Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP ME! Chrome Browser Hijack,Adware and Malware keeps coming back


  • This topic is locked This topic is locked
6 replies to this topic

#1 idl99

idl99

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 05 May 2017 - 11:56 AM

Hey everyone,
 
Around 3 weeks ago, i installed Daemon Tools Lite, as it was a software that i used for years on my old laptop with no issues. However, i hadn't update Daemon Tools Lite in my old laptop in years. Anyways, I decided to install Daemon Tools Lite on my new laptop to mount an ISO File. Soon after installing, when i logged on to Chrome, i realized my browser had been hijacked and the homepage was set to initialpage123.com . Later, when I searched Google, i realized Daemon Tools have gone rogue since of late. At the time, I had Windows Defender and SMADAV AV installed, and SMADAV detected TenCent MIO.exe virus in real time, and i cleaned it using SMADAV. Yet, even afterwards Windows Defender kept prompting me to run a virus scan.
 
So, i googled more and followed Malware Removal Guides on your forum (bleepingcomputer.com) as well as another REDDIT post. I installed BitDefender, MalwareBytes, MalwareBytes ADW Cleaner, Malware Junk Removal Tool, and HitMan Pro. To my bitter sweet happiness, each virus scanner, found various issues in my laptop, ranging from WinSAP, SNARE, Kitty.DLL, and various other registry issues. Despite cleaning WinSAP and Snare, it showed up yet again on MalwareBytes ADW the following day
 
I've actually solved my browser hijack issue weeks ago, soon after the problem hijack occurred. Hitman Pro seemed to have fixed the homepage issue. However, i've been detected Tencent Virus by SMADAV antivirus, WinSap, SNARE, Kitty viruses by Malwarebytes ADW Cleaner every 2-3 days or so, after cleaning them, and some Adaware.Elex by Malwarebytes. At the same time strange things have been happening in my laptop. For i.e.: 2 days ago i was unable to shutdown my PC as it kept going back to the login screen. And today, Bit Defender kept prompting non stop that its blocking a web resource (php file)off some website called heheeliboom.com, and soon afterwards I realized a chrome shortcut had appeared on desktop, leading to a game called Big Farm.
 
So I decided to run Malwarebytes, ADW Cleaner, HitMan Pro and do the usual cleaning process. After doing the scans, everything temporarily got removed as usual, but I fear it could run again. So I installed Zemana Anti Malware which picked up some other Chrome issues, as well as MIO malware.

​I was redirected to post a new topic, by a global moderator @boopme on my old topic(https://www.bleepingcomputer.com/forums/t/644907/chrome-browser-hijack-leading-to-adware-trojan-and-other-malware/), and he advised me to run FRST files, and attach them here. So i've attached them herewith. Please help me, as I'm overdue an university assignment soon, and this issue is bothering me a lot.

 

