Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast warnings but virus and malware scans are clean [Solved]


  • This topic is locked This topic is locked

#1
darmeen

darmeen

    New Member

  • Member
  • Pip
  • 5 posts

I keep getting these avast popups saying it has blocked some malicious url (last time was 53 times)

 

FRST.txt 

 

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Vic (administrator) on DRAGONS_LAIR on 08-07-2015 18:52:43
Running from C:\Users\Vic\Desktop
Loaded Profiles: Vic (Available Profiles: Vic)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-28] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\...\Run: [GoogleChromeAutoLaunch_278209370FF94061A837B2120CA1AD3C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-06] (Google Inc.)
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\...\MountPoints2: F - "F:\Setup.exe" 
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" File not found
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-28] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-28] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-21] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-05-19] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-28] (Avast Software s.r.o.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{0EAB3AFE-9A5B-4B23-A23A-249F2895C85E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E75A3108-BD3D-4FE4-B0A2-388CA719A852}: [DhcpNameServer] 8.8.8.8 8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Arc\plugins\NPSWF32.dll [2015-05-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-05-19] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Website and SEO Analysis) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkomeiemllejmopbbjjngpmmikfedad [2015-06-11]
CHR Extension: (Google Docs) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-10]
CHR Extension: (Google Drive) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-10]
CHR Extension: (YouTube) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-10]
CHR Extension: (Facebook) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-06-11]
CHR Extension: (Adblock Plus) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-11]
CHR Extension: (Google Search) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-10]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-06-11]
CHR Extension: (Pandora) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-06-11]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-06-11]
CHR Extension: (Shareaholic for Google Chrome™) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2015-06-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-06-11]
CHR Extension: (Pocket) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-11]
CHR Extension: (Save to Pocket) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-06-11]
CHR Extension: (Google Wallet) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-06-11]
CHR Extension: (Wooden Room [FVD]) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekipihpcnipkbfbempgloahlgfbnjnn [2015-06-11]
CHR Extension: (Weather Underground) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-06-11]
CHR Extension: (Gmail) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-10]
CHR HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2015-05-19] (Perfect World Entertainment Inc)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-28] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-28] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 34c85951; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemLifter\SystemLifter.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-28] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-06-28] (Emsisoft GmbH)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows ® Win 7 DDK provider)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204936 2014-02-12] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-28] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S0 IntelHSWPcc; System32\drivers\IntelPcc.sys [X]
U0 msahci; system32\drivers\msahci.sys
S2 SPDRIVER_1.42.1.1965; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-08 18:52 - 2015-07-08 18:53 - 00023456 _____ C:\Users\Vic\Desktop\FRST.txt
2015-07-08 18:52 - 2015-07-08 18:52 - 00000000 ____D C:\FRST
2015-07-08 18:49 - 2015-07-08 18:49 - 00000000 _____ C:\Windows\SysWOW64\RENEB6.tmp
2015-07-08 18:47 - 2015-07-08 18:47 - 00000000 ____D C:\Users\Vic\Documents\The Witcher 3
2015-07-08 18:44 - 2015-07-08 18:44 - 02112512 _____ (Farbar) C:\Users\Vic\Desktop\FRST64.exe
2015-07-06 21:12 - 2015-07-06 21:12 - 14651392 _____ C:\Users\Vic\Desktop\combinedweek5pp.ppt
2015-07-06 20:50 - 2015-07-05 14:23 - 10069504 _____ C:\Users\Vic\Desktop\chaps 9 10 and ll pp lecture.ppt
2015-06-30 00:09 - 2015-06-30 00:10 - 00016972 _____ C:\Users\Vic\Documents\MysteryCafe_Invoice6.30.xlsx
2015-06-28 16:12 - 2015-06-28 16:12 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-28 16:12 - 2015-06-28 16:12 - 00000000 ____D C:\Users\Vic\AppData\Roaming\AVAST Software
2015-06-28 16:12 - 2015-06-28 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-28 16:11 - 2015-06-28 16:11 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-28 16:11 - 2015-06-28 16:11 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-28 16:11 - 2015-06-28 16:11 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-28 16:11 - 2015-06-28 16:11 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-28 16:11 - 2015-06-28 16:11 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-28 16:11 - 2015-06-28 16:11 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-28 16:11 - 2015-06-28 16:11 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-28 16:11 - 2015-06-28 16:11 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-28 16:11 - 2015-06-28 16:11 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-28 16:11 - 2015-06-28 16:11 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-28 16:11 - 2015-06-28 16:11 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-28 16:10 - 2015-06-28 16:10 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-28 15:58 - 2015-07-08 18:26 - 00011582 _____ C:\Windows\setupact.log
2015-06-28 15:58 - 2015-06-28 16:22 - 00494324 _____ C:\Windows\PFRO.log
2015-06-28 15:58 - 2015-06-28 15:58 - 00000000 _____ C:\Windows\setuperr.log
2015-06-28 15:54 - 2015-06-28 15:55 - 05499960 _____ (Avast Software s.r.o.) C:\Users\Vic\Downloads\avast_free_antivirus_setup_online.exe
2015-06-28 15:54 - 2015-06-28 15:55 - 05499960 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-06-28 15:36 - 2015-06-28 15:36 - 06565736 _____ (Piriform Ltd) C:\Users\Vic\Downloads\ccsetup507.exe
2015-06-28 13:34 - 2015-06-28 13:35 - 00000000 ____D C:\EEK
2015-06-28 13:34 - 2015-06-28 13:34 - 00000757 _____ C:\Users\Vic\Desktop\Start Emsisoft Emergency Kit.lnk
2015-06-28 13:34 - 2015-06-28 00:14 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-06-28 13:33 - 2015-06-28 13:34 - 158718800 _____ C:\Users\Vic\Downloads\EmsisoftEmergencyKit.exe
