Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Infection with FRST Logs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan Infection with FRST Logs

Unread postby ijo90 » March 25th, 2015, 9:21 am

Postby ijo90 » March 25th, 2015, 1:08 pm
Hello, this is my first post on this forum, hope I can get some help.

I have AVG antivirus and I get everyday messages about trojan infections ( Trojan Sathurbot, VBCrypt, Trojan Agent, Cryptor etc. ) even if I remove them they keep coming back.

I tried Malwarebytes , seach and destroy , spyhunter but the same result they always keep coming back.

I get a message ( not in the web browser ) to update flash player everyday that seems very strange so i believe it is related with a trojan infection.

Sometimes I also get redirected from Google Chrome to a site called anygator but this seems random.


So if somebody has a solution for me please do not hesitate to reply to my message.



Thank you

Here are the logs :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by SoundBlaster2 (administrator) on SOUNDBLASTER on 25-03-2015 12:03:39
Running from C:\Users\SoundBlaster2\Downloads
Loaded Profiles: UpdatusUser & SoundBlaster2 (Available profiles: UpdatusUser & SoundBlaster2)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [901632 2015-01-08] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14634656 2014-06-19] (Gadwin Systems)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [IVONA Reader] => "D:\Software\IVONA Reader\IVONA Reader.exe.exe" -t -nosplash
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [201576 2013-05-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://cool-tvlive.net/terra
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cool-tvlive.net/terra
SearchScopes: HKU\.DEFAULT -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL =
SearchScopes: HKU\S-1-5-21-3588957260-3221095627-2875930436-1001 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL =
SearchScopes: HKU\S-1-5-21-3588957260-3221095627-2875930436-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={EC1DEE57-49A1-4013-8C07-8D2097AAFB90}&mid=ecd09b446a1e47d29d2ba5996d86af1d-3489b77b67d54795791cea9fb24f933cec046f4f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2014-09-14 23:30:21&v=18.3.0.879&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWow64\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-02] (Oracle Corporation)
BHO-x32: EZ YouTube Video Downloader 1.0 -> {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} -> C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll [2014-01-31] (XtensionPlus)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.3.0.879\AVG SafeGuard toolbar_toolbar.dll [2015-02-25] (AVG Secure Search)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.879\AVG SafeGuard toolbar_toolbar.dll No File
Toolbar: HKU\S-1-5-21-3588957260-3221095627-2875930436-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-02-25] (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{18BBE6FA-4809-4EF6-B2C2-3DA47FA3A60E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4632F52F-B99D-4846-8141-9E099FE4F4E6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9966B9C6-BFB2-4E9E-ADC4-9DBD861E9FCC}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A06625E7-54A1-480E-BE55-F13D58A77E63}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DB92D200-F11F-4D6D-B505-BD72CABB609F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-01-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-31] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3588957260-3221095627-2875930436-1002: @citrixonline.com/appdetectorplugin -> C:\Users\SoundBlaster2\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-3588957260-3221095627-2875930436-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SoundBlaster2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-01] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-07-06]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]
CHR Extension: (Google Docs) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-07]
CHR Extension: (Google Drive) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07]
CHR Extension: (YouTube) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07]
CHR Extension: (Adblock Plus) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-02]
CHR Extension: (Google Search) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07]
CHR Extension: (Google Sheets) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06]
