Hidden malware affecting games?

[DarkTakua]

Hi, about one to two months ago, I've noticed a dip in performance on my machine.  Even when playing low intensive games, I seem to have half the performance and choppy visuals.

 

Here are my specs:

Asrock Extreme4 z77

i7 2600 3.4 ghz

12 gb ram

GTX 970 SLI (2), reference directly from nVidia, 355.60 drivers

Samsung 840 250GB

Windows 7

 

Monitors:

HP Pavilion 25bw (main monitor)

Samsung SyncMaster SA350

 

Games having problems:

Minecraft

GTA V, IV

H1Z1

 

 

I don't think the problem is with the specs since it's a pretty beefy computer.  I've tried upgrading and downgrading my drivers.  Repeatedly, I tried to check for malware (using Spybot, Malwarebytes, Avast, Avira), cleaning up drives (using CCleaner, Samsung Magician), checking inside for any missing connections (SLI bridge, PCI connection, power wires), and while playing games, I have monitored the specs (using MSI Afterburner, HWMonitor).  Everything seemed to be fine with 1253 GHz core clock, 3506 memory clock, and 1779 memory usage while playing GTA IV with an ENB (better graphics).

 

The only other think I can think of is that I have a hidden virus, so I decided to use HijackThis but I do not know how to interpret it.

 

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 10:42:00 AM, on 8/23/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17937)


FIREFOX: 40.0.2 (x86 en-US)

Boot mode: Normal


Running processes:

C:\Program Files (x86)\LSI\LoLSummonerInfo.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\LSI\LoLSummonerInfo.exe

C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\LSI\LoLSummonerInfo.exe

C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe

C:\Users\SY\AppData\Local\razer\InGameEngine\cache\RzSynapse\RzCefRenderProcess.exe

C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe

C:\Program Files (x86)\LSI\LoLSummonerInfo.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

E:\Program Files (x86)\WhatPulse2\whatpulse.exe

E:\Program Files (x86)\WhatPulse2\whatpulse-watchdog.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.252\deploy\LoLLauncher.exe

C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.36\deploy\LoLPatcher.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.157\deploy\LolClient.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\SY\Desktop\HijackThis (1).exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\DllHost.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll

O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe

O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Corsair Utility Engine] "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe" --autorun

O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [whatpulse] "E:\Program Files (x86)\WhatPulse2\whatpulse.exe"

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7A1373CD3BDA833DBDE91ED12010E705] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: PrecisionX_x64.lnk = C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nutafun4.dll' missing

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.dell.com

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PortmapperService - PTC Inc. - C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--

End of file - 12900 bytes

 

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.

Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[DarkTakua]

Hi,

 

Thanks for the quick reply.  I have attached the text files.

Addition.txt

FRST.txt

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

  createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";bnetsh winsock reset >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[DarkTakua]

 

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by SY on Sun 08/23/2015 at 11:28:02.42.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\SY\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

8/23/2015 11:28:29 AM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~3\ALM deleted successfully

C:\PROGRA~3\CorelDRAW Graphics Suite X7 x64 deleted successfully

C:\Users\SY\AppData\Local\EmieBrowserModeList deleted successfully

C:\Users\SY\AppData\Local\EmieSiteList deleted successfully

C:\Users\SY\AppData\Local\EmieUserList deleted successfully

C:\Users\SY\AppData\Local\LSI deleted successfully

C:\Users\SY\AppData\Local\PACE Anti-Piracy deleted successfully

C:\Users\SY\AppData\Local\Trove deleted successfully

C:\Users\SY\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~3\CorelDRAW Graphics Suite X7 x64 not found

C:\Users\SY\AppData\Roaming\discord deleted

C:\Users\SY\AppData\Roaming\SpeedRunnersLog.txt deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\SY\AppData\Local\updater.log deleted

C:\Users\SY\AppData\Local\CrashRpt deleted

C:\windows\SysNative\tasks\update-S-1-5-21-2914734818-1192694775-2020057558-1000 deleted

C:\windows\SysNative\tasks\update-sys deleted

C:\Windows\tasks\update-S-1-5-21-2914734818-1192694775-2020057558-1000.job deleted

C:\Windows\tasks\update-sys.job deleted

C:\Windows\Syswow64\RENAD1C.tmp deleted

C:\Windows\SysWow64\AI_RecycleBin deleted

"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.dll" deleted

"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.exe" deleted

"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\uploader.dll" deleted

"C:\PROGRA~2\Skillbrains" deleted

"C:\PROGRA~2\Skillbrains\lightshot" deleted

"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1" deleted

 

==== Firefox Start and Search pages ======================

 