2015-06-28 12:24 - 2015-06-28 13:32 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-28 12:24 - 2015-06-28 12:24 - 21471480 _____ C:\Users\Vic\Downloads\RogueKillerX64.exe
2015-06-28 12:24 - 2015-06-28 12:24 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-28 12:15 - 2015-06-28 16:21 - 00000238 _____ C:\Windows\system32\.crusader
2015-06-28 12:07 - 2015-06-28 12:15 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-28 12:07 - 2015-06-28 12:07 - 11032736 _____ (SurfRight B.V.) C:\Users\Vic\Downloads\HitmanPro_x64.exe
2015-06-28 12:03 - 2015-06-28 12:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Vic\Downloads\tdsskiller.exe
2015-06-27 12:22 - 2015-06-27 12:22 - 33957580 _____ C:\Users\Vic\Downloads\48-Handmade-Stamp-Brushes.zip
2015-06-27 12:22 - 2015-06-27 12:22 - 02405850 _____ C:\Users\Vic\Downloads\Set-flat-square-icons-of-a-animals.zip
2015-06-27 12:22 - 2015-06-27 12:22 - 00937765 _____ C:\Users\Vic\Downloads\Start-Responsive-One-Page-Template.zip
2015-06-27 12:22 - 2015-06-27 12:22 - 00840106 _____ C:\Users\Vic\Downloads\Baystyle-typeface.zip
2015-06-27 12:21 - 2015-06-27 12:22 - 45035289 _____ C:\Users\Vic\Downloads\Speech-bubble-pack..zip
2015-06-27 12:21 - 2015-06-27 12:21 - 01753852 _____ C:\Users\Vic\Downloads\Awesome-22-Flat-Vector-Sea-Icons.zip
2015-06-26 19:43 - 2015-06-26 19:45 - 00000000 ____D C:\Users\Vic\Downloads\Cities Skylines Assets.Maps.Mods.Saves v3.0
2015-06-26 19:43 - 2015-06-26 19:43 - 00025790 _____ C:\Users\Vic\Downloads\[kat.cr]cities.skylines.assets.maps.mods.saves.v3.0.torrent
2015-06-24 19:19 - 2015-06-24 19:20 - 04157300 _____ C:\Users\Vic\Downloads\Flatlands.crp
2015-06-24 19:08 - 2015-06-24 19:08 - 04462615 _____ C:\Users\Vic\Downloads\Raven Bay1.2.rar
2015-06-24 18:57 - 2015-06-24 18:57 - 00003592 _____ C:\Users\Vic\Downloads\Autobulldoze.rar
2015-06-21 10:33 - 2015-06-21 10:33 - 00000000 _____ C:\Windows\SysWOW64\RENB03A.tmp
2015-06-13 14:24 - 2015-06-13 14:24 - 00001983 _____ C:\Users\Vic\Desktop\Cities - Skylines.lnk
2015-06-13 14:22 - 2015-06-13 14:22 - 00000000 ____D C:\Users\Vic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cities-Skylines - Deluxe Edition v1.0.7b
2015-06-13 14:22 - 2015-06-13 14:22 - 00000000 ____D C:\Users\Vic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2015-06-13 14:19 - 2015-06-26 19:53 - 00000000 ____D C:\Program Files (x86)\CitiesSkylines
2015-06-13 14:19 - 2015-06-13 14:19 - 00000000 ____D C:\2-click run
2015-06-13 14:04 - 2015-06-13 14:08 - 00000000 ____D C:\Users\Vic\Downloads\Cities-Skylines - Deluxe Edition v1.0.7b (2015)(2-click run)
2015-06-12 19:43 - 2015-06-12 19:43 - 00000000 ____D C:\Users\Vic\Documents\Colossal Order
2015-06-12 19:43 - 2015-06-12 19:43 - 00000000 ____D C:\Users\Vic\AppData\Roaming\Colossal Order
2015-06-12 19:37 - 2015-06-12 19:37 - 00000000 ____D C:\Users\Vic\AppData\Roaming\Steam
2015-06-12 19:37 - 2015-06-12 19:37 - 00000000 ____D C:\Users\Vic\AppData\Roaming\.mono
2015-06-12 19:37 - 2015-06-12 19:37 - 00000000 ____D C:\Users\Vic\AppData\Local\Colossal Order
2015-06-12 19:37 - 2015-06-12 19:37 - 00000000 ____D C:\ProgramData\.mono
2015-06-12 19:22 - 2015-06-12 19:27 - 00000000 ____D C:\Users\Vic\Downloads\Cities Skylines [RePack]
2015-06-12 02:35 - 2015-06-19 22:02 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-12 02:35 - 2015-06-19 22:02 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 23:51 - 2015-04-08 17:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-10 23:40 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-10 23:40 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-10 23:40 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-10 23:40 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-10 23:39 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 23:39 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 23:39 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-10 23:39 - 2015-04-01 17:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-10 23:39 - 2015-04-01 17:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-10 23:39 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-10 23:39 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-10 23:35 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 23:35 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 23:35 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-10 23:35 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-10 23:35 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-10 23:35 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-10 23:34 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 23:34 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 23:34 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 23:34 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 23:34 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 23:34 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 23:34 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 23:34 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 23:34 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 23:34 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 23:34 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 23:34 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 23:34 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 23:34 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 23:34 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 23:34 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 23:34 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 23:34 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 23:34 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 23:34 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 23:34 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 23:34 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 23:34 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 23:34 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 23:34 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 23:34 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 23:34 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 23:34 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 23:34 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 23:34 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 23:34 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 23:34 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 23:34 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 23:34 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 23:34 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 23:34 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 23:34 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 23:34 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 23:34 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 23:34 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 23:34 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 23:34 - 2015-04-16 01:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-10 23:34 