-05-23 08:07 - 00127488 _____ C:\Users\user\AppData\Roaming\Installer.dat
2016-05-23 08:07 - 2016-05-23 08:07 - 00000000 ____D C:\Program Files (x86)\badu
2016-05-23 07:18 - 2016-05-23 07:18 - 00008832 _____ C:\Windows\System32\Tasks\Prehuph Manager
2016-05-23 07:18 - 2016-05-23 07:14 - 00001188 _____ C:\Windows\System32\Drivers\etc\hp.bak
2016-05-23 07:17 - 2016-05-23 17:33 - 00000000 ____D C:\Program Files (x86)\00000011-1464016640-0000-0000-74D02B76A879
2016-05-23 07:16 - 2016-05-23 16:04 - 00000000 ____D C:\Program Files (x86)\Prehuph
2016-05-23 07:16 - 2016-05-23 07:18 - 00000000 ____D C:\Program Files (x86)\Pfelywuru
2016-05-23 07:16 - 2016-05-23 07:16 - 00000000 ____D C:\Program Files (x86)\Sicotion
2016-05-23 07:14 - 2016-05-23 13:57 - 00000000 ____D C:\ProgramData\download
2016-05-23 07:14 - 2016-05-23 07:14 - 00293320 _____ (?????????????) C:\ProgramData\xldl.dll
2016-05-19 16:05 - 2016-05-19 16:05 - 00000247 _____ C:\Users\user\Downloads\uaspengpro5.m
C:\ProgramData\xldl.dll
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\A46C\AppData\Local\Temp\ExPromo.exe
C:\Users\A46C\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\A46C\AppData\Local\Temp\MSETUP4.EXE
C:\Users\user\AppData\Local\Temp\23333.exe
C:\Users\user\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\user\AppData\Local\Temp\Browser_V5.6.12150.8_f_4730_(Build1604251144).exe
C:\Users\user\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\user\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_72623_Silence.exe
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
hklm\System\ControlSet001\Control\Session Manager\\BootExecute => value restored successfully
QQRepair246c => service removed successfully
QQRepairFixSVC => service removed successfully
QMUdisk => service removed successfully
softaal => service removed successfully
SRepairDrv => service removed successfully
tsnethlpx64 => service removed successfully
BprotectEx => service removed successfully
PCFApiUtil => service removed successfully
C:\Users\user\AppData\Roaming\Trustdox.bin => moved successfully
C:\ProgramData\Logic Handler => moved successfully
C:\Users\user\AppData\Roaming\agent.dat => moved successfully
C:\Users\user\AppData\Roaming\Lightantouch.bin => moved successfully
C:\Users\user\AppData\Roaming\Main.dat => moved successfully
C:\Users\user\AppData\Roaming\Installer.dat => moved successfully
C:\Program Files (x86)\badu => moved successfully
C:\Windows\System32\Tasks\Prehuph Manager => moved successfully
C:\Windows\System32\Drivers\etc\hp.bak => moved successfully
C:\Program Files (x86)\00000011-1464016640-0000-0000-74D02B76A879 => moved successfully
"C:\Program Files (x86)\Prehuph" => not found.
C:\Program Files (x86)\Pfelywuru => moved successfully
"C:\Program Files (x86)\Sicotion" => not found.
C:\ProgramData\download => moved successfully
C:\ProgramData\xldl.dll => moved successfully
C:\Users\user\Downloads\uaspengpro5.m => moved successfully
"C:\ProgramData\xldl.dll" => not found.
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
C:\Users\A46C\AppData\Local\Temp\ExPromo.exe => moved successfully
C:\Users\A46C\AppData\Local\Temp\GomEncDnInstaller.exe => moved successfully
C:\Users\A46C\AppData\Local\Temp\MSETUP4.EXE => moved successfully
C:\Users\user\AppData\Local\Temp\23333.exe => moved successfully
C:\Users\user\AppData\Local\Temp\AdobeApplicationManager.exe => moved successfully
C:\Users\user\AppData\Local\Temp\Browser_V5.6.12150.8_f_4730_(Build1604251144).exe => moved successfully
C:\Users\user\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
C:\Users\user\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
C:\Users\user\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_72623_Silence.exe => moved successfully

==== End of Fixlog 00:29:49 ====

 

===========================================================================================