ProfilePath: C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\mg5puhvq.default

user_pref("browser.search.defaultenginename.US", "Google");

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/16/2015 08:33 PM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\mg5puhvq.default

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

 

==== Chromium Look ======================

 

Google Chrome Version: 44.0.2403.157

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[05/02/2015 01:34 PM]

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05/02/2015 01:34 PM]

 

Avast SafePrice - SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

Avast Online Security - SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

ThemeBeta.com - SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hamakeonknohdmnojglpffonbpgocaoc

Chrome Hotword Shared Module - SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

 

==== Chromium Startpages ======================

 

C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Preferences

32000,\"name\":\"JPN_KAKU2\",\"vendor_id\":\"71\",\"width_microns\":240000},{\"custom_display_name\":\"Japanese Envelope Kaku #3\",\"height_microns\":277000,\"vendor_id\":\"72\",\"width_microns\":216000},{\"custom_display_name\":\"Japanese Envelope Chou #3\",\"height_microns\":235000,\"name\":\"JPN_CHOU3\",\"vendor_id\":\"73\",\"width_microns\":120000},{\"custom_display_name\":\"Japanese Envelope Chou #4\",\"height_microns\":205000,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"74\",\"width_microns\":90000},{\"custom_display_name\":\"B6 (JIS)\",\"height_microns\":182000,\"name\":\"JIS_B6\",\"vendor_id\":\"88\",\"width_microns\":128000},{\"custom_display_name\":\"12x11\",\"height_microns\":304900,\"name\":\"NA_11X12\",\"vendor_id\":\"90\",\"width_microns\":279500},{\"custom_display_name\":\"Japan Envelope You #4\",\"height_microns\":235000,\"name\":\"JPN_YOU4\",\"vendor_id\":\"91\",\"width_microns\":105000},{\"custom_display_name\":\"PRC Envelope #1\",\"height_microns\":165000,\"name\":\"PRC_1\",\"vendor_id\":\"96\",\"width_microns\":102000},{\"custom_display_name\":\"PRC Envelope #4\",\"height_microns\":208000,\"name\":\"PRC_4\",\"vendor_id\":\"99\",\"width_microns\":110000},{\"custom_display_name\":\"PRC Envelope #6\",\"height_microns\":230000,\"name\":\"PRC_6\",\"vendor_id\":\"101\",\"width_microns\":120000},{\"custom_display_name\":\"PRC Envelope #7\",\"height_microns\":230000,\"name\":\"PRC_7\",\"vendor_id\":\"102\",\"width_microns\":160000},{\"custom_display_name\":\"PRC Envelope #8\",\"height_microns\":309000,\"name\":\"PRC_8\",\"vendor_id\":\"103\",\"width_microns\":120000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"Microsoft XPS Document Writer\",\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\"\",\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900}}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"block_third_party_cookies":false,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{"https://[*.]us-mg6.mail.yahoo.com:443,*":{"setting":1}},"cookies":{},"fullscreen":{"http://genvideos.com:80,http://genvideos.com:80":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1},"https://www.facebook.com:443,https://www.facebook.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"http://www.talk.gg:80,*":{"last_used":1434522711.816908},"https://discordapp.com:443,*":{"last_used":1438508114.81944,"setting":1},"https://www.facebook.com:443,*":{"last_used":1440295686.734667,"setting":1},"https://www.google.com:443,*":{"last_used":1439789653.031074,"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{"[*.]nvidia.custhelp.com,*":{"setting":1},"https://www.geeksquad.com,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{"https://vc1.rave-lab.com:443,https://vc1.rave-lab.com:443":{"setting":{"cert_exceptions_map":{"4294967094mAeSOikCWRaFMoNLImKjk/BO9NrYxL4rMNlgV8XPfHU=":1},"guid":"175F7198-82C2-4153-B89F-07E130A9F497","version":1}}}},"pattern_pairs":{"[*.]nvidia.custhelp.com,*":{"popups":1},"http://genvideos.com:80,http://genvideos.com:80":{"fullscreen":1},"https://[*.]us-mg6.mail.yahoo.com:443,*":{"multiple-automatic-downloads":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://www.facebook.com:443,https://www.facebook.com:443":{"fullscreen":1},"https://www.geeksquad.com,*":{"popups":1}},"pref_version":1},"default_content_setting_values":{"javascript":1,"popups":2},"default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh4.googleusercontent.com/-ut-zHNvX_28/AAAAAAAAAAI/AAAAAAAAAEc/ngWqLXfI8ew/s256-c/photo.jpg","gaia_info_update_time":"13084781046109181","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\SY\\Desktop"},"search":{"suggest_enabled":true},"selectfile":{"last_directory":"C:\\Users\\SY\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13075082772214298"},"signin":{"signedin_time":"13075084587103623"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJWlU9V+1fUSPxlaHqjzFywAAAAACAAAAAAAQZgAAAAEAACAAAACrm2q9DTI/BljF7jlqR/GnRgz6rzCOOz2yBv7UiiKLPwAAAAAOgAAAAAIAACAAAAC6MxKkwlpVIMRd/KxiBPAcD8Bxv8rYEfmrYLhC0E1WFkAAAACSUAT457DbyrbcohHZeVHdp0soM4LvJMx9Mq2ka86Aw3/twf3/n4739FQ3zaNEepW6pnU9TlkfOCK6+zRpkCKmQAAAANJHIi/4ykhfNUQADbuRpH+yYUo6VLAmPdWE+84Z7ghxuPVWvfY8Gl/WbLodsoS4tGVkBqcuM0rdL/YNpOkAANU=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13075084587114949","has_auth_error":false,"has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJWlU9V+1fUSPxlaHqjzFywAAAAACAAAAAAAQZgAAAAEAACAAAAAFileRcKpthi0StNWOGFiq4K896EslZL0XnXeck+6MMQAAAAAOgAAAAAIAACAAAABJDgUNpU4VC4VNBDAQDgpAHfGXXT2ObK2pL2kQOFgOfFAAAAB+rjayRK9BtZEOyxtHeB6q61ZkPyBHxwlybFEgn2SgFpQDG/iaUyV80EOr+Z2Dx0drgGzeNGUx5Dla5p/8AbNEeXY9RGkHoMWzPb8nLUCBY0AAAABykuycIJwu+QW6A6Ls9fUh3AOWhuSXVI44XPqQy9xpF0+lzGKjcQtdRzNFIL+AbApifNF3RICOr4CadxzpNGTB","last_synced_time":"13084838837077822","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncOtLIkyWQmbHFSEyVqgCN1Q==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":2},"translate_accepted_count":{"de":0,"en":0,"es":0,"id":0,"it":0,"ja":0,"ko":0,"pt":0,"tr":0,"zh-CN":0,"zh-TW":0},"translate_blocked_languages":["en"],"translate_denied_count":{"de":1,"it":1,"ko":1,"tr":1,"zh-CN":1,"zh-TW":1},"translate_denied_count_for_language":{"de":1,"en":2,"es":2,"id":1,"ja":1,"pt":1,"zh-CN":1},"translate_last_denied_time":1433742253176.252,"translate_last_denied_time_for_language":{"de":1439019013232.644,"en":1439367831143.136,"es":1438453270219.226,"id":1440239710655.855,"ja":1438937295905.839,"pt":1439084333661.178,"zh-CN":1439793401123.203},"translate_too_often_denied":true,"translate_too_often_denied_for_language":{"es":true},"translate_whitelists":{}}