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-10 23:34 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-10 23:34 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-10 23:34 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-10 23:34 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-10 23:34 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-10 23:34 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-10 23:34 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-10 23:34 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 23:34 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-10 23:34 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-10 23:34 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-10 23:34 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-10 23:14 - 2015-06-28 11:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 23:14 - 2015-06-10 23:14 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-10 23:14 - 2015-06-10 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-10 23:14 - 2015-06-10 23:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-10 23:14 - 2015-06-10 23:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-10 23:14 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-10 23:14 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-10 23:14 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-10 23:13 - 2015-06-10 23:14 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Vic\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-10 23:12 - 2015-07-08 18:48 - 01202255 _____ C:\Windows\WindowsUpdate.log
2015-06-10 22:50 - 2015-06-28 16:04 - 00000000 ____D C:\ProgramData\646584000004aa5
2015-06-10 22:50 - 2015-06-10 22:50 - 00003106 _____ C:\Windows\System32\Tasks\{0AA4B08A-3BA0-48B6-BC80-C6EF92E52557}
2015-06-10 22:48 - 2015-06-10 22:48 - 00003226 _____ C:\Windows\System32\Tasks\{37083DC4-218A-40BA-B2A7-679A6792D51A}
2015-06-10 22:48 - 2015-06-10 22:48 - 00002295 _____ C:\Users\Public\Desktop\Facebook.lnk
2015-06-10 22:47 - 2015-06-10 22:48 - 00002218 _____ C:\Users\Vic\Desktop\chrome.lnk
2015-06-10 19:03 - 2015-06-10 19:03 - 00631296 _____ C:\Windows\ivq.dat
2015-06-10 19:00 - 2015-06-10 19:03 - 00000000 _____ C:\Windows\mivq.exe
2015-06-10 18:56 - 2015-06-10 18:57 - 00000000 _____ C:\Windows\ivq.exe
2015-06-10 18:54 - 2015-06-10 18:54 - 00000000 ____D C:\Users\Vic\AppData\Local\CrashRpt
2015-06-10 18:53 - 2015-06-10 18:53 - 00000045 _____ C:\user.js
2015-06-10 18:53 - 2015-01-05 20:34 - 00001952 ____R C:\Windows\system32\Drivers\etc\hp.bak
2015-06-10 18:44 - 2015-06-10 18:44 - 00000000 ____D C:\ProgramData\a031d38c00005503
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Roaming\SimpleFiles
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Local\Zeoinsight
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Local\ZBAnalyticsCore
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Local\Kromtech
2015-06-10 18:38 - 2015-06-11 01:01 - 00000000 ____D C:\ProgramData\ZombieNews
2015-06-10 18:37 - 2015-06-10 18:37 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-10 18:36 - 2015-06-10 18:39 - 00000000 ____D C:\ProgramData\Kromtech
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-08 18:50 - 2014-12-10 04:45 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2358305665-4084552561-1270841498-1001
2015-07-08 18:49 - 2015-01-24 13:06 - 00000000 ____D C:\Program Files\Java
2015-07-08 18:49 - 2014-12-26 14:40 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-08 18:46 - 2015-06-05 21:20 - 00000000 ____D C:\Program Files (x86)\The Amazing Spider-Man 2
2015-07-08 18:45 - 2015-05-29 20:37 - 00000000 ____D C:\Program Files (x86)\Batman Arkham Origins
2015-07-08 18:45 - 2015-01-24 12:51 - 00000000 ____D C:\Users\Vic\AppData\Roaming\uTorrent
2015-07-08 18:30 - 2014-03-18 05:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 18:28 - 2015-05-28 21:36 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-08 18:28 - 2014-12-10 04:40 - 00000073 _____ C:\Users\Vic\AppData\Roaming\sp_data.sys
2015-07-08 18:28 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-08 18:27 - 2015-05-28 19:18 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-07-08 18:27 - 2015-05-28 19:18 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-07-08 18:27 - 2015-02-04 15:08 - 00000000 ___RD C:\Users\Vic\Google Drive
2015-07-08 18:27 - 2014-12-10 04:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8D24EAF6-EDAD-4528-9151-A8CF32156C90}
2015-07-08 18:26 - 2014-12-10 04:59 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 18:26 - 2014-12-10 04:43 - 00000000 ____D C:\Users\Vic\OneDrive
2015-07-08 14:52 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 03:16 - 2014-12-10 04:59 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-08 01:01 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-28 16:22 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-28 16:09 - 2014-12-25 11:16 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-28 15:37 - 2015-05-21 19:56 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-28 15:37 - 2014-12-25 11:14 - 00000000 ____D C:\Program Files\CCleaner
2015-06-28 15:13 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-22 21:00 - 2015-03-18 20:07 - 00000000 __SHD C:\Users\Vic\AppData\Local\EmieBrowserModeList
2015-06-22 21:00 - 2014-12-10 04:50 - 00000000 __SHD C:\Users\Vic\AppData\Local\EmieUserList
2015-06-22 21:00 - 2014-12-10 04:50 - 00000000 __SHD C:\Users\Vic\AppData\Local\EmieSiteList
2015-06-21 10:32 - 2015-01-29 12:21 - 00000000 ____D C:\Users\Vic\AppData\Roaming\Skype
2015-06-21 10:32 - 2015-01-24 13:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-06-21 10:30 - 2015-04-15 03:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-21 10:30 - 2014-09-24 07:20 - 00000000 ____D C:\ProgramData\Skype
2015-06-12 02:58 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-06-12 02:34 - 2013-08-22 09:44 - 05148512 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 02:32 - 2015-01-05 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-12 02:32 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-12 02:32 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 02:31 - 2015-01-05 19:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 02:31 - 2013-08-22 08:25 - 00000199 _____ C:\Windows\win.ini
2015-06-12 02:25 - 2014-12-10 04:39 - 00000000 ____D C:\Users\Vic
2015-06-11 07:03 - 2013-08-22 09:45 - 00000000 ____D C:\Windows\Setup
2015-06-11 01:15 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\addins
2015-06-11 01:01 - 2014-12-26 22:16 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-06-10 23:34 - 2014-12-26 02:26 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 23:32 - 2014-12-26 02:26 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 22:54 - 2014-11-03 21:33 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-10 22:47 - 2014-12-10 04:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-10 20:15 - 2015-04-19 07:20 - 00000626 _____ C:\Users\Vic\AppData\Roaming\IqizqJJxpJ8xw
2015-06-10 18:54 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System
 
