Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome has been acting drunk as of two days ago.


  • This topic is locked This topic is locked
10 replies to this topic

#1 Garneac

Garneac

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 17 January 2015 - 11:23 AM

Hello,

 

Everything else on my laptop is fine except for this browser. I don't know what's brought it on, but now loading up a webpage takes a lot longer than necessary, and scrolling is choppy, uncertain. Even the simple act of opening a new tab is sluggish. It's made my internet experience unpleasant. The same behaviour seems to be happening with Firexfox and Opera when I downloaded those two to see if maybe the problem was restricted to Chrome. I also uninstalled and reinstalled Chrome, but no luck (same with the x64 version, too).

 

I've run both Avast and Malware-bytes. They say everything is fine.

 

DDS.log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 10.71.2

Run by Garneac Garneac at 11:11:10 on 2015-01-17

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4007.1950 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ExpressGateUtil\VAWinService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Classic Shell\ClassicStartMenu.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\puush\puush.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files\AutoHotkey\AutoHotkey.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\MPC-HC\mpc-hc64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://ca.finance.yahoo.com/

mStart Page = hxxp://asus.msn.com

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [puush] C:\Program Files (x86)\puush\puush.exe

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [Copy] "C:\Users\Garneac Garneac\AppData\Roaming\Copy\CopyAgent.exe"

StartupFolder: C:\Users\GARNEACA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\GARNEACA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GARNEACA~1.LNK - C:\Users\Garneac Garneac\Desktop\Garneac.ahk.ahk

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{299402C8-E524-4CAE-B179-0114FDD9B9F2} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{52CBEBD9-8429-4242-950F-9472B3240AAB} : DHCPNameServer = 192.168.125.48 192.168.125.44

TCP: Interfaces\{52CBEBD9-8429-4242-950F-9472B3240AAB}\14355535 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{52CBEBD9-8429-4242-950F-9472B3240AAB}\14662796979656 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{52CBEBD9-8429-4242-950F-9472B3240AAB}\77962756C6563737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{52CBEBD9-8429-4242-950F-9472B3240AAB}\943554D27457563747 : DHCPNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{D4FCFF7F-467A-4759-9825-97CC83B0C235} : DHCPNameServer = 209.222.18.222 209.222.18.218

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://asus.msn.com

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: ExplorerBHO Class: {0AE87E97-08ED-4D43-ADA3-ADD3166FC4D2} - C:\Program Files\T800 Productions\Folder Options X\FolderOptions.dll

x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>

x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll

x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe

x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd

x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe

x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot

x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"

x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"

x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-29 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-29 267632]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-2-16 32544]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-3-29 1050432]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-3-29 436624]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-9-5 379520]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-21 29208]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-29 83280]

R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-3-29 116728]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-11 50344]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-12-16 180648]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-23 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-23 701512]

R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-2-16 1494304]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-5 2656280]

R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-11 271752]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]

R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-11 4012248]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-11 129024]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-11 317440]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-23 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-5 428136]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]

S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-1 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-1-31 121416]

S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2014-3-15 38912]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-29 19456]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-14 56832]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-29 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-4 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2015-01-17 10:33:34 --------          d-----w-        C:\Program Files\CPUID

2015-01-17 09:18:25 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Local\Opera Software

2015-01-17 09:18:24 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Roaming\Opera Software

2015-01-16 18:28:34 11870360      ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3786AEFD-2C1B-4A69-BDD8-BFA63F449CFA}\mpengine.dll

2015-01-16 11:54:15 0        ----a-w-        C:\Windows\SysWow64\shoEC14.tmp

2015-01-16 06:29:07 0        ----a-w-        C:\Windows\SysWow64\shoEADD.tmp

2015-01-16 04:14:53 98216  ----a-w-        C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2015-01-16 00:45:28 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Roaming\Titanium

2015-01-16 00:43:57 31232  ----a-w-        C:\Windows\System32\drivers\tap0901.sys

2015-01-16 00:43:54 --------          d-----w-        C:\Program Files\pia_manager

2015-01-15 12:01:29 0        ----a-w-        C:\Windows\SysWow64\shoBCBE.tmp

2015-01-12 17:36:29 0        ----a-w-        C:\Windows\SysWow64\shoB197.tmp

2015-01-10 18:22:51 0        ----a-w-        C:\Windows\SysWow64\shoF8FD.tmp

2015-01-10 06:15:21 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Local\nuclearthrone

2015-01-10 06:13:27 --------          d-----w-        C:\Games

2015-01-09 15:28:31 0        ----a-w-        C:\Windows\SysWow64\sho9AB5.tmp

2015-01-08 16:11:16 0        ----a-w-        C:\Windows\SysWow64\sho89B8.tmp

2015-01-05 04:42:22 0        ----a-w-        C:\Windows\SysWow64\sho107E.tmp

2015-01-03 12:34:04 0        ----a-w-        C:\Windows\SysWow64\sho76F3.tmp

2014-12-29 15:34:10 0        ----a-w-        C:\Windows\SysWow64\shoC8A0.tmp

2014-12-28 12:22:30 0        ----a-w-        C:\Windows\SysWow64\shoDD.tmp

2014-12-27 10:51:59 0        ----a-w-        C:\Windows\SysWow64\shoD4C.tmp

2014-12-26 10:37:06 0        ----a-w-        C:\Windows\SysWow64\sho509D.tmp

2014-12-26 09:52:10 --------          d-----w-        C:\ProgramData\Steam

2014-12-26 09:24:35 214016          ----a-w-        C:\Windows\System32\binkw32.dll

2014-12-26 09:02:06 --------          d-----w-        C:\Program Files (x86)\Deep Silver

2014-12-25 10:54:03 0        ----a-w-        C:\Windows\SysWow64\sho4CF5.tmp

2014-12-25 08:46:16 --------          d-----w-        C:\Program Files (x86)\Belarc

2014-12-20 12:52:30 0        ----a-w-        C:\Windows\SysWow64\sho65D5.tmp

.

==================== Find3M  ====================

.

2015-01-17 12:25:11 71344  ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2015-01-17 12:25:11 701616          ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe

2015-01-16 17:40:37 45056  ----a-w-        C:\Windows\System32\acovcnt.exe

2015-01-08 14:55:52 298120          ------w-        C:\Windows\System32\MpSigStub.exe

2014-12-17 10:20:14 0        ----a-w-        C:\Windows\SysWow64\sho736B.tmp

2014-12-13 21:49:33 0        ----a-w-        C:\Windows\SysWow64\shoC8DE.tmp

2014-12-12 05:19:21 0        ----a-w-        C:\Windows\SysWow64\shoB969.tmp

2014-12-08 14:26:52 0        ----a-w-        C:\Windows\SysWow64\sho8C58.tmp

2014-12-01 09:29:42 0        ----a-w-        C:\Windows\SysWow64\shoFD02.tmp

2014-11-30 10:49:28 0        ----a-w-        C:\Windows\SysWow64\sho895A.tmp

2014-11-29 13:47:17 0        ----a-w-        C:\Windows\SysWow64\shoA98B.tmp

2014-11-29 00:37:06 180648          ----a-w-        C:\Windows\System32\drivers\idmwfp.sys

2014-11-23 12:37:46 0        ----a-w-        C:\Windows\SysWow64\sho87B5.tmp

2014-11-22 08:48:04 1050432        ----a-w-        C:\Windows\System32\drivers\aswsnx.sys

2014-11-21 12:25:06 0        ----a-w-        C:\Windows\SysWow64\sho88B5.tmp

2014-11-19 13:41:37 0        ----a-w-        C:\Windows\SysWow64\sho5D8D.tmp

2014-11-14 05:28:25 0        ----a-w-        C:\Windows\SysWow64\shoCE2.tmp

2014-11-12 04:24:28 17926832      ----a-w-        C:\Windows\SysWow64\FlashPlayerInstaller.exe

2014-11-11 08:47:19 83280  ----a-w-        C:\Windows\System32\drivers\aswMonFlt.sys

2014-11-11 08:47:19 65776  ----a-w-        C:\Windows\System32\drivers\aswRvrt.sys

2014-11-11 08:47:19 29208  ----a-w-        C:\Windows\System32\drivers\aswHwid.sys

2014-11-11 08:47:19 267632          ----a-w-        C:\Windows\System32\drivers\aswVmm.sys

2014-11-11 08:47:19 116728          ----a-w-        C:\Windows\System32\drivers\aswstm.sys

2014-11-11 08:47:18 93568  ----a-w-        C:\Windows\System32\drivers\aswRdr2.sys

2014-11-11 08:47:17 43152  ----a-w-        C:\Windows\avastSS.scr

2014-11-10 09:22:09 0        ----a-w-        C:\Windows\SysWow64\sho730E.tmp

2014-11-08 05:26:31 0        ----a-w-        C:\Windows\SysWow64\sho3961.tmp

2014-11-04 11:38:45 0        ----a-w-        C:\Windows\SysWow64\sho847.tmp

2014-11-03 21:47:19 0        ----a-w-        C:\Windows\SysWow64\shoCCF6.tmp

2014-10-30 13:24:31 0        ----a-w-        C:\Windows\SysWow64\sho1826.tmp

2014-10-29 10:02:57 0        ----a-w-        C:\Windows\SysWow64\shoFDFE.tmp

2014-10-29 00:45:48 0        ----a-w-        C:\Windows\SysWow64\sho9239.tmp

2014-10-28 09:50:54 0        ----a-w-        C:\Windows\SysWow64\sho5928.tmp

2014-10-26 07:59:00 0        ----a-w-        C:\Windows\SysWow64\shoCA22.tmp

2014-10-22 08:53:06 0        ----a-w-        C:\Windows\SysWow64\sho5A5E.tmp

2013-07-19 00:48:23 14880256      ----a-w-        C:\Program Files (x86)\Common Files\lpuninstall.exe

.

============= FINISH: 11:13:43.18 ===============

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 17 January 2015 - 11:55 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 2

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    chromelook;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.

Edited by deeprybka, 17 January 2015 - 11:55 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Garneac

Garneac
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 17 January 2015 - 12:03 PM

I've got a couple of errands to run, but as soon as I get back home I will follow your instructions. Thank you!



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 17 January 2015 - 12:14 PM

I've got a couple of errands to run, but as soon as I get back home I will follow your instructions. Thank you!


You are welcome! OK... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Garneac

Garneac
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 17 January 2015 - 07:12 PM

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01

Ran by Garneac Garneac (administrator) on GARNEACGARNEAC-PC on 17-01-2015 18:39:18

Running from C:\Users\Garneac Garneac\Desktop

Loaded Profiles: Garneac Garneac (Available profiles: Garneac Garneac & Guest)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

() C:\ExpressGateUtil\VAWinService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe

() C:\Program Files (x86)\puush\puush.exe

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

() C:\ExpressGateUtil\VAWinAgent.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Dropbox, Inc.) C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files\AutoHotkey\AutoHotkey.exe

(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(ASUS) C:\Windows\AsScrPro.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)

HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-08-19] (IvoSoft)

HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [404712 2013-01-04] (BillP Studios)

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)

HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-02-24] (Windows ® Win 7 DDK provider)

HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()

HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-4154275669-437499001-3156075934-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-28] (Tonec Inc.)

HKU\S-1-5-21-4154275669-437499001-3156075934-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-10-04] ()

HKU\S-1-5-21-4154275669-437499001-3156075934-1001\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-4154275669-437499001-3156075934-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Garneac Garneac\AppData\Roaming\Copy\CopyAgent.exe"

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)

AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk

ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

Startup: C:\Users\Garneac Garneac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Garneac Garneac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Garneac.ahk.lnk

ShortcutTarget: Garneac.ahk.lnk -> C:\Users\Garneac Garneac\Desktop\Garneac.ahk.ahk ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Garneac Garneac\AppData\Roaming\Copy\overlay\CopyShExt.dll No File

ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Garneac Garneac\AppData\Roaming\Copy\overlay\CopyShExt.dll No File

ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Garneac Garneac\AppData\Roaming\Copy\overlay\CopyShExt.dll No File

ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Garneac Garneac\AppData\Roaming\Copy\overlay\CopyShExt.dll No File

ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Garneac Garneac\AppData\Roaming\Copy\overlay\CopyShExt.dll No File

ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Garneac Garneac\AppData\Roaming\Copy\overlay\CopyShExt.dll No File

ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Garneac Garneac\AppData\Roaming\Copy\overlay\CopyShExt.dll No File

ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Garneac Garneac\AppData\Roaming\Copy\overlay\CopyShExt.dll No File

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4154275669-437499001-3156075934-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4154275669-437499001-3156075934-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4154275669-437499001-3156075934-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.finance.yahoo.com/

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKU\S-1-5-21-4154275669-437499001-3156075934-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

BHO: ExplorerBHO Class -> {0AE87E97-08ED-4D43-ADA3-ADD3166FC4D2} -> C:\Program Files\T800 Productions\Folder Options X\FolderOptions.dll (T800 Productions)

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Garneac Garneac\AppData\Roaming\Mozilla\Firefox\Profiles\ydbw4atf.default

FF DefaultSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Extension: LastPass - C:\Users\Garneac Garneac\AppData\Roaming\Mozilla\Firefox\Profiles\ydbw4atf.default\Extensions\support@lastpass.com [2015-01-16]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-29]

FF HKU\S-1-5-21-4154275669-437499001-3156075934-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Garneac Garneac\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Garneac Garneac\AppData\Roaming\IDM\idmmzcc5 [2014-12-28]

FF HKU\S-1-5-21-4154275669-437499001-3156075934-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Garneac Garneac\AppData\Roaming\IDM\idmmzcc5

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

 

Chrome:

=======

CHR Profile: C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-17]

CHR Extension: (Google Docs) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]

CHR Extension: (Google Drive) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-17]

CHR Extension: (YouTube) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]

CHR Extension: (X New Tab Page) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmbfafhdccfgdgnbkgogehiklmemkoh [2015-01-17]

CHR Extension: (Adblock Plus) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-17]

CHR Extension: (Google Search) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]

CHR Extension: (Google Sheets) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]

CHR Extension: (Avast Online Security) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-17]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-17]

CHR Extension: (IDM Integration Module) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-01-17]

CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2015-01-17]

CHR Extension: (Linkclump) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2015-01-17]

CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-01-17]

CHR Extension: (Google Wallet) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]

CHR Extension: (Gmail) - C:\Users\Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]

CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]

CHR HKU\S-1-5-21-4154275669-437499001-3156075934-1001\...\Chrome\Extension: [oleomanaehojaiigacblenknbkhfdicd] - C:\Users\Garneac Garneac\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx [2013-03-13]

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-11]

CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2013-07-18]

CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]

CHR HKLM-x32\...\Chrome\Extension: [oleomanaehojaiigacblenknbkhfdicd] - C:\Users\Garneac Garneac\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx [2013-03-13]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-11] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-11] (Avast Software)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)

R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()

R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-11] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-11] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-11] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-11] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-11] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-11] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-11] ()

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.) [File not signed]

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-11] (Avast Software)

S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-17 18:39 - 2015-01-17 18:40 - 00030131 _____ () C:\Users\Garneac Garneac\Desktop\FRST.txt

2015-01-17 18:39 - 2015-01-17 18:39 - 00000000 ____D () C:\FRST

2015-01-17 18:38 - 2015-01-17 18:38 - 02125824 _____ (Farbar) C:\Users\Garneac Garneac\Desktop\FRST64.exe

2015-01-17 18:31 - 2015-01-17 18:31 - 00000197 _____ () C:\Windows\system32\2015-01-17-23-31-37.007-AvastVBoxSVC.exe-4108.log

2015-01-17 11:14 - 2015-01-17 11:22 - 00010295 _____ () C:\Users\Garneac Garneac\Desktop\attach.txt

2015-01-17 11:14 - 2015-01-17 11:17 - 00026220 _____ () C:\Users\Garneac Garneac\Desktop\dds.txt

2015-01-17 07:29 - 2015-01-17 07:29 - 00001371 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-01-17 07:29 - 2015-01-17 07:29 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WinPatrol

2015-01-17 07:29 - 2015-01-17 07:29 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\LastPass

2015-01-17 07:29 - 2015-01-17 07:29 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software

2015-01-17 07:29 - 2015-01-17 07:29 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe

2015-01-17 07:28 - 2015-01-17 07:29 - 00001445 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-17 07:28 - 2015-01-17 07:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2015-01-17 07:27 - 2015-01-17 07:27 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore

2015-01-17 07:26 - 2015-01-17 07:28 - 00000000 ____D () C:\Users\Guest

2015-01-17 07:26 - 2015-01-17 07:26 - 00000020 ___SH () C:\Users\Guest\ntuser.ini

2015-01-17 07:26 - 2012-09-05 03:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite

2015-01-17 07:26 - 2012-09-05 03:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic

2015-01-17 07:26 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-01-17 07:26 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-01-17 07:25 - 2015-01-17 07:25 - 00000197 _____ () C:\Windows\system32\2015-01-17-12-25-27.065-AvastVBoxSVC.exe-3848.log

2015-01-17 05:33 - 2015-01-17 05:33 - 00000831 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk

2015-01-17 05:33 - 2015-01-17 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

2015-01-17 05:33 - 2015-01-17 05:33 - 00000000 ____D () C:\Program Files\CPUID

2015-01-17 04:26 - 2015-01-17 04:26 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-17 04:26 - 2015-01-17 04:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-17 04:25 - 2015-01-17 18:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-17 04:25 - 2015-01-17 18:29 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-17 04:25 - 2015-01-17 04:25 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-17 04:25 - 2015-01-17 04:25 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-17 04:18 - 2015-01-17 05:28 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Opera Software

2015-01-17 04:18 - 2015-01-17 05:28 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Local\Opera Software

2015-01-17 04:17 - 2015-01-17 05:28 - 00000000 ____D () C:\Program Files (x86)\Opera

2015-01-17 04:06 - 2015-01-17 04:06 - 00000197 _____ () C:\Windows\system32\2015-01-17-09-06-22.095-AvastVBoxSVC.exe-2404.log

2015-01-16 18:03 - 2015-01-16 18:03 - 00000197 _____ () C:\Windows\system32\2015-01-16-23-03-58.041-AvastVBoxSVC.exe-4660.log

2015-01-16 13:44 - 2015-01-16 13:44 - 00000151 _____ () C:\Users\Garneac Garneac\Desktop\Chrom Extensions.txt

2015-01-16 13:36 - 2015-01-16 13:36 - 01989607 _____ () C:\Users\Garneac Garneac\Desktop\bookmarks_1_16_15.html

2015-01-16 13:20 - 2015-01-16 13:20 - 00688992 ____R (Swearware) C:\Users\Garneac Garneac\Desktop\dds.com

2015-01-16 12:43 - 2015-01-16 12:43 - 00000197 _____ () C:\Windows\system32\2015-01-16-17-43-29.011-AvastVBoxSVC.exe-1752.log

2015-01-16 10:37 - 2015-01-16 10:37 - 00000197 _____ () C:\Windows\system32\2015-01-16-15-37-17.070-AvastVBoxSVC.exe-3764.log

2015-01-16 06:54 - 2015-01-16 06:54 - 00000000 _____ () C:\Windows\SysWOW64\shoEC14.tmp

2015-01-16 05:25 - 2015-01-16 05:25 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Mozilla

2015-01-16 05:03 - 2015-01-16 05:03 - 00000197 _____ () C:\Windows\system32\2015-01-16-10-03-09.084-AvastVBoxSVC.exe-4072.log

2015-01-16 01:32 - 2015-01-16 01:32 - 00000197 _____ () C:\Windows\system32\2015-01-16-06-32-19.026-AvastVBoxSVC.exe-3664.log

2015-01-16 01:29 - 2015-01-16 01:29 - 00000000 _____ () C:\Windows\SysWOW64\shoEADD.tmp

2015-01-15 23:22 - 2015-01-15 23:22 - 00000247 _____ () C:\Windows\system32\2015-01-16-04-22-46.032-aswFe.exe-6752.log

2015-01-15 23:15 - 2015-01-15 23:22 - 00000247 _____ () C:\Windows\system32\2015-01-16-04-15-00.011-aswFe.exe-1864.log

2015-01-15 23:15 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-01-15 23:14 - 2015-01-15 23:14 - 00000197 _____ () C:\Windows\system32\2015-01-16-04-14-49.091-AvastVBoxSVC.exe-6148.log

2015-01-15 23:14 - 2015-01-15 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-01-15 23:14 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-15 23:14 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-01-15 23:14 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-01-15 23:13 - 2015-01-15 23:14 - 00004250 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log

2015-01-15 23:08 - 2015-01-15 23:08 - 00000197 _____ () C:\Windows\system32\2015-01-16-04-08-04.013-AvastVBoxSVC.exe-3620.log

2015-01-15 19:45 - 2015-01-15 19:45 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Titanium

2015-01-15 19:44 - 2015-01-15 19:44 - 00003188 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup

2015-01-15 19:44 - 2015-01-15 19:44 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access

2015-01-15 19:43 - 2015-01-15 19:45 - 00000000 ____D () C:\Program Files\pia_manager

2015-01-15 19:43 - 2015-01-15 19:43 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys

2015-01-15 13:04 - 2015-01-15 13:04 - 00000197 _____ () C:\Windows\system32\2015-01-15-18-04-48.050-AvastVBoxSVC.exe-3636.log

2015-01-15 07:01 - 2015-01-15 07:01 - 00000000 _____ () C:\Windows\SysWOW64\shoBCBE.tmp

2015-01-15 02:18 - 2015-01-15 02:18 - 00000197 _____ () C:\Windows\system32\2015-01-15-07-18-23.060-AvastVBoxSVC.exe-3868.log

2015-01-14 17:02 - 2015-01-14 17:02 - 00000197 _____ () C:\Windows\system32\2015-01-14-22-02-19.057-AvastVBoxSVC.exe-4740.log

2015-01-14 02:48 - 2015-01-14 02:48 - 00000197 _____ () C:\Windows\system32\2015-01-14-07-48-29.029-AvastVBoxSVC.exe-4012.log

2015-01-13 05:13 - 2015-01-13 05:13 - 00000197 _____ () C:\Windows\system32\2015-01-13-10-13-09.074-AvastVBoxSVC.exe-3980.log

2015-01-12 15:33 - 2015-01-12 15:34 - 00000197 _____ () C:\Windows\system32\2015-01-12-20-33-38.068-AvastVBoxSVC.exe-3540.log

2015-01-12 12:36 - 2015-01-12 12:36 - 00000000 _____ () C:\Windows\SysWOW64\shoB197.tmp

2015-01-12 08:38 - 2015-01-12 08:39 - 00000197 _____ () C:\Windows\system32\2015-01-12-13-38-37.068-AvastVBoxSVC.exe-3716.log

2015-01-11 14:51 - 2015-01-11 14:51 - 00000197 _____ () C:\Windows\system32\2015-01-11-19-51-30.096-AvastVBoxSVC.exe-6084.log

2015-01-11 10:57 - 2015-01-11 10:57 - 00000197 _____ () C:\Windows\system32\2015-01-11-15-57-22.074-AvastVBoxSVC.exe-3404.log

2015-01-10 22:25 - 2015-01-10 22:25 - 00000247 _____ () C:\Windows\system32\2015-01-11-03-25-47.082-aswFe.exe-5000.log

2015-01-10 22:20 - 2015-01-10 22:25 - 00000247 _____ () C:\Windows\system32\2015-01-11-03-20-58.028-aswFe.exe-1688.log

2015-01-10 22:20 - 2015-01-10 22:20 - 00000197 _____ () C:\Windows\system32\2015-01-11-03-20-52.093-AvastVBoxSVC.exe-4952.log

2015-01-10 22:14 - 2015-01-10 22:15 - 00000197 _____ () C:\Windows\system32\2015-01-11-03-14-58.086-AvastVBoxSVC.exe-5472.log

2015-01-10 13:22 - 2015-01-10 13:22 - 00000000 _____ () C:\Windows\SysWOW64\shoF8FD.tmp

2015-01-10 08:08 - 2015-01-09 12:55 - 00000000 ____D () C:\Users\Garneac Garneac\Desktop\2011 - Until We Have Faces

2015-01-10 01:15 - 2015-01-10 01:15 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Local\nuclearthrone

2015-01-10 01:13 - 2015-01-10 01:13 - 00000000 ____D () C:\Games

2015-01-09 10:28 - 2015-01-09 10:28 - 00000000 _____ () C:\Windows\SysWOW64\sho9AB5.tmp

2015-01-09 07:02 - 2015-01-09 07:04 - 641642721 _____ () C:\Users\Garneac Garneac\Desktop\Red - Ripped DISCOGRAPHY.rar

2015-01-08 11:11 - 2015-01-08 11:11 - 00000000 _____ () C:\Windows\SysWOW64\sho89B8.tmp

2015-01-07 04:29 - 2015-01-07 04:29 - 00000197 _____ () C:\Windows\system32\2015-01-07-09-29-29.070-AvastVBoxSVC.exe-3888.log

2015-01-06 15:32 - 2015-01-06 15:32 - 00000197 _____ () C:\Windows\system32\2015-01-06-20-32-16.092-AvastVBoxSVC.exe-4212.log

2015-01-05 14:29 - 2015-01-05 14:30 - 00000197 _____ () C:\Windows\system32\2015-01-05-19-29-54.079-AvastVBoxSVC.exe-3780.log

2015-01-05 06:35 - 2015-01-05 06:36 - 00000197 _____ () C:\Windows\system32\2015-01-05-11-35-26.081-AvastVBoxSVC.exe-3684.log

2015-01-04 23:42 - 2015-01-04 23:42 - 00000000 _____ () C:\Windows\SysWOW64\sho107E.tmp

2015-01-04 14:19 - 2015-01-04 14:20 - 00000197 _____ () C:\Windows\system32\2015-01-04-19-19-44.079-AvastVBoxSVC.exe-3524.log

2015-01-04 11:19 - 2015-01-04 11:20 - 00000197 _____ () C:\Windows\system32\2015-01-04-16-19-33.006-AvastVBoxSVC.exe-3520.log

2015-01-03 18:21 - 2015-01-03 18:21 - 00000197 _____ () C:\Windows\system32\2015-01-03-23-21-18.067-AvastVBoxSVC.exe-3708.log

2015-01-03 15:34 - 2015-01-03 15:34 - 00000197 _____ () C:\Windows\system32\2015-01-03-20-34-09.067-AvastVBoxSVC.exe-4440.log

2015-01-03 07:34 - 2015-01-03 07:34 - 00000000 _____ () C:\Windows\SysWOW64\sho76F3.tmp

2015-01-02 19:17 - 2015-01-02 19:17 - 00000247 _____ () C:\Windows\system32\2015-01-03-00-17-47.062-aswFe.exe-7804.log

2015-01-02 18:41 - 2015-01-02 19:17 - 00000247 _____ () C:\Windows\system32\2015-01-02-23-41-31.061-aswFe.exe-2896.log

2015-01-02 18:41 - 2015-01-02 18:41 - 00000197 _____ () C:\Windows\system32\2015-01-02-23-41-22.099-AvastVBoxSVC.exe-2496.log

2015-01-02 17:14 - 2015-01-02 17:14 - 00000197 _____ () C:\Windows\system32\2015-01-02-22-14-00.096-AvastVBoxSVC.exe-3252.log

2015-01-01 13:47 - 2015-01-01 13:48 - 00000197 _____ () C:\Windows\system32\2015-01-01-18-47-54.002-AvastVBoxSVC.exe-4832.log

2015-01-01 02:21 - 2015-01-01 02:21 - 00000197 _____ () C:\Windows\system32\2015-01-01-07-21-58.001-AvastVBoxSVC.exe-3748.log

2014-12-31 03:25 - 2014-12-31 03:37 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Notepad++

2014-12-31 03:25 - 2014-12-31 03:25 - 00001061 _____ () C:\Users\Garneac Garneac\Desktop\Notepad++.lnk

2014-12-31 03:25 - 2014-12-31 03:25 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-12-31 03:25 - 2014-12-31 03:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-12-31 03:25 - 2014-12-31 03:25 - 00000000 ____D () C:\Program Files (x86)\Notepad++

2014-12-30 11:41 - 2014-12-30 11:42 - 00000197 _____ () C:\Windows\system32\2014-12-30-16-41-52.069-AvastVBoxSVC.exe-3696.log

2014-12-29 19:34 - 2014-12-29 19:34 - 00000197 _____ () C:\Windows\system32\2014-12-30-00-34-20.031-AvastVBoxSVC.exe-4596.log

2014-12-29 10:34 - 2014-12-29 10:34 - 00000000 _____ () C:\Windows\SysWOW64\shoC8A0.tmp

2014-12-29 06:24 - 2014-12-29 06:24 - 00000197 _____ () C:\Windows\system32\2014-12-29-11-24-10.067-AvastVBoxSVC.exe-4068.log

2014-12-28 13:29 - 2014-12-28 13:29 - 00000197 _____ () C:\Windows\system32\2014-12-28-18-29-24.030-AvastVBoxSVC.exe-3848.log

2014-12-28 07:22 - 2014-12-28 07:22 - 00000000 _____ () C:\Windows\SysWOW64\shoDD.tmp

2014-12-27 14:12 - 2014-12-27 14:13 - 00000197 _____ () C:\Windows\system32\2014-12-27-19-12-29.067-AvastVBoxSVC.exe-3476.log

2014-12-27 05:51 - 2014-12-27 05:51 - 00000000 _____ () C:\Windows\SysWOW64\shoD4C.tmp

2014-12-26 12:43 - 2014-12-26 12:43 - 00000197 _____ () C:\Windows\system32\2014-12-26-17-43-00.077-AvastVBoxSVC.exe-3532.log

2014-12-26 05:37 - 2014-12-26 05:37 - 00000000 _____ () C:\Windows\SysWOW64\sho509D.tmp

2014-12-26 04:52 - 2014-12-26 04:52 - 00000000 ____D () C:\ProgramData\Steam

2014-12-26 04:46 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2014-12-26 04:46 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll

2014-12-26 04:46 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2014-12-26 04:46 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll

2014-12-26 04:46 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll

2014-12-26 04:46 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2014-12-26 04:46 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2014-12-26 04:46 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2014-12-26 04:46 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2014-12-26 04:46 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll

2014-12-26 04:46 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2014-12-26 04:46 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2014-12-26 04:46 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2014-12-26 04:46 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2014-12-26 04:46 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2014-12-26 04:46 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2014-12-26 04:46 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2014-12-26 04:46 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2014-12-26 04:46 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2014-12-26 04:46 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2014-12-26 04:46 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2014-12-26 04:46 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2014-12-26 04:46 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2014-12-26 04:46 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2014-12-26 04:46 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2014-12-26 04:46 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2014-12-26 04:46 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2014-12-26 04:46 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2014-12-26 04:46 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2014-12-26 04:46 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2014-12-26 04:46 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2014-12-26 04:46 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2014-12-26 04:46 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2014-12-26 04:46 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2014-12-26 04:46 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2014-12-26 04:46 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2014-12-26 04:46 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2014-12-26 04:46 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2014-12-26 04:46 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2014-12-26 04:46 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2014-12-26 04:46 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2014-12-26 04:46 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2014-12-26 04:46 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2014-12-26 04:46 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2014-12-26 04:46 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2014-12-26 04:46 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2014-12-26 04:46 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2014-12-26 04:46 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2014-12-26 04:46 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2014-12-26 04:44 - 2014-12-26 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver

2014-12-26 04:24 - 2014-06-23 12:10 - 00214016 _____ (RAD Game Tools, Inc.) C:\Windows\system32\binkw32.dll

2014-12-26 04:02 - 2014-12-26 04:51 - 00000000 ____D () C:\Program Files (x86)\Deep Silver

2014-12-25 17:08 - 2014-12-25 17:08 - 00000197 _____ () C:\Windows\system32\2014-12-25-22-08-05.099-AvastVBoxSVC.exe-3164.log

2014-12-25 12:02 - 2014-12-25 12:03 - 00000197 _____ () C:\Windows\system32\2014-12-25-17-02-30.063-AvastVBoxSVC.exe-5040.log

2014-12-25 05:54 - 2014-12-25 05:54 - 00000000 _____ () C:\Windows\SysWOW64\sho4CF5.tmp

2014-12-25 03:46 - 2014-12-25 03:53 - 00000000 ____D () C:\Program Files (x86)\Belarc

2014-12-25 02:52 - 2014-12-25 03:18 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-12-24 16:38 - 2014-12-24 16:39 - 00000197 _____ () C:\Windows\system32\2014-12-24-21-38-24.078-AvastVBoxSVC.exe-3884.log

2014-12-24 05:01 - 2014-12-24 05:02 - 00000197 _____ () C:\Windows\system32\2014-12-24-10-01-34.016-AvastVBoxSVC.exe-4552.log

2014-12-23 14:18 - 2014-12-23 14:18 - 00000197 _____ () C:\Windows\system32\2014-12-23-19-18-27.014-AvastVBoxSVC.exe-3904.log

2014-12-23 04:27 - 2014-12-23 04:27 - 00000197 _____ () C:\Windows\system32\2014-12-23-09-27-27.013-AvastVBoxSVC.exe-4620.log

2014-12-22 17:19 - 2014-12-22 17:20 - 00000197 _____ () C:\Windows\system32\2014-12-22-22-19-48.042-AvastVBoxSVC.exe-4736.log

2014-12-21 15:01 - 2014-12-21 15:01 - 00000197 _____ () C:\Windows\system32\2014-12-21-20-01-33.085-AvastVBoxSVC.exe-4248.log

2014-12-20 21:40 - 2014-12-20 21:41 - 00000197 _____ () C:\Windows\system32\2014-12-21-02-40-35.080-AvastVBoxSVC.exe-3948.log

2014-12-20 07:52 - 2014-12-20 07:52 - 00000000 _____ () C:\Windows\SysWOW64\sho65D5.tmp

2014-12-20 06:34 - 2014-12-20 06:34 - 00000197 _____ () C:\Windows\system32\2014-12-20-11-34-24.079-AvastVBoxSVC.exe-4052.log

2014-12-19 19:10 - 2014-12-19 19:11 - 00000197 _____ () C:\Windows\system32\2014-12-20-00-10-47.089-AvastVBoxSVC.exe-3396.log

2014-12-19 06:56 - 2014-12-19 06:57 - 00000197 _____ () C:\Windows\system32\2014-12-19-11-56-37.026-AvastVBoxSVC.exe-3956.log

2014-12-18 15:29 - 2014-12-18 15:29 - 00000197 _____ () C:\Windows\system32\2014-12-18-20-29-10.044-AvastVBoxSVC.exe-3824.log

2014-12-18 06:48 - 2014-12-18 06:48 - 00000197 _____ () C:\Windows\system32\2014-12-18-11-48-13.069-AvastVBoxSVC.exe-4872.log

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-17 18:36 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-17 18:36 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-17 18:35 - 2012-09-05 02:51 - 01899735 _____ () C:\Windows\WindowsUpdate.log

2015-01-17 18:33 - 2013-01-10 22:32 - 00000000 ___RD () C:\Users\Garneac Garneac\Desktop\Dropbox

2015-01-17 18:33 - 2013-01-10 22:29 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Dropbox

2015-01-17 18:29 - 2014-08-23 02:48 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job

2015-01-17 18:29 - 2014-06-06 20:36 - 00000374 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job

2015-01-17 18:29 - 2013-06-12 22:05 - 00127619 _____ () C:\Windows\setupact.log

2015-01-17 18:29 - 2012-09-04 01:21 - 00000000 ____D () C:\Users\Garneac Garneac\Documents\Bluetooth Folder

2015-01-17 18:29 - 2012-09-04 01:19 - 00000000 ___HD () C:\ASUS.DAT

2015-01-17 18:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-17 12:06 - 2014-01-26 03:56 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\DMCache

2015-01-17 08:31 - 2014-06-06 22:09 - 00023040 ___SH () C:\Users\Garneac Garneac\Thumbs.db

2015-01-17 08:31 - 2012-09-04 01:19 - 00000000 ____D () C:\Users\Garneac Garneac

2015-01-17 08:14 - 2014-04-29 17:30 - 00034816 _____ () C:\Users\Garneac Garneac\Desktop\PW.xlsx

2015-01-17 07:25 - 2013-01-08 02:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-17 07:25 - 2013-01-08 02:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-17 07:22 - 2013-09-25 09:03 - 00521820 _____ () C:\Windows\PFRO.log

2015-01-17 05:29 - 2012-09-16 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-17 04:28 - 2014-01-26 03:56 - 00000000 ____D () C:\Users\Garneac Garneac\Downloads\Compressed

2015-01-17 04:26 - 2011-04-01 23:36 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-17 04:10 - 2009-07-14 00:13 - 00799480 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-16 13:52 - 2012-09-04 01:25 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Local\Google

2015-01-16 12:40 - 2012-09-04 01:20 - 00045056 _____ () C:\Windows\system32\acovcnt.exe

2015-01-16 10:34 - 2009-07-14 00:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-16 05:25 - 2012-09-04 01:46 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Local\Mozilla

2015-01-16 02:17 - 2013-10-17 21:22 - 00000000 ____D () C:\Windows\Minidump

2015-01-16 02:08 - 2013-02-24 05:59 - 00000000 ____D () C:\Users\Garneac Garneac\Desktop\Comics

2015-01-16 01:57 - 2013-09-10 11:24 - 00000000 ____D () C:\Users\Garneac Garneac\Desktop\Unused Desktop Icons

2015-01-16 01:46 - 2012-09-11 02:41 - 00000000 ____D () C:\Users\Garneac Garneac\Desktop\Games

2015-01-16 01:26 - 2014-01-20 19:53 - 00000000 ____D () C:\Program Files (x86)\Dont Starve

2015-01-16 01:26 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-16 01:24 - 2014-09-30 01:29 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2015-01-16 01:24 - 2014-09-30 01:28 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Copy

2015-01-16 01:22 - 2012-09-09 11:50 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-15 23:15 - 2014-05-14 03:24 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-15 23:14 - 2013-02-14 14:00 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-15 22:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-15 22:37 - 2014-05-22 10:46 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Mipony

2015-01-15 19:45 - 2013-02-15 21:37 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Apple Computer

2015-01-15 19:45 - 2013-02-15 21:37 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Local\Apple Computer

2015-01-14 16:05 - 2014-05-11 00:53 - 00045290 _____ () C:\Users\Garneac Garneac\Desktop\Lists.xlsx

2015-01-12 17:35 - 2014-12-17 03:46 - 00000000 ____D () C:\Users\Garneac Garneac\Desktop\Novel

2015-01-11 14:51 - 2014-03-29 00:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-01-09 06:31 - 2014-12-17 00:51 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\mIRC

2015-01-08 09:55 - 2013-02-14 13:56 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-29 06:23 - 2014-02-24 00:43 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager

2014-12-28 06:23 - 2012-09-04 01:20 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Local\VirtualStore

2014-12-26 04:46 - 2014-01-11 01:34 - 00086749 _____ () C:\Windows\DirectX.log

2014-12-25 02:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-12-18 06:49 - 2013-01-10 22:30 - 00000000 ____D () C:\Users\Garneac Garneac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

 

==================== Files in the root of some directories =======

2013-07-18 19:48 - 2013-07-18 19:48 - 14880256 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

2013-09-25 11:20 - 2013-09-25 11:22 - 0004608 _____ () C:\Users\Garneac Garneac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-05-01 18:13 - 2014-05-01 18:13 - 0004096 ____H () C:\Users\Garneac Garneac\AppData\Local\keyfile3.drm

2012-11-20 16:54 - 2013-02-15 18:43 - 0007605 _____ () C:\Users\Garneac Garneac\AppData\Local\resmon.resmoncfg

2012-09-05 03:20 - 2012-09-05 03:20 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

2012-09-05 03:23 - 2012-09-05 03:24 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

2012-09-05 03:23 - 2012-09-05 03:23 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

2012-09-05 03:16 - 2012-09-05 03:19 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

2012-09-05 03:19 - 2012-09-05 03:20 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

2012-09-05 03:15 - 2012-09-05 03:16 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

 

Some content of TEMP:

====================

C:\Users\Garneac Garneac\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp1g5sn.dll

C:\Users\Garneac Garneac\AppData\Local\Temp\_is77D4.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-14 07:57

 

==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01

Ran by Garneac Garneac at 2015-01-17 18:41:01

Running from C:\Users\Garneac Garneac\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden

Apple Application Support (HKLM-x32\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)

ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)

ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.44 - ASUS)

ASUS RT-N16 Wireless Router Utilities (HKLM-x32\...\{88CA8932-7987-4D7A-BEE3-227BDB3CA888}) (Version: 4.2.7.0 - ASUS)

ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)

ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4710 - CyberLink Corp.)

ASUS Video Magic (x32 Version: 6.0.4710 - CyberLink Corp.) Hidden

ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)

ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)

ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )

AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)

Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)

AutoHotkey 1.1.09.02 (HKLM\...\AutoHotkey) (Version: 1.1.09.02 - Lexikos)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)

Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)

Classic Shell (HKLM\...\{1EEF5C7E-C371-431D-A507-8C5B46EED7B4}) (Version: 3.2.0 - IvoSoft)

Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)

CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)

CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1123_32710 - CyberLink Corp.)

CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)

CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)

CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version:  - Visceral Games)

Dropbox (HKU\S-1-5-21-4154275669-437499001-3156075934-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)

ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.88.405 - Asus)

ExpressGate Cloud (x32 Version: 2.1.88.405 - Asus) Hidden

Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)

Folder Options X (HKLM\...\Folder Options X_is1) (Version: 1.2.0.6 - T800 Productions)

Fresco Logic USB3.0 Host Controller (HKLM\...\{5B9F1BB4-4C06-41E8-877D-B458742B0D0A}) (Version: 3.0.116.3 - Fresco Logic Inc.)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

HoneyView3 (HKLM\...\HoneyView3) (Version:  - kippler@gmail.com)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)

iTunes (HKLM\...\{5F02C14D-A630-4771-8409-0BA89FCCA8D6}) (Version: 10.0.0.68 - Apple Inc.)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

MiPony 2.2.1 (HKLM-x32\...\MiPony) (Version: 2.2.1 - )

mIRC (HKLM-x32\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)

MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)

MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.2 - Notepad++ Team)

NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)

Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)

puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)

QuickTime (HKLM-x32\...\{EB900AF8-CC61-4E15-871B-98D1EA3E8025}) (Version: 7.67.75.0 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)

Saints Row IV - Game of the Century Edition (HKLM-x32\...\Saints Row IV - Game of the Century Edition_is1) (Version:  - )

SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)

syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)

System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)

TypeFaster Typing Tutor (HKLM-x32\...\TypeFaster) (Version:  - )

USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.55133.207 - Sonix)

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)

WinDirStat 1.1.2 (HKU\S-1-5-21-4154275669-437499001-3156075934-1001\...\WinDirStat) (Version:  - )

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)

WinPatrol (HKLM\...\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}) (Version: 26.1.2013.0 - BillP Studios)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)

用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)

適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4154275669-437499001-3156075934-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Garneac Garneac\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

16-01-2015 13:27:48 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2013-02-20 02:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0416F525-945F-40AB-B723-D0F4CF054CF9} - System32\Tasks\{AC97789B-8F8F-4378-AB42-0CE8758E18B0} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\New Folder (2)\snuninst.exe" -d "C:\Users\Garneac Garneac\Desktop\New Folder (2)"

Task: {07631102-C30F-41A2-895F-73AADDD70EB8} - System32\Tasks\{D5D58645-9750-432A-A329-FF5560DCE8D2} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\ACM2 r2.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {1860C2E8-6C99-4E52-8621-726A15CAF2C5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-11] (AVAST Software)

Task: {1C43DB0D-75CC-49A9-BA23-E5F5090F3040} - System32\Tasks\{71E7B5BC-C5BB-41B9-AC60-CB74191C27DB} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\ACM2 r3.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {23459862-F635-4F92-B61E-603DFE2EE167} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS)

Task: {297525B4-3AC5-4200-B338-90AF73C70B99} - System32\Tasks\{D807E624-B39F-4359-A496-7AC0A428950A} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Accessory Slots+ r15.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {2AB96048-4BA8-4D47-85D3-A54B9DD75E21} - System32\Tasks\{4EB525AE-70CB-4760-B2CF-B0FACA188FFA} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Shockah's Quest Mod Installer.exe" -d "C:\Users\Garneac Garneac\Desktop"

Task: {2F87F5D9-E975-47BD-B754-58EE33C2BE27} - System32\Tasks\{685FAD82-C38B-4C72-A36E-B2589D43816A} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\windirstat1_1_2_setup.exe" -d "C:\Users\Garneac Garneac\AppData\Roaming\IDM"

Task: {3023B653-6D9E-45CA-BCA7-D264353F3DCF} - System32\Tasks\{10CFA006-4A7B-433D-A683-A922DD008086} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Health Interface r4.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {425BDE28-3850-46F8-A818-2E302A1B5554} - System32\Tasks\{B0A987CD-1309-495A-BA1B-2B46C341F066} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\innounp.exe" -d "C:\Users\Garneac Garneac\Desktop"

Task: {49AD1D57-1AC7-4502-81CF-40D55022EE6E} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)

Task: {5421AEB4-FCFF-45CF-BA0B-9FFA0B7992C6} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-11-23] (CyberLink)

Task: {54A3994F-3B48-4E4E-B763-BAC58B577E8C} - System32\Tasks\{BC94193B-FF1C-424A-A3EE-2D19DD2A1675} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Advanced Crafting Menu Installer.exe" -d "C:\Program Files (x86)\Mozilla Firefox"

Task: {5A2F5CB9-F856-4FD8-AE35-605BEAD7DD57} - System32\Tasks\{8CC6151D-C69E-4BBE-81FD-6532BAC31D4E} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\YYY Improved Mannequins Installer.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {60D016FA-3010-45AD-8812-54C4AAB0BB23} - System32\Tasks\{4616880C-C2F1-4787-8C3B-6ADED00A8037} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Boss HP Bar r5.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {60E25686-1AFE-404E-BBAC-27DF9EDAFF98} - System32\Tasks\{F33A1FE2-AAF9-4DD9-9C26-4AFD5450F90C} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Stacks Up! r6.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {63E85240-A5E6-4585-AF35-C14960A06C30} - System32\Tasks\{3BBA30C2-545A-4360-8CC4-B10F780C3C81} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Accessory Slots+ r8.exe" -d "C:\Program Files (x86)\Mozilla Firefox"

Task: {6814F6AD-61C1-4E4F-A780-F3D4DB99F28D} - System32\Tasks\{AD25D9D9-3C39-4823-8154-A425666DA407} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Quest Mod r6.exe" -d "C:\Program Files (x86)\Mozilla Firefox"

Task: {74A93C9F-0AB0-4260-B3FA-A2CF147737F7} - System32\Tasks\{7843BB07-307C-4AE1-8B7C-FDA4A3ADADE6} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Accessory Slots+ r14.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {7DDDE216-7B1F-44C6-94ED-98B454BA88D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)

Task: {89FD6770-8A0B-43FA-A8E8-FC503AE6C44E} - System32\Tasks\{D2989A3B-DE48-415D-877F-8D5A40A44ACC} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Boss HP Bar r3.exe" -d "C:\Program Files (x86)\Mozilla Firefox"

Task: {8D61B6E0-07DC-45EF-A8A0-42BC03F616DA} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

Task: {8EF93876-BC61-4389-87E3-B19F3FD392CF} - System32\Tasks\{7076C663-445F-495D-B623-15D005B255D5} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Health Up! Installer.exe" -d "C:\Users\Garneac Garneac\Desktop"

Task: {A83F47F1-EB59-4542-9419-C279750CAA57} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {A849FC06-5B75-472B-8FD4-C8120FF53262} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

Task: {A925584B-FCA8-4711-B420-DF9A5D7927CA} - System32\Tasks\{258977B0-1584-491C-AC79-AAE4E2C5FCB5} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Boss HP Bar Installer.exe" -d "C:\Users\Garneac Garneac\Desktop"

Task: {B64674EF-9124-4281-94AC-57504435FC09} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

Task: {B8702799-1926-4F3D-BAC2-99932636AD97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)

Task: {BC9BF3EF-779C-4AA8-AAC3-A486CAAD7D46} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)

Task: {C2F96323-7F23-414A-883D-835EC9D993B9} - System32\Tasks\{45E2EAB6-EF9A-4D1D-8679-8F7DA7865E24} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Health Up! r1.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {C999D070-1990-4638-834E-EDD1B2C2F7AB} - System32\Tasks\{3F917D94-E1C9-4985-A577-15E4223C8698} => pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime

Task: {D2EB8C4C-6F48-41C4-8977-06405D2512D2} - System32\Tasks\{552EA518-F4B8-4CDF-A5C8-B61F38129F6A} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Accessory Slots+ r3.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {D6EE9F3F-6B69-4B5C-A3C4-90C235AD5A57} - System32\Tasks\{424E9AE1-8533-48B3-A5B1-DCE0F0455E50} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Accessory Slots+ Installer.exe" -d "C:\Users\Garneac Garneac\Desktop"

Task: {E52E1A48-EE56-40F9-BD5B-4684470CF027} - System32\Tasks\{7D19D402-EA54-451C-9EB2-22A47007F86D} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Boss HP Bar r4.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {E846ABB6-AD83-4FF3-BAF8-C1896FEE2A0F} - System32\Tasks\{DA58218A-5C70-4661-AFA2-D83A82FC7245} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\MCT Installer.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {ECD4A461-5DC5-4967-870C-1EF8DBA7DD3F} - System32\Tasks\{A54E9269-85DF-45BD-A02E-85178625F6B7} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Achievements Installer.exe" -d "C:\Users\Garneac Garneac\Desktop"

Task: {EED460B6-66FC-490A-B106-D5EA6FCED951} - System32\Tasks\{70370D30-4356-4E20-AE21-09038FF9A107} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Msvbvm50.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {FBB948D1-91B3-45F3-9CF1-954677C12DD6} - System32\Tasks\{86605883-C1F4-4D77-AC40-2230030CF358} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Health Up! r6.exe" -d "C:\Users\Garneac Garneac\Desktop\Downloads"

Task: {FC2580A6-3B9E-434C-B7B8-CADC432B5812} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-01-15] ()

Task: {FF046483-6C64-44FC-BD76-97038D1C764F} - System32\Tasks\{17FB2355-9711-4CCB-92B4-8D0374F74D44} => pcalua.exe -a "C:\Users\Garneac Garneac\Desktop\Downloads\Accessory Slots+ r3(1).exe" -d "C:\Program Files (x86)\Mozilla Firefox"

Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-01-29 01:15 - 2013-12-19 13:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2010-08-20 20:47 - 2010-08-20 20:47 - 00077312 _____ () C:\ExpressGateUtil\VAWinService.exe

2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll

2014-11-11 03:46 - 2014-11-11 03:46 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll

2014-11-11 03:46 - 2014-11-11 03:46 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll

2011-04-11 21:25 - 2011-01-26 19:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-01-10 13:41 - 2014-10-04 04:12 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe

2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll

2010-04-02 21:21 - 2008-10-01 01:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

2010-09-23 18:53 - 2010-09-23 18:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

2010-08-12 19:52 - 2010-08-12 19:52 - 00021504 _____ () C:\ExpressGateUtil\VAWinAgent.exe

2012-12-29 00:22 - 2012-12-24 01:14 - 01283072 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe

2012-09-05 03:19 - 2009-04-17 05:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2015-01-17 11:23 - 2015-01-17 11:23 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011700\algo.dll

2014-11-11 03:47 - 2014-11-11 03:47 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll

2015-01-17 18:33 - 2015-01-17 18:33 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011701\algo.dll

2010-08-12 19:52 - 2010-08-12 19:52 - 00151552 _____ () C:\ExpressGateUtil\libexpat.dll

2010-08-12 19:52 - 2010-08-12 19:52 - 00057344 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL

2013-02-21 17:41 - 2012-12-09 20:46 - 00600868 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

2014-11-11 03:47 - 2014-11-11 03:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-17 18:30 - 2015-01-17 18:30 - 00043008 _____ () c:\Users\Garneac Garneac\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp1g5sn.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2011-01-18 15:21 - 2011-01-18 15:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax

2009-11-02 16:20 - 2009-11-02 16:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2009-11-02 16:23 - 2009-11-02 16:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2015-01-17 04:26 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll

2015-01-17 04:26 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll

2015-01-17 04:26 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll

2015-01-17 04:26 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Garneac Garneac\Desktop\Void cheque.png:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Garneac Garneac\Desktop\Void cheque.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^Garneac Garneac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel® Turbo Boost Technology Monitor 2.0.lnk => C:\Windows\pss\Intel® Turbo Boost Technology Monitor 2.0.lnk.Startup

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe

MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

MSCONFIG\startupreg: Google Update => "C:\Users\Garneac Garneac\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-4154275669-437499001-3156075934-500 - Administrator - Disabled)

Garneac Garneac (S-1-5-21-4154275669-437499001-3156075934-1001 - Administrator - Enabled) => C:\Users\Garneac Garneac

Guest (S-1-5-21-4154275669-437499001-3156075934-501 - Limited - Disabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-4154275669-437499001-3156075934-1003 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/17/2015 07:33:45 AM) (Source: ESENT) (EventID: 215) (User: )

Description: WinMail (3360) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

 

Error: (01/17/2015 07:32:51 AM) (Source: ESENT) (EventID: 215) (User: )

Description: WinMail (7664) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

 

Error: (01/11/2015 10:57:28 AM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: The index cannot be initialized.

 

 

Details:

          The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

 

Error: (01/11/2015 10:57:28 AM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: The application cannot be initialized.

 

Context: Windows Application

 

 

Details:

          The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

 

Error: (01/11/2015 10:57:28 AM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: The gatherer object cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

          The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

 

Error: (01/11/2015 10:57:28 AM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

          The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

 

Error: (01/11/2015 03:50:33 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program MiPony.exe version 2.2.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1d0c

 

Start Time: 01d02d6e0155776d

 

Termination Time: 1669

 

Application Path: C:\Program Files (x86)\MiPony\MiPony.exe

 

Report Id: caf2caad-996e-11e4-b347-742f6852cf54

 

Error: (01/07/2015 11:49:22 AM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT).  hr = 0x8007045b, A system shutdown is in progress.

.

 

 

Operation:

   Initialize For Backup

 

Error: (01/07/2015 11:49:22 AM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT).  hr = 0x8007045b, A system shutdown is in progress.

.

 

 

Operation:

   Initialize For Backup

 

Error: (01/04/2015 00:09:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: This operation returned because the timeout period expired.

.

 

 

System errors:

=============

Error: (01/17/2015 07:29:25 AM) (Source: DCOM) (EventID: 10016) (User: GarneacGarneac-PC)

Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}GarneacGarneac-PCGuestS-1-5-21-4154275669-437499001-3156075934-501LocalHost (Using LRPC)

 

Error: (01/16/2015 00:37:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Portable Device Enumerator Service service failed to start due to the following error:

%%1115

 

Error: (01/16/2015 00:37:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Diagnostic Service Host service failed to start due to the following error:

%%1069

 

Error: (01/16/2015 00:37:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:

%%50

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (01/16/2015 00:37:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error:

%%1069

 

Error: (01/16/2015 00:37:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:

%%50

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (01/16/2015 00:37:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Application Information service depends on the User Profile Service service which failed to start because of the following error:

%%1062

 

Error: (01/16/2015 00:37:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Network List Service service failed to start due to the following error:

%%1069

 

Error: (01/16/2015 00:37:45 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:

%%50

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (01/16/2015 00:37:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Background Intelligent Transfer Service service failed to start due to the following error:

%%1115

 

 

Microsoft Office Sessions:

=========================

Error: (01/17/2015 07:33:45 AM) (Source: ESENT) (EventID: 215) (User: )

Description: WinMail3360WindowsMail0:

 

Error: (01/17/2015 07:32:51 AM) (Source: ESENT) (EventID: 215) (User: )

Description: WinMail7664WindowsMail0:

 

Error: (01/11/2015 10:57:28 AM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description:

Details:

          The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

 

Error: (01/11/2015 10:57:28 AM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Context: Windows Application

 

 

Details:

          The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

 

Error: (01/11/2015 10:57:28 AM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Context: Windows Application, SystemIndex Catalog

 

 

Details:

          The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

 

Error: (01/11/2015 10:57:28 AM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Context: Windows Application, SystemIndex Catalog

 

 

Details:

          The process cannot access the file because it is being used by another process.  (HRESULT : 0x80070020) (0x80070020)

Search.TripoliIndexer

 

Error: (01/11/2015 03:50:33 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: MiPony.exe2.2.1.01d0c01d02d6e0155776d1669C:\Program Files (x86)\MiPony\MiPony.execaf2caad-996e-11e4-b347-742f6852cf54

 

Error: (01/07/2015 11:49:22 AM) (Source: VSS) (EventID: 8193) (User: )

Description: OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)0x8007045b, A system shutdown is in progress.

 

 

Operation:

   Initialize For Backup

 

Error: (01/07/2015 11:49:22 AM) (Source: VSS) (EventID: 8193) (User: )

Description: OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)0x8007045b, A system shutdown is in progress.

 

 

Operation:

   Initialize For Backup

 

Error: (01/04/2015 00:09:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtThis operation returned because the timeout period expired.

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-02-20 02:53:43.333

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-02-20 02:53:43.145

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz

Percentage of memory in use: 33%

Total physical RAM: 8103.08 MB

Available physical RAM: 5350 MB

Total Pagefile: 16204.34 MB

Available Pagefile: 13083.49 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:195.35 GB) (Free:61.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Data) (Fixed) (Total:245.41 GB) (Free:33.23 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38601C96)

Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)

Partition 2: (Active) - (Size=195.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=245.4 GB) - (Type=OF Extended)

 

==================== End Of Log ============================

 

Zoek

 

Zoek.exe v5.0.0.0 Updated 15-01-2015

Tool run by Garneac Garneac on 17-Jan-15 at 18:49:50.27.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Garneac Garneac\Desktop\zoek.exe [Scan all users] [Script inserted]

 

==== System Restore Info ======================

 

17-Jan-15 6:54:18 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Running Processes ======================

 

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ExpressGateUtil\VAWinService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\puush\puush.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Users\Garneac Garneac\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Users\Garneac Garneac\Desktop\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

 

==== Services(whitelist) ======================

Powered by E Dev

 

R2 - [AFBAgent] - AFBAgent - c:\windows\system32\fbagent.exe

R2 - [ASLDRService] - ASLDR Service - c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe

R2 - [Atheros Bt&Wlan Coex Agent] - Atheros Bt&Wlan Coex Agent - c:\program files (x86)\bluetooth suite\ath_coexagent.exe

R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\bluetooth suite\adminservice.exe

R2 - [ATKGFNEXSrv] - ATKGFNEX Service - c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe

R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe

R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe

R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe

R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe

R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe

R2 - [NVSvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe

R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe

R2 - [UNS] - Intel® Management and Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe

R2 - [VideAceWindowsService] - VideAceWindowsService - c:\expressgateutil\vawinservice.exe

R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe

R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe

R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe

R3 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe

R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe

R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe

S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe

S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe

S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe

S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe

S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe

S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe

S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe

S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe

S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe

S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe

S3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe

S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe

S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe

S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe

S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe

S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe

S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe

S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe

S3 - [TurboBoost] - Intel® Turbo Boost Technology Monitor 2.0 - c:\program files\intel\turboboost\turboboost.exe

S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe

S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe

S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe

S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe

S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe

S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe

 

==== System Specs ======================

 

Operating System: Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 64-bit

Manufacturer: ASUSTeK Computer Inc. - Model: N53SV

Install Date: 04-Sep-12 2:19:45 AM

Last Boot: 17-Jan-15 6:28:19 PM

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz

Number of Processors: 8

Work Station

Bootmode: Normal boot

Total RAM: 8103 MB (free 5933 MB - 73)

Computername: GARNEACGARNEAC-PC

Domain: WORKGROUP

User: Garneac Garneac (Non-Administrator account)

Local Disk:        C:\ - NTFS - 195 GB (free 59 GB)

Local Disk:        D:\ - NTFS - 245 GB (free 33 GB)

CD \ DVD Drive:    E:\

CD \ DVD Drive:    F:\

Local Disk:        Q:\ -  -  GB (free  GB)

Bootdevice: \Device\HarddiskVolume2

Windows update:

Country: United States

Language: ENU

 

==== System Specs (Software) ======================

 

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: avast! Antivirus disabled (Outdated)

Default Browser: Google Chrome         39.0.2171.99

Internet Explorer Version: 9.0.8112.16421

Google Chrome version: 39.0.2171.99

Sun Java version: 1.7.0_71 (32-bit)

Flash Player version: 16.0.0.257

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

====== C:\Users\GARNEACA~1\AppData\Local\Temp ====

2015-01-17 23:30:16 97511FE2CA09CC2E06C3CD6519C3494E   43008  ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp1g5sn.dll

2015-01-16 07:14:33 FE447D1CD38CECAC2331FA932078D9A0  271360          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\SmiProvider.dll

2015-01-16 07:14:33 FC2DB5842190C6E78A40CD7DA483B27C  435712          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\DmiProvider.dll

2015-01-16 07:14:33 FC00A05639494779002682A9B965EF9C    471040          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\WimProvider.dll

2015-01-16 07:14:33 F2B0771A7CD27F20689E0AB787B7EB7C   289792          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\DismCore.dll

2015-01-16 07:14:33 EFCB002ABC3529D71B61E6FB6434566C   762368          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\CbsProvider.dll

2015-01-16 07:14:33 E7CAED467F80B29F4E63BA493614DBB1   127488          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\OSProvider.dll

2015-01-16 07:14:33 C9D74156913061BE6C51D8FC3ACF8E93   53760  ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\FolderProvider.dll

2015-01-16 07:14:33 BBB9E4FA2561F6A6E5CCF25DA069AC1B  313344          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\IntlProvider.dll

2015-01-16 07:14:33 9A821D8D62F4C60232B856E98CBA7E4F   96768  ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\DismHost.exe

2015-01-16 07:14:33 8D3855B133E21143E8B4BFADB9FB14A3   302080          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\UnattendProvider.dll

2015-01-16 07:14:33 8CA117CB9338C0351236939717CB7084    186368          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\DismProv.dll

2015-01-16 07:14:33 7B38D7916A7CD058C16A0A6CA5077901   271360          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\wdscore.dll

2015-01-16 07:14:33 739968678548BA15F6B9372E8760C012     444416          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\TransmogProvider.dll

2015-01-16 07:14:33 6A4BD682396F29FD7DF5AB389509B950    183296          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\CompatProvider.dll

2015-01-16 07:14:33 5488E381238FF19687FDD7AB2F44CFCC    111616          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\DismCorePS.dll

2015-01-16 07:14:33 45FF4FA5CA5432BFCCDED4433FE2A85B  216576          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\MsiProvider.dll

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2015-01-16 11:54:15 D41D8CD98F00B204E9800998ECF8427E    0        ----a-w-          C:\Windows\SysWOW64\shoEC14.tmp

2015-01-16 06:29:07 D41D8CD98F00B204E9800998ECF8427E    0        ----a-w-          C:\Windows\SysWOW64\shoEADD.tmp

2015-01-16 04:15:09 B9F9FD6188CC732F19DB69CAE5CC597C  272808          ----a-w-          C:\Windows\SysWOW64\javaws.exe

2015-01-16 04:14:53 8FA677D5F2AFE2A3F111C50D68A93542   98216  ----a-w-          C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-16 04:14:53 3594C0ABBFFE10B3CF95714B8B3C89A4   175528          ----a-w-          C:\Windows\SysWOW64\javaw.exe

2015-01-16 04:14:53 095826BCBBFA5C09C72463A82612B23C   175528          ----a-w-          C:\Windows\SysWOW64\java.exe

2015-01-15 12:01:29 D41D8CD98F00B204E9800998ECF8427E    0        ----a-w-          C:\Windows\SysWOW64\shoBCBE.tmp

2015-01-12 17:36:29 D41D8CD98F00B204E9800998ECF8427E    0        ----a-w-          C:\Windows\SysWOW64\shoB197.tmp

2015-01-10 18:22:51 D41D8CD98F00B204E9800998ECF8427E    0        ----a-w-          C:\Windows\SysWOW64\shoF8FD.tmp

2015-01-09 15:28:31 D41D8CD98F00B204E9800998ECF8427E    0        ----a-w-          C:\Windows\SysWOW64\sho9AB5.tmp

2015-01-08 16:11:16 D41D8CD98F00B204E9800998ECF8427E    0        ----a-w-          C:\Windows\SysWOW64\sho89B8.tmp

2015-01-05 04:42:22 D41D8CD98F00B204E9800998ECF8427E    0        ----a-w-          C:\Windows\SysWOW64\sho107E.tmp

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2015-01-16 00:43:57 F9BE29D5E097F03F81D3CD12B794CB66   31232  ----a-w-          C:\Windows\Sysnative\drivers\tap0901.sys

====== C:\Windows\Tasks ======

2015-01-17 09:25:41 BBF66D12D54155633EC677018E9C1B21    912     ----a-w-          C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-17 09:25:41 AD4ABF7840A3347E38CBC2278EC95DC0  3908   ----a-w-          C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA

2015-01-17 09:25:40 E9B29E63222567B711613416A5579FA8     3656   ----a-w-          C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore

2015-01-17 09:25:40 C88C993BB03FC82F311F474C16F51D7F    908     ----a-w-          C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-16 00:44:12 C541387C09573DD06293DD79108AEB35   3188   ----a-w-          C:\Windows\Sysnative\Tasks\Private Internet Access Startup

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-01-17 10:33:34 --------          d-----w-        C:\Program Files\CPUID

2015-01-16 00:43:54 --------          d-----w-        C:\Program Files\pia_manager

======= C:\PROGRA~2 =====

2015-01-17 09:17:54 --------          d-----w-        C:\PROGRA~2\Opera

2015-01-16 04:15:22 --------          d-----w-        C:\PROGRA~2\COMMON~1\Java

2014-12-31 08:25:48 --------          d-----w-        C:\PROGRA~2\Notepad++

2014-12-26 09:02:06 --------          d-----w-        C:\PROGRA~2\Deep Silver

2014-12-25 08:46:16 --------          d-----w-        C:\PROGRA~2\Belarc

======= C: =====

====== C:\Users\Garneac Garneac\AppData\Roaming ======

2015-01-17 12:29:52 --------          d-----w-        C:\Users\Guest\AppData\Roaming\LastPass

2015-01-17 12:29:40 --------          d-----w-        C:\Users\Guest\AppData\Roaming\Adobe

2015-01-17 12:29:32 --------          d-s---w-        C:\Users\Guest\AppData\Locallow\Microsoft

2015-01-17 12:29:29 --------          d-----w-        C:\Users\Guest\AppData\Roaming\WinPatrol

2015-01-17 12:28:15 --------          d-----w-        C:\Users\Guest\AppData\Local\Google

2015-01-17 12:28:10 --------          d-----r-          C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2015-01-17 12:28:10 --------          d-----r-          C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2015-01-17 12:27:59 --------          d-----w-        C:\Users\Guest\AppData\Roaming\Identities

2015-01-17 12:27:50 --------          d-----w-        C:\Users\Guest\AppData\Local\VirtualStore

2015-01-17 12:26:58 --------          d-s---w-        C:\Users\Guest\AppData\Roaming\Microsoft

2015-01-17 12:26:58 --------          d-----w-          C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite

2015-01-17 12:26:58 --------          d-----w-          C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic

2015-01-17 12:26:58 --------          d-----w-        C:\Users\Guest\AppData\Roaming\Media Center Programs

2015-01-17 12:26:58 --------          d-----w-        C:\Users\Guest\AppData\Local\temp

2015-01-17 12:26:58 --------          d-----w-        C:\Users\Guest\AppData\Local\Microsoft

2015-01-17 12:26:58 --------          d-----r-          C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-01-17 12:26:58 --------          d-----r-          C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-01-17 09:18:25 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Local\Opera Software

2015-01-17 09:18:24 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Roaming\Opera Software

2015-01-16 10:25:02 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Roaming\Mozilla

2015-01-16 00:45:28 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Roaming\Titanium

2015-01-16 00:44:11 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access

2015-01-10 06:15:21 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Local\nuclearthrone

2014-12-31 08:25:54 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-12-31 08:25:48 --------          d-----w-        C:\Users\Garneac Garneac\AppData\Roaming\Notepad++

====== C:\Users\Garneac Garneac ======

2015-01-17 23:38:00 AE6B51B8D801050A1A06273CAAB80D90  2125824        ----a-w-          C:\Users\Garneac Garneac\Desktop\FRST64.exe

2015-01-17 12:28:10 --------          d-----r-         C:\Users\Guest\Searches

2015-01-17 12:27:53 --------          d-----r-         C:\Users\Guest\Contacts

2015-01-17 12:26:59 6FC234AD3752E1267B34FB12BCD6718B   20      --sha-w-          C:\Users\Guest\ntuser.ini

2015-01-17 12:26:58 --------          d--h--w-       C:\Users\Guest\AppData

2015-01-17 12:26:58 --------          d-----r-         C:\Users\Guest\Videos

2015-01-17 12:26:58 --------          d-----r-         C:\Users\Guest\Saved Games

2015-01-17 12:26:58 --------          d-----r-         C:\Users\Guest\Pictures

2015-01-17 12:26:58 --------          d-----r-         C:\Users\Guest\Music

2015-01-17 12:26:58 --------          d-----r-         C:\Users\Guest\Links

2015-01-17 12:26:58 --------          d-----r-         C:\Users\Guest\Favorites

2015-01-17 12:26:58 --------          d-----r-         C:\Users\Guest\Downloads

2015-01-17 12:26:58 --------          d-----r-         C:\Users\Guest\Documents

2015-01-17 12:26:58 --------          d-----r-         C:\Users\Guest\Desktop

2015-01-17 10:33:35 --------          d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

2015-01-17 09:26:26 --------          d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-16 18:20:40 8B968045D75783A09592C3105F2865DA    688992          ------r-          C:\Users\Garneac Garneac\Desktop\dds.com

2015-01-16 04:14:53 --------          d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-12-31 08:25:54 --------          d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-12-26 09:52:10 --------          d-----w-        C:\ProgramData\Steam

2014-12-26 09:44:10 --------          d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver

2014-12-25 07:52:58 075B0DA82E23780FA2DD7F2EA0464FD4   258     --sha-r-          C:\ProgramData\ntuser.pol

 

====== C: exe-files ==

2015-01-17 23:48:42 3EAF7D994959C3F2D754BC909ECEA5C4  544     ----a-w-          C:\$RECYCLE.BIN\S-1-5-21-4154275669-437499001-3156075934-1001\$INBUUJB.exe

2015-01-17 23:38:00 AE6B51B8D801050A1A06273CAAB80D90  2125824        ----a-w-          C:\Users\Garneac Garneac\Desktop\FRST64.exe

2015-01-17 10:33:34 8C2A7808C334D988B38A39A90DEF9031   719521          ----a-w-          C:\Program Files\CPUID\CPU-Z\unins000.exe

2015-01-17 10:33:34 0A1CD954EC5BF3B4E4DA48316E378A03   3167976        ----a-w-          C:\Program Files\CPUID\CPU-Z\cpuz.exe

2015-01-17 10:32:44 53492956E4C458E6B97936EB7E80C7AE    1577464        ----a-w-          C:\$RECYCLE.BIN\S-1-5-21-4154275669-437499001-3156075934-1001\$RNBUUJB.exe

2015-01-17 09:26:00 0446920FEC618F01F4262C09B330878B     40756304      ----a-w-          C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\39.0.2171.99\39.0.2171.99_chrome_installer.exe

2015-01-17 09:25:39 F172AD4E906D97ED8F071896FC6789DC   107912          ----atw-          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

2015-01-17 09:25:39 F172AD4E906D97ED8F071896FC6789DC   107912          ----atw-          C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdate.exe

2015-01-17 09:25:39 EDD3E562684CB4C50704B471BEAB1F86   114568          ----atw-          C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe

2015-01-17 09:25:39 CB8C1CC4F46FBAC78150754D77460C73   230792          ----atw-          C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

2015-01-17 09:25:39 7161E8E31B7FD3B1CE083C2CA5FD5F44   285064          ----atw-          C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

2015-01-17 09:25:39 5B4ED5734945619EE3BCDB9825D2F526    51080  ----atw-        C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe

2015-01-17 09:25:39 26AB3E2B7A55DE329009B51CF6590BFF    880784          ----a-w-          C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateSetup.exe

2015-01-17 09:25:39 06036279056145E0F08FC095CB789E6A     51080  ----atw-        C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateBroker.exe

2015-01-17 09:17:42 11420A2A99B639F8BB83F2F7BBB29E36    32557240      ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB2MW6AU\Opera_26.0.1656.60_Setup[1].exe

2015-01-17 09:17:31 06DD44B52CB06BD812262655094AB683    683480          ----a-w-          C:\Users\Garneac Garneac\Desktop\Downloads\Opera_NI_stable_2.exe

2015-01-17 09:13:21 11420A2A99B639F8BB83F2F7BBB29E36    32557240      ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T21ZOLD0\Opera_26.0.1656.60_Setup[1].exe

2015-01-16 07:14:33 9A821D8D62F4C60232B856E98CBA7E4F   96768  ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\D53C4F28-7C3F-4C0F-B8FE-03AEC9E8654B\DismHost.exe

2015-01-16 04:15:09 B9F9FD6188CC732F19DB69CAE5CC597C  272808          ----a-w-          C:\Windows\SysWOW64\javaws.exe

2015-01-16 04:14:53 3594C0ABBFFE10B3CF95714B8B3C89A4   175528          ----a-w-          C:\Windows\SysWOW64\javaw.exe

2015-01-16 04:14:53 095826BCBBFA5C09C72463A82612B23C   175528          ----a-w-          C:\Windows\SysWOW64\java.exe

2015-01-16 04:12:54 3842C46F2FBC7522EF625F1833530804     145408          ----a-w-          C:\Users\Garneac Garneac\AppData\LocalLow\Sun\Java\jre1.7.0_71\lzma.exe

2015-01-16 00:43:57 8A58017D7028434FBE939F81C59B4D12    25723531      ----a-w-          C:\Program Files\pia_manager\privateinternetaccess.exe

2015-01-16 00:43:57 65379A2610ECE62AB38B201D27200848    81920  ----a-w-        C:\Program Files\pia_manager\tapinstall.exe

2015-01-16 00:43:55 A7B9C579A37A32F9F158DC7EFB36975D   176128          ----a-w-          C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\kboot.exe

2015-01-16 00:43:55 67EC2F2DE248F5669208729E56ACAA07   184320          ----a-w-          C:\Program Files\pia_manager\pia_tray\pia_tray.exe

2015-01-16 00:43:54 C1AF2F760CE27A038205AA532B97115F    8817658        ----a-w-          C:\Program Files\pia_manager\pia_manager.exe

2015-01-16 00:43:54 8D06AFAB465D84B7E52A1895E3DFD0AD  690176          ----a-w-          C:\Program Files\pia_manager\openvpn.exe

2015-01-16 00:43:54 4C834FB65B3B79EC5CF37FE92CBA4D60   585728          ----a-w-          C:\Program Files\pia_manager\pia_tray\installer\installer.exe

=== C: other files ==

2015-01-17 23:55:42 A29030FB93B2E48EDD124749881406CE    943211          ----a-w-          C:\Users\Garneac Garneac\AppData\Local\Temp\sysspec\SysSpec.zip

2015-01-16 18:20:40 8B968045D75783A09592C3105F2865DA    688992          ------r-          C:\Users\Garneac Garneac\Desktop\dds.com

2015-01-16 00:43:57 F9BE29D5E097F03F81D3CD12B794CB66   31232  ----a-w-          C:\Windows\System32\drivers\tap0901.sys

2015-01-16 00:43:57 F9BE29D5E097F03F81D3CD12B794CB66   31232  ----a-w-        C:\Program Files\pia_manager\tap0901.sys

2015-01-16 00:43:57 1091BA75C2BD821BD552E3AD6D84E709   250     ----a-w-        C:\Program Files\pia_manager\reinstall_tap.bat

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Copy"="C:\Users\Garneac Garneac\AppData\Roaming\Copy\CopyAgent.exe"

 

[HKEY_USERS\S-1-5-21-4154275669-437499001-3156075934-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"

"puush"="C:\Program Files (x86)\puush\puush.exe"

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"Copy"="C:\Users\Garneac Garneac\AppData\Roaming\Copy\CopyAgent.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S"

"FLxHCIm"="C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

"SonicMasterTray"="C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe"

"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"VAWinAgent"="C:\ExpressGateUtil\VAWinAgent.exe"

"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"

"VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"

"puush"="C:\Program Files (x86)\puush\puush.exe"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 "

"AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

"AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

"snp2uvc"="C:\Windows\vsnp2uvc.exe"

"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe"

"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe "

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\System32\\nvinitx.dll,C:\\Windows\\system32\\nvinitx.dll"

 

==== Startup Registry Disabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]

"command"="C:\\Windows\\AsScrPro.exe"

"hkey"="HKLM"

"item"="ASUS Screen Saver Protector"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKOSD2]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ATKOSD2"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATKOSD2\\ATKOSD2.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]

"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""

"hkey"="HKLM"

"item"="CLMLServer"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Garneac Garneac\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NvBackend"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

"hkey"="HKLM"

"item"="RtHDVCpl"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ShadowPlay"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Garneac Garneac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel® Turbo Boost Technology Monitor 2.0.lnk]

"path"="C:\\Users\\Garneac Garneac\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Intel® Turbo Boost Technology Monitor 2.0.lnk"

"backup"="C:\\Windows\\pss\\Intel® Turbo Boost Technology Monitor 2.0.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~1\\Intel\\TURBOB~1\\SIGNAL~1.EXE "

"item"="Intel® Turbo Boost Technology Monitor 2.0"

 

 

==== Startup Folders ======================

 

2013-01-11 03:30:32 1170   ----a-w-        C:\Users\Garneac Garneac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2014-05-22 05:14:49 568     ----a-w-        C:\Users\Garneac Garneac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Garneac.ahk.lnk

2011-04-02 04:48:03 2058   ----a-w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

2012-09-05 08:10:40 2617   ----a-w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk

2013-07-19 00:48:23 2112   ----a-w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\ASUS SmartLogon Console Sensor.job --a------ C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [15-Nov-10 12:42 PM]

C:\Windows\tasks\AutoKMS.job --a------ [Undetermined Task]

C:\Windows\tasks\DriverToolkit Autorun.job --a------ C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17-Jan-15 04:25 AM]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17-Jan-15 04:25 AM]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe]

"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe]

"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe]

"C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]

"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]

"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe]

"C:\Windows\SysNative\tasks\DriverToolkit Autorun" [C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\Private Internet Access Startup" ["C:\Program Files\pia_manager\pia_manager.exe"]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

 

==== Chromium Look ======================

 

Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[04-Aug-14 12:17 PM]

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11-Nov-14 03:47 AM]

hdokiejnpimakedhajhdlcegeplioahd - C:\Program Files (x86)\LastPass\lpchrome.crx[18-Jul-13 07:48 PM]

jeaohhlajejodfjadcponpnjgkiikocn - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[05-Dec-14 07:58 PM]

oleomanaehojaiigacblenknbkhfdicd - C:\Users\Garneac Garneac\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx[13-Mar-13 10:13 AM]

 

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

oleomanaehojaiigacblenknbkhfdicd - C:\Users\Garneac Garneac\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx[13-Mar-13 10:13 AM]

 

Google Slides - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Google Voice Search Hotword (Beta) - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

YouTube - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Unit - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmbfafhdccfgdgnbkgogehiklmemkoh

selector is not a valid CSS selector - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Google Search - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Sheets - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Avast Online Security - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

LastPass - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd

IDM Integration Module - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn

Chromium Wheel Smooth Scroller - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb

Linkclump - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj

New Tab Page - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa

Google Wallet - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Garneac Garneac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=0 folders=0 0 bytes)

 

==== EOF on 17-Jan-15 at 19:06:28.45 ======================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 18 January 2015 - 06:23 AM

Hi,
 
Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Upgrade:

Step 2

Please download and install mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Garneac

Garneac
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 18 January 2015 - 10:46 AM

Hi deeprybka!

 

A couple hours ago, Chrome went back to being its usual lightning fast self. I'm going to assume it was a silent update on Google's part. Or maybe not. Whatever the reason, though, I'm just happy to have the problem sort itself out.

 

Thanks for your help! But I think it's safe to say the issue's cleared up.



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 18 January 2015 - 11:20 AM

OK. So I can close this topic, right? :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Garneac

Garneac
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 18 January 2015 - 11:56 AM

Yes, yes. And again, thanks!



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 18 January 2015 - 11:57 AM

You are welcome! :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:36 AM

Posted 18 January 2015 - 11:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users