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-06-2016
Ran by user (administrator) on ASUS (11-06-2016 00:42:30)
Running from G:\
Loaded Profiles: user & MSSQL$SQLEXPRESS (Available Profiles: user & Administrator & MSSQL$SQLEXPRESS)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Program Files (x86)\Andromax M2Y\FI_Eject.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Users\user\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-04-20] (Tonec Inc.)
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-10-15] (Sony)
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\MountPoints2: {703d2a53-de77-11e4-849b-74d02b76a879} - "H:\install.exe"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\MountPoints2: {af70ea80-e955-11e4-84ab-74d02b76a879} - "H:\./MTP/LMPC.exe"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\MountPoints2: {c4c2fae8-d207-11e5-869b-74d02b76a879} - "G:\AutoRun.exe"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\MountPoints2: {cfa22059-58b9-11e4-83bd-74d02b76a879} - "F:\AutoRun.exe"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\MountPoints2: {eb163866-23c6-11e4-835e-74d02b76a879} - "F:\Startme.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178136 2016-06-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-06-03] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-233090218-3463545560-146620939-1004] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 202.73.99.2 61.247.0.133 202.73.99.4
Tcpip\..\Interfaces\{4FBBB5B9-8A76-489A-90E5-8661F3B553ED}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{639C1A9E-3A21-4E22-95D5-4483EEA8AF5B}: [NameServer] 209.244.0.3,209.244.0.4
Tcpip\..\Interfaces\{639C1A9E-3A21-4E22-95D5-4483EEA8AF5B}: [DhcpNameServer] 202.73.99.2 61.247.0.133 202.73.99.4
Tcpip\..\Interfaces\{D2DED3A3-7A10-4FC3-A434-22A0DBCD9045}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-233090218-3463545560-146620939-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://u.msn.com/id-id/?ocid=iehp
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION => Default URLSearchHook is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-25] (CANON INC.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-25] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-17] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-17] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-25] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-25] (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sza3zpld.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-12-01] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-28] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-233090218-3463545560-146620939-1004: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-28] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvn3997n.dev-edition-default\searchplugins\2in857ge.xml [2016-05-23]
FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sza3zpld.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-04-30]
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sza3zpld.default\extensions\mozilla_cc@internetdownloadmanager.com [2015-05-22] [not signed]
FF Extension: anonymoX - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sza3zpld.default\Extensions\client@anonymox.net.xpi [2015-09-28]
FF Extension: Ghostery - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sza3zpld.default\Extensions\firefox@ghostery.com.xpi [2016-05-04]
FF Extension: MEGA - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sza3zpld.default\Extensions\firefox@mega.co.nz.xpi [2016-05-30]
FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sza3zpld.default\Extensions\firefox@zenmate.com.xpi [2016-03-02]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sza3zpld.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Air Globe 1.0.1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvn3997n.dev-edition-default\Extensions\{168ea170-a682-4a6a-be62-f8928e526a66}.xpi [2015-04-25] [not signed]
FF HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2016-06-11] [not signed]
FF HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-30] (Atheros Commnucations)
R2 CDROM_Eject_Smart_907; C:\Program Files (x86)\Andromax M2Y\FI_Eject.exe [346624 2016-03-18] () [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] () [File not signed]
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] () [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192192 2015-05-05] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-05-05] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 backlh; C:\ProgramData\Logic Handler\set.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-17] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [97680 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-01-20] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-06] (Sony Mobile Communications)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 REN2CAP_DRIVER; C:\Windows\system32\drivers\ren2cap.sys [46728 2012-01-05] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-08 11:42 - 2016-06-08 11:42 - 00000000 ____D C:\Windows\SysWOW64\NV
2016-06-08 11:42 - 2016-06-08 11:42 - 00000000 ____D C:\Windows\system32\NV
2016-06-08 11:40 - 2016-06-08 11:41 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-06-08 11:39 - 2016-06-03 14:38 - 39979576 _____ C:\Windows\system32\nvcompiler.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 35115456 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 31603768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 25377848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 21802280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 21346712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 19180152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 18143912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 17738592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 17290416 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 16756888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 13460536 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-06-08 11:39 - 2016-06-03 14:38 - 10643240 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 08733608 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 03512888 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 03065280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436839.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436839.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00985144 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00908736 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00769984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00707520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00422752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00131768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-06-08 11:39 - 2016-06-03 14:38 - 00039992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2016-06-07 00:15 - 2016-06-07 00:19 - 102681501 _____ C:\Users\user\Downloads\Sakamoto_08_HD_HS_ACB.mkv
2016-06-07 00:14 - 2016-06-07 00:18 - 133916230 _____ C:\Users\user\Downloads\Sakamoto_07_HD_HS_ACB.mkv