==================== Files in the root of some directories =======
 
2015-04-19 07:20 - 2015-06-10 20:15 - 0000626 _____ () C:\Users\Vic\AppData\Roaming\IqizqJJxpJ8xw
2014-12-10 04:40 - 2015-07-08 18:28 - 0000073 _____ () C:\Users\Vic\AppData\Roaming\sp_data.sys
2015-01-13 19:18 - 2015-06-05 12:28 - 0001456 _____ () C:\Users\Vic\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-05-23 16:13 - 2015-05-23 16:13 - 0007604 _____ () C:\Users\Vic\AppData\Local\Resmon.ResmonCfg
2014-11-03 21:47 - 2014-11-03 21:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-24 07:20 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-09-24 07:20 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-09-24 07:20 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some files in TEMP:
====================
C:\Users\Vic\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Vic\AppData\Local\Temp\HitmanPro.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\ivq.exe
C:\Windows\mivq.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-06 15:52
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Vic at 2015-07-08 18:53:20
Running from C:\Users\Vic\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2358305665-4084552561-1270841498-500 - Administrator - Disabled)
Guest (S-1-5-21-2358305665-4084552561-1270841498-501 - Limited - Disabled)
Vic (S-1-5-21-2358305665-4084552561-1270841498-1001 - Administrator - Enabled) => C:\Users\Vic
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)
Alien Skin Exposure 6 (HKLM\...\Alien Skin Exposure 6) (Version:  - Alien Skin)
Alien Skin Eye Candy 7 (HKLM\...\Alien Skin Eye Candy 7) (Version:  - Alien Skin)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASUS GIFTBOX Desktop (HKLM-x32\...\{9110969C-A4E5-4112-93A3-A8686BF7444C}) (Version: 1.0.2 - ASUS)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Circle Dock (HKLM-x32\...\{45EC565D-AD28-4FBC-8B2D-1948F08370E2}_is1) (Version: 32-bit v1.56 (Refresh) - Swn Y Gwynt)
Cities-Skylines - Deluxe Edition v1.0.7b (HKLM-x32\...\Cities-Skylines - Deluxe Edition v1.0.7b1.0.7b) (Version: 1.0.7b - Friends in War)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Dropbox (HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mediatek Bluetooth (HKLM\...\{9ACFC67B-786F-CC9B-847A-D0350FF6F5E0}) (Version: 11.0.752.0 - Mediatek)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x86) - 14.0.22816 (HKLM-x32\...\{714692fa-709b-4925-8170-821d51135f42}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SystemLifter (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{34c85951}) (Version:  - Software Publisher) <==== ATTENTION
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
UtechSmart 16400DPI VENUS Gaming Mouse version 1.1 (HKLM-x32\...\{5A0E98CD-3E42-4FA9-BA70-3EEFA31F67CE}_is1) (Version: 1.1 - UtechSmart)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2358305665-4084552561-1270841498-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Vic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2358305665-4084552561-1270841498-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vic\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2358305665-4084552561-1270841498-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vic\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2358305665-4084552561-1270841498-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vic\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2358305665-4084552561-1270841498-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vic\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2358305665-4084552561-1270841498-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vic\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2358305665-4084552561-1270841498-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vic\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2358305665-4084552561-1270841498-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vic\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2358305665-4084552561-1270841498-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Vic\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
21-06-2015 04:14:47 Scheduled Checkpoint
24-06-2015 15:35:03 Windows Update
28-06-2015 12:14:33 Checkpoint by HitmanPro
06-07-2015 16:13:47 Scheduled Checkpoint
08-07-2015 18:47:53 Removed Java 8 Update 31
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-01-05 20:34 - 00001952 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com 
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com 
127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com 
127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp 
127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com 
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com cmdls.adobe.com na1r.services.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com 
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {060F3157-BE48-4A9D-BEFB-3C9A86E3AF95} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {0849CCF5-B8AC-4E48-A539-A3B8586B1DAA} - System32\Tasks\{37083DC4-218A-40BA-B2A7-679A6792D51A} => pcalua.exe -a "C:\Program Files (x86)\Intel\Intel Collaborative Processor Performance Control\Uninstall\setup.exe" -c -uninstall
Task: {0DD410B0-8FCE-4018-8DB6-3C5D95AD8E5D} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {0DE29571-6D22-47B9-B51D-72E82AB90578} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {1FF77180-A519-4DF8-8C44-596933AE40F4} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {274B6E0E-9703-4895-B51F-20E77EE8B007} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {34ABDD7D-5EC9-4285-A962-66E3671FBF55} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {34F89592-FCB2-4B3B-9FA7-C79B5189AFDB} - \SPBIW_UpdateTask_Time_313532323739313130382d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {4128AA22-F099-481A-B6C4-C46A87B71890} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor)
Task: {4978248D-9E6B-49DF-ABF9-CD89D34235E0} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {4DE3DEA5-745E-4329-ADF0-86C5842EB3DE} - \SMWUpd No Task File <==== ATTENTION
Task: {56073330-4F3D-4426-92D8-0E8D2D82CB14} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {59FA1138-FABB-49DD-B186-764EDAEFD0F8} - \LuckyTab No Task File <==== ATTENTION
Task: {60E857A5-D53A-4EBA-B5F3-353C744C6D5E} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {62C496E0-4FA8-45DE-BEE5-453222BFE64D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-01-05] ()
Task: {69BC2271-5D9D-405B-9F15-B7E6306F3014} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-28] (Avast Software s.r.o.)
Task: {6B30D743-9590-49BD-9F98-038AD1794C53} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {7AA13B84-2EE4-4DBF-B2A6-06E52A7EE9B2} - \SMW_UpdateTask_Time_313532323739313130382d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {7DE10517-00AD-4FEC-9209-A656CC6EAF30} - System32\Tasks\{0AA4B08A-3BA0-48B6-BC80-C6EF92E52557} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {84BDAF5A-C943-412D-8525-3B9D5C3A3C10} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-11] (ASUS)
Task: {89AF0B9E-2F6F-4957-B031-B147217809CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {89C8E6E4-3530-4BFC-BDBB-6E19D85CF893} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {99976D9F-828F-4DF2-A6BA-878CC040ED48} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {B7E05962-2DA9-4723-9C63-D036A5BA5E60} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {D1D9C08A-AF12-4F41-BC1B-12B95D918B80} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {D4EA2F5C-1478-47C6-A0E3-FC0B2ACBAF44} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-02-11] ()
Task: {D9702143-AFE4-431F-B210-C5101576532D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {E8EB3398-4031-4ED7-B248-ABBF60247557} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {EEE1E993-CF97-489C-837D-99CE70E95F7C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {F191B8CC-4A22-48CA-B419-59C45FDF9CE2} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {FC11FC05-24E3-41AD-B4A9-F74AD815560E} - System32\Tasks\ASUS GIFTBOX Desktop => C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [2014-08-07] (ASUS)
Task: {FD358372-5473-4135-8031-30C3ECAE8339} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FF28C73D-C592-4D49-B4C7-7FF28E43E5A5} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-20] (Realtek Semiconductor)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-03 21:44 - 2015-01-09 18:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-11 20:08 - 2014-02-11 20:08 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-02-11 20:08 - 2014-02-11 20:08 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2015-06-28 16:11 - 2015-06-28 16:11 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-28 16:11 - 2015-06-28 16:11 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-28 16:13 - 2015-06-28 16:13 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062801\algo.dll
2015-07-07 18:58 - 2015-07-07 18:58 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070701\algo.dll
2015-07-08 18:47 - 2015-07-08 18:47 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070801\algo.dll
2014-11-03 21:42 - 2013-12-09 18:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-04-14 18:11 - 2015-03-27 22:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2015-07-08 18:26 - 2015-07-08 18:26 - 00098816 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32api.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00110080 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\pywintypes27.dll
2015-07-08 18:26 - 2015-07-08 18:26 - 00364544 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\pythoncom27.dll