CHR Extension: (Gmail) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-02-25] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-01-23] (AVG Technologies CZ, s.r.o.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-06-01] (CACE Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 12:03 - 2015-03-25 12:03 - 00030214 _____ () C:\Users\SoundBlaster2\Downloads\FRST.txt
2015-03-25 12:03 - 2015-03-25 12:03 - 00000000 ____D () C:\FRST
2015-03-25 10:43 - 2015-03-25 10:43 - 02095616 _____ (Farbar) C:\Users\SoundBlaster2\Downloads\FRST64.exe
2015-03-25 10:42 - 2015-03-25 10:42 - 00688992 _____ (Swearware) C:\Users\SoundBlaster2\Downloads\dds.scr
2015-03-25 08:46 - 2015-03-25 08:46 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\SoundBlaster2\Downloads\SpyHunter-Installer.exe
2015-03-24 17:13 - 2015-03-24 17:13 - 00080384 _____ () C:\Users\SoundBlaster2\Downloads\10563.xls
2015-03-24 15:55 - 2015-03-24 15:59 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\BSplayer PRO
2015-03-24 15:55 - 2015-03-24 15:55 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2015-03-24 15:55 - 2015-03-24 15:55 - 00001165 _____ () C:\Users\Public\Desktop\BS.Player PRO.lnk
2015-03-24 15:55 - 2015-03-24 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2015-03-24 15:55 - 2015-03-24 15:55 - 00000000 ____D () C:\Program Files (x86)\Webteh
2015-03-24 15:54 - 2015-03-24 15:54 - 00057448 _____ () C:\Users\SoundBlaster2\Downloads\Retro.Games.Pack-FL.torrent
2015-03-24 15:52 - 2015-03-24 15:52 - 00026169 _____ () C:\Users\SoundBlaster2\Downloads\BS Player Pro 2.67.1076 - CORE.torrent
2015-03-23 14:39 - 2015-03-23 14:39 - 01457152 _____ () C:\Users\SoundBlaster2\Downloads\La PRO et le gros PÉNIS.pps
2015-03-23 11:35 - 2015-03-23 11:35 - 00016454 _____ () C:\Users\SoundBlaster2\Downloads\EBC909927DF141BBB334FE4ED798C9273BC673C5.torrent
2015-03-23 08:26 - 2015-03-25 08:31 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\usas
2015-03-19 14:16 - 2015-03-19 14:16 - 00080384 _____ () C:\Users\SoundBlaster2\Downloads\10714.xls
2015-03-18 08:08 - 2015-03-18 08:08 - 00144896 _____ () C:\Users\SoundBlaster2\Desktop\price offer.xls
2015-03-17 08:27 - 2015-03-17 08:27 - 00094582 _____ () C:\Users\SoundBlaster2\Downloads\quote-template.xlsx
2015-03-13 23:30 - 2015-03-13 23:45 - 00000000 _____ () C:\WINDOWS\SysWOW64\杴条
2015-03-11 15:16 - 2015-03-11 15:16 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-03-05 23:54 - 2015-03-05 23:54 - 00043975 _____ () C:\Users\SoundBlaster2\Downloads\4-months-3-weeks-and-2-days-2007-720p-bluray-dts-x264-ea-(Z2)-davd4m.zip
2015-03-05 23:52 - 2015-03-05 23:52 - 00033682 _____ () C:\Users\SoundBlaster2\Downloads\4.Luni.3.Saptamani.Si.2.Zile.2007.Z2.zip
2015-03-05 20:33 - 2015-03-05 20:33 - 00014835 _____ () C:\Users\SoundBlaster2\Downloads\[kickass.to]4.luni.3.saptamani.si.2.zile.dvdrip.aac.ro.torrent
2015-03-05 14:37 - 2015-03-05 14:50 - 99819841 _____ () C:\Users\SoundBlaster2\Downloads\GR_Pickup_Truck_Mock-Up (1).rar
2015-03-05 11:54 - 2015-03-05 11:54 - 00000007 _____ () C:\Users\SoundBlaster2\Downloads\GR_Pickup_Truck_Mock-Up.rar
2015-03-05 11:40 - 2015-03-05 11:40 - 00000000 ____D () C:\Program Files (x86)\IVONA
2015-03-05 11:37 - 2015-03-05 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVONA
2015-03-05 11:37 - 2015-03-05 11:38 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\IVONA Reader
2015-03-05 11:37 - 2015-03-05 11:37 - 00000797 _____ () C:\Users\Public\Desktop\IVONA Reader.lnk
2015-03-05 11:37 - 2015-03-05 11:37 - 00000000 ___RD () C:\Users\SoundBlaster2\Documents\IVONA Reader Podcasts
2015-03-04 17:38 - 2015-03-05 08:31 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\WinCL
2015-03-04 16:30 - 2015-03-04 16:30 - 00229376 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Read Me Info.txt
2015-03-02 14:51 - 2015-03-02 14:51 - 00000913 _____ () C:\Users\SoundBlaster2\Desktop\µTorrent.lnk
2015-03-02 14:51 - 2015-03-02 14:51 - 00000893 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-03-02 11:40 - 2015-03-25 08:30 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 11:40 - 2015-03-02 11:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SoundBlaster2\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 11:40 - 2015-03-02 11:40 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 11:40 - 2015-03-02 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 11:40 - 2015-03-02 11:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-02 11:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-02 11:40 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-02 11:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-02 11:39 - 2015-03-02 11:39 - 00939355 _____ (company ) C:\Users\SoundBlaster2\Downloads\Malwarebytes Anti-Malware Premium 2.0.2.1012.exe
