Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

crashing/freezing up


  • This topic is locked This topic is locked
2 replies to this topic

#1 emboliana

emboliana

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 23 December 2016 - 10:25 PM

my PC is crashing/freezing up multiple times daily no heat problem or harddisk bad sector.thank you for help.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by ASUS (administrator) on ASUS-PC (24-12-2016 06:16:41)
Running from C:\Users\ASUS\Desktop
Loaded Profiles: ASUS (Available Profiles: ASUS & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Windows\AsScrPro.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-06-06] (ASUS)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-07] (ASUS)
HKLM-x32\...\Run: [Tv-Plug-In] => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\...\MountPoints2: {7b80d3a0-74d0-11e5-85f7-e0b9a5f6b0ab} - E:\setup.exe
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\...\MountPoints2: {7b80d494-74d0-11e5-85f7-e0b9a5f6b0ab} - F:\setup.exe
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\...\MountPoints2: {966e0932-ca89-11e5-89b8-e0b9a5f6b0ab} - H:\Setup.exe
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\...\MountPoints2: {c9e52578-7ea7-11e5-9121-e0b9a5f6b0ab} - G:\setup.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{66ADA3EE-E42E-491B-B6F5-9803DE90FB18}: [NameServer] 195.175.39.39,195.175.39.40
Tcpip\..\Interfaces\{66ADA3EE-E42E-491B-B6F5-9803DE90FB18}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0351MK91-C431-623h-CHPF-M19917C3G4P3M} URL = hxxp://www.searchandseek.com/s/?aff=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1252416481-1816673707-3394134769-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1252416481-1816673707-3394134769-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-11-12] (AO Kaspersky Lab)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-11-12] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-30] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-11-12] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-11-12] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-10-07] (Intel Security)
Toolbar: HKU\S-1-5-21-1252416481-1816673707-3394134769-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-1252416481-1816673707-3394134769-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\v5de9q4n.default [2016-12-24]
FF Homepage: Mozilla\Firefox\Profiles\v5de9q4n.default -> www.google.com.tr
FF NetworkProxy: Mozilla\Firefox\Profiles\v5de9q4n.default -> ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\v5de9q4n.default -> ftp_port", 49736
FF NetworkProxy: Mozilla\Firefox\Profiles\v5de9q4n.default -> http", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\v5de9q4n.default -> http_port", 49736
FF NetworkProxy: Mozilla\Firefox\Profiles\v5de9q4n.default -> no_proxies_on", "localhost, localdomain, .localdomain, local, .local, 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, www.google-analytics.com"
FF NetworkProxy: Mozilla\Firefox\Profiles\v5de9q4n.default -> ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\v5de9q4n.default -> ssl_port", 49736
FF NetworkProxy: Mozilla\Firefox\Profiles\v5de9q4n.default -> type", 0
FF Extension: (Hoxx VPN Proxy) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\v5de9q4n.default\Extensions\@hoxx-vpn.xpi [2016-11-05]
FF Extension: (Browsec) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\v5de9q4n.default\Extensions\browsec@browsec.com.xpi [2016-06-23]
FF Extension: (Toggle animated GIFs) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\v5de9q4n.default\Extensions\giftoggle@simonsoftware.se.xpi [2016-08-12]
FF Extension: (SQLite Manager) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\v5de9q4n.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-08-06]
FF Extension: (Google Translator for Firefox) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\v5de9q4n.default\Extensions\translator@zoli.bod.xpi [2016-07-26]
FF Extension: (Adblock Plus) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\v5de9q4n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-12-22]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-23] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1252416481-1816673707-3394134769-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\ASUS\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1503240-0-npoctoshape.dll [2015-03-24] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1252416481-1816673707-3394134769-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-12-21] (Octoshape ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-27] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-30] (Atheros Commnucations) [File not signed]
S4 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1473792 2014-05-13] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-05] (Kaspersky Lab ZAO)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
U2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S4 LicCtrlService; C:\Windows\runservice.exe [2560 2013-09-10] () [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2015-11-18] (VIA Technologies, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-30] (Atheros) [File not signed]
S2 0212241477937380mcinstcleanup; C:\Windows\TEMP\021224~1.EXE -cleanup -nolog [X]
S3 BBSvc; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [211456 2013-09-02] () [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-10-17] (Disc Soft Ltd)
R2 hmip; C:\Windows\system32\Drivers\hmip64.sys [30056 2013-06-19] (Hide My IP)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-11-18] (REALiX™)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-05-11] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-05] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-05-25] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-05-25] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-05-25] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-05] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2015-11-18] (Qualcomm Atheros Co., Ltd.)
S3 LbAdapter; C:\Windows\System32\DRIVERS\lb.sys [21656 2010-06-07] (Echobit, LLC)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-09-02] () [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-11-18] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
S3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-03-21] (Spotflux, Inc.)
R3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S1 a2injectiondriver; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\a2dix64.sys [X]
S1 a2util; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\a2util64.sys [X]
S2 AAVScan; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\AAV_IFS64.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\cleanhlp64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 06:16 - 2016-12-24 06:17 - 00025867 _____ C:\Users\ASUS\Desktop\FRST.txt
2016-12-24 05:55 - 2016-12-24 05:57 - 00067608 _____ C:\Users\ASUS\Downloads\Addition.txt
2016-12-24 05:54 - 2016-12-24 06:16 - 00000000 ____D C:\FRST
2016-12-24 05:54 - 2016-12-24 05:57 - 00046307 _____ C:\Users\ASUS\Downloads\FRST.txt
2016-12-24 05:52 - 2016-12-24 05:53 - 02420736 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2016-12-24 05:30 - 2016-12-24 05:30 - 00000000 ____D C:\Users\ASUS\Desktop\backups
2016-12-23 08:47 - 2016-12-23 08:47 - 00001224 _____ C:\Users\ASUS\Desktop\FurMark.lnk
2016-12-23 08:47 - 2016-12-23 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2016-12-23 08:47 - 2016-12-23 08:47 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2016-12-23 08:45 - 2016-12-23 08:46 - 05802211 _____ (Geeks3D ) C:\Users\ASUS\Downloads\34137-FurMark_1.18.2.0_Setup.exe
2016-12-23 08:27 - 2016-12-23 08:48 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\NVIDIA
2016-12-23 07:20 - 2016-12-23 07:20 - 00003828 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 07:20 - 2016-12-23 07:20 - 00003828 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 07:20 - 2016-12-23 07:20 - 00003778 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 07:20 - 2016-12-23 07:20 - 00003766 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 07:20 - 2016-12-23 07:20 - 00003590 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 07:20 - 2016-12-23 07:20 - 00003530 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-23 07:20 - 2016-12-12 05:37 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-12-23 07:20 - 2016-12-12 05:37 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-12-23 07:20 - 2016-12-12 05:37 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-12-23 07:20 - 2016-12-12 05:37 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-12-23 07:20 - 2016-12-12 05:37 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-12-23 07:19 - 2016-12-23 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-23 07:19 - 2016-12-11 21:47 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-12-23 07:19 - 2016-12-11 21:47 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-12-23 07:19 - 2016-12-11 21:47 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-12-23 07:19 - 2016-12-11 21:47 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-12-23 07:19 - 2016-12-11 21:47 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-12-23 07:19 - 2016-12-11 21:47 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-12-23 07:19 - 2016-12-11 21:47 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-12-23 07:19 - 2016-12-11 21:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-12-23 07:19 - 2016-12-09 11:52 - 07639617 _____ C:\Windows\system32\nvcoproc.bin
2016-12-23 07:19 - 2016-09-09 21:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-12-23 07:19 - 2016-09-09 21:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-12-23 07:19 - 2016-09-09 21:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-12-23 07:19 - 2016-09-09 21:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-23 07:18 - 2016-12-12 05:37 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-12-23 07:16 - 2016-12-12 05:37 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 34703416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 28138432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 19947472 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 17436808 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 17376896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 14410472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 14073400 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-23 07:16 - 2016-12-12 05:37 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 10345696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 09151216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 08753832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 03640376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 03479744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 03206080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437633.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437633.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 01036224 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 00975416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 00944184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 00896056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-12-23 07:16 - 2016-12-12 05:37 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-12-23 07:16 - 2016-12-12 05:37 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-12-23 07:16 - 2016-12-12 05:37 - 00041334 _____ C:\Windows\system32\nvinfo.pb
2016-12-23 07:16 - 2016-12-12 05:37 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-12-23 07:16 - 2016-12-12 05:37 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-12-23 06:54 - 2016-12-23 07:13 - 387532560 _____ (NVIDIA Corporation) C:\Users\ASUS\Downloads\376.33-notebook-win8-win7-64bit-international-whql.exe
2016-12-22 10:26 - 2016-12-22 10:26 - 06060113 _____ C:\Users\ASUS\Downloads\memtest86-usb.zip
2016-12-22 06:35 - 2016-12-22 06:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\ASUS\Desktop\HijackThis(1).exe
2016-12-22 06:34 - 2016-12-22 06:34 - 02239373 _____ (EFD Software ) C:\Users\ASUS\Downloads\hdtunepro_560_trial.exe
2016-12-14 23:20 - 2016-12-14 23:20 - 02524442 _____ C:\Users\ASUS\Downloads\PASLANMAYAN_DEMİR_DEN_SEVGİLER.zip
2016-12-13 06:00 - 2016-12-13 06:00 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Ankama
2016-12-13 05:58 - 2016-12-13 05:58 - 00001085 _____ C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Krosmaga.lnk
2016-12-13 05:58 - 2016-12-13 05:58 - 00001083 _____ C:\Users\ASUS\Desktop\Krosmaga.lnk
2016-12-13 05:57 - 2016-12-13 05:57 - 18100528 _____ (Ankama Studio) C:\Users\ASUS\Downloads\krosmaga(1).exe
2016-12-12 22:05 - 2016-12-12 22:06 - 18100528 _____ (Ankama Studio) C:\Users\ASUS\Downloads\krosmaga.exe
2016-12-09 13:12 - 2016-12-14 15:21 - 00000000 ____D C:\Program Files (x86)\Shadow Tactics
2016-12-09 13:12 - 2016-12-09 13:12 - 00001768 _____ C:\Users\Public\Desktop\Shadow Tactics.lnk
2016-12-09 05:25 - 2016-12-09 05:37 - 00000000 ____D C:\Users\ASUS\Downloads\Shadow Tactics [FitGirl Repack]
2016-12-09 05:23 - 2016-12-09 07:23 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\uTorrent
2016-12-08 18:47 - 2016-12-23 13:20 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-12-07 22:14 - 2016-12-07 22:14 - 00016389 _____ C:\Users\ASUS\Downloads\654024-Timeless-2016-Dizi-23.976fps-TR-16kB-TurkceAltyazi.org.zip
2016-12-07 22:13 - 2016-12-07 22:14 - 00016975 _____ C:\Users\ASUS\Downloads\653100-Timeless-2016-Dizi-23.976fps-TR-17kB-TurkceAltyazi.org.zip
2016-12-07 21:21 - 2016-12-07 21:21 - 00021710 _____ C:\Users\ASUS\Downloads\651367-Timeless-2016-Dizi-23.976fps-TR-21kB-TurkceAltyazi.org.zip
2016-12-05 18:18 - 2016-12-05 18:24 - 00000000 ____D C:\Users\ASUS\AppData\Local\dwarves
2016-12-05 17:31 - 2016-12-05 18:05 - 00000000 ____D C:\Program Files (x86)\The Dwarves
2016-12-05 17:31 - 2016-12-05 17:31 - 00001690 _____ C:\Users\Public\Desktop\The Dwarves.lnk
2016-11-29 18:59 - 2016-11-29 18:59 - 00002314 _____ C:\Users\Public\Desktop\Sid Meier's Civilization 6 DirectX 12.lnk
2016-11-29 18:59 - 2016-11-29 18:59 - 00002280 _____ C:\Users\Public\Desktop\Sid Meier's Civilization 6.lnk
2016-11-29 12:34 - 2016-11-29 18:53 - 00000000 ____D C:\Users\ASUS\Downloads\Sid Meier's Civilization 6 [FitGirl Repack]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 06:16 - 2012-08-18 02:01 - 24797262 _____ C:\Windows\system32\perfh01F.dat
2016-12-24 06:16 - 2012-08-18 02:01 - 08756932 _____ C:\Windows\system32\perfc01F.dat
2016-12-24 06:16 - 2011-02-19 06:29 - 24481022 _____ C:\Windows\system32\prfh0804.dat
2016-12-24 06:16 - 2011-02-19 06:29 - 08731176 _____ C:\Windows\system32\prfc0804.dat
2016-12-24 06:16 - 2011-02-19 06:23 - 24507214 _____ C:\Windows\system32\prfh0404.dat
2016-12-24 06:16 - 2011-02-19 06:23 - 08734484 _____ C:\Windows\system32\prfc0404.dat
2016-12-24 06:16 - 2011-02-19 06:18 - 24880980 _____ C:\Windows\system32\prfh0816.dat
2016-12-24 06:16 - 2011-02-19 06:18 - 08770354 _____ C:\Windows\system32\prfc0816.dat
2016-12-24 06:16 - 2011-02-19 06:13 - 24897460 _____ C:\Windows\system32\perfh00A.dat
2016-12-24 06:16 - 2011-02-19 06:13 - 08779866 _____ C:\Windows\system32\perfc00A.dat
2016-12-24 06:16 - 2011-02-19 06:08 - 24893342 _____ C:\Windows\system32\perfh00C.dat
2016-12-24 06:16 - 2011-02-19 06:08 - 08767498 _____ C:\Windows\system32\perfc00C.dat
2016-12-24 06:16 - 2009-07-14 08:13 - 00007466 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-24 06:14 - 2016-11-18 05:51 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Mozilla
2016-12-24 06:13 - 2016-01-18 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 16
2016-12-24 06:13 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-12-24 06:12 - 2012-08-20 10:57 - 00000000 ___HD C:\Users\ASUS\AppData\Local\CrashDumps
2016-12-24 06:12 - 2012-06-06 01:43 - 00000000 ____D C:\Windows\Minidump
2016-12-24 06:11 - 2016-05-04 17:05 - 00000286 _____ C:\Users\ASUS\AppData\Roaming\sp_data.sys
2016-12-24 06:11 - 2014-06-05 13:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-24 06:09 - 2012-06-06 01:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-24 06:09 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-24 05:57 - 2009-07-14 07:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-24 05:57 - 2009-07-14 07:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-24 05:26 - 2013-04-17 20:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-23 19:44 - 2012-11-02 17:19 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA899824-70D9-4DF8-B389-E1349E4DC2E3}
2016-12-23 15:54 - 2016-11-07 12:47 - 00000596 _____ C:\Users\ASUS\Desktop\New Text Document (11).txt
2016-12-23 13:54 - 2013-04-17 20:56 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-23 13:54 - 2012-09-28 16:09 - 00000000 ___HD C:\Users\ASUS\AppData\Local\Adobe
2016-12-23 13:54 - 2012-08-28 10:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-23 13:54 - 2012-08-28 10:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-23 13:53 - 2012-08-28 10:22 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-23 13:53 - 2012-02-18 10:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-23 08:12 - 2015-01-05 13:09 - 00000000 ____D C:\Users\ASUS\AppData\Local\NVIDIA Corporation
2016-12-23 07:20 - 2016-08-15 23:19 - 00000000 ____D C:\Users\ASUS\AppData\Local\NVIDIA
2016-12-23 07:20 - 2012-11-01 11:58 - 00000000 ____D C:\temp
2016-12-23 07:20 - 2012-06-06 01:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-23 07:20 - 2012-06-06 01:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-23 07:20 - 2012-06-06 01:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-23 07:19 - 2016-08-15 23:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-12-23 07:19 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Help
2016-12-22 23:24 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-22 18:23 - 2012-02-18 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-12-22 18:23 - 2012-02-18 10:46 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-12-22 18:17 - 2016-01-18 20:21 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2016-12-22 18:17 - 2012-09-04 12:31 - 00000000 ___HD C:\Users\ASUS\AppData\Roaming\uTorrent
2016-12-22 18:17 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-22 18:16 - 2016-02-25 11:19 - 00001010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk
2016-12-22 18:13 - 2016-10-31 20:48 - 00000000 ____D C:\Users\ASUS\Desktop\HEHEHE_HEHEH
2016-12-22 18:13 - 2016-07-08 14:51 - 00000000 ____D C:\Users\ASUS\Desktop\New folder (2)
2016-12-22 18:13 - 2015-01-19 12:46 - 00000000 ____D C:\Users\ASUS\Desktop\mousemu
2016-12-22 17:31 - 2016-02-25 10:57 - 00000000 ____D C:\ProgramData\TEMP
2016-12-22 10:27 - 2016-01-12 10:53 - 00000000 ____D C:\Users\ASUS\Desktop\IGG-Punch.Club.v1.02
2016-12-19 06:15 - 2016-02-13 14:34 - 00000708 _____ C:\Users\ASUS\Desktop\New Text Document (3).txt
2016-12-17 22:25 - 2016-04-11 12:37 - 00000000 ____D C:\Users\ASUS\Documents\Paradox Interactive
2016-12-17 11:00 - 2016-06-28 12:38 - 00000000 ____D C:\Users\ASUS\AppData\Roaming\vlc
2016-12-14 14:54 - 2016-05-10 21:32 - 00002333 _____ C:\Users\ASUS\Desktop\Safe Money.lnk
2016-12-14 11:37 - 2014-03-28 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 10:53 - 2016-06-23 14:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-13 05:57 - 2014-01-11 14:41 - 00000000 ____D C:\Users\ASUS\AppData\Local\Ankama
2016-12-09 13:42 - 2015-05-04 22:19 - 00000000 ____D C:\Users\ASUS\AppData\Local\Daedalic Entertainment GmbH
2016-12-09 13:42 - 2013-11-12 18:12 - 00000000 ____D C:\Users\ASUS\AppData\LocalLow\Daedalic Entertainment GmbH
2016-12-07 12:16 - 2016-10-15 15:29 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-02 19:09 - 2013-04-26 09:58 - 00000000 ____D C:\Users\ASUS\Desktop\Chopin - Complete Piano Music- by Idil Biret (15 CD Box Set)
2016-12-02 18:39 - 2015-10-13 13:01 - 00000072 _____ C:\Users\ASUS\Desktop\New Text Document (5).txt
2016-11-29 19:25 - 2014-08-29 19:15 - 00000000 ____D C:\Users\DefaultAppPool
2016-11-29 19:21 - 2013-01-09 18:59 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-11-29 19:13 - 2016-10-21 18:11 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization 6
2016-11-28 11:59 - 2012-08-18 01:42 - 00000000 ___HD C:\Users\ASUS
2016-11-28 11:58 - 2016-10-15 07:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
2016-11-28 11:58 - 2015-04-05 07:45 - 00000000 ___SD C:\Windows\system32\GWX
2016-11-28 11:58 - 2012-06-06 01:38 - 00000000 ____D C:\ProgramData\P4G
2016-11-28 11:58 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration

==================== Files in the root of some directories =======

2014-04-18 13:28 - 2015-02-27 17:17 - 0000113 _____ () C:\Users\ASUS\AppData\Roaming\D2Info0
2014-04-18 13:28 - 2015-02-27 17:16 - 0000008 _____ () C:\Users\ASUS\AppData\Roaming\DofusAppId0_1
2014-04-18 13:29 - 2015-02-27 17:24 - 0000008 _____ () C:\Users\ASUS\AppData\Roaming\DofusAppId0_2
2016-05-04 17:05 - 2016-12-24 06:11 - 0000286 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2014-06-19 10:18 - 2014-06-19 10:18 - 0000024 _____ () C:\Users\ASUS\AppData\Roaming\temp.ini
2015-02-28 06:44 - 2015-02-28 06:44 - 0003584 _____ () C:\Users\ASUS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-18 12:21 - 2012-11-18 12:21 - 0000017 _____ () C:\Users\ASUS\AppData\Local\resmon.resmoncfg
2015-06-19 13:11 - 2015-06-19 13:11 - 0000017 _____ () C:\Users\ASUS\AppData\Local\si
2016-02-25 11:19 - 2016-02-25 11:19 - 0000016 _____ () C:\ProgramData\mntemp
2012-06-06 01:45 - 2012-06-06 01:46 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-06-06 01:44 - 2012-06-06 01:45 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-06-06 01:44 - 2012-06-06 01:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-29 13:44

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:19 AM

Posted 24 December 2016 - 09:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1252416481-1816673707-3394134769-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0351MK91-C431-623h-CHPF-M19917C3G4P3M} URL = hxxp://www.searchandseek.com/s/?aff=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1252416481-1816673707-3394134769-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1252416481-1816673707-3394134769-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKU\S-1-5-21-1252416481-1816673707-3394134769-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-1252416481-1816673707-3394134769-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
FF Extension: (Browsec) - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\v5de9q4n.default\Extensions\browsec@browsec.com.xpi [2016-06-23]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1252416481-1816673707-3394134769-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [No File]
S2 0212241477937380mcinstcleanup; C:\Windows\TEMP\021224~1.EXE -cleanup -nolog [X]
S3 BBSvc; no ImagePath
S1 a2injectiondriver; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\a2dix64.sys [X]
S1 a2util; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\a2util64.sys [X]
S2 AAVScan; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\AAV_IFS64.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\cleanhlp64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\v5de9q4n.default\Extensions\browsec@browsec.com.xpi

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt.

Post also the Addition.txt file that was created by the Farbar tool.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:19 AM

Posted 30 December 2016 - 09:49 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users