2015-07-08 18:26 - 2015-07-08 18:26 - 00045568 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\_socket.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 01161216 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\_ssl.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00320512 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32com.shell.shell.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00713216 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\_hashlib.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 01175040 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\wx._core_.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00805888 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\wx._gdi_.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00811008 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\wx._windows_.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 01062400 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\wx._controls_.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00735232 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\wx._misc_.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00682496 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\pysqlite2._sqlite.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00087552 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\_ctypes.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00119808 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32file.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00108544 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32security.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00007168 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\hashobjs_ext.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00026624 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\usb_ext.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00167936 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32gui.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00018432 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32event.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00128512 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\_elementtree.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00127488 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\pyexpat.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00013824 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\common.time34.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00036864 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\_psutil_windows.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00038912 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32inet.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00011264 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32crypt.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00070656 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\wx._html2.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00027136 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\_multiprocessing.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00020480 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\_yappi.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00035840 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32process.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00686080 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\unicodedata.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00122368 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\wx._wizard.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00024064 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32pipe.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00010240 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\select.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00025600 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32pdh.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00525640 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\windows._lib_cacheinvalidation.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00017408 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32profile.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00022528 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\win32ts.pyd
2015-07-08 18:26 - 2015-07-08 18:26 - 00078336 _____ () C:\Users\Vic\AppData\Local\Temp\_MEI74442\wx._animate.pyd
2015-06-28 16:11 - 2015-06-28 16:11 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-01 06:17 - 2015-02-01 06:17 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-07 17:16 - 2015-07-06 22:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 17:16 - 2015-07-06 22:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Vic\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vic\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\...\StartupApproved\Run: => "PCKeeper2"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{564A4039-5CE5-402F-8AD0-C0C53DDC38B7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{d05fc355-7378-4131-b023-8aa91373d69c}] => (Allow) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe
FirewallRules: [{FAB42598-443C-42C7-A47C-B70E29D5589F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9254D315-44A4-45FA-A5D0-F3DF25BED72D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FD3C5F1A-872F-458D-90F9-BF69C6AB20DE}] => (Allow) C:\Users\Vic\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E3DD7F4A-999A-470E-96FD-C759326552E9}] => (Allow) C:\Users\Vic\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5B99F39D-BEAD-497B-9EAC-194CA0D85598}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B2E89102-097A-40A8-B961-695DC688958A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{42441BE7-0452-4201-AAB8-3893A4D50E9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F79435AA-5872-48C2-9A96-1E3183171917}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{03CEDF28-4D73-4317-8811-55C91B108D39}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{D6FBA5DA-A970-4593-9477-EF85CEB9A31B}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{CDCCDE8B-540B-4943-B1A2-92C98F1E5343}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{15FAF4BF-92B5-4952-B0AB-F2D27473E055}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [{C2B55ECC-D384-4CD5-A376-8B0D062E759C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CC21C59B-363C-454A-BD11-14722D248EE3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{891CB015-4A14-4D6B-A85F-601F3AE4ADCD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D4C19742-8CAA-45CC-B08D-1C1CB7834B9C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FD201D2E-CAA3-42BC-A84B-05DED8938FBE}] => (Allow) C:\Users\Vic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C3E197B-1C32-43E6-AE3A-C2FF8C787C1F}] => (Allow) C:\Users\Vic\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E00E03CC-98A2-405A-96E1-2D25E62B47D5}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{9BDFD0A9-0BAF-4061-8F2D-C8E69A400D92}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{AF75E52F-FE93-4DFE-9B5B-50B5C1F46805}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9D8BF7F3-DAB8-44B9-BA8C-1D67D479A85A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7C63F7CB-6B4B-4239-808A-B9587B92ACCA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{32C6D2F4-5233-4C89-9EDA-5E3E4114ED67}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5AD85D95-E9DB-490B-9930-351F495CAAAE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{222E8FC0-55FB-4C1C-8776-D4AA73726E10}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{4AC15E32-EEB8-41C8-8207-154B04E1CC4A}C:\users\vic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vic\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C19687B1-BAB5-4077-A998-DF02EF3A9172}C:\users\vic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vic\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D7ACD4D7-5B87-48A1-9D53-862FC7D64E96}] => (Block) C:\users\vic\appdata\roaming\spotify\spotify.exe
FirewallRules: [{096A85F6-2BC3-42C0-9947-6CDE8C45DA76}] => (Block) C:\users\vic\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8CA99986-19A4-45B1-AC40-0E555CF0B33B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{47E5ECE2-FC99-4C34-8C28-89903CE3EA60}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{13785163-258B-4C2D-BAF5-34344E3160D7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{064C0DC3-F07B-403A-9C39-577CCDE968B6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{78FDD4EC-2C0D-42D1-BEAE-2A60F6CA0F05}C:\users\vic\downloads\usbwebserver v8.6\apache2\bin\httpd_usbwv8.exe] => (Allow) C:\users\vic\downloads\usbwebserver v8.6\apache2\bin\httpd_usbwv8.exe
FirewallRules: [UDP Query User{F48D75AD-8556-48E3-8B94-360734C6805D}C:\users\vic\downloads\usbwebserver v8.6\apache2\bin\httpd_usbwv8.exe] => (Allow) C:\users\vic\downloads\usbwebserver v8.6\apache2\bin\httpd_usbwv8.exe
FirewallRules: [TCP Query User{180117DB-FB93-4B5B-A44A-FD30366282B0}C:\users\vic\downloads\usbwebserver v8.6\mysql\bin\mysqld_usbwv8.exe] => (Allow) C:\users\vic\downloads\usbwebserver v8.6\mysql\bin\mysqld_usbwv8.exe
FirewallRules: [UDP Query User{BE0FA41B-7A4B-4FAC-8CEE-BF5BA36C630F}C:\users\vic\downloads\usbwebserver v8.6\mysql\bin\mysqld_usbwv8.exe] => (Allow) C:\users\vic\downloads\usbwebserver v8.6\mysql\bin\mysqld_usbwv8.exe
FirewallRules: [{F968091C-7C4A-47CE-A4A1-892D06465D1E}] => (Block) C:\users\vic\downloads\usbwebserver v8.6\apache2\bin\httpd_usbwv8.exe
FirewallRules: [{D3C6DCF8-D793-4396-9AF5-EF6060D3A9CC}] => (Block) C:\users\vic\downloads\usbwebserver v8.6\apache2\bin\httpd_usbwv8.exe
FirewallRules: [{4F6DB99D-6045-4C4C-819C-67CCC9C6DABE}] => (Block) C:\users\vic\downloads\usbwebserver v8.6\mysql\bin\mysqld_usbwv8.exe
FirewallRules: [{41BBAD2E-C171-4412-A960-F0504E8ACD2E}] => (Block) C:\users\vic\downloads\usbwebserver v8.6\mysql\bin\mysqld_usbwv8.exe
FirewallRules: [{728D34E6-8A16-4B2B-9F60-D0EF81D2993E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5C7D520B-F253-44CE-932F-025785DC7C4A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{88DAE1D6-0424-48C8-BC41-389DAC622CDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/08/2015 06:26:40 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (07/08/2015 00:24:28 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (07/04/2015 11:42:05 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (07/02/2015 11:19:32 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (07/02/2015 10:57:36 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 05:02:34 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000CCB930BD00).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (06/28/2015 04:25:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x428
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5
 