 

 

==== Chromium Fix ======================

 

C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.coreldraw.com_0.localstorage deleted successfully

C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.coreldraw.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.dell.com"

"Default_Page_URL"="http://www.dell.com"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.dell.com"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01H8YS0Y will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49OWLUFP will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52RQEDY8 will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZDT9V6R will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6GYOZ9G will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLMA3SLB will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRQPY7NJ will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3AS73PR will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE6331JB will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE6TZ8C5 will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLXTEBSW will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X42B3WZ6 will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBZLRJAU will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWY6BL2M will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAQ6GL6N will be deleted at reboot

C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWQ7UIS2 will be deleted at reboot

 

==== Empty FireFox Cache ======================

 

C:\Users\SY\AppData\Local\Mozilla\Firefox\Profiles\mg5puhvq.default\cache2 emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache is not empty, a reboot is needed

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=143 folders=51 42797327 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\SY\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\SY\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01H8YS0Y" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\49OWLUFP" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52RQEDY8" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZDT9V6R" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6GYOZ9G" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLMA3SLB" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRQPY7NJ" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3AS73PR" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE6331JB" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE6TZ8C5" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLXTEBSW" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X42B3WZ6" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBZLRJAU" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWY6BL2M" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAQ6GL6N" not found

"C:\Users\SY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWQ7UIS2" not found

"C:\Users\SY\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\37XM8KCP\kaptcha.com"  not found

 

==== EOF on Sun 08/23/2015 at 12:12:31.11 ======================

[TwinHeadedEagle]

Okay, how is your PC behaving now?

[DarkTakua]

It still is not fixed; I have lower FPS.

[TwinHeadedEagle]

Check Disk

• Press the + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• chkdsk C: /r

• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!