2016-06-02 17:42 - 2016-06-03 22:15 - 00000000 ____D C:\Users\user\Documents\The Witcher 3
2016-06-02 17:38 - 2016-06-02 17:38 - 00000976 _____ C:\Users\user\Desktop\The Witcher 3 Wild Hunt Blood and Wine.lnk
2016-06-02 16:19 - 2016-06-02 16:19 - 00000895 _____ C:\Users\user\Downloads\Documents - Shortcut.lnk
2016-05-28 17:33 - 2016-05-28 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andromax M2Y
2016-05-28 17:33 - 2016-05-28 17:33 - 00000000 ____D C:\Program Files (x86)\Andromax M2Y
2016-05-26 13:07 - 2016-05-26 13:13 - 131930703 _____ C:\Users\user\Downloads\Sakamoto_06_HD_HS_ACB.mkv
2016-05-25 10:39 - 2013-11-12 15:18 - 00000000 ____D C:\Users\user\Downloads\settings
2016-05-25 10:09 - 2016-05-25 10:10 - 00000000 ____D C:\RefreshImage
2016-05-25 08:48 - 2016-06-11 00:42 - 00000000 ____D C:\FRST
2016-05-25 00:39 - 2016-05-27 01:43 - 00000000 _____ C:\Recovery.txt
2016-05-24 11:12 - 2016-05-04 09:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-24 11:12 - 2016-05-04 09:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-05-24 11:12 - 2016-05-04 09:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-24 11:12 - 2016-05-04 09:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-24 11:06 - 2016-06-03 14:38 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-05-24 11:06 - 2016-05-20 14:01 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436822.dll
2016-05-24 11:06 - 2016-05-20 14:01 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436822.dll
2016-05-24 11:06 - 2016-05-20 14:01 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-24 11:06 - 2016-05-20 14:01 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-05-24 10:27 - 2016-06-10 00:39 - 00792400 _____ C:\Windows\ntbtlog.txt
2016-05-24 08:11 - 2016-05-24 08:11 - 01163176 _____ C:\Windows\SysWOW64\vns18EB.tmp
2016-05-24 06:13 - 2016-05-24 06:14 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-05-24 06:12 - 2016-05-24 10:35 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2016-05-23 23:34 - 2016-05-23 23:32 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys
2016-05-23 23:33 - 2016-05-24 10:34 - 00000000 ____D C:\ProgramData\TXQMPC
2016-05-23 23:33 - 2016-05-23 23:33 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-05-23 23:32 - 2016-05-24 10:57 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-05-23 23:32 - 2016-05-23 23:32 - 00097400 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-05-23 23:31 - 2016-05-24 10:57 - 00000000 ____D C:\ProgramData\Tencent
2016-05-23 23:31 - 2016-05-24 00:01 - 00000000 ____D C:\Users\user\AppData\Roaming\Tencent
2016-05-23 23:14 - 2016-05-23 23:14 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-05-23 23:14 - 2016-05-23 23:14 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-05-23 23:13 - 2016-05-24 06:24 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-05-23 22:19 - 2016-05-23 22:19 - 00000000 ____D C:\Users\Public\Thunder Network
2016-05-23 22:19 - 2016-05-23 22:19 - 00000000 ____D C:\ProgramData\Thunder Network
2016-05-23 22:19 - 2016-05-23 22:19 - 00000000 ____D C:\ProgramData\Origin
2016-05-22 10:58 - 2016-05-22 10:59 - 00000000 ____D C:\Program Files (x86)\chichimiko
2016-05-21 22:08 - 2016-05-21 22:08 - 00000000 ____D C:\Users\user\Documents\team-tanabe
2016-05-21 21:01 - 2016-05-21 21:12 - 00000000 ____D C:\Users\user\AppData\Local\tyranoscript
2016-05-20 17:23 - 2016-06-11 00:42 - 00001537 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk
2016-05-15 06:20 - 2016-05-10 11:07 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436519.dll
2016-05-15 06:20 - 2016-05-10 11:07 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436519.dll
2016-05-14 22:49 - 2016-04-14 12:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-14 22:49 - 2016-04-14 12:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-14 22:49 - 2016-04-14 12:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-11 00:41 - 2014-03-15 20:44 - 00000737 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-06-11 00:41 - 2014-03-11 23:27 - 00000062 _____ C:\Users\user\AppData\Roaming\sp_data.sys
2016-06-11 00:40 - 2015-11-26 22:55 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-06-11 00:40 - 2013-08-22 21:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-11 00:40 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\Inf
2016-06-11 00:34 - 2014-03-13 00:27 - 00000000 ____D C:\Users\user\AppData\Roaming\DMCache
2016-06-10 23:36 - 2014-04-29 21:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-10 21:08 - 2014-03-01 11:52 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-10 15:17 - 2014-03-13 00:27 - 00000000 ____D C:\Users\user\Downloads\Video
2016-06-10 09:54 - 2014-03-11 23:31 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-233090218-3463545560-146620939-1004
2016-06-10 09:26 - 2014-03-01 07:19 - 01073690 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-10 02:00 - 2014-09-14 15:39 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-06-10 00:20 - 2013-08-22 20:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-08 11:45 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\system32\NDF
2016-06-08 11:42 - 2014-03-01 07:42 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-07 16:58 - 2014-03-13 00:27 - 00000000 ____D C:\Users\user\Downloads\Compressed
2016-06-07 14:27 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-07 09:58 - 2014-11-09 07:29 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2016-06-06 19:33 - 2014-03-01 13:06 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-06-06 11:19 - 2015-12-22 22:26 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-06-04 01:01 - 2016-05-04 09:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 23:19 - 2013-08-22 22:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-03 23:16 - 2015-04-05 05:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-06-03 23:16 - 2015-04-05 05:53 - 00000000 ___SD C:\Windows\system32\GWX
2016-06-03 14:38 - 2015-11-21 09:57 - 00476664 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-06-03 14:38 - 2015-10-12 21:19 - 14346320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-06-03 14:38 - 2015-10-12 21:19 - 03383472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-06-03 14:38 - 2014-03-01 07:41 - 03825896 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-06-03 14:38 - 2014-03-01 07:41 - 00394912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-06-03 14:38 - 2014-03-01 07:41 - 00178136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-06-03 14:38 - 2014-03-01 07:41 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-06-03 10:26 - 2014-03-01 07:42 - 06362560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-06-03 10:26 - 2014-03-01 07:42 - 02453952 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-06-03 10:26 - 2014-03-01 07:42 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-06-03 10:26 - 2014-03-01 07:42 - 01351104 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-06-03 10:26 - 2014-03-01 07:42 - 00534072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-06-03 10:26 - 2014-03-01 07:42 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-06-03 10:26 - 2014-03-01 07:42 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-06-03 10:26 - 2014-03-01 07:42 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-06-02 19:19 - 2014-03-01 07:42 - 06452948 _____ C:\Windows\system32\nvcoproc.bin
2016-06-02 09:24 - 2013-08-22 22:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-29 20:48 - 2014-04-04 02:15 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-05-26 11:06 - 2014-11-23 22:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-26 08:17 - 2015-11-26 09:07 - 00027138 _____ C:\Windows\diagwrn.xml
2016-05-26 08:17 - 2015-11-26 09:07 - 00023000 _____ C:\Windows\diagerr.xml
2016-05-25 10:43 - 2014-09-22 09:15 - 00001024 ____H C:\AMTAG.BIN
2016-05-24 14:19 - 2014-03-28 21:11 - 00000000 ____D C:\Program Files (x86)\osu!
2016-05-24 13:16 - 2015-07-25 17:49 - 00000000 ____D C:\Windows\softwaredistribution.bak
2016-05-24 11:17 - 2014-03-01 07:17 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-05-24 09:09 - 2015-03-06 21:34 - 00007605 _____ C:\Users\user\AppData\Local\resmon.resmoncfg
2016-05-24 08:33 - 2013-08-23 02:11 - 00000000 ____D C:\Windows\ShellNew
2016-05-24 07:49 - 2014-12-24 06:57 - 00001512 _____ C:\Users\user\Desktop\Mozilla Firefox.lnk
2016-05-24 07:35 - 2015-06-27 13:40 - 00001860 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-05-24 07:34 - 2015-09-20 15:56 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-24 07:34 - 2015-05-21 21:55 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-05-24 07:34 - 2014-09-14 15:50 - 00002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
2016-05-24 07:33 - 2014-09-14 15:47 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2016-05-24 07:33 - 2014-09-14 15:46 - 00001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
2016-05-24 07:33 - 2014-09-14 15:42 - 00001420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-24 07:32 - 2015-04-03 20:28 - 00000969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2016-05-24 07:26 - 2014-03-11 23:26 - 00001442 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 07:25 - 2014-03-01 11:52 - 00000975 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-24 07:25 - 2014-03-01 08:36 - 00001100 _____ C:\Users\Public\Desktop\Splendid Utility.Lnk
2016-05-24 06:18 - 2014-11-23 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-24 06:18 - 2014-11-23 22:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-24 06:13 - 2015-06-18 05:35 - 00001920 _____ C:\Windows\System32\Tasks\RTKCPL
2016-05-24 06:13 - 2015-06-18 03:52 - 00002980 _____ C:\Windows\System32\Tasks\DriverEasy Scheduled Scan
2016-05-24 06:13 - 2015-04-25 18:26 - 00001750 _____ C:\Windows\System32\Tasks\{55F63C47-4516-4006-9602-7FFE6DCBA4D4}
2016-05-24 06:13 - 2014-11-23 21:00 - 00001662 _____ C:\Windows\System32\Tasks\{C6CCD174-74FD-475D-911E-CB586995E6AF}
2016-05-24 06:13 - 2014-09-14 15:49 - 00002018 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-ASUS-user
2016-05-24 06:13 - 2014-03-09 17:56 - 00002834 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-233090218-3463545560-146620939-500
2016-05-24 06:13 - 2014-03-02 02:47 - 00001904 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
2016-05-24 06:13 - 2014-03-01 08:36 - 00001856 _____ C:\Windows\System32\Tasks\ASUS Splendid ColorU
2016-05-24 06:13 - 2014-03-01 08:36 - 00001840 _____ C:\Windows\System32\Tasks\ASUS Splendid ACMON
2016-05-24 06:13 - 2014-03-01 08:36 - 00001838 _____ C:\Windows\System32\Tasks\AsusVibeSchedule
2016-05-24 06:13 - 2014-03-01 07:50 - 00002400 _____ C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2016-05-24 06:13 - 2014-03-01 07:37 - 00000000 ____D C:\ProgramData\Intel
2016-05-24 06:13 - 2014-03-01 07:22 - 00002756 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-233090218-3463545560-146620939-1001
2016-05-24 06:13 - 2014-03-01 07:20 - 00002602 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{50F37B1D-639C-44E6-98F9-D5B9529BCAD3}
2016-05-24 06:10 - 2013-08-22 21:44 - 05156064 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-21 10:45 - 2014-09-14 08:14 - 00000000 ____D C:\Users\user\Documents\MATLAB
2016-05-18 08:21 - 2015-06-18 03:52 - 00000414 _____ C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2016-05-17 10:34 - 2016-04-06 21:51 - 00000000 ____D C:\Users\user\Downloads\Proposal KP
2016-05-16 11:10 - 2014-03-11 23:26 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-05-15 06:23 - 2016-03-11 19:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-14 22:50 - 2014-05-08 05:36 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA
2016-05-13 00:36 - 2016-03-13 18:38 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-13 00:36 - 2014-04-29 21:05 - 00003582 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 10:58 - 2014-12-15 10:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 10:58 - 2013-08-23 02:11 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:08 - 2016-04-14 11:14 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 03:08 - 2016-04-14 11:14 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-07-08 17:46 - 2015-07-08 17:46 - 1415680 _____ (wj32) C:\Program Files\3O2HRA55.exe
2015-06-28 15:12 - 2015-06-28 15:12 - 1415680 _____ (wj32) C:\Program Files\4P5UFL8G.exe
2015-06-30 19:44 - 2015-06-30 19:44 - 1415680 _____ (wj32) C:\Program Files\CN3K1BP2.exe
2015-06-27 18:42 - 2015-06-27 18:42 - 1415680 _____ (wj32) C:\Program Files\EYGHI01D.exe
2015-06-27 18:15 - 2015-06-27 18:15 - 1415680 _____ (wj32) C:\Program Files\JVP1X7PB.exe
2015-06-30 04:52 - 2015-06-30 04:52 - 1415680 _____ (wj32) C:\Program Files\K7SFN8T5.exe
2015-07-01 17:55 - 2015-07-01 17:55 - 1415680 _____ (wj32) C:\Program Files\NNKOS24Z.exe
2015-07-01 16:08 - 2015-07-01 16:08 - 1415680 _____ (wj32) C:\Program Files\NXTHPL1V.exe
2015-06-27 04:38 - 2015-06-27 04:38 - 1415680 _____ (wj32) C:\Program Files\RVZFJRNR.exe
2014-12-02 21:15 - 2013-11-06 18:28 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2015-07-08 21:30 - 2015-07-08 21:32 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe GIF Format CC Prefs
2014-10-06 16:29 - 2014-10-11 18:02 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CC Prefs
2014-03-23 06:59 - 2014-03-23 06:59 - 0000021 _____ () C:\Users\user\AppData\Roaming\my_intel.sys
2004-03-07 14:30 - 2004-03-07 14:30 - 0000016 _____ () C:\Users\user\AppData\Roaming\QNVW601P.dll
2014-03-11 23:27 - 2016-06-11 00:41 - 0000062 _____ () C:\Users\user\AppData\Roaming\sp_data.sys
2016-01-20 10:49 - 2016-01-20 10:49 - 229845735 _____ () C:\Users\user\AppData\Local\ACCCx3_4_3_189.zip.aamdownload
2016-01-20 10:49 - 2016-01-20 10:49 - 0002657 _____ () C:\Users\user\AppData\Local\ACCCx3_4_3_189.zip.aamdownload.aamd
2015-09-15 17:49 - 2015-09-15 20:54 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-09-29 11:26 - 2014-10-21 13:20 - 0006144 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-06 21:34 - 2016-05-24 09:09 - 0007605 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-06-18 05:35 - 2015-06-18 05:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-01 08:28 - 2014-03-02 02:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-03-01 08:27 - 2014-03-02 02:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-17 23:02

==================== End of FRST.txt ============================

 

============================================================

Addition.txt if necessary

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by user (2016-06-11 00:45:24)
Running from G:\
Windows 8.1 Pro (Update) (X64) (2014-03-01 00:16:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-233090218-3463545560-146620939-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-233090218-3463545560-146620939-501 - Limited - Disabled)
user (S-1-5-21-233090218-3463545560-146620939-1004 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Andromax M2Y (HKLM-x32\...\Andromax M2Y_is1) (Version:  - )
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avogadro (HKLM-x32\...\Avogadro) (Version: 1.0.1 - Humanity)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.00 - Canon Inc.)
Canon MP230 series On-screen Manual (HKLM-x32\...\Canon MP230 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dynasty Warriors 8 Xtreme Legends version 1.02 (HKLM-x32\...\{F2CA1EE3-A492-4220-AE30-69F963100DE2}_is1) (Version: 1.02 - Koei Tecmo)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Free Pascal 2.6.2 (HKLM-x32\...\FreePascal_is1) (Version:  - Free Pascal Team)
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
GDR 3153 for SQL Server 2012 (KB2977326) (64-bit) (HKLM\...\KB2977326) (Version: 11.1.3153.0 - Microsoft Corporation)
GDR 3156 for SQL Server 2012 (KB3045318) (64-bit) (HKLM\...\KB3045318) (Version: 11.1.3156.0 - Microsoft Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
K-Lite Mega Codec Pack 10.5.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
LINE (HKLM-x32\...\LINE) (Version: 4.6.1.931 - LINE Corporation)
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mathcad 14 (HKLM-x32\...\{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}) (Version: 14.0.3.0 - PTC)
Mathcad 14 Help (HKLM-x32\...\{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}) (Version: 14 - Mathsoft)
Mathcad 14 Resource Center (HKLM-x32\...\{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}) (Version: 14 - Mathsoft)
Mathworks Matlab 2013a (HKLM-x32\...\Mathworks Matlab 2013a) (Version:  - )
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{8909B8A7-CEAB-4772-BF29-1892C4E6603B}) (Version: 8.05.2309 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{4F640A82-635E-431A-856A-F43E5EAAC130}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8AC82589-7217-48FE-9051-AE6D3B211B14}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{f9024a51-ab45-4a46-b597-ce12f74963c7}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0a2 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{6f895c3f-d065-40e7-9fe0-3a03640d48e7}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.236 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Witcher 3 Wild Hunt Blood and Wine (HKLM-x32\...\The Witcher 3 Wild Hunt Blood and Wine_is1) (Version:  - )
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.1.2 - Azureus Software, Inc.)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {128F3741-FD19-46A9-9AE5-878F676A4163} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {1325E710-36FB-4EA3-A249-B09D582C5584} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {17F420A9-9DB0-4E5A-A730-B43DD1235517} - \Prehuph Manager -> No File <==== ATTENTION
Task: {1F723552-F194-43D6-BE7A-73E0AA6BB34D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {260079A8-FB42-48B0-A9E3-7FC444A11AEC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
Task: {2AF8BCEC-DD37-4144-AF03-172D3E38C775} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {2EDF1631-5FF9-4068-85BD-CD22A8C660CB} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-30] (ASUS)
Task: {4431D1C6-00FD-470E-92A2-FD3E1956C601} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {4444D3C8-D0AB-4D1C-8801-C32301790291} - System32\Tasks\{55F63C47-4516-4006-9602-7FFE6DCBA4D4} => pcalua.exe -a C:\Users\user\Downloads\Programs\RazerSurroundInstaller_v2.00.10.exe -d C:\Users\user\AppData\Roaming\IDM
Task: {51A94F11-6092-4344-99BB-1663D4C3FD5E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {51DE6345-91EF-4D0B-AB00-10AE5C39842E} - System32\Tasks\{C6CCD174-74FD-475D-911E-CB586995E6AF} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {6DFF31A0-BB4D-498B-9A8B-5FE1EB363261} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {6FEFF556-44DE-4159-BF49-3F4DFE2ADCAF} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-08-23] (AsusTek)
Task: {88A4D561-9AA9-46FF-8FC6-C314236A4C20} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-19] (ASUSTek Computer Inc.)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {BCC35D3E-B614-4610-8746-F325F6E32529} - System32\Tasks\AdobeAAMUpdater-1.0-ASUS-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D660843E-D470-406D-8FD5-846253F8EA20} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-05-15] (Realtek Semiconductor)
Task: {E1EC1B45-3FD9-44EC-9C3A-268244E72DD3} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-30] ()
Task: {ED3353D4-E3D6-4F30-B75B-C0E851FD2D2C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-01 07:42 - 2016-06-03 10:26 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-30 08:15 - 2012-11-30 08:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2016-05-28 17:33 - 2016-03-18 16:39 - 00346624 _____ () C:\Program Files (x86)\Andromax M2Y\FI_Eject.exe
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-01 13:06 - 2012-03-28 19:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-03-02 06:44 - 2016-05-02 12:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-22 08:38 - 2016-05-02 12:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-02 22:20 - 2016-05-02 12:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-02 06:44 - 2016-05-02 12:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-02 22:20 - 2016-05-02 12:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-02 22:20 - 2016-05-02 12:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-02 22:20 - 2016-05-02 12:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-27 21:39 - 2016-05-02 12:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-02 22:20 - 2016-05-02 12:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-02 22:20 - 2016-05-02 12:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2016-05-24 10:45 - 00001188 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233090218-3463545560-146620939-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\1440x900.jpg
DNS Servers: 209.244.0.3 - 209.244.0.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\StartupApproved\StartupFolder: => "Microsoft SharePoint Workspace.lnk"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-233090218-3463545560-146620939-1004\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A2D46287-7437-45CC-94E4-AF2DA6E0EB9F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9000C4A6-05E5-46A6-9219-A7474E591626}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D340DFFE-5F61-457A-A3B8-8EAB7E2EA1A3}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{F7143AC9-9362-44C7-8F1A-6438079DF8C1}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{403A36B5-9865-4725-AB15-FE7EB214C114}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{DA341A86-4656-4185-BBD2-BBC1ACCC0BF2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BC6AE99F-439C-4F5E-A264-B7D025B43B1E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4057A52E-885D-4CC0-BE1F-DFA5A938B701}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BA2EEF05-2347-4B95-99C7-E79D8C2094EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{12D50B3E-49D8-496F-B540-26A6CB3455C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{788F7CD1-8071-4394-9D38-A94F97F09F53}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2C6ED4E-E05F-4D04-AAEB-29B6B51F2730}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5E5991E3-AAF0-488E-BF82-950EAE5BE7B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{E0FFD31B-C94F-4923-A696-4D0722AA03A9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6C5FBBB3-3D46-4001-BC45-0BE9BC4F40CB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A5F3F550-70AB-4681-8A50-E0A8827CA6C2}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe
FirewallRules: [{45AFE5E5-78EC-46F8-A250-9D0C59941B3D}] => (Allow) C:\Program Files (x86)\LINE\LINE.exe
FirewallRules: [TCP Query User{724B36B6-B8F3-47D7-9CA9-757EF6608FC3}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [UDP Query User{9A60EE92-4040-40B7-B6C0-C53598338A1A}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{EF9ECE17-FC66-404F-85BB-725CA95A43EE}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{7D2FC3C7-9CFD-4AB3-9CF9-20B1BFF836D9}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{65B6ECC5-A075-4861-AB5F-BB15EC9A69D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{76EB517F-6F89-43F0-A16D-F5419D089A89}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26C99266-3B97-4EC1-AAF4-1A2D5F770111}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC986C74-8B3C-4F8D-B5D5-6C71A90EFFB3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E4B4C0B5-9B9E-4C30-A658-C0D3506B8F91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1BB2EC2E-259D-403C-A1B5-80C10A1530B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D75F624F-2667-4511-9430-B44A715DE195}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5A115DC2-7F46-4EEF-B9A9-4CE86DDCCAD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{82A88D42-1261-4A5A-B952-61E260EA2F00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7019E095-E661-4630-86DD-682BA01F65DD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{311D5E80-F6CC-48FC-8F1D-9B9AF25030A4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C5EBE477-9DBF-463A-A88E-0621F2D4EC57}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{8414D16B-B295-4BF8-8D81-80C2583913D3}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{462ABF95-EA5C-4DF4-AAEA-42F0320EEB0F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{B2407C47-8EBE-43B9-9CDF-3A262919F888}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{15F89FFC-D4D4-4B3E-A562-92A2D02F4AA5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{BEF8DAC0-9F91-4702-BDDD-C7A55522198A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{A11F048F-EEE5-4859-9718-7C790E9DCF04}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{BB957F24-189B-42CE-BEDC-89185624ABCC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{797150F7-A071-4AB7-978D-6DBF0275BD16}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D69F5925-0026-41EC-AF20-A8702E8C3E2C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B324CA52-EF14-44C8-B4C5-0963FEAFDD97}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C20F498-1C92-4CD5-B9B1-B97D6E13D94A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{4FB86216-2D4D-4B8C-B635-7C732778567F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe

==================== Restore Points =========================

03-06-2016 23:14:20 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2016 08:46:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (06/08/2016 08:30:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1818

Start Time: 01d1c17caf377185

Termination Time: 408

Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

Report Id: 2fae8e8e-2d7d-11e6-8745-74d02b76a879

Faulting package full name:

Faulting package-relative application ID:

Error: (06/08/2016 11:43:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000008
Fault offset: 0x00000000000925fa
Faulting process id: 0x214
Faulting application start time: 0xsvchost.exe_PcaSvc0
Faulting application path: svchost.exe_PcaSvc1
Faulting module path: svchost.exe_PcaSvc2
Report Id: svchost.exe_PcaSvc3
Faulting package full name: svchost.exe_PcaSvc4
Faulting package-relative application ID: svchost.exe_PcaSvc5

Error: (06/07/2016 02:24:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/07/2016 10:01:02 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 4800.  Message ID: [0x2509].

Error: (06/07/2016 12:23:09 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2096.  Message ID: [0x2509].

Error: (06/06/2016 11:19:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x3b4
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (06/06/2016 11:07:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/03/2016 08:47:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 20.16.5.0, time stamp: 0x5720a2ca
Faulting module name: NvBackend.exe, version: 20.16.5.0, time stamp: 0x5720a2ca
Exception code: 0xc0000005
Fault offset: 0x000a0abc
Faulting process id: 0xcb8
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3
Faulting package full name: NvBackend.exe4
Faulting package-relative application ID: NvBackend.exe5

Error: (06/02/2016 05:42:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000008
Fault offset: 0x00000000000925fa
Faulting process id: 0x12c
Faulting application start time: 0xsvchost.exe_PcaSvc0
Faulting application path: svchost.exe_PcaSvc1
Faulting module path: svchost.exe_PcaSvc2
Report Id: svchost.exe_PcaSvc3
Faulting package full name: svchost.exe_PcaSvc4
Faulting package-relative application ID: svchost.exe_PcaSvc5


System errors:
=============
Error: (06/11/2016 12:41:07 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.11192.168.137.0255.255.255.0

Error: (06/11/2016 12:41:07 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (06/11/2016 12:41:07 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (06/11/2016 12:41:07 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (06/11/2016 12:40:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Background Logic Handler service failed to start due to the following error:
%%2

Error: (06/11/2016 12:32:10 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.11192.168.137.0255.255.255.0

Error: (06/11/2016 12:32:10 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (06/11/2016 12:32:10 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (06/11/2016 12:32:10 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (06/11/2016 12:31:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Background Logic Handler service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
  Date: 2016-06-10 15:06:00.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 15:05:59.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 15:05:59.347
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 15:05:58.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 15:05:58.447
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 15:05:57.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 15:05:57.494
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 15:05:57.056
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 15:05:56.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-24 00:18:28.127
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 24%
Total physical RAM: 8077.6 MB
Available physical RAM: 6090.12 MB
Total Virtual: 9357.6 MB
Available Virtual: 6921.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.24 GB) (Free:32.31 GB) NTFS
Drive d: (DATA) (Fixed) (Total:180 GB) (Free:62.52 GB) NTFS
Drive g: (USER) (Removable) (Total:14.52 GB) (Free:14.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A8800A82)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Edited by whoisthat, 10 June 2016 - 01:06 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 10 June 2016 - 01:51 PM

Greetings,

Yes, I meant fixlog, thank you.

Are you located in Indonesia?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION => Default URLSearchHook is missing
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-233090218-3463545560-146620939-1004: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvn3997n.dev-edition-default\searchplugins\2in857ge.xml [2016-05-23]
S2 backlh; C:\ProgramData\Logic Handler\set.exe [X]
2016-05-24 08:11 - 2016-05-24 08:11 - 01163176 _____ C:\Windows\SysWOW64\vns18EB.tmp
2016-05-24 06:13 - 2016-05-24 06:14 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2014-03-01 08:28 - 2014-03-02 02:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-03-01 08:27 - 2014-03-02 02:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {17F420A9-9DB0-4E5A-A730-B43DD1235517} - \Prehuph Manager -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Folder: C:\Program Files (x86)\chichimiko
Folder: C:\Users\user\AppData\Local\tyranoscript
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Indonesia?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 whoisthat

whoisthat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 10 June 2016 - 09:47 PM

hello gary

thank you for your assistance up until now

 

indonesia? yes, correct

 

things i would like to confirm:

do i have to check word warp in notepad again?

i dont know what files to keep on adwcleaner cleaning process

 