Mod Edit:  Pasted data into post, deleted attachment - Hamluis.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2017 02
Ran by Ihan (05-05-2017 22:07:58)
Running from D:\AV Files
Windows 10 Home Version 1607 (X64) (2016-12-01 16:07:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1210519280-1098963146-3094455971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1210519280-1098963146-3094455971-503 - Limited - Disabled)
Dilanthi (S-1-5-21-1210519280-1098963146-3094455971-1001 - Administrator - Enabled) => C:\Users\acer
Guest (S-1-5-21-1210519280-1098963146-3094455971-501 - Limited - Disabled)
Ihan (S-1-5-21-1210519280-1098963146-3094455971-1002 - Administrator - Enabled) => C:\Users\Ihan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1210519280-1098963146-3094455971-1002\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3007 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.01.3001 - Acer Incorporated)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.94 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.6.12 - Bitdefender)
Blender (HKLM\...\{437221A8-91D1-42A0-9E04-0AD64B502374}) (Version: 2.78.1 - Blender Foundation)
Browser for SQL Server 2016 (HKLM-x32\...\{5B860485-0F07-41DC-BA8C-3A839A141FBA}) (Version: 13.1.4001.0 - Microsoft Corporation)
Dolby Audio X2 Windows API SDK (HKLM\...\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}) (Version: 0.7.2.61 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.5.3.31 - Dolby Laboratories, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Google Chrome (HKU\S-1-5-21-1210519280-1098963146-3094455971-1001\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.18.284 - SurfRight B.V.)
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager Gold (x86): dptf_com (x32 Version: 2.3.26.6137 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager SR300 (HKLM-x32\...\ARP_for_prd_dcm_runtime_sr300_3.2.26.6137) (Version: 3.2.26.6137 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ 3D camera SR300 IO module (x32 Version: 3.2.26.6137 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (x32 Version: 3.2.26.6137 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime  (x86): Core (x32 Version: 3.1.0.25181 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime  (x86): Core (x32 Version: 4.0.2.51617 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime  (x86): Dummy Core (x32 Version: 4.0.2.51617 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime  (x86): User Notification Tool files and components (x32 Version: 3.1.0.25181 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_core_v3_3.1.0.85181) (Version: 3.1.0.85181 - Intel Corporation)
Intel® RealSense™ SDK 2014 Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_core_v4_4.0.2.171617) (Version: 4.0.2.171617 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
JetBrains PyCharm Community Edition 2017.1 (HKLM-x32\...\PyCharm Community Edition 2017.1) (Version: 171.3780.115 - JetBrains s.r.o.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{825D262D-B676-4EAE-9BB6-F7AAD4707919}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1210519280-1098963146-3094455971-1001\...\OneDriveSetup.exe) (Version: 17.3.6764.0111 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1210519280-1098963146-3094455971-1002\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2016) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2016 (HKLM-x32\...\Microsoft SQL Server SQLServer2016) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2016 Policies  (HKLM-x32\...\{0BA40265-9FDA-41FF-8111-E22AE2508F60}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Setup (English) (HKLM\...\{0AE831BC-F2A8-4DE2-8FBF-68B220611A7F}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM\...\{FE3BF1DD-677E-4793-9770-C07AECC88882}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{C78CC1C8-D0DF-4F47-BA93-F3AE6E80E047}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{705566B9-DB0E-4866-85F9-9E2AF5A83204}) (Version: 13.0.3560.4 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 16.5.3 (HKLM-x32\...\{2d1a30f7-a163-4aa7-a10e-e936aeba38fe}) (Version: 13.0.16106.4 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ Build Tools (HKLM-x32\...\{a9528995-e130-4501-ae19-bbfaddb779cc}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{353253a9-15a3-4727-b415-79b4e6be765e}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2016 (HKLM\...\{3E013EB4-FF9E-4CCA-BAB6-318932614FAE}) (Version: 13.1.4001.0 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation)
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.10198 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Service Pack 1 for SQL Server 2016 (KB3182545) (64-bit) (HKLM\...\KB3182545) (Version: 13.1.4001.0 - Microsoft Corporation)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.25.106 - Skype Technologies S.A.)
SMADAV version 11.3 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.3 - Smadsoft)
SQL Server 2016 Batch Parser (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools (x32 Version: 13.0.16106.4 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools Extensions (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools Extensions (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Common Files (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Common Files (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Connection Info (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Services (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Shared (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 DMF (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio (Version: 13.0.16106.4 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio (x32 Version: 13.0.16106.4 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio Extensions (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Analysis Services (Version: 13.0.16106.4 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Analysis Services (x32 Version: 13.0.16106.4 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Analysis Services Localization (x32 Version: 13.0.16106.4 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Reporting Services (x32 Version: 13.0.16106.4 - Microsoft Corporation) Hidden
SQL Server 2016 Management Studio for Reporting Services Localization (x32 Version: 13.0.16106.4 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects Extensions (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 SQL Diagnostics (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 XEvent (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
STCServ (Version: 3.0.0.1783 - Intel Corporation) Hidden
Thunderbolt™ Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C9656D-EF9C-4B05-AD8E-633E34B297E0} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {06D580FD-BDA1-4232-98C7-29B2F264C511} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {15E65D4A-2199-4616-8350-82FDE39DA46B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {1986A7D3-EDC9-4D67-922C-534B4367F73B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {32B8D5EA-2F91-46E5-B66E-49D75275E499} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {35135F74-F742-4266-BE58-5DCA3E557C10} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {45E6BCA0-E741-4BB0-8157-6125BE839F40} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-06] (Google Inc.)
Task: {584BE837-8CA6-40AF-A0F8-0D6A94C525B8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-13] (NVIDIA Corporation)
Task: {5D58E67B-DD16-4E12-B29F-DC00FA385CA7} - System32\Tasks\Open Hardware Monitor\Startup => C:\Users\Ihan\AppData\Local\Temp\Rar$EXa0.829\OpenHardwareMonitor\OpenHardwareMonitor.exe  <==== ATTENTION
Task: {5F7E0196-1611-46D5-8B52-41F0710ABF10} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {6179293A-4D2A-4F86-878D-19616968A617} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-04-28] (Microsoft Corporation)
Task: {6924B433-E620-49F6-A031-BE727CBB7A0B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-28] (Microsoft Corporation)
Task: {6CCF55C9-55BC-48F6-9544-F66F39274C11} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-28] (Microsoft Corporation)
Task: {6DCDEB4B-4E0B-4AD2-A8FE-45B0B3E3F0BE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {705519F2-0840-40BC-BA7A-1E0F3F00885C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-21] ()
Task: {71412CA3-2391-4C85-9AEA-37E2C7683887} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {82BF81BD-5A58-4AFB-B711-36FF453C54AF} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-07-29] (Acer Incorporated)
Task: {8F702C34-1C19-472B-9271-524AF77F2B89} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)
Task: {8F970F0D-975D-4D22-93A7-562D6201B45D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {9CF7AD13-9727-419C-B3E2-D3C53E9ECE6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-04] (Adobe Systems Incorporated)
Task: {9FC3193D-6FE5-4286-8015-5E170F040E31} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2017-04-13] (Smadsoft)
Task: {A507D711-68CC-42BB-A1F2-DEE10C07E4EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-06] (Google Inc.)
Task: {A9890CDC-A774-4184-9552-7E6897FAE67C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {AF3CB0D3-B149-4A93-8FB5-0CDB9240F57C} - \Shazotioncicing -> No File <==== ATTENTION
Task: {BD269BC1-BE68-45D2-9A08-B1F18D16BFE4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-13] (NVIDIA Corporation)
Task: {C1D71B97-38C3-4A63-B7DF-8F4BF33156DB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {CC6E4899-0DFF-45CB-8CC7-706748AE1B44} - System32\Tasks\Cligochgrefege Monitor => C:\Program Files (x86)\Zzpygruleght\xqobertion.exe
Task: {DFAD8268-BF6E-4B88-B19E-A53417A4AD8D} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {E2CBC450-4700-47F1-A69A-1C686CEF3649} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-21] ()
Task: {E7A1516B-D440-4C80-83BD-91A0E2886539} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation)
Task: {ECBA27D6-8240-416E-BC7E-A037977A258C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {ECE0E033-6182-497A-8AAF-C481245A6DE1} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-01-21] ()
Task: {EF6449D0-EF1C-4434-8FE9-BE77CBC8FF38} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-02-02] (Bitdefender)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-12 15:11 - 2017-03-28 11:52 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 20:55 - 2016-07-12 20:55 - 01299952 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2.dll
2016-12-17 09:25 - 2016-12-12 00:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-21 00:10 - 2016-04-16 21:07 - 00280576 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2016-12-07 19:20 - 2016-12-13 05:06 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-07 19:20 - 2016-12-13 05:05 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-21 00:10 - 2017-02-07 12:29 - 01008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-04-21 00:10 - 2017-02-07 12:29 - 00541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-04-21 00:10 - 2017-02-07 12:29 - 03243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-04-21 00:10 - 2017-02-07 12:29 - 01544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2017-04-20 07:14 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-12 15:11 - 2017-03-28 11:52 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-04-19 00:26 - 2017-04-28 10:46 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-05 21:46 - 2017-05-05 21:46 - 00154480 _____ () D:\AV Files\Zemana AntiMalware\ZAMShellExt64.dll
2016-12-02 10:55 - 2016-12-02 10:55 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 10:07 - 2017-03-04 12:01 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2015-11-13 18:51 - 2015-11-13 18:51 - 00629248 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-06-04 05:02 - 2015-05-14 12:40 - 00030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
2016-07-18 10:39 - 2016-07-18 10:39 - 00154816 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2017-03-16 10:08 - 2017-03-04 11:35 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-21 00:20 - 2016-01-21 00:20 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-03-16 10:08 - 2017-03-04 11:42 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 10:08 - 2017-03-04 11:35 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-12 15:11 - 2017-03-28 10:37 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-12 15:11 - 2017-03-28 10:38 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-12 15:12 - 2017-03-28 10:41 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-07 19:21 - 2016-12-13 05:05 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-05-05 21:35 - 2017-05-05 21:35 - 00098816 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32api.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00110080 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\pywintypes27.dll
2017-05-05 21:35 - 2017-05-05 21:35 - 00364544 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\pythoncom27.dll
2017-05-05 21:35 - 2017-05-05 21:35 - 00320512 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32com.shell.shell.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00914432 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\_hashlib.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 01176576 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\wx._core_.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00806400 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\wx._gdi_.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00816128 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\wx._windows_.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 01067008 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\wx._controls_.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00733184 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\wx._misc_.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00682496 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\pysqlite2._sqlite.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00088064 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\_ctypes.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00686080 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\unicodedata.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00119808 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32file.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00108544 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32security.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00007168 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\hashobjs_ext.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00017920 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\thumbnails_ext.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00088064 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\usb_ext.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00012800 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\common.time34.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00018432 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32event.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00167936 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32gui.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00046080 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\_socket.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 01303552 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\_ssl.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00128512 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\_elementtree.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00127488 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\pyexpat.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00038912 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32inet.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00036864 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\_psutil_windows.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00524248 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\windows._lib_cacheinvalidation.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00011264 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32crypt.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00123392 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\wx._wizard.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00077312 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\wx._html2.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00027648 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\_multiprocessing.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00020480 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\_yappi.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00035840 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32process.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00078848 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\wx._animate.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00024064 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32pipe.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00010240 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\select.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00025600 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32pdh.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00017408 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32profile.pyd
2017-05-05 21:35 - 2017-05-05 21:35 - 00022528 ____R () C:\Users\Ihan\AppData\Local\Temp\_MEI82962\win32ts.pyd
2015-09-19 12:04 - 2015-09-19 12:04 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-07 19:21 - 2016-12-12 20:06 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-07 19:21 - 2016-12-12 20:06 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-07 19:21 - 2016-12-12 20:06 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-07 19:20 - 2016-12-13 05:05 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-07 19:20 - 2016-12-13 05:05 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-07 19:21 - 2016-12-12 20:06 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-07 19:21 - 2016-12-12 20:06 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-07 19:21 - 2016-12-12 20:06 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-07 19:21 - 2016-12-12 20:06 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-17 09:16 - 2016-12-12 20:06 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Ihan\Cookies:yd0DHuWVwgNRtIc90Nowhb [2210]
AlternateDataStreams: C:\Users\Ihan\Local Settings:4dfuwxkNnFBnOTDvu4mXXGi [2368]
AlternateDataStreams: C:\Users\Ihan\Local Settings:fv82q1ocIdvJhy2DGr4gsV [2110]
AlternateDataStreams: C:\Users\Ihan\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Ihan\AppData\Local:4dfuwxkNnFBnOTDvu4mXXGi [2368]
AlternateDataStreams: C:\Users\Ihan\AppData\Local:fv82q1ocIdvJhy2DGr4gsV [2110]
AlternateDataStreams: C:\Users\Ihan\AppData\Local\Application Data:4dfuwxkNnFBnOTDvu4mXXGi [2368]
AlternateDataStreams: C:\Users\Ihan\AppData\Local\Application Data:fv82q1ocIdvJhy2DGr4gsV [2110]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1210519280-1098963146-3094455971-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1210519280-1098963146-3094455971-1002\...\sharepoint.com -> hxxps://studentsiitac-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 12:54 - 2015-10-30 12:51 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1210519280-1098963146-3094455971-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1210519280-1098963146-3094455971-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ihan\Desktop\Interior_empty_Room_033227_.jpg
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-1210519280-1098963146-3094455971-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1E4929F4-6D4C-4127-B59B-00E83ADA4AE2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{72C7148B-676C-44CA-97BF-8FBF7BC09728}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{DED001D4-CB37-4A21-8432-E0DE5F1BA67F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{B6AA5F55-93D0-405F-8BDE-6457B3F92040}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DDDCBA26-6A7D-4D9F-8B9D-E5B6137FEB88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{1A6ACB06-7913-4D91-86FF-5EDC41EEC08D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{83B17053-E81E-46CD-9DA3-9196F0445467}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8CA58E5B-C0BA-462A-B83D-74AD48E50CC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{795784E6-6F18-4061-A363-27A35DC5B69E}] => (Allow) C:\Users\Ihan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1070D026-663D-468A-9A74-6C247E1BB98C}] => (Allow) C:\Users\Ihan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4E58891-B39D-4C93-99A0-D8A64D823648}] => (Allow) C:\Users\Ihan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{851E534A-7737-4AB3-9546-80A69C36A079}] => (Allow) C:\Users\Ihan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A955FA7D-9F40-4D61-AE46-D399337E2C83}] => (Allow) C:\Users\Ihan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6B728A8-35A6-4988-B8C6-F9487B37AAFC}] => (Allow) C:\Users\Ihan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A9170AC6-AA02-4A0E-B9F0-FE0A105AE366}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{281FE63C-FDDA-482F-A0DE-7B6E61B04B3D}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe
FirewallRules: [{C716294C-A776-4FA7-87AF-B83ED7DC17BD}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{AEB73085-C06E-4539-83CF-F6B03E06AB76}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [TCP Query User{F2A4767D-FFC4-448F-8C98-DBBEE1930BB1}C:\program files (x86)\jetbrains\pycharm community edition 2017.1\bin\pycharm64.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2017.1\bin\pycharm64.exe
FirewallRules: [UDP Query User{02A03FD3-2910-4448-959D-834AFDF2D2A3}C:\program files (x86)\jetbrains\pycharm community edition 2017.1\bin\pycharm64.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2017.1\bin\pycharm64.exe
FirewallRules: [{936CC4AE-89A7-4926-B1B4-C07AF8512044}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B5DFF01C-8683-4BB2-BC2D-10C8EA9BDE00}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B7DA56A6-5873-4C22-A683-B1128C662474}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{18B4BA02-51E7-4CE5-8199-A876B95135F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{78CE3661-F248-4602-8A1D-969FFF192390}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7FD67A15-5038-412A-967A-6DB6995AFD76}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2017 09:47:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/05/2017 09:35:09 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\GLOBALGROWTH$ via https://INTC-KeyId-5e73c89aa3e902b272b9f0741f7d8730e3ec724a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/05/2017 09:35:07 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\GLOBALGROWTH$ via https://INTC-KeyId-5e73c89aa3e902b272b9f0741f7d8730e3ec724a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(78ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/05/2017 09:35:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/05/2017 09:35:04 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (05/05/2017 06:01:04 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\GLOBALGROWTH$ via https://INTC-KeyId-5e73c89aa3e902b272b9f0741f7d8730e3ec724a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/05/2017 06:01:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\GLOBALGROWTH$ via https://INTC-KeyId-5e73c89aa3e902b272b9f0741f7d8730e3ec724a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/05/2017 06:01:02 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\GLOBALGROWTH$ via https://INTC-KeyId-5e73c89aa3e902b272b9f0741f7d8730e3ec724a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(78ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/05/2017 06:00:59 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/05/2017 06:00:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (05/05/2017 09:49:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WANARE service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 21600000 milliseconds: Restart the service.

Error: (05/05/2017 09:47:25 PM) (Source: DCOM) (EventID: 10016) (User: GLOBALGROWTH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user GLOBALGROWTH\Ihan SID (S-1-5-21-1210519280-1098963146-3094455971-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2017 09:35:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2017 09:34:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2017 09:21:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (05/05/2017 06:55:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2017 06:05:54 PM) (Source: DCOM) (EventID: 10016) (User: GLOBALGROWTH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user GLOBALGROWTH\Ihan SID (S-1-5-21-1210519280-1098963146-3094455971-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2017 06:01:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2017 06:00:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2017 06:00:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Content Protection HECI Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-04-21 00:31:55.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-21 00:31:55.984
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-21 00:31:55.984
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-21 00:31:55.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-21 00:31:55.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-21 00:31:55.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-18 10:57:35.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-18 09:33:57.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-17 09:29:42.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-13 10:54:49.689
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 43%
Total physical RAM: 8072.78 MB
Available physical RAM: 4556.68 MB
Total Virtual: 9352.78 MB
Available Virtual: 5744.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:118.64 GB) (Free:62.31 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:920.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 675C314F)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 675C3179)

Partition: GPT.

==================== End of Addition.txt ============================

 


Edited by hamluis, 05 May 2017 - 12:04 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 06 May 2017 - 09:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {AF3CB0D3-B149-4A93-8FB5-0CDB9240F57C} - \Shazotioncicing -> No File <==== ATTENTION
Task: {CC6E4899-0DFF-45CB-8CC7-706748AE1B44} - System32\Tasks\Cligochgrefege Monitor => C:\Program Files (x86)\Zzpygruleght\xqobertion.exe
AlternateDataStreams: C:\Users\Ihan\Cookies:yd0DHuWVwgNRtIc90Nowhb [2210]
AlternateDataStreams: C:\Users\Ihan\Local Settings:4dfuwxkNnFBnOTDvu4mXXGi [2368]
AlternateDataStreams: C:\Users\Ihan\Local Settings:fv82q1ocIdvJhy2DGr4gsV [2110]
AlternateDataStreams: C:\Users\Ihan\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Ihan\AppData\Local:4dfuwxkNnFBnOTDvu4mXXGi [2368]
AlternateDataStreams: C:\Users\Ihan\AppData\Local:fv82q1ocIdvJhy2DGr4gsV [2110]
AlternateDataStreams: C:\Users\Ihan\AppData\Local\Application Data:4dfuwxkNnFBnOTDvu4mXXGi [2368]
AlternateDataStreams: C:\Users\Ihan\AppData\Local\Application Data:fv82q1ocIdvJhy2DGr4gsV [2110]
C:\Program Files (x86)\Zzpygruleght

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.

p.s.
Include the FRST.txt file that was created by the Farbar tool.
I would like to review it.

#3 idl99

idl99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 09 May 2017 - 10:06 AM

First of all, thanks @nasdaq for all the help you're rendering to me. I was away for the past few days, hence I was unable to post a reply. However, today when I returned to my laptop, in the evening, Malwarebytes caught the same list of Malware re-occurring(WinSAP,Snare etc.), and for the first time Zemana caught a new malware called SSL.DLL as well, all originating from ProgramData folder named like "Zzpy.....". So I cleaned them first. Unfortunately I didn't see you're reply before running the Malwarebytes and Zemana scan and clean. However, I ran your fix afterwards and I've attached the Fix log. I'll continuously keep running scans throughout the week, because these malware seems to return after 2-5 days. Please keep this topic open, and I'll keep you posted if I catch any malware again. I'll be running Hitman Pro, Malwarebytes, Zemana, ADW Cleaner. Any other softwares I should use? 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 09 May 2017 - 12:52 PM

Keep me posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 15 May 2017 - 10:02 AM

Are you still with me?

#6 idl99

idl99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 16 May 2017 - 01:53 AM

Yes @nasdaq. I've been continuously running scans for the past few days, and so far I've had one registry value detection from Malwarebytes (I've attached the report below, and the detected registry key is currently quarantined) and one registry key detection from ADWCleaner, which is a key called "InterSect Alliance" under Software path. Nevertheless, it seems like you've fixed the main issue. All that remains, is I think a cleanup.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:24 AM

Posted 16 May 2017 - 08:25 AM



ADWCleaner, which is a key called "InterSect Alliance" under Software path.


It should be removed. It's part of this infection.
https://www.bleepingcomputer.com/virus-removal/remove-winsnare-potentially-unwanted-program

==

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users