Error: (06/28/2015 04:24:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at ..(System.String, System.String, ., System.String)
   at ...ctor()
   at ..(.)
   at ..()
 
Error: (06/28/2015 02:36:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20905 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1434
 
Start Time: 01d0b1d911774b57
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 0748e59c-1dcd-11e5-8293-543530d94a54
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/28/2015 00:14:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c43e4bb9-32db-4ead-bcc7-b9a923fafd7a}
 
 
System errors:
=============
Error: (07/07/2015 00:55:52 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (06/28/2015 04:24:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.42.1.1965 service failed to start due to the following error: 
%%3
 
Error: (06/28/2015 04:24:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the SystemLifter service to connect.
 
Error: (06/28/2015 04:22:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: 
%%0
 
Error: (06/28/2015 04:22:04 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (06/28/2015 04:22:04 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (06/28/2015 04:22:03 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (06/28/2015 04:22:03 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (06/28/2015 04:22:03 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
Error: (06/28/2015 04:22:03 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
 
 
Microsoft Office:
=========================
Error: (07/08/2015 06:26:40 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (07/08/2015 00:24:28 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (07/04/2015 11:42:05 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (07/02/2015 11:19:32 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (07/02/2015 10:57:36 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
 
Error: (06/28/2015 05:02:34 PM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000CCB930BD00)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (06/28/2015 04:25:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.5.0.052aef33fKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c42801d0b1e8854bbae5C:\Windows\AutoKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dll22a91793-1ddc-11e5-8297-543530d94a54
 
Error: (06/28/2015 04:24:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at ..(System.String, System.String, ., System.String)
   at ...ctor()
   at ..(.)
   at ..()
 
Error: (06/28/2015 02:36:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20905143401d0b1d911774b574294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe0748e59c-1dcd-11e5-8293-543530d94a54microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/28/2015 00:14:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c43e4bb9-32db-4ead-bcc7-b9a923fafd7a}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8075.13 MB
Available physical RAM: 5147.36 MB
Total Virtual: 9547.13 MB
Available Virtual: 6031.43 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:154.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:301.99 GB) NTFS
Drive g: (SYSRECOVERY) (Removable) (Total:14.89 GB) (Free:6.76 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: F6E0596D)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if the alerts stop after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 34c85951; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemLifter\SystemLifter.dll",serv
S2 SPDRIVER_1.42.1.1965; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.sys [X]
2015-06-10 19:03 - 2015-06-10 19:03 - 00631296 _____ C:\Windows\ivq.dat
2015-06-10 19:00 - 2015-06-10 19:03 - 00000000 _____ C:\Windows\mivq.exe
2015-06-10 18:56 - 2015-06-10 18:57 - 00000000 _____ C:\Windows\ivq.exe
2015-06-10 18:44 - 2015-06-10 18:44 - 00000000 ____D C:\ProgramData\a031d38c00005503
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Roaming\SimpleFiles
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Local\Zeoinsight
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Local\ZBAnalyticsCore
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Local\Kromtech
2015-06-10 18:38 - 2015-06-11 01:01 - 00000000 ____D C:\ProgramData\ZombieNews
2015-06-10 18:37 - 2015-06-10 18:37 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-10 18:36 - 2015-06-10 18:39 - 00000000 ____D C:\ProgramData\Kromtech
2015-06-22 21:00 - 2015-03-18 20:07 - 00000000 __SHD C:\Users\Vic\AppData\Local\EmieBrowserModeList
2015-06-22 21:00 - 2014-12-10 04:50 - 00000000 __SHD C:\Users\Vic\AppData\Local\EmieUserList
2015-06-22 21:00 - 2014-12-10 04:50 - 00000000 __SHD C:\Users\Vic\AppData\Local\EmieSiteList
Task: {0DD410B0-8FCE-4018-8DB6-3C5D95AD8E5D} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {34F89592-FCB2-4B3B-9FA7-C79B5189AFDB} - \SPBIW_UpdateTask_Time_313532323739313130382d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {4DE3DEA5-745E-4329-ADF0-86C5842EB3DE} - \SMWUpd No Task File <==== ATTENTION
Task: {59FA1138-FABB-49DD-B186-764EDAEFD0F8} - \LuckyTab No Task File <==== ATTENTION
Task: {60E857A5-D53A-4EBA-B5F3-353C744C6D5E} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {7AA13B84-2EE4-4DBF-B2A6-06E52A7EE9B2} - \SMW_UpdateTask_Time_313532323739313130382d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {7DE10517-00AD-4FEC-9209-A656CC6EAF30} - System32\Tasks\{0AA4B08A-3BA0-48B6-BC80-C6EF92E52557} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {99976D9F-828F-4DF2-A6BA-878CC040ED48} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
c:\progra~2\searchprotect
c:\Program Files (x86)\SystemLifter
C:\Program Files (x86)\ShopperPro
C:\Users\Vic\AppData\Local\Temp\_MEI74442
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
darmeen

darmeen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Did not have any warnings after reboot, posting this then running adwCleaner.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Vic at 2015-07-11 14:28:07 Run:1
Running from C:\Users\Vic\Desktop
Loaded Profiles: Vic (Available Profiles: Vic)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 34c85951; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemLifter\SystemLifter.dll",serv
S2 SPDRIVER_1.42.1.1965; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.sys [X]
2015-06-10 19:03 - 2015-06-10 19:03 - 00631296 _____ C:\Windows\ivq.dat
2015-06-10 19:00 - 2015-06-10 19:03 - 00000000 _____ C:\Windows\mivq.exe
2015-06-10 18:56 - 2015-06-10 18:57 - 00000000 _____ C:\Windows\ivq.exe
2015-06-10 18:44 - 2015-06-10 18:44 - 00000000 ____D C:\ProgramData\a031d38c00005503
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Roaming\SimpleFiles
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Local\Zeoinsight
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Local\ZBAnalyticsCore
2015-06-10 18:39 - 2015-06-10 18:39 - 00000000 ____D C:\Users\Vic\AppData\Local\Kromtech
2015-06-10 18:38 - 2015-06-11 01:01 - 00000000 ____D C:\ProgramData\ZombieNews
2015-06-10 18:37 - 2015-06-10 18:37 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-10 18:36 - 2015-06-10 18:39 - 00000000 ____D C:\ProgramData\Kromtech
2015-06-22 21:00 - 2015-03-18 20:07 - 00000000 __SHD C:\Users\Vic\AppData\Local\EmieBrowserModeList
2015-06-22 21:00 - 2014-12-10 04:50 - 00000000 __SHD C:\Users\Vic\AppData\Local\EmieUserList
2015-06-22 21:00 - 2014-12-10 04:50 - 00000000 __SHD C:\Users\Vic\AppData\Local\EmieSiteList
Task: {0DD410B0-8FCE-4018-8DB6-3C5D95AD8E5D} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {34F89592-FCB2-4B3B-9FA7-C79B5189AFDB} - \SPBIW_UpdateTask_Time_313532323739313130382d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {4DE3DEA5-745E-4329-ADF0-86C5842EB3DE} - \SMWUpd No Task File <==== ATTENTION
Task: {59FA1138-FABB-49DD-B186-764EDAEFD0F8} - \LuckyTab No Task File <==== ATTENTION
Task: {60E857A5-D53A-4EBA-B5F3-353C744C6D5E} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {7AA13B84-2EE4-4DBF-B2A6-06E52A7EE9B2} - \SMW_UpdateTask_Time_313532323739313130382d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {7DE10517-00AD-4FEC-9209-A656CC6EAF30} - System32\Tasks\{0AA4B08A-3BA0-48B6-BC80-C6EF92E52557} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {99976D9F-828F-4DF2-A6BA-878CC040ED48} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
c:\progra~2\searchprotect
c:\Program Files (x86)\SystemLifter
C:\Program Files (x86)\ShopperPro
C:\Users\Vic\AppData\Local\Temp\_MEI74442
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
"c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll" => value data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
34c85951 => Service removed successfully
SPDRIVER_1.42.1.1965 => Service removed successfully
C:\Windows\ivq.dat => moved successfully.
C:\Windows\mivq.exe => moved successfully.
C:\Windows\ivq.exe => moved successfully.
C:\ProgramData\a031d38c00005503 => moved successfully.
C:\Users\Vic\AppData\Roaming\SimpleFiles => moved successfully.
C:\Users\Vic\AppData\Local\Zeoinsight => moved successfully.
C:\Users\Vic\AppData\Local\ZBAnalyticsCore => moved successfully.
C:\Users\Vic\AppData\Local\Kromtech => moved successfully.
C:\ProgramData\ZombieNews => moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
C:\ProgramData\Kromtech => moved successfully.
C:\Users\Vic\AppData\Local\EmieBrowserModeList => moved successfully.
C:\Users\Vic\AppData\Local\EmieUserList => moved successfully.
C:\Users\Vic\AppData\Local\EmieSiteList => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DD410B0-8FCE-4018-8DB6-3C5D95AD8E5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DD410B0-8FCE-4018-8DB6-3C5D95AD8E5D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34F89592-FCB2-4B3B-9FA7-C79B5189AFDB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34F89592-FCB2-4B3B-9FA7-C79B5189AFDB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_313532323739313130382d3437415a556c2a3223346c41" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4DE3DEA5-745E-4329-ADF0-86C5842EB3DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DE3DEA5-745E-4329-ADF0-86C5842EB3DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59FA1138-FABB-49DD-B186-764EDAEFD0F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59FA1138-FABB-49DD-B186-764EDAEFD0F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60E857A5-D53A-4EBA-B5F3-353C744C6D5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60E857A5-D53A-4EBA-B5F3-353C744C6D5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AA13B84-2EE4-4DBF-B2A6-06E52A7EE9B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AA13B84-2EE4-4DBF-B2A6-06E52A7EE9B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_313532323739313130382d3437415a556c2a3223346c41" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DE10517-00AD-4FEC-9209-A656CC6EAF30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DE10517-00AD-4FEC-9209-A656CC6EAF30}" => key removed successfully
C:\Windows\System32\Tasks\{0AA4B08A-3BA0-48B6-BC80-C6EF92E52557} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0AA4B08A-3BA0-48B6-BC80-C6EF92E52557}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99976D9F-828F-4DF2-A6BA-878CC040ED48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99976D9F-828F-4DF2-A6BA-878CC040ED48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully
"c:\progra~2\searchprotect" => File/Folder not found.
"c:\Program Files (x86)\SystemLifter" => File/Folder not found.
"C:\Program Files (x86)\ShopperPro" => File/Folder not found.
 
"C:\Users\Vic\AppData\Local\Temp\_MEI74442" folder move:
 
Could not move "C:\Users\Vic\AppData\Local\Temp\_MEI74442" folder => Scheduled to move on reboot.
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2358305665-4084552561-1270841498-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {42C7BB38-2B6C-44A5-9B20-4CAA5DF9FE56}.
Unable to cancel {9FA4D8D7-0959-4DF2-BE94-8B377DDA4E04}.
{74243601-9E71-4C36-A52A-0AB73F985F72} canceled.
{8CEF2CD1-2A15-4EF4-A763-659BDF0A7CBF} canceled.
{E2AA7A93-3D6F-4AC6-A83A-907E371477E3} canceled.
3 out of 5 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 626.5 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-11 15:04:52)<=
 
C:\Users\Vic\AppData\Local\Temp\_MEI74442 => Is moved successfully
 
==== End of Fixlog 15:04:52 ====

Edited by darmeen, 11 July 2015 - 02:11 PM.

  • 0

#4
darmeen

darmeen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Here is the txt file from adwcleaner
(I cannot open Google Chrome now)

 

# AdwCleaner v4.208 - Logfile created 11/07/2015 at 15:14:17
# Updated 09/07/2015 by Xplode
# Database : 2015-07-10.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Vic - DRAGONS_LAIR
# Running from : C:\Users\Vic\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Vic\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
File Deleted : C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Deleted : C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
File Deleted : C:\Users\Public\Desktop\Facebook.lnk
File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
File Deleted : C:\Users\Vic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BoBrowser.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Value Deleted : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
Value Deleted : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
Value Deleted : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
Key Deleted : HKLM\SOFTWARE\b36d0fc1-9223-aaac-037b-037cff7bec7a
Key Deleted : HKLM\SOFTWARE\dfa0b8c2-ee4f-4836-a065-232c9712ff79
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{34c85951}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Deleted : HKCU\Software\SimpleFiles
Key Deleted : HKCU\Software\PRODUCTSETUP
Key Deleted : HKCU\Software\Kromtech
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Kromtech

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.132

[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :
[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : EF7973F210EECFCDA53655EB4EB3AEDB1ECAB38881E460D73FB2C5116EBE0BD6"},"software_reporter":{"prompt_reason":"7AA849DCC822116167B82EEEBB66CEC80A3DDC94DE4BB8554C6DB8552C0A8E8A","prompt_seed":"D9EF8DD05661D1F2571AEAB9EF37BE0BCA1160EFC207D17F990169F596B8BA39","prompt_version":"408AE84DF417AE2B7F959615C4148C7DE5C4C5DC211F7EC24232E77A91BBD195"},"sync":{"remaining_rollback_tries":"9F10EDE7EE7339C1381C495CED86892AE3724B537EFE353D82C6EC4D72B20B0A"}},"super_mac":"D758D5B3AAF707C58308B3078DAE154822E247FC5E19794363B1D37E0852075E"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3321537&octid=EB_ORIGINAL_CTID&ISID=M62DA8DB7-FE56-467F-93FB-6E3A9EE8F9FB&SearchSource=55&CUI=&UM=8&UP=SPD147E83A-3583-4D71-9FE2-D18241848C1C&D=061115&SSPV=

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [10319 bytes] - [11/07/2015 15:12:14]
AdwCleaner[S0].txt - [3690 bytes] - [11/07/2015 15:14:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3749  bytes] ##########

 


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you try to open Chrome what error do you get
  • 0

#6
darmeen

darmeen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

No error, it just doesn't open. the icon glows for a moment like its going to open, then the glow stops...and nothing.


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm a few elements were removed from chrome

Could you reinstall from here Google Chrome over the top of your current copy
  • 0

#8
darmeen

darmeen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

did the reinstall, didn't change the situation. Rebooted and Chrome is working again. No messages from Avast


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP