Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adwcleaner cannot delete a certain infection; other programs cannot even find it


  • This topic is locked This topic is locked
12 replies to this topic

#1 jh4nn4m

jh4nn4m

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 11 October 2016 - 11:23 AM

Hello

 

I ran Adwcleaner and it displayed these results (this is the log after I clicked clean).
    [-] [C:\Users\private\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\private\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\private\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] [Search Provider] Deleted: search.ask.com
    [-] [C:\Users\private\AppData\Local\Google\Chrome\User Data\Profile 3] [extension] Deleted: cccpiddacjljmfbbgeimpelpndgpoknn
A quick google search informed me that "cccpiddacjljmfbbgeimpelpndgpoknn" is an old extension, for smooth scrolling. I have never installed this extension, nor do I have it visible on my browser. 
 
After restarting my computer, Chrome suggests that I reset the browser: Imgur.com link http://imgur.com/a/e8cAP
 
After I did, I ran Adwcleaner again and it still displays the same results in the code box above.
 
Other things I have tried: 
 
- Full Windows Defender scan; clean system.
- Full Malwarebytes scan; clean system.
- Cleaned cache with CCleaner.
- JRT; clean system.
- TDSSKiller; clean system.
EmsiSoft AV scanner; clean system.
 
Also, I'm a total noob when it comes to Autorun that I downloaded from Microsoft. Thing is, though, searching for "cccpiddacjljmfbbgeimpelpndgpoknn" displays lots and lots of paths, highlighted in purple.
 
My average mind informed me that I am infected by something related to "cccpiddacjljmfbbgeimpelpndgpoknn", but the only program that's finding it Adwcleaner.
 
What is going on? Would appreciate the help a lot. Thanks in advance! 

Edited by jh4nn4m, 11 October 2016 - 11:25 AM.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:11 AM

Posted 13 October 2016 - 09:37 AM

Hello ​jh4nn4m and welcome to BleepingComputer!        :)

 

My name is Sirawit and I'm here to help you.

 

If I don't reply after 2 days, feel free to PM me.       :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right-hand corner of the topic, you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Is this issue happening on this device only or other ones as well?

 

-------------------

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to a disclaimer.
  • Press the Scan button.
  • When finished, it will produce 2 logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 jh4nn4m

jh4nn4m
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 15 October 2016 - 01:16 PM

This issue is happening on this computer, only one I have.

 

I have to add that I do not see any issue regarding my computer. It's working perfectly fine, except for overheating when in a video game, or when I'm doing demanding tasks. I do not think this has anything to do with the issue, though, because I need to clean the fans ASAP. 

 

Do you mind if I PM you the results? 

 

Thanks for your time. 



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:11 AM

Posted 16 October 2016 - 01:00 PM

Hi jh4nn4m.

 

It's ok if you send your log file through PM, but your fixes will be posted in the public forum.

If you want to redact your username for example, you can do it, but you have to tell me first.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 jh4nn4m

jh4nn4m
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 17 October 2016 - 02:46 AM

Thanks man, PM sent! 



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:11 AM

Posted 17 October 2016 - 12:39 PM

Hi jh4nn4m.

 

Your log file is incomplete. The FRST log files will always end with EOF (End of File) mark that said End of <name>.txt. I suggest you divide FRST.txt and Addition.txt into 2 replies, or just use attaching so the log will not be missing.

 

Now, please do this for me.

 

We need to reinstall your Google Chrome.

 

  1. Please download Google Chrome installer from here and save it to your desktop.
  2. Press Windows key (on your keyboard) + R to open Run dialog. Once Run was opened, type in appwiz.cpl  and press OK
  3. Select Google Chrome from the list and click Uninstall. On the uninstall dialog, also select Also remove your browsing data? (or something similar) and click Uninstall.
  4. After the Google Chrome was uninstalled, run the installer you downloaded in step 1 to install your Google Chrome again.

 

-------------

 

After the above step has been completed, please create a new set of FRST log files (FRST.txt and Addition.txt) for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 jh4nn4m

jh4nn4m
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 21 October 2016 - 04:12 AM

Hey, sorry for the late replies. Please do not close this thread as I will be following your steps ASAP. Work is overwhelming. 



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:11 AM

Posted 21 October 2016 - 12:42 PM

Hi jh4nn4m.

 

It's OK. Just keep me updated.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 jh4nn4m

jh4nn4m
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 22 October 2016 - 03:23 AM

Hello again.

 

If you need the first logs, I will send them via PM in two separate messages. I remembered that you needed them AFTER I posted this reply.