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:10-06-2016
Ran by user (2016-06-11 09:09:07) Run:2
Running from G:\folder
Loaded Profiles: user & MSSQL$SQLEXPRESS (Available Profiles: user & Administrator & MSSQL$SQLEXPRESS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION => Default URLSearchHook is missing
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-233090218-3463545560-146620939-1004: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvn3997n.dev-edition-default\searchplugins\2in857ge.xml [2016-05-23]
S2 backlh; C:\ProgramData\Logic Handler\set.exe [X]
2016-05-24 08:11 - 2016-05-24 08:11 - 01163176 _____ C:\Windows\SysWOW64\vns18EB.tmp
2016-05-24 06:13 - 2016-05-24 06:14 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2014-03-01 08:28 - 2014-03-02 02:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-03-01 08:27 - 2014-03-02 02:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {17F420A9-9DB0-4E5A-A730-B43DD1235517} - \Prehuph Manager -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Folder: C:\Program Files (x86)\chichimiko
Folder: C:\Users\user\AppData\Local\tyranoscript
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Could not restore Default URLSearchHook.
"HKU\.DEFAULT\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf" => key removed successfully
C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll => not found.
"HKU\S-1-5-21-233090218-3463545560-146620939-1004\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf" => key removed successfully
C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll => not found.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\pvn3997n.dev-edition-default\searchplugins\2in857ge.xml => moved successfully
backlh => service removed successfully
C:\Windows\SysWOW64\vns18EB.tmp => moved successfully
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17F420A9-9DB0-4E5A-A730-B43DD1235517}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17F420A9-9DB0-4E5A-A730-B43DD1235517}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Prehuph Manager" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully

========================= Folder: C:\Program Files (x86)\chichimiko ========================

2016-05-22 10:58 - 2011-08-04 02:38 - 3463168 _____ () C:\Program Files (x86)\chichimiko\chichimiko.exe
2016-05-22 10:58 - 2016-05-22 10:59 - 0000000 ____D () C:\Program Files (x86)\chichimiko\plugin
2016-05-22 10:58 - 2009-05-15 08:47 - 0073728 _____ () C:\Program Files (x86)\chichimiko\plugin\layerExBTOA.dll
2016-05-22 10:58 - 2009-05-15 08:47 - 0319488 _____ () C:\Program Files (x86)\chichimiko\plugin\layerExDraw.dll
2016-05-22 10:58 - 2009-05-15 08:47 - 0098418 _____ () C:\Program Files (x86)\chichimiko\plugin\layerExImage.dll
2016-05-22 10:58 - 2009-05-15 08:47 - 0102400 _____ () C:\Program Files (x86)\chichimiko\plugin\layerExRaster.dll

====== End of Folder: ======


========================= Folder: C:\Users\user\AppData\Local\tyranoscript ========================

2016-05-21 21:01 - 2016-05-21 21:01 - 0000000 ____D () C:\Users\user\AppData\Local\tyranoscript\GPUCache
2016-05-21 21:01 - 2016-05-21 21:01 - 0008192 _____ () C:\Users\user\AppData\Local\tyranoscript\GPUCache\data_0
2016-05-21 21:01 - 2016-05-21 21:12 - 0270336 _____ () C:\Users\user\AppData\Local\tyranoscript\GPUCache\data_1
2016-05-21 21:01 - 2016-05-21 21:01 - 0008192 _____ () C:\Users\user\AppData\Local\tyranoscript\GPUCache\data_2
2016-05-21 21:01 - 2016-05-21 21:01 - 0008192 _____ () C:\Users\user\AppData\Local\tyranoscript\GPUCache\data_3
2016-05-21 21:01 - 2016-05-21 21:01 - 0262512 _____ () C:\Users\user\AppData\Local\tyranoscript\GPUCache\index
2016-05-21 21:01 - 2016-05-21 21:01 - 0000000 ____D () C:\Users\user\AppData\Local\tyranoscript\Local Storage
2016-05-21 21:01 - 2016-05-21 21:11 - 0004096 _____ () C:\Users\user\AppData\Local\tyranoscript\Local Storage\app_._0.localstorage
2016-05-21 21:01 - 2016-05-21 21:11 - 0004640 _____ () C:\Users\user\AppData\Local\tyranoscript\Local Storage\app_._0.localstorage-journal

====== End of Folder: ======


==== End of Fixlog 09:09:11 ====

 

 

 

Adwcleaner log

# AdwCleaner v5.119 - Logfile created 11/06/2016 at 09:21:49
# Updated 30/05/2016 by Xplode
# Database : 2016-06-10.1 [Server]
# Operating system : Windows 8.1 Pro  (X64)
# Username : user - ASUS
# Running from : C:\Users\user\Downloads\Programs\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : backlh

***** [ Folders ] *****

[-] Folder Deleted : C:\ppsfile
[-] Folder Deleted : C:\ProgramData\Systweak
[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\ProgramData\{4746ad66-834c-0c64-4746-6ad66834b59a}
[-] Folder Deleted : C:\ProgramData\{78a937fb-37bb-527f-78a9-937fb37bdfec}
[#] Folder Deleted : C:\ProgramData\Application Data\Systweak
[#] Folder Deleted : C:\ProgramData\Application Data\tencent
[#] Folder Deleted : C:\ProgramData\Application Data\TXQMPC
[#] Folder Deleted : C:\ProgramData\Application Data\{4746ad66-834c-0c64-4746-6ad66834b59a}
[#] Folder Deleted : C:\ProgramData\Application Data\{78a937fb-37bb-527f-78a9-937fb37bdfec}
[-] Folder Deleted : C:\Program Files (x86)\ASP
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\GoHD
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Program Files (x86)\RCP
[-] Folder Deleted : C:\Program Files (x86)\PriicEMInuss
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[-] Folder Deleted : C:\Users\user\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
[-] Folder Deleted : C:\users\user\AppData\Local\globalUpdate
[-] Folder Deleted : C:\users\user\AppData\Roaming\Easeware
[-] Folder Deleted : C:\users\user\AppData\Roaming\ppslog
[-] Folder Deleted : C:\users\user\AppData\Roaming\Systweak
[-] Folder Deleted : C:\users\user\AppData\Roaming\tencent
[-] Folder Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\users\user\AppData\Local\VirtualStore\Program Files (x86)\tencent

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysWOW64\drivers\TS888x64.sys
[-] File Deleted : C:\Users\user\AppData\Local\Temp\task.vbs
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
[-] File Deleted : C:\Windows\SysNative\drivers\TFsFltX64.sys
[-] File Deleted : C:\Windows\SysNative\drivers\TAOKernelEx64.sys

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : DriverEasy Scheduled Scan

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe]
[-] Key Deleted : HKEY_CLASSES_ROOT\.qmgc
[-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\MICROSOFT\OTUT
[-] Key Deleted : HKCU\Software\UCBrowserPID
[-] Key Deleted : HKCU\Software\Rtp
[-] Key Deleted : HKLM\SOFTWARE\SoftwareUpdater
[-] Key Deleted : HKLM\SOFTWARE\UCBrowserPID
[-] Key Deleted : HKLM\SOFTWARE\SkypeUpdateEx
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{5C20F498-1C92-4CD5-B9B1-B97D6E13D94A}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4FB86216-2D4D-4B8C-B635-7C732778567F}]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [apphide]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SrvUpdater

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4658 bytes] - [11/06/2016 09:21:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [4704 bytes] - [11/06/2016 09:14:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4804 bytes] ##########
 

 

i dunno what to say about the update on computer performance, but it seems a lot faster when booting. i couldnt see what files have been changed through this method

 

but if it necessary, i've attached a link with a screenshot from my task manager performance tab

link:http://imgur.com/BvPqbnP


Edited by whoisthat, 10 June 2016 - 09:47 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 11 June 2016 - 07:25 AM

Greetings. Glad your computer is running better.

It is usually best to delete all the items found by AdwCleaner.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
C:\Program Files (x86)\chichimiko
C:\Users\user\AppData\Local\tyranoscript
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 whoisthat

whoisthat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 11 June 2016 - 05:41 PM

hello, well eset scanner took some time

 

Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:10-06-2016
Ran by user (2016-06-11 19:44:42) Run:3
Running from G:\foldernew
Loaded Profiles: user & MSSQL$SQLEXPRESS (Available Profiles: user & Administrator & MSSQL$SQLEXPRESS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\chichimiko
C:\Users\user\AppData\Local\tyranoscript
emptytemp:
*****************

C:\Program Files (x86)\chichimiko => moved successfully
C:\Users\user\AppData\Local\tyranoscript => moved successfully
EmptyTemp: => 44.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:54:06 ====

 

 

ESET log

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\GoHD\1d7b7216-b00e-477f-bd90-8db4baac11a2.xpi.vir    JS/Toolbar.Crossrider.J potentially unwanted application    deleted
C:\FRST\Quarantine\C\Program Files (x86)\00000011-1464016640-0000-0000-74D02B76A879\Uninstall.exe    Win32/Adware.ConvertAd.AEY application    cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\badu\Bind.exe    a variant of Win32/HideBaid.L potentially unwanted application    cleaned by deleting
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\23333.exe.xBAD    a variant of Win32/HideBaid.L potentially unwanted application    deleted
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\Browser_V5.6.12150.8_f_4730_(Build1604251144).exe.xBAD    a variant of Win32/Taobao.B potentially unwanted application    cleaned by deleting
C:\FRST\Quarantine\C\Users\user\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_72623_Silence.exe.xBAD    a variant of Win32/Tencent.A potentially unwanted application    cleaned by deleting
C:\FRST\Quarantine\C\Windows\SysWOW64\vns18EB.tmp.xBAD    multiple threats    cleaned by deleting
C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll    a variant of Win32/HackTool.Crack.EC potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\DAEMON Tools Pro\DTCommonRes.dll    a variant of Win32/HackTool.Crack.DM trojan    deleted
C:\Program Files (x86)\DAEMON Tools Pro\ArchiveS\BRD.dll    a variant of Win32/HackTool.Crack.EC potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\DAEMON Tools Pro\ArchiveS\DTCommonRes.dll    a variant of Win32/HackTool.Crack.DM trojan    deleted
C:\Program Files (x86)\UCBrowser\UninstallTemp\Uninstall.exe    a variant of Win32/Taobao.B potentially unwanted application    cleaned by deleting
C:\Users\A46C\Downloads\Internet Download Manager v6.19\PATCH\Internet.Download.Manager.v6.x.x.Patch.MERRY.CHRISTMAS-REiS.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted
C:\Users\A46C\Downloads\Internet Download Manager v6.19\PATCH\internet.download.manager.v6.xx. -patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    cleaned by deleting
C:\Users\user\Downloads\Compressed\Microsoft Toolkit 2.5.2_2.rar    a variant of MSIL/HackKMS.G potentially unsafe application    deleted
D:\Misc\Ad0Premio2015.rar    a variant of Win32/HackTool.Patcher.CH potentially unsafe application    deleted

 

============================================

 

Security Check log

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 73  
 Visual Studio Extensions for Windows Library for JavaScript
 Java version 32-bit out of Date!
 Adobe Flash Player     21.0.0.242  
 Mozilla Firefox 38.0.1 Firefox out of Date!  
 Google Chrome 35.0.1916.153 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 ESET ESET Online Scanner OnlineScannerApp.exe  
 ESET ESET Online Scanner OnlineCmdLineScanner.exe  
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

my pc been running pretty well and  a lot faster too, thank you

but recently i founf that DTCommonRes.dll is missing


Edited by whoisthat, 11 June 2016 - 06:14 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 11 June 2016 - 07:57 PM

Greetings,

ESET is thorough, in fact it indicates your copy of Daemon Tools is a cracked version. ESET removed some entries related to that programs so that is why you are getting the error message. If you have a valid Product Key let me know.

C:\Program Files (x86)\DAEMON Tools Pro\DTCommonRes.dll a variant of Win32/HackTool.Crack.DM trojan deleted


Please do this.

===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Please update Google Chrome by following these instructions.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did both browsers update properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 whoisthat

whoisthat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 11 June 2016 - 08:18 PM

well it is a shame then

 

firefox has been updated succesfully, but i dont remember having google chrome


Edited by whoisthat, 11 June 2016 - 09:19 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:56 PM

Posted 11 June 2016 - 09:42 PM

Chrome may have been installed during the download of another program.

Are there any other issues or concerns?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users