2015-03-02 10:17 - 2015-03-02 10:17 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-03-01 19:26 - 2015-03-01 19:26 - 00022802 _____ () C:\Users\SoundBlaster2\Downloads\VA-Pro Fm 90s Hits-PLeY.torrent
2015-03-01 19:23 - 2015-03-01 19:48 - 170674216 _____ (Emsisoft Ltd. ) C:\Users\SoundBlaster2\Downloads\EmsisoftAntiMalwareSetup.exe
2015-02-28 16:40 - 2015-03-25 09:16 - 00014728 _____ () C:\WINDOWS\PFRO.log
2015-02-27 09:14 - 2015-02-27 09:14 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\SoundBlaster2\Downloads\tdsskiller.exe
2015-02-27 08:21 - 2015-03-18 01:27 - 00002190 _____ () C:\WINDOWS\setupact.log
2015-02-27 08:21 - 2015-02-27 08:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-26 17:10 - 2015-02-26 17:10 - 00066048 _____ () C:\Users\SoundBlaster2\Downloads\MESSAGER à la Chapelle en Serval (1).xls
2015-02-26 17:02 - 2015-02-23 20:04 - 00001506 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20150226-170219.backup
2015-02-26 17:01 - 2015-02-23 20:04 - 00001506 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20150226-170151.backup
2015-02-26 16:46 - 2015-02-26 16:46 - 01402880 _____ () C:\Users\SoundBlaster2\Downloads\hijackthis_hijackthis_2.0.4_anglais_17891 (1).msi
2015-02-26 08:19 - 2015-02-26 08:19 - 00003043 _____ () C:\Users\SoundBlaster2\Desktop\HiJackThis.lnk
2015-02-26 08:19 - 2015-02-26 08:19 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-02-26 08:19 - 2015-02-26 08:19 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-02-26 08:18 - 2015-02-26 08:18 - 01402880 _____ () C:\Users\SoundBlaster2\Downloads\hijackthis_hijackthis_2.0.4_anglais_17891.msi
2015-02-26 08:04 - 2015-03-02 10:52 - 00002279 _____ () C:\Users\SoundBlaster2\Desktop\Google Chrome.lnk
2015-02-26 08:02 - 2015-02-26 08:02 - 00000270 _____ () C:\WINDOWS\Sounds.h
2015-02-26 07:49 - 2015-02-26 07:53 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-25 22:57 - 2015-02-25 22:57 - 00504112 _____ () C:\Users\SoundBlaster2\Downloads\cacaoweb.exe
2015-02-25 14:47 - 2015-02-25 14:47 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Avg2014
2015-02-25 14:45 - 2015-02-25 14:45 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-25 10:09 - 2015-02-25 11:17 - 505544808 _____ () C:\Users\SoundBlaster2\Downloads\GR_Truck_Mock_Up.rar
2015-02-24 16:21 - 2015-02-24 16:21 - 00015682 _____ () C:\Users\SoundBlaster2\Downloads\VIR 26 K€.tif
2015-02-24 15:05 - 2015-02-24 15:05 - 00020314 _____ () C:\Users\SoundBlaster2\Downloads\IVONA Reader + IVONA Text to Speech MULTILANG - FiLELiST.torrent
2015-02-24 14:34 - 2015-02-24 14:34 - 00066048 _____ () C:\Users\SoundBlaster2\Downloads\MESSAGER à la Chapelle en Serval.xls
2015-02-24 14:09 - 2015-02-24 14:09 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-02-24 14:08 - 2015-03-02 14:49 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Citrix
2015-02-24 11:54 - 2015-02-24 11:55 - 04823833 _____ () C:\Users\SoundBlaster2\Downloads\GR_ModernArt_2_Photoshop_Action.rar
2015-02-23 16:54 - 2015-02-23 16:54 - 01657316 _____ () C:\Users\SoundBlaster2\Downloads\GR_Oil_Painting_Effect_Vol.03.rar
2015-02-23 16:05 - 2015-02-23 16:06 - 09315513 _____ () C:\Users\SoundBlaster2\Downloads\GR_25_HDR_Photo_FX_V.3_-_Photoshop_Action.rar
2015-02-23 14:40 - 2015-02-23 14:40 - 01368899 _____ () C:\Users\SoundBlaster2\Downloads\GR_Photo_Pop-Out_Creator.rar
2015-02-23 10:35 - 2015-02-23 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebExtractor360
2015-02-23 10:35 - 2015-02-23 10:35 - 00000000 ____D () C:\Program Files (x86)\WebExtractor360
2015-02-23 10:34 - 2015-02-23 10:34 - 00243875 _____ () C:\Users\SoundBlaster2\Downloads\WebExtractor360.zip
2015-02-23 09:36 - 2015-03-13 08:39 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Idvsoft
2015-02-23 09:35 - 2015-03-25 09:16 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Idcssoft
2015-02-23 09:33 - 2015-02-23 09:33 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\northworks.biz
2015-02-23 09:33 - 2015-02-23 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ECrawl Shareware
2015-02-23 09:33 - 2000-12-05 22:00 - 00209608 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TABCTL32.OCX
2015-02-23 09:30 - 2015-02-23 09:32 - 01632679 _____ () C:\Users\SoundBlaster2\Downloads\ECrawl.v2.60.rar
2015-02-23 09:24 - 2015-02-23 09:25 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Local Store
2015-02-23 09:21 - 2015-02-23 09:48 - 186845261 _____ () C:\Users\SoundBlaster2\Downloads\GR_Retro_Vintage_Text_Effects_10330477.rar
2015-02-23 09:20 - 2015-02-23 09:20 - 00015873 _____ () C:\Users\SoundBlaster2\Downloads\Super Email Extractor (1).torrent
2015-02-23 09:18 - 2015-02-23 09:18 - 00015879 _____ () C:\Users\SoundBlaster2\Downloads\Super Email Extractor.torrent
2015-02-23 08:39 - 2015-02-23 08:39 - 00015865 _____ () C:\Users\SoundBlaster2\Downloads\Atomic Email Hunter (1).torrent
2015-02-23 08:37 - 2015-02-23 08:37 - 00015865 _____ () C:\Users\SoundBlaster2\Downloads\Atomic Email Hunter.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-25 12:00 - 2013-08-20 13:40 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-03-25 12:00 - 2013-08-20 13:40 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-03-25 11:59 - 2015-01-22 16:45 - 02004897 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-25 11:30 - 2013-11-07 01:55 - 00001102 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 09:17 - 2013-11-06 20:04 - 00000073 _____ () C:\Users\SoundBlaster2\AppData\Roaming\sp_data.sys
2015-03-25 09:16 - 2013-11-07 01:55 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 09:16 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-25 09:16 - 2013-08-20 13:27 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-03-25 09:15 - 2013-11-07 02:02 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\uTorrent
2015-03-25 09:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\security
2015-03-25 08:45 - 2014-09-26 17:49 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-03-25 08:27 - 2014-09-04 08:18 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-25 08:19 - 2013-12-31 15:28 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1461E547-98FC-4A90-8DE7-508550600DD5}
2015-03-24 17:46 - 2013-11-06 20:29 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3588957260-3221095627-2875930436-1002
2015-03-24 16:31 - 2013-11-08 09:56 - 05175296 ___SH () C:\Users\SoundBlaster2\Downloads\Thumbs.db
2015-03-24 11:24 - 2013-11-07 16:36 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\ObviousIdea
2015-03-24 10:53 - 2013-11-26 16:56 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\EurekaLog
2015-03-23 17:57 - 2013-08-20 13:27 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-03-22 02:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-20 12:36 - 2014-08-25 16:49 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Adobe
2015-03-19 14:08 - 2013-11-07 03:44 - 06126080 ___SH () C:\Users\SoundBlaster2\Desktop\Thumbs.db
2015-03-19 13:49 - 2013-11-07 17:09 - 00000000 ____D () C:\Users\SoundBlaster2\Desktop\Andrei
2015-03-17 15:44 - 2013-11-07 19:42 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Microsoft Help
2015-03-13 10:05 - 2014-09-24 17:21 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-11 15:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-11 09:05 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 08:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-03-06 15:44 - 2014-09-14 22:30 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-03-06 10:16 - 2013-12-21 08:48 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\vlc
2015-03-06 08:40 - 2014-09-14 22:30 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-03-05 09:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-04 19:03 - 2014-08-26 08:11 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Adobe
2015-03-04 18:59 - 2014-10-21 09:19 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-03 09:35 - 2013-12-19 08:51 - 00000000 ____D () C:\Users\SoundBlaster2\Desktop\Photowork
2015-03-02 14:51 - 2014-01-09 19:08 - 00000000 ____D () C:\Program Files\ESET
2015-03-02 14:49 - 2014-07-06 16:18 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood
2015-03-02 14:49 - 2014-07-06 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2015-03-02 14:48 - 2013-08-20 13:38 - 00000000 ____D () C:\Program Files\ASUS
2015-03-02 14:15 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-03-02 10:41 - 2014-07-17 12:48 - 01525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-03-01 19:22 - 2014-07-17 12:48 - 02032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-02-28 16:41 - 2014-07-17 12:48 - 00837543 _____ () C:\ProgramData\yvd_ie_se.exe
2015-02-28 16:39 - 2014-10-25 03:13 - 00000000 ____D () C:\Users\SoundBlaster2
2015-02-26 17:01 - 2014-07-31 18:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-26 09:56 - 2014-11-24 13:41 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-26 09:56 - 2014-09-04 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-25 14:46 - 2014-11-28 09:41 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar

==================== Files in the root of some directories =======

2014-02-26 12:02 - 2014-02-26 14:02 - 0006830 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Comma Separated Values (Windows).EML
2014-01-29 10:33 - 2014-01-29 10:33 - 0000021 _____ () C:\Users\SoundBlaster2\AppData\Roaming\my_intel.sys
2015-03-04 16:30 - 2015-03-04 16:30 - 0229376 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Read Me Info.txt
2013-11-06 20:04 - 2015-03-25 09:17 - 0000073 _____ () C:\Users\SoundBlaster2\AppData\Roaming\sp_data.sys
2015-01-29 17:21 - 2015-01-29 17:21 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2014-07-17 12:48 - 2014-12-27 18:51 - 0761485 _____ () C:\ProgramData\ChromeTabExtension.crx
2013-04-26 00:15 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 00:15 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 00:15 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-07-07 12:40 - 2014-07-31 18:22 - 2212978 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.0.exe
2014-08-16 15:14 - 2014-09-02 00:37 - 2214299 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
2014-09-06 10:36 - 2014-09-06 10:36 - 2465619 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.3.exe
2014-09-10 05:45 - 2014-09-10 05:46 - 2465301 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.4.exe
2014-09-13 10:08 - 2014-09-22 21:17 - 2465411 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.5.exe
2014-07-17 12:48 - 2015-03-01 19:22 - 2032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2014-07-17 12:48 - 2015-03-02 10:41 - 1525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2014-07-17 12:48 - 2015-02-28 16:41 - 0837543 _____ () C:\ProgramData\yvd_ie_se.exe
2013-11-07 01:08 - 2013-11-07 01:11 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-11-07 01:07 - 2013-11-07 01:08 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.0.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.3.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.4.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.5.exe
C:\ProgramData\yvd_chrome_se.exe
C:\ProgramData\yvd_firefox_se.exe
C:\ProgramData\yvd_ie_se.exe


Some content of TEMP:
====================
C:\Users\SoundBlaster2\AppData\Local\Temp\dynwrapx.dll
C:\Users\SoundBlaster2\AppData\Local\Temp\mshta.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\sqlite3.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 09:47

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by SoundBlaster2 at 2015-03-25 12:04:17
Running from C:\Users\SoundBlaster2\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
AceBackup 3 (HKLM-x32\...\{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}) (Version: 3.0.2 - AceBIT)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
adsl TV (HKLM-x32\...\{3AFDD2C6-8663-46B5-B195-6CEB00D44768}) (Version: 2013.1 - adsl TV / FM)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
A-PDF Data Extractor (HKLM-x32\...\A-PDF Data Extractor_is1) (Version: - A-PDF Solution)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arbortext IsoView 7.3 (HKLM-x32\...\{4BDE5481-42B1-4A16-AF98-31B9FB1AB7C5}) (Version: 7.3.00.15 - PTC)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.6 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Auto Inventory (HKLM-x32\...\Auto Inventory2.4) (Version: 2.4 - Computer Specialties)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4315 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.3.0.879 - AVG Technologies)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
Canon MG2400 series User Registration (HKLM-x32\...\Canon MG2400 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Consult V4 RenaultTrucks (HKLM-x32\...\Consult V4 RenaultTrucks) (Version: - )
Consult VIN (HKLM-x32\...\Consult VIN) (Version: - )
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
ECrawl Shareware (HKLM-x32\...\ECrawl Shareware) (Version: - northworks.biz)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
eMail Extractor 3.2.0 (HKLM-x32\...\eMail Extractor_is1) (Version: - MAX Programming LLC)
Ethereal 0.99.0 (HKLM-x32\...\Ethereal) (Version: 0.99.0 - The Ethereal developer community, http://www.ethereal.com)
EZ YouTube Video Downloader (HKLM-x32\...\EZ YouTube Video Downloader) (Version: 1.2.0 - XtensionPlus) <==== ATTENTION
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gadwin PrintScreen (64-Bit) (HKLM\...\{2A271428-D127-40B1-9728-662DAA3472F6}) (Version: 5.3.1.0 - Gadwin Systems)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
ImTranslator for IE (HKLM-x32\...\ImTranslator for IE) (Version: - )
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
iPhone Backup Extractor (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\iPhone Backup Extractor) (Version: 5.1.9.0 - Reincubate Ltd)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.51 - IVONA Software Sp. z o.o.)
IVONA Reader (HKLM-x32\...\IVONA Reader) (Version: - IVONA Software Sp. z o.o.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Light Image Resizer 4.4.1.4 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.4.1.4 - ObviousIdea)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metal Slug Complete PC 1.0 (HKLM-x32\...\Metal Slug Complete PC) (Version: 1.0 - SNK PLAYMORE)
Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{004F0409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection (HKLM\...\{5677B005-B609-4B5B-9F3C-132BB085D3CF}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Multi (HKLM-x32\...\{7B2C1257-4965-4205-8EFC-71737AAE2C69}) (Version: 6.13.0 - Scania)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
NVIDIA Graphics Driver 311.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.66 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version: - PokerStars.fr)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.16 - ASUS)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast Tv Plugin 5.9 Setup (HKLM-x32\...\SopCast Tv Plugin 5.9 Setup) (Version: - )
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Totally Rad Dirty Pictures 1.5.1 (HKLM-x32\...\Totally Rad Dirty Pictures) (Version: 1.5.1 - Totally Rad!)
Tv_Online (HKLM-x32\...\Tv_Online) (Version: - Tv Online Uninstall)
Unity Web Player (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Web Data Extractor 8.3 (HKLM-x32\...\{2D889173-0C85-4325-8EAE-E6B68BCA71B7}) (Version: 8.3.0.1 - spadixbd.com)
Westwood Shared Internet Components (HKLM-x32\...\WOLAPI) (Version: - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

11-03-2015 09:55:14 Scheduled Checkpoint
20-03-2015 03:58:23 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-03-25 08:45 - 00001509 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
85.25.107.66 www.google-analytics.com.
85.25.107.66 google-analytics.com.
85.25.107.66 connect.facebook.net.
94.242.254.157 www.google-analytics.com.
94.242.254.157 google-analytics.com.
94.242.254.157 connect.facebook.net.
195.162.69.251 www.google-analytics.com.
195.162.69.251 google-analytics.com.
195.162.69.251 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08D94BB2-CF63-4159-83CB-F43945C93983} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {113699D2-12AE-49D5-8EDD-6CD5C36696A5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {12650F01-C4B4-48AE-9D0E-466E47F871E0} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2013-01-22] (ASUS)
Task: {12978E33-22AD-40FB-9BEE-D69DDA47C72C} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {314DC277-E453-460D-84C3-2BC2B28EAEF8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {36F27201-86AC-4123-BEB6-A59F2447CE9E} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe
Task: {3A6643F2-1D41-4485-B6DB-CD34B7EFBDBF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3E95A098-A851-455E-8DA9-708E6816721C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {4FC8513B-E821-45CC-8EB9-F02118A89276} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {573E1ACB-80AD-4F66-A1C9-F7DB219AEBA7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {61F8546B-779F-4684-8618-6F49244F35D6} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {6201E03A-3626-4DC9-A33E-58168C3DC2CD} - System32\Tasks\{4D23D2A9-AB16-4AFB-9AE1-9DDEDA2CFDF8} => pcalua.exe -a F:\AutoStarter.exe -d F:\
Task: {81501A38-0080-4496-B094-43F6E4E058CD} - \FF Watcher {43B1C9E7-D441-4F3B-AC0D-3B1C27E5D758} No Task File <==== ATTENTION
Task: {85C48BF2-93DB-4E64-9565-E82C90CECA65} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {8A4A2C3D-DBD8-4C5A-9333-A0069C322BD8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {9486BF60-C192-476F-8908-B39D961C4504} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {971BFCEA-BEE5-49B5-90B1-F3E09E2FCE08} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-16] (AsusTek)
Task: {A174FFAE-A60A-4DAB-BC23-35BB54B115FB} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {AFEABCD5-9353-4117-B72B-E249D1E47AF3} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid= ... mp;lang=en
Task: {CA33ED1A-6DD3-4DBD-BE43-53D9DF03B7F1} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {DFBCA31F-E395-4A22-8DD4-8E4EAF0BB8BA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {FF086CCE-2494-4634-A665-989BDA300987} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/

==================== Loaded Modules (whitelisted) ==============

2013-11-12 10:50 - 2012-12-06 14:52 - 00136704 _____ () C:\WINDOWS\System32\zlhp2600.dll
2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-25 14:46 - 2015-02-25 14:46 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2012-04-16 14:45 - 2012-04-16 14:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2013-10-01 12:02 - 2013-10-01 12:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-04-16 11:42 - 2012-04-16 11:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-04-16 11:41 - 2012-04-16 11:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 11:56 - 2012-04-16 11:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 11:38 - 2012-04-16 11:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2014-07-31 18:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-31 18:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-31 18:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-25 14:46 - 2015-02-25 14:46 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2014-07-31 18:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-31 18:34 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-07-19 16:05 - 2011-07-19 16:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 20:17 - 2011-08-15 20:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 16:04 - 2011-07-19 16:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2013-08-20 13:25 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-28 10:35 - 2014-03-28 10:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-03-21 15:31 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 15:31 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 15:31 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-10 02:05 - 2010-01-10 02:05 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-01-10 19:37 - 2010-01-10 19:37 - 00058208 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
2015-03-21 15:31 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\SoundBlaster2\Desktop\mock-up-truck-front.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "V-bates"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Andy"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "Gadwin PrintScreen (64-bit)"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "BluetoothS"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "IVONA Reader"

==================== Accounts: =============================

Administrator (S-1-5-21-3588957260-3221095627-2875930436-500 - Administrator - Disabled)
Guest (S-1-5-21-3588957260-3221095627-2875930436-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3588957260-3221095627-2875930436-1004 - Limited - Enabled)
SoundBlaster2 (S-1-5-21-3588957260-3221095627-2875930436-1002 - Administrator - Enabled) => C:\Users\SoundBlaster2
UpdatusUser (S-1-5-21-3588957260-3221095627-2875930436-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 10:25:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/25/2015 09:54:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/25/2015 09:48:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/24/2015 07:01:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/23/2015 09:20:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/23/2015 09:15:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/21/2015 03:47:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/20/2015 03:58:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(DefaultUserTemplate). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {51ce39d3-e790-47eb-8d64-ee7828b7b0de}

Error: (03/20/2015 03:30:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/19/2015 10:06:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (03/25/2015 10:25:48 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/25/2015 10:25:18 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 10:20:33 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/25/2015 10:20:03 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 10:15:07 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/25/2015 10:14:37 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 09:54:46 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 09:54:03 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/25/2015 09:48:24 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 09:47:54 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (03/25/2015 10:25:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/25/2015 09:54:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/25/2015 09:48:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/24/2015 07:01:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/23/2015 09:20:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/23/2015 09:15:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/21/2015 03:47:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/20/2015 03:58:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(DefaultUserTemplate)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {51ce39d3-e790-47eb-8d64-ee7828b7b0de}

Error: (03/20/2015 03:30:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/19/2015 10:06:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 12165.73 MB
Available physical RAM: 9016.21 MB
Total Pagefile: 24453.73 MB
Available Pagefile: 20468.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:249.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.6 GB) (Free:283.09 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:3.7 GB) (Free:3.62 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FE9A1DC4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
ijo90
Active Member
 
Posts: 7
Joined: March 25th, 2015, 3:53 am
Advertisement
Register to Remove

Re: Trojan Infection with FRST Logs

Unread postby Wingman » March 25th, 2015, 9:33 am

Duplicate topic
This topic is a duplicate of the original post... viewtopic.php?f=11&t=63609 the original topic, will be left open.


This topic has been closed.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware