Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC often running slow or unresponsive past several days; disk light stays on


  • This topic is locked This topic is locked
6 replies to this topic

#1 jreynolds2

jreynolds2

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 23 September 2015 - 04:38 AM

Suddenly, my system has become very slow. This has been happening often, but not always. 

I notice that my hard drive light stays on solid for a long time when the machine is slow or unresponsive. Chrome often says that pages have become unresponsive. 

I have run Bitdefender Free, SuperAntiSpyware, and Malwarebytes, finding no problems. 

Win 7 Home Premium. 


Thanks! 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by ASUS (administrator) on ASUS-PC (23-09-2015 17:18:54)
Running from C:\Users\ASUS\Downloads
Loaded Profiles: ASUS (Available Profiles: ASUS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\Ditto\Ditto.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(LINE Corporation) C:\Program Files (x86)\LINE\LINE.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-07] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-05] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-06] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1717872 2012-11-08] ()
HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\...\Run: [Google Update] => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-20] (syncables, LLC)
HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\...\Run: [LINE] => C:\Program Files (x86)\LINE\LINE.exe [15664152 2015-08-18] (LINE Corporation)
HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\...\Run: [GoogleChromeAutoLaunch_D5DDF34FE692FC2EA1B8968615A3C02A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-19] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2013-05-04]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-05-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2013-05-04]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2013-05-04]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2228B8D1-B641-4B93-A2BF-A3123F9BAC0E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6884562D-FD0D-426C-A0EA-06812D39FE47}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6C80B235-E48F-420A-AD5C-EF1F784A8975}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A51FBB22-AEA8-4ED8-A81D-55BDFF4F8A89}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{BC59B03E-1449-4744-A4B5-DDCD4DB28A68}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3590112291-2278335448-3967109752-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-3590112291-2278335448-3967109752-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\761r6kcj.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin HKU\S-1-5-21-3590112291-2278335448-3967109752-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3590112291-2278335448-3967109752-1000: @talk.google.com/O1DPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3590112291-2278335448-3967109752-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3590112291-2278335448-3967109752-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-06-27] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxp://www.google.com/ig","hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?source=ig&hl=en&rlz=&q={searchTerms}&btnG=Google+Search&aq=f&aqi=g10&aql=&oq=
CHR DefaultSearchKeyword: Default -> google.com_
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\pdf.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\ASUS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dewey Bookmarks) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahpfefkmihhdabllidnlipghcjgpkdm [2015-03-21]
CHR Extension: (DocHub - View, Edit, Sign PDFs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2015-04-09]
CHR Extension: (Word Search Puzzle) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2013-06-14]
CHR Extension: (Google Docs) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2011-08-10]
CHR Extension: (Google Drive) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2011-08-10]
CHR Extension: (YouTube) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-08-10]
CHR Extension: (OneTab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-04-26]
CHR Extension: (Google Search) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-08-10]
CHR Extension: (Chromebleed) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-10]
CHR Extension: (Readium) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-14]
CHR Extension: (Cut the Rope) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-06-14]
CHR Extension: (Zoho Clipboard) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\iijojlignnlclbadcdiecojeamghcfli [2014-12-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-13]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2013-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-08-10]
CHR HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-05-16] (SUPERAntiSpyware.com)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [167208 2014-07-16] (Sony Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-07-01] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-06-17] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-06] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-06-23] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-07] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-23 17:18 - 2015-09-23 17:19 - 00025641 _____ C:\Users\ASUS\Downloads\FRST.txt
2015-09-23 17:18 - 2015-09-23 17:19 - 00000000 ____D C:\FRST
2015-09-23 17:17 - 2015-09-23 17:17 - 02191360 _____ (Farbar) C:\Users\ASUS\Downloads\FRST64.exe
2015-09-20 23:37 - 2015-09-20 23:37 - 00080719 _____ C:\Users\ASUS\Downloads\Justified.Season.5-6.S05-S06.720p.BluRay.x264-DEMAND.torrent
2015-09-11 01:43 - 2015-09-16 12:15 - 00000000 ____D C:\Users\ASUS\Downloads\Fairy DNA _ Flickr - Photo Sharing!_files
2015-09-11 01:43 - 2015-09-11 01:43 - 00153354 _____ C:\Users\ASUS\Downloads\Fairy DNA _ Flickr - Photo Sharing!.html
2015-08-29 13:35 - 2015-08-29 13:35 - 00000040 _____ C:\ProgramData\ra3.ini
2015-08-29 13:35 - 2015-08-29 13:35 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-08-29 12:52 - 2015-08-29 13:13 - 441683816 _____ C:\Users\ASUS\Downloads\RedAlert3_english_patch1.012.exe
2015-08-28 18:45 - 2015-08-28 18:45 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Red Alert 3
2015-08-28 18:41 - 2015-08-28 18:41 - 00002033 _____ C:\Users\Public\Desktop\Command & Conquer™ Red Alert™ 3.lnk
2015-08-28 18:28 - 2015-08-28 18:28 - 00000992 _____ C:\Windows\DirectX.log
2015-08-25 18:11 - 2015-09-15 23:22 - 00076800 ___SH C:\Users\ASUS\Desktop\Thumbs.db
2015-08-25 18:08 - 2015-09-23 16:40 - 00002520 _____ C:\Windows\setupact.log
2015-08-25 18:08 - 2015-08-25 18:08 - 00000000 _____ C:\Windows\setuperr.log
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-23 17:02 - 2013-05-04 09:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-23 16:56 - 2009-07-14 12:45 - 00016224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-23 16:56 - 2009-07-14 12:45 - 00016224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-23 16:42 - 2014-02-20 22:58 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\vlc
2015-09-23 16:38 - 2014-01-27 15:05 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3590112291-2278335448-3967109752-1000UA.job
2015-09-23 13:04 - 2013-08-15 13:01 - 00007611 _____ C:\Users\ASUS\AppData\Local\Resmon.ResmonCfg
2015-09-23 13:01 - 2014-04-04 17:37 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\tixati
2015-09-23 10:38 - 2014-01-27 15:05 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3590112291-2278335448-3967109752-1000Core.job
2015-09-23 01:02 - 2013-05-04 09:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-22 21:07 - 2015-07-25 18:37 - 00000000 ____D C:\Users\ASUS\AppData\Local\HTC MediaHub
2015-09-22 20:56 - 2013-06-23 15:53 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\Ditto
2015-09-22 20:56 - 2013-06-15 21:21 - 00000000 ___RD C:\Users\ASUS\Google Drive
2015-09-22 20:55 - 2013-05-04 10:14 - 00000000 ____D C:\Program Files\P4G
2015-09-22 20:55 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-22 17:41 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-22 12:45 - 2015-07-28 12:36 - 00489472 ___SH C:\Users\ASUS\Downloads\Thumbs.db
2015-09-22 12:39 - 2015-05-11 14:49 - 00000000 ____D C:\Users\ASUS\Documents\Calibre Library
2015-09-22 04:11 - 2011-08-09 14:09 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-21 22:25 - 2009-07-14 13:13 - 00797850 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-20 18:30 - 2015-05-16 23:21 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-20 15:21 - 2015-08-21 19:25 - 00000000 ____D C:\Users\ASUS\Documents\Etta
2015-09-20 13:04 - 2014-07-03 15:39 - 00000000 ____D C:\Users\ASUS\Documents\Reference
2015-09-18 15:25 - 2015-05-16 23:21 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-18 15:25 - 2015-05-16 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-18 15:25 - 2015-05-16 23:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-18 10:33 - 2014-01-27 15:05 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3590112291-2278335448-3967109752-1000UA
2015-09-18 10:33 - 2014-01-27 15:05 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3590112291-2278335448-3967109752-1000Core
2015-09-18 00:57 - 2013-05-04 09:47 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-18 00:57 - 2013-05-04 09:47 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-13 21:06 - 2015-04-22 21:15 - 00000000 ___RD C:\Users\ASUS\Dropbox
2015-09-10 18:58 - 2011-08-09 13:53 - 00000000 ____D C:\Users\ASUS\AppData\Local\Google
2015-09-03 13:49 - 2013-10-27 22:21 - 00000000 ____D C:\Users\ASUS\Documents\VM
2015-09-02 14:42 - 2014-06-04 21:03 - 00000000 ____D C:\Users\ASUS\AppData\Local\CrashDumps
2015-08-28 18:41 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-28 18:28 - 2014-11-19 17:41 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2015-08-28 14:29 - 2015-03-03 23:19 - 00000000 ____D C:\Users\ASUS\Documents\TrendMicro Eason
2015-08-28 13:08 - 2014-02-14 01:59 - 00000000 ____D C:\Users\ASUS\Downloads\unicodefont
 
==================== Files in the root of some directories =======
 
2013-06-25 16:47 - 2014-01-18 13:08 - 0000000 _____ () C:\Users\ASUS\AppData\Roaming\bitlord_log.txt
2014-01-18 13:08 - 2014-01-18 13:08 - 0000218 _____ () C:\Users\ASUS\AppData\Local\recently-used.xbel
2013-08-15 13:01 - 2015-09-23 13:04 - 0007611 _____ () C:\Users\ASUS\AppData\Local\Resmon.ResmonCfg
2013-06-23 16:09 - 2013-06-23 16:09 - 0030601 _____ () C:\ProgramData\1371974982.bdinstall.bin
2013-06-23 16:25 - 2013-06-23 16:25 - 0156810 _____ () C:\ProgramData\1371975595.bdinstall.bin
2013-06-25 16:52 - 2013-06-25 16:52 - 0023230 _____ () C:\ProgramData\1372150363.bdinstall.bin
2013-06-25 16:52 - 2013-06-25 16:53 - 0001828 _____ () C:\ProgramData\1372150366.10452.bin
2013-06-25 16:52 - 2013-06-25 16:53 - 0007261 _____ () C:\ProgramData\1372150366.6056.bin
2013-06-25 16:52 - 2013-06-25 16:53 - 0001005 _____ () C:\ProgramData\1372150366.6192.bin
2013-06-25 16:52 - 2013-06-25 16:53 - 0024922 _____ () C:\ProgramData\1372150366.6432.bin
2013-06-25 16:54 - 2013-06-25 16:54 - 0017588 _____ () C:\ProgramData\1372150490.bdinstall.bin
2013-06-25 16:57 - 2013-06-25 16:57 - 0017589 _____ () C:\ProgramData\1372150642.bdinstall.bin
2013-06-25 16:59 - 2013-06-25 16:59 - 0017588 _____ () C:\ProgramData\1372150742.bdinstall.bin
2013-06-25 17:04 - 2013-06-25 17:04 - 0148978 _____ () C:\ProgramData\1372150986.bdinstall.bin
2014-01-25 14:04 - 2014-01-25 14:04 - 0037995 _____ () C:\ProgramData\1390629887.bdinstall.bin
2014-01-25 14:04 - 2014-01-25 14:04 - 0039544 _____ () C:\ProgramData\1390629888.bdinstall.bin
2014-01-25 16:46 - 2014-01-25 16:46 - 0037995 _____ () C:\ProgramData\1390639578.bdinstall.bin
2014-01-25 16:47 - 2014-01-25 16:47 - 0180625 _____ () C:\ProgramData\1390639582.bdinstall.bin
2015-08-29 13:35 - 2015-08-29 13:35 - 0000040 _____ () C:\ProgramData\ra3.ini
2013-05-04 09:44 - 2013-05-04 09:45 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2013-05-04 09:46 - 2013-05-04 09:46 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-05-04 09:43 - 2013-05-04 09:44 - 0000106 _____ () C:\ProgramData\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}.log
2013-05-04 09:45 - 2013-05-04 09:46 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-05-04 09:40 - 2013-05-04 09:43 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2013-05-04 09:45 - 2013-05-04 09:45 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
2013-05-04 09:38 - 2013-05-04 09:40 - 0000115 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
 
Some files in TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\ASUS\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\ASUS\AppData\Local\Temp\patchw32.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-21 01:14
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 PM

Posted 23 September 2015 - 07:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-3590112291-2278335448-3967109752-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\pdf.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Google Update) - C:\Users\ASUS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

How is the computer running now?

p.s.
If the problem persists run this tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#3 jreynolds2

jreynolds2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 24 September 2015 - 09:00 AM

Thank you. 

The system seems to be running slightly better, but there is still a definite problem that happened suddenly. What I notice most is an increased startup time, and that things like opening a document on Google Drive with Chrome takes much longer than before. And, after the fixes, I still receive "unresponsive" messages from Chrome sometimes--but not always.

When I play a video (an .mkv with VLC Media Player), at some point the picture will freeze and the audio will go back to a point about 30 seconds earlier and start to replay. This never happened before but still happens now, even after following your instructions.

There is a noticeable increase in disk activity. Sometimes the disk light is still on solid, but now it seems to blink more instead of staying solid. However it is still showing a lot more activity than before the problem started a few days ago.

Here is fixlog.txt: 
 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by ASUS (2015-09-23 23:39:52) Run:1
Running from C:\Users\ASUS\Downloads
Loaded Profiles: ASUS (Available Profiles: ASUS)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
SearchScopes: HKU\S-1-5-21-3590112291-2278335448-3967109752-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\pdf.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Google Update) - C:\Users\ASUS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\pdf.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => not found.
C:\Users\ASUS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll => not found.
C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
"HKU\S-1-5-21-3590112291-2278335448-3967109752-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
EmptyTemp: => 194.5 MB temporary data Removed.
 
 
The system needed a reboot.. 
 

==== End of Fixlog 23:45:14 ==== 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 PM

Posted 24 September 2015 - 01:00 PM


Chrome may be compromised.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

If that fails to solve the problem continue.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Keep me posted.

#5 jreynolds2

jreynolds2
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 24 September 2015 - 10:56 PM

Removing and reinstalling Chrome fixed the problem. Thanks! 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 PM

Posted 25 September 2015 - 07:31 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:16 PM

Posted 01 October 2015 - 08:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users