 

I followed all your steps up until re-installing Chrome, because I decided against it. 

 

I took my own step and decided to remove it permanently, since I ran Adwcleaner after it and it didn't find anything.

 

I used CCleaner to clean basic stuff (which is checked by default). 

Then I removed the files that had what's left of it using a guide from this video: 

 

I then used registry cleaner on CCleaner and 'fixed all issues' that it did display. 

 

I started using Opera, and boom, I got something called Chrome Opinion Survey. This article describes what I got popped up on my Opera fully: https://malwaretips.com/blogs/remove-chrome-opinion-survey-popup/

 

Went to Yahoo, a squared pop up in the center said: Improve your Yahoo experience on Chrome or something. 

 

I got extremely paranoid, ran Malwarebytes (didn't find anything) ran Adwcleaner (didn't find anything.

 

It wasn't like this before I uninstalled Chrome. 

 

I also remember installing "LMMS" earlier from https://lmms.io which I read is safe and comes from a trusted source. It's a music creating program.

 

Decided to drop everything related to browsing on the Internet till this issue is hopefully resolved.

-----

 

FRST results: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by private (administrator) on MSI (22-10-2016 11:08:05)
Running from C:\Users\private\Desktop
Loaded Profiles: private (Available Profiles: private)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
() C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cedarcom Broadband) C:\Program Files (x86)\Mobi Connection Manager\Mobi Connection Manager.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.90\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.90\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.90\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.90\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.90\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.90\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.90\opera.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1201.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.4020.0_x64__8wekyb3d8bbwe\Calculator.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [3724528 2015-06-25] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [299008 2015-04-21] (MSI)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-05-13] (Realtek Semiconductor)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [695480 2016-05-10] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\RunOnce: [Uninstall C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\RunOnce: [Uninstall C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\RunOnce: [Uninstall C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\RunOnce: [Uninstall C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\RunOnce: [Uninstall C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\RunOnce: [Uninstall C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\RunOnce: [Uninstall C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iBurst_Terminal UTL.lnk [2015-11-27]
ShortcutTarget: iBurst_Terminal UTL.lnk -> C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-07-21]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mobi Connection Manager.lnk [2015-11-27]
ShortcutTarget: Mobi Connection Manager.lnk -> C:\Program Files (x86)\Mobi Connection Manager\Mobi Connection Manager.exe (Cedarcom Broadband)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-12-24]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{330022b1-2e17-4bdd-8a76-298fe50f8b8b}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{723FCF63-9043-4A0C-A1D9-64881E9A7990}: [NameServer] 62.84.71.3 62.84.64.3
 
Internet Explorer:
==================
HKU\S-1-5-21-449200968-371616005-3000561685-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oem15.msn.com/?pc=NMTE
HKU\S-1-5-21-449200968-371616005-3000561685-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oem15.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-449200968-371616005-3000561685-1001 -> DefaultScope {6A34ABE9-0BE9-4E94-9065-851890C47C18} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-03] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-03] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: n8cyz944.default
FF ProfilePath: C:\Users\private\AppData\Roaming\Mozilla\Firefox\Profiles\n8cyz944.default [2016-10-22]
FF Extension: (uBlock Origin) - C:\Users\private\AppData\Roaming\Mozilla\Firefox\Profiles\n8cyz944.default\Extensions\uBlock0@raymondhill.net.xpi [2016-10-03]
FF Extension: (WOT) - C:\Users\private\AppData\Roaming\Mozilla\Firefox\Profiles\n8cyz944.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-22]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-10-11] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-03] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-449200968-371616005-3000561685-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\private\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
Opera: 
=======
OPR Extension: (WOT) - C:\Users\private\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2016-10-22]
OPR Extension: (uBlock Origin) - C:\Users\private\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-10-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-06-10] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-11-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-08] (Rivet Networks) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-04-21] (Micro-Star International Co., Ltd.) [File not signed]
R2 MsiTrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [175344 2015-06-25] (Portrait Displays, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29696 2016-03-02] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-03-02] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-03-02] (LG Electronics Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268040 2015-11-21] (Intel Corporation)
R3 iBurstU; C:\Windows\System32\drivers\iBux64.sys [37888 2012-08-29] (KYOCERA CORPORATION)
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [124464 2015-04-28] (Qualcomm Atheros, Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2015-07-17] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [411712 2015-07-17] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-17] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [25088 2015-04-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51392 2015-12-04] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [24040 2015-04-14] (SteelSeries ApS)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
S3 GPU-Z; \??\C:\Users\MARIAS~1\AppData\Local\Temp\GPU-Z.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-22 11:08 - 2016-10-22 11:08 - 00021597 _____ C:\Users\private\Desktop\FRST.txt
2016-10-22 11:03 - 2016-10-22 11:03 - 00016148 _____ C:\Windows\system32\MSI_private_HistoryPrediction.bin
2016-10-22 10:45 - 2016-10-22 10:49 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-22 10:45 - 2016-10-22 10:45 - 00001972 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-10-22 10:45 - 2016-10-22 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-10-22 10:45 - 2016-10-22 10:45 - 00000000 ____D C:\Program Files\HitmanPro
2016-10-22 10:43 - 2016-10-22 10:45 - 11579432 _____ (SurfRight B.V.) C:\Users\private\Desktop\hitmanpro_x64.exe
2016-10-22 10:40 - 2016-10-22 10:40 - 00000065 _____ C:\Users\private\Desktop\wtf.txt
2016-10-22 10:05 - 2016-10-22 11:06 - 00000000 ____D C:\Users\private\Documents\1
2016-10-22 09:46 - 2016-10-22 09:46 - 00000000 ____D C:\Users\private\Desktop\Futuristic
2016-10-22 09:27 - 2016-10-22 09:27 - 00002858 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-22 09:26 - 2016-10-22 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-22 09:26 - 2016-10-22 09:26 - 00000000 ____D C:\Program Files\CCleaner
2016-10-22 08:15 - 2016-10-22 10:05 - 00000000 ____D C:\Users\private\Desktop\Clean Chrome hopefully
2016-10-22 06:38 - 2016-10-22 06:38 - 00000017 _____ C:\Users\private\AppData\Local\resmon.resmoncfg
2016-10-22 05:14 - 2016-10-22 05:19 - 00000883 _____ C:\Users\private\.lmmsrc.xml
2016-10-22 05:13 - 2016-10-22 05:13 - 00000000 ____D C:\Users\private\lmms
2016-10-16 03:57 - 2016-10-16 03:57 - 00000000 ____D C:\Users\private\AppData\Local\Macromedia
2016-10-15 23:24 - 2016-10-15 23:24 - 00000000 ____D C:\Users\private\AppData\Local\AvgSetupLog
2016-10-15 23:24 - 2016-10-15 23:24 - 00000000 ____D C:\Users\private\AppData\Local\Avg
2016-10-15 23:24 - 2016-10-15 23:24 - 00000000 ____D C:\ProgramData\Avg
2016-10-15 20:59 - 2016-10-22 11:08 - 00000000 ____D C:\FRST
2016-10-15 20:57 - 2016-10-22 11:06 - 02407424 _____ (Farbar) C:\Users\private\Desktop\FRST64.exe
2016-10-14 05:07 - 2016-10-17 00:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-11 17:14 - 2016-10-11 18:39 - 00000000 ____D C:\EEK
2016-10-11 16:18 - 2016-10-11 16:24 - 00954084 _____ C:\TDSSKiller.3.1.0.11_11.10.2016_16.18.19_log.txt
2016-10-11 16:16 - 2016-10-11 16:17 - 00007268 _____ C:\TDSSKiller.3.1.0.11_11.10.2016_16.16.52_log.txt
2016-10-11 16:15 - 2016-10-11 16:16 - 00265856 _____ C:\TDSSKiller.3.1.0.11_11.10.2016_16.15.01_log.txt
2016-10-11 06:50 - 2016-10-11 06:50 - 00000032 _____ C:\Users\private\Desktop\wat.txt
2016-10-11 05:57 - 2016-10-22 10:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-11 05:57 - 2016-10-11 05:57 - 00003806 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-11 05:34 - 2016-10-11 05:34 - 00000045 _____ C:\Users\private\activity.txt
2016-10-11 05:23 - 2016-10-11 05:23 - 00002223 _____ C:\Windows\system32\activity.txt
2016-10-10 22:07 - 2016-10-10 22:07 - 00004147 _____ C:\Users\private\Documents\History of Computers.txt
2016-10-10 15:29 - 2016-10-22 08:18 - 00000000 ____D C:\Users\private\Desktop\Progress
2016-10-10 04:38 - 2016-10-10 04:38 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-10-10 04:38 - 2016-03-02 17:10 - 00037376 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys
2016-10-10 04:38 - 2016-03-02 17:10 - 00030720 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys
2016-10-10 04:38 - 2016-03-02 17:10 - 00029696 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetbus64.sys
2016-10-10 04:35 - 2016-10-10 04:38 - 16615624 _____ (LG Electronics) C:\Users\private\Downloads\LGMobileDriver_WHQL_Ver_4.1.1.exe
2016-10-09 20:32 - 2016-10-22 11:06 - 00000000 ____D C:\Users\private\Desktop\Cleaning
2016-10-09 01:26 - 2016-10-09 01:27 - 24625562 _____ C:\Users\private\Desktop\My screens.rar
2016-10-06 16:21 - 2016-10-07 01:29 - 00000000 ____D C:\Users\private\Desktop\Notes
2016-09-24 01:13 - 2016-09-24 01:13 - 00120147 _____ C:\Users\private\Downloads\The 100 days challenge - 100 ways in 100 days.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-22 10:59 - 2015-11-21 00:10 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-22 10:41 - 2016-03-31 11:50 - 00000000 ____D C:\AdwCleaner
2016-10-22 10:19 - 2015-12-03 19:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-22 09:47 - 2015-11-21 00:39 - 00000001 _____ C:\Users\Public\Documents\dgc.txt
2016-10-22 09:42 - 2015-12-21 00:53 - 00000000 ____D C:\Users\private\AppData\Local\CrashDumps
2016-10-22 09:42 - 2015-11-21 22:31 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-22 09:42 - 2015-07-10 14:02 - 00000000 ____D C:\Windows\INF
2016-10-22 09:39 - 2015-11-21 00:10 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-22 09:39 - 2015-11-21 00:03 - 00000000 __SHD C:\Users\private\IntelGraphicsProfiles
2016-10-22 09:39 - 2015-11-21 00:02 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-22 09:09 - 2015-07-10 15:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-22 09:08 - 2015-07-10 12:05 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-10-22 08:44 - 2015-11-21 01:12 - 00004152 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C69D41F-E987-429F-92D9-3B5F60E9699B}
2016-10-22 08:16 - 2015-12-03 19:24 - 00000000 ____D C:\Users\private\AppData\Roaming\foobar2000
2016-10-22 08:07 - 2015-11-21 01:40 - 00000000 ____D C:\Users\private\AppData\Roaming\Skype
2016-10-22 07:40 - 2016-09-16 13:55 - 00000000 ____D C:\Users\private\Desktop\Motivation
2016-10-22 05:14 - 2015-11-21 00:03 - 00000000 ____D C:\Users\private
2016-10-22 02:16 - 2015-12-08 03:32 - 00000000 ____D C:\Users\private\AppData\Local\Adobe
2016-10-21 10:56 - 2015-12-18 02:30 - 00000000 ____D C:\Users\private\AppData\Roaming\vlc
2016-10-19 22:39 - 2015-12-04 17:54 - 00003946 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449240857
2016-10-19 22:39 - 2015-12-04 17:54 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-10-19 22:39 - 2015-12-04 17:47 - 00000000 ____D C:\Program Files (x86)\Opera
2016-10-18 23:34 - 2015-12-04 02:24 - 00000000 ____D C:\Users\private\AppData\Local\SteelSeries Engine 3 Client
2016-10-17 00:57 - 2015-07-17 19:32 - 00472892 _____ C:\Windows\system32\prfh0404.dat
2016-10-17 00:57 - 2015-07-17 19:32 - 00138770 _____ C:\Windows\system32\prfc0404.dat
2016-10-17 00:57 - 2015-07-17 19:30 - 00459846 _____ C:\Windows\system32\prfh0804.dat
2016-10-17 00:57 - 2015-07-17 19:30 - 00138770 _____ C:\Windows\system32\prfc0804.dat
2016-10-17 00:57 - 2015-07-17 19:25 - 00792234 _____ C:\Windows\system32\prfh0416.dat
2016-10-17 00:57 - 2015-07-17 19:25 - 00153680 _____ C:\Windows\system32\prfc0416.dat
2016-10-17 00:57 - 2015-07-17 19:23 - 00815348 _____ C:\Windows\system32\perfh013.dat
2016-10-17 00:57 - 2015-07-17 19:23 - 00158682 _____ C:\Windows\system32\perfc013.dat
2016-10-17 00:57 - 2015-07-17 19:21 - 00530546 _____ C:\Windows\system32\perfh012.dat
2016-10-17 00:57 - 2015-07-17 19:21 - 00138770 _____ C:\Windows\system32\perfc012.dat
2016-10-17 00:57 - 2015-07-17 19:18 - 00520930 _____ C:\Windows\system32\perfh011.dat
2016-10-17 00:57 - 2015-07-17 19:18 - 00138770 _____ C:\Windows\system32\perfc011.dat
2016-10-17 00:57 - 2015-07-17 19:16 - 00820276 _____ C:\Windows\system32\perfh00C.dat
2016-10-17 00:57 - 2015-07-17 19:16 - 00154454 _____ C:\Windows\system32\perfc00C.dat
2016-10-17 00:57 - 2015-07-17 19:13 - 00816420 _____ C:\Windows\system32\perfh00A.dat
2016-10-17 00:57 - 2015-07-17 19:13 - 00159922 _____ C:\Windows\system32\perfc00A.dat
2016-10-17 00:57 - 2015-07-17 19:12 - 08631612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-17 00:57 - 2015-07-17 19:11 - 00771220 _____ C:\Windows\system32\perfh007.dat
2016-10-17 00:57 - 2015-07-17 19:11 - 00154374 _____ C:\Windows\system32\perfc007.dat
2016-10-17 00:57 - 2015-07-17 19:09 - 00443312 _____ C:\Windows\system32\perfh001.dat
2016-10-17 00:57 - 2015-07-17 19:09 - 00069004 _____ C:\Windows\system32\perfc001.dat
2016-10-17 00:53 - 2015-11-21 00:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-14 20:56 - 2015-12-18 04:22 - 00000000 ____D C:\Users\private\AppData\Roaming\Audacity
2016-10-11 17:43 - 2016-02-02 03:26 - 00000000 ____D C:\Users\private\Documents\Bandicam
2016-10-11 05:57 - 2015-07-10 14:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-11 05:57 - 2015-07-10 14:04 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-10 04:38 - 2015-07-21 00:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-09 20:19 - 2015-12-03 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-09 01:25 - 2016-08-09 19:07 - 00000000 ____D C:\Users\private\Desktop\My screens
2016-10-06 16:19 - 2016-08-09 15:55 - 00000000 ____D C:\Users\private\Desktop\Revision
2016-10-04 22:50 - 2015-12-01 21:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-04 22:50 - 2015-11-21 01:40 - 00000000 ____D C:\ProgramData\Skype
2016-09-22 21:17 - 2015-07-10 15:20 - 04867120 _____ C:\Windows\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2015-12-12 22:30 - 2015-12-16 04:50 - 0000132 _____ () C:\Users\private\AppData\Roaming\Adobe PNG Format CC Prefs
2016-10-22 06:38 - 2016-10-22 06:38 - 0000017 _____ () C:\Users\private\AppData\Local\resmon.resmoncfg
2015-07-21 00:39 - 2015-07-21 00:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-18 21:09
 
==================== End of FRST.txt ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by private (22-10-2016 11:08:40)
Running from C:\Users\private\Desktop
Windows 10 Home (X64) (2015-11-20 21:02:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-449200968-371616005-3000561685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-449200968-371616005-3000561685-503 - Limited - Disabled)
Guest (S-1-5-21-449200968-371616005-3000561685-501 - Limited - Disabled)
private (S-1-5-21-449200968-371616005-3000561685-1001 - Administrator - Enabled) => C:\Users\private
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
ApoDispatchConfigurator (Version: 2.2.701 - Nahimic) Hidden
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudioLaunchpadConfigurator (Version: 2.2.701 - Nahimic) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.2.1014 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.)
Battery Calibration (x32 Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.) Hidden
Boot Configure (HKLM-x32\...\{E9C22B7A-5D6A-4CC7-A493-38B27519C4D6}) (Version: 20.015.06089 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1507.1301 - Application)
BurnRecovery (x32 Version: 5.0.1507.1301 - Application) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CheckDevicesConfigurator (Version: 2.2.701 - Nahimic) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.) Hidden
EaseUS MobiSaver for Android version 5.0 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 5.0 - CHENGDU YIWO Tech Development Co., Ltd.)
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
iBurst Terminal (HKLM-x32\...\{90133000-1F11-4819-B708-9DF0870A9C54}) (Version: 5.00 - )
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4240 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c92e37dd-de51-4a9e-abfc-54c4b71d1b72}) (Version: 18.11.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Rivet Networks)
LauncherSetup (Version: 2.2.701 - Nahimic) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.1.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mobi Connection Manager (HKLM-x32\...\{1E2545D5-1C35-4686-9F55-B52E59B88512}) (Version: 2.0 - Cedarcom Broadband)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1506.0801 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1506.0801 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.3.519 - Portrait Displays, Inc.)
Nahimic 2 (HKLM-x32\...\{cd1a71dd-899d-4d40-82bc-0b7ec1a4c72f}) (Version: 2.2.7 - Nahimic)
Nahimic2UISetup (Version: 2.2.701 - Nahimic) Hidden
NahimicSettingsConfigurator (Version: 2.2.701 - Nahimic) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Opera Stable 40.0.2308.90 (HKLM-x32\...\Opera 40.0.2308.90) (Version: 40.0.2308.90 - Opera Software)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ProductDaemonSetup (Version: 2.2.701 - Nahimic) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7818 - Realtek Semiconductor Corp.)
SCM (HKLM\...\{EC3EEFE5-DFBE-4535-8A2A-CAEC82A9BB83}) (Version: 13.015.04213 - Application)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SonicMapperConfigurator (Version: 2.2.701 - Nahimic) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.3.6.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.6.1 - SteelSeries ApS)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.6.1 - Synaptics Incorporated)
UIInstallUpgrade (Version: 2.2.701 - Nahimic) Hidden
Unity Web Player (HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{D7BEC6E9-5E86-44FF-AA21-23DA71ED676B}) (Version: 2.4.1506.1243 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-449200968-371616005-3000561685-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {032B4CEE-2876-495E-96A7-02A1B2BC6963} - System32\Tasks\{1A050059-C886-4971-BE1A-6D4BBCC95CE6} => pcalua.exe -a "C:\Users\private\Desktop\GTAIII\gta3.exe" -d "C:\Users\private\Desktop\GTAIII"
Task: {1DB54D5E-8911-4F0C-948C-8B19A6B83A2D} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2016-05-10] ()
Task: {2045300E-C217-4CEE-A674-83BE3F51B62E} - System32\Tasks\Opera scheduled Autoupdate 1449240857 => C:\Program Files (x86)\Opera\launcher.exe [2016-10-17] (Opera Software)
Task: {2ACC038E-3584-44B9-B267-4D6E55FD2CE2} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
Task: {316FD051-1C7F-490B-8530-15106EDEEC52} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
Task: {36C7A48B-7389-478F-8178-4E995AA69687} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {44BD8D8B-B82D-4961-8E7E-5248B268E312} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2016-05-10] ()
Task: {58520E47-840C-4270-95AF-A27731908D2A} - System32\Tasks\AdobeAAMUpdater-1.0-MSI-private => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {67D073A8-CA97-4D5A-AFB1-C1DCDD4E4CC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated)
Task: {9312B001-91B3-4AAC-ADC5-7EC56CAAB3AD} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
Task: {992B50C6-94D3-4251-9E64-15C8E93ED6A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A834ACCC-9EE8-4E92-80F5-A219CC7F0F24} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2016-05-10] ()
Task: {B03D695F-53F1-42A2-B5AF-AFEC88DB36BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {BED47E71-9698-4AEC-9F3D-F400C985D28E} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {C74DE5DE-76E8-4B50-B58D-5B5D60EFC60B} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-01] (Microsoft Corporation)
Task: {DBFA99AA-3D3A-4A86-B93F-71F9699AD86A} - System32\Tasks\{9DDF198F-BB1C-4040-BE05-2803547F6A0F} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {E657AD2F-452E-46FD-B6F5-5753DEEBA90C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-21 00:24 - 2015-07-15 05:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-11-21 00:24 - 2015-08-11 12:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2016-03-15 11:48 - 2016-06-14 23:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-15 11:48 - 2016-06-14 23:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-09 11:59 - 2016-06-14 23:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-15 11:48 - 2016-06-14 23:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-09 11:59 - 2016-06-14 23:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-09 11:59 - 2016-06-14 23:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-09 11:59 - 2016-06-14 23:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-15 11:48 - 2016-06-14 23:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-07-21 00:38 - 2016-05-20 05:08 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-09 11:58 - 2016-06-14 23:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-09 11:58 - 2016-06-14 23:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-11-21 00:24 - 2015-09-17 09:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-05-10 15:01 - 2016-05-10 15:01 - 00215736 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-05-10 15:01 - 2016-05-10 15:01 - 00288952 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2015-07-17 21:45 - 2015-11-21 00:20 - 00396688 _____ () C:\Windows\system32\igfxTray.exe
2015-11-21 00:24 - 2015-09-17 09:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-09-01 17:31 - 2016-09-01 17:31 - 01864384 _____ () C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2015-04-15 23:13 - 2015-04-15 23:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-11-21 00:24 - 2015-09-17 08:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 13:59 - 2015-07-10 13:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2016-05-10 14:58 - 2016-05-10 14:58 - 00695480 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2016-05-10 14:58 - 2016-05-10 14:58 - 01962496 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-05-10 15:01 - 2016-05-10 15:01 - 00500224 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2015-11-27 04:25 - 2012-08-29 22:56 - 00311296 _____ () C:\Program Files (x86)\iBurst Terminal\iBurst_Terminal_UTL.EXE
2014-01-22 20:44 - 2014-01-22 20:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2015-03-05 19:44 - 2015-03-05 19:44 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\x2api.dll
2015-11-21 00:24 - 2015-09-17 08:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-11-21 00:24 - 2015-09-17 08:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-11-21 00:24 - 2015-09-17 08:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-11-21 00:24 - 2015-09-17 08:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 14:00 - 2015-07-10 16:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-12-04 17:50 - 2015-12-04 17:53 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1201.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-04 17:50 - 2015-12-04 17:53 - 11526656 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1201.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-21 01:01 - 2015-11-21 01:01 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1201.10020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-08 20:34 - 2015-12-08 20:34 - 03492352 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.4020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-06-24 11:07 - 2015-06-24 11:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-21 00:38 - 2016-06-14 23:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-10 14:57 - 2016-05-10 14:57 - 00184504 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
2016-05-10 14:55 - 2016-05-10 14:55 - 00256696 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll
2016-09-01 17:31 - 2016-09-01 17:31 - 01383616 _____ () C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-09-01 17:31 - 2016-09-01 17:31 - 00118976 _____ () C:\Users\private\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2015-07-10 14:00 - 2015-07-10 14:00 - 01021792 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2015-07-10 14:00 - 2015-07-10 14:00 - 00528384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
2016-10-19 22:39 - 2016-10-19 22:39 - 62461720 _____ () C:\Program Files (x86)\Opera\40.0.2308.90\opera.dll
2016-10-19 22:39 - 2016-10-19 22:39 - 01812760 _____ () C:\Program Files (x86)\Opera\40.0.2308.90\libglesv2.dll
2016-10-19 22:39 - 2016-10-19 22:39 - 00095000 _____ () C:\Program Files (x86)\Opera\40.0.2308.90\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78672861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78672861.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 14:04 - 2015-07-10 14:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-449200968-371616005-3000561685-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\private\Pictures\Wallpapers\1446860144208.png
DNS Servers: 62.84.71.3 - 62.84.64.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-449200968-371616005-3000561685-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{02A8E987-11EA-4063-8C01-59C134A48B9C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{64E3F8C2-6A4F-40BA-BE9E-6F478B3E2081}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6EAC6302-433A-4D84-A349-2F145FF34F6F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{360949B5-E1E2-43DF-8E46-B911646F571E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35539F6A-7DFF-40B8-B0D2-74DDE33AB978}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{294CFE19-1A69-49DC-B4A1-8B30295EC44B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{40B0D8A9-09FB-4925-9A05-B70C9CFB9486}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{97E0998D-6D6A-440B-A2BC-F55F211EEB60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FF7D7B77-3A1C-4141-9253-E1B5B5250A4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9277B57F-A37C-4355-B47D-2013ADCFE5C0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{03A40ED0-368F-424D-87EA-46AAB08B0582}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7D6BF2C-9A77-4FA9-826B-16B80241B420}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C44EACD9-7069-444D-9A2C-B7D64BECAB67}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3728F79F-29EE-47A3-A122-52676535FFDE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{84D06120-5D7F-4386-AC71-C448B53F0A96}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{12775FCF-AA89-4EBA-A4AD-1EF03D88CCC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2C6C8497-800D-42A0-83FF-AF356716D6B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{02224A5D-0D26-435F-87D1-9EA6FFC32838}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A3BF3B5E-9D76-4CC1-BC7D-26EA3A99D9B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/22/2016 07:23:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 54.0.2840.71 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: be8
 
Start Time: 01d22c1b26a21090
 
Termination Time: 6
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 3d55562e-980f-11e6-9c6e-780cb810a03f
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/21/2016 05:52:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/20/2016 03:44:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Faulting module name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Exception code: 0xc0000005
Fault offset: 0x00037b59
Faulting process id: 0x11c8
Faulting application start time: 0x01d22acf8ba2eb81
Faulting application path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Faulting module path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Report Id: 98fd55ca-2885-4915-be17-ec1d52d06a98
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/20/2016 07:56:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/20/2016 07:56:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/20/2016 07:56:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/19/2016 11:32:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/19/2016 09:36:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dragon Gaming Center.exe, version: 1.0.1501.2801, time stamp: 0x54c85497
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process id: 0x2b00
Faulting application start time: 0x01d229d31e74d39c
Faulting application path: C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 5654fa09-bd09-4301-baf1-c070c92f2085
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/19/2016 09:36:28 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Dragon Gaming Center.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.XamlReader.RewrapException(System.Exception, System.Xaml.IXamlLineInfo, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<_ctor>b__0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at GameCenter.App.Main()
 
Error: (10/19/2016 03:16:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Faulting module name: steamwebhelper.exe, version: 3.65.13.80, time stamp: 0x57fed9f2
Exception code: 0xc0000005
Fault offset: 0x00037b59
Faulting process id: 0x20dc
Faulting application start time: 0x01d2299a09b2f741
Faulting application path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Faulting module path: C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
Report Id: ae569d03-b347-4d04-bd14-31c952b547cb
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/22/2016 09:38:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/22/2016 09:08:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session16 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/21/2016 05:52:36 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca did not register with DCOM within the required timeout.
 
Error: (10/21/2016 05:52:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session15 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/20/2016 06:46:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session14 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/20/2016 05:38:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session13 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/20/2016 07:56:25 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca did not register with DCOM within the required timeout.
 
Error: (10/20/2016 07:56:23 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca did not register with DCOM within the required timeout.
 
Error: (10/20/2016 07:56:22 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: The server CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca did not register with DCOM within the required timeout.
 
Error: (10/20/2016 07:56:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session12 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-18 00:05:16.642
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-14 21:37:28.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-13 23:48:13.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-12 21:06:58.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-11 21:06:54.086
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-10 23:05:58.638
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-01 07:08:47.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-23 19:52:11.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-14 05:05:22.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-10 22:08:43.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5700HQ CPU @ 2.70GHz
Percentage of memory in use: 29%
Total physical RAM: 12203.07 MB
Available physical RAM: 8644.32 MB
Total Virtual: 14059.07 MB
Available Virtual: 10442.73 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:558.91 GB) (Free:468.15 GB) NTFS
Drive d: (Data) (Fixed) (Total:352.61 GB) (Free:352.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EC4B43A4)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by jh4nn4m, 22 October 2016 - 04:31 AM.


#10 jh4nn4m

jh4nn4m
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 22 October 2016 - 04:32 AM

BIG EDIT: I realized that this Chrome malware was displayed on my computer because I misspelled the word "Facebook" !



#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:11 AM

Posted 23 October 2016 - 02:04 PM

Hi jh4nn4m.

 

First, I have to make a point that, if you want a help from me, you will have to follow my steps. If you decided against my steps, you have to discuss with me first. If you go on your own steps I will lose track of what we had done and might create confusion, or even worse condition of your computer.

 

Second, we do not recommend the use of Registry Optimizer/Fixer/Cleaner software. Sure, CCleaner is a good program I personally use, but for cleaning of temporary files only. Messing with the registry is more dangerous than you think and just don't make any difference in your computer's performance whatsoever. Just a bit of mistake can cause a completely locked up machine, so please stay away from it if you don't really know what you're doing.

 

Third, could you tell me how is your computer running? Any issues now? 

 

----------------------------

 

Now, please follow these steps:

 

1. If you haven't reinstalled your Google Chrome yet, you can use this link to get the installer and reinstall it.

 

2. Please enable System Restore on your C: drive by following this guideSystem Restore is very important and should be turned on at all times as a fall back option when there's any problem with your Windows.

 

3. We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   1.88KB   3 downloads
  • Replace all placeholder of your username in fixlist.txt with your computer username, or the fix might not work.
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

4.Important Note: Your version of Adobe Flash is out of date.


Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Adobe flash:

  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.

 

===========

 

5. Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
Microsoft: Unprecedented Wave of Java Exploitation
Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:


5teD1PQ.png


  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u122-windows-i586.exe or Windows x64: jre-8u122-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u74-windows-i586.exe (or jre-8u122-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. However, be aware that the Java updater prompts you to make Yahoo Search your browser's default search engine and home page...the option is pre-checked.

 

------------------

 

After you have completed all above steps, please create a new FRST.txt and Addition.txt log files for me.

 

Thank you.

 


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:11 AM

Posted 27 October 2016 - 11:57 AM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:12:11 AM

Posted 30 October 2016 - 01:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users