Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Infection with FRST Logs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan Infection with FRST Logs

Unread postby ijo90 » March 25th, 2015, 9:02 am

Postby ijo90 » March 25th, 2015, 1:08 pm
Hello, this is my first post on this forum, hope I can get some help.

I have AVG antivirus and I get everyday messages about trojan infections ( Trojan Sathurbot, VBCrypt, Trojan Agent, Cryptor etc. ) even if I remove them they keep coming back.

I tried Malwarebytes , seach and destroy , spyhunter but the same result they always keep coming back.

I get a message ( not in the web browser ) to update flash player everyday that seems very strange so i believe it is related with a trojan infection.

Sometimes I also get redirected from Google Chrome to a site called anygator but this seems random.


So if somebody has a solution for me please do not hesitate to reply to my message.



Thank you

Here are the logs :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by SoundBlaster2 (administrator) on SOUNDBLASTER on 25-03-2015 12:03:39
Running from C:\Users\SoundBlaster2\Downloads
Loaded Profiles: UpdatusUser & SoundBlaster2 (Available profiles: UpdatusUser & SoundBlaster2)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [901632 2015-01-08] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14634656 2014-06-19] (Gadwin Systems)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [IVONA Reader] => "D:\Software\IVONA Reader\IVONA Reader.exe.exe" -t -nosplash
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [201576 2013-05-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://cool-tvlive.net/terra
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cool-tvlive.net/terra
SearchScopes: HKU\.DEFAULT -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL =
SearchScopes: HKU\S-1-5-21-3588957260-3221095627-2875930436-1001 -> DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL =
SearchScopes: HKU\S-1-5-21-3588957260-3221095627-2875930436-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={EC1DEE57-49A1-4013-8C07-8D2097AAFB90}&mid=ecd09b446a1e47d29d2ba5996d86af1d-3489b77b67d54795791cea9fb24f933cec046f4f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2014-09-14 23:30:21&v=18.3.0.879&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWow64\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-02] (Oracle Corporation)
BHO-x32: EZ YouTube Video Downloader 1.0 -> {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} -> C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll [2014-01-31] (XtensionPlus)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.3.0.879\AVG SafeGuard toolbar_toolbar.dll [2015-02-25] (AVG Secure Search)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.879\AVG SafeGuard toolbar_toolbar.dll No File
Toolbar: HKU\S-1-5-21-3588957260-3221095627-2875930436-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-02-25] (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{18BBE6FA-4809-4EF6-B2C2-3DA47FA3A60E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4632F52F-B99D-4846-8141-9E099FE4F4E6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9966B9C6-BFB2-4E9E-ADC4-9DBD861E9FCC}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A06625E7-54A1-480E-BE55-F13D58A77E63}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DB92D200-F11F-4D6D-B505-BD72CABB609F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-01-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-31] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3588957260-3221095627-2875930436-1002: @citrixonline.com/appdetectorplugin -> C:\Users\SoundBlaster2\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-3588957260-3221095627-2875930436-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SoundBlaster2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-01] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-07-06]
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]
CHR Extension: (Google Docs) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-07]
CHR Extension: (Google Drive) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07]
CHR Extension: (YouTube) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07]
CHR Extension: (Adblock Plus) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-02]
CHR Extension: (Google Search) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07]
CHR Extension: (Google Sheets) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-06]
CHR Extension: (Gmail) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-02-25] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-01-23] (AVG Technologies CZ, s.r.o.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-06-01] (CACE Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 12:03 - 2015-03-25 12:03 - 00030214 _____ () C:\Users\SoundBlaster2\Downloads\FRST.txt
2015-03-25 12:03 - 2015-03-25 12:03 - 00000000 ____D () C:\FRST
2015-03-25 10:43 - 2015-03-25 10:43 - 02095616 _____ (Farbar) C:\Users\SoundBlaster2\Downloads\FRST64.exe
2015-03-25 10:42 - 2015-03-25 10:42 - 00688992 _____ (Swearware) C:\Users\SoundBlaster2\Downloads\dds.scr
2015-03-25 08:46 - 2015-03-25 08:46 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\SoundBlaster2\Downloads\SpyHunter-Installer.exe
2015-03-24 17:13 - 2015-03-24 17:13 - 00080384 _____ () C:\Users\SoundBlaster2\Downloads\10563.xls
2015-03-24 15:55 - 2015-03-24 15:59 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\BSplayer PRO
2015-03-24 15:55 - 2015-03-24 15:55 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2015-03-24 15:55 - 2015-03-24 15:55 - 00001165 _____ () C:\Users\Public\Desktop\BS.Player PRO.lnk
2015-03-24 15:55 - 2015-03-24 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2015-03-24 15:55 - 2015-03-24 15:55 - 00000000 ____D () C:\Program Files (x86)\Webteh
2015-03-24 15:54 - 2015-03-24 15:54 - 00057448 _____ () C:\Users\SoundBlaster2\Downloads\Retro.Games.Pack-FL.torrent
2015-03-24 15:52 - 2015-03-24 15:52 - 00026169 _____ () C:\Users\SoundBlaster2\Downloads\BS Player Pro 2.67.1076 - CORE.torrent
2015-03-23 14:39 - 2015-03-23 14:39 - 01457152 _____ () C:\Users\SoundBlaster2\Downloads\La PRO et le gros PÉNIS.pps
2015-03-23 11:35 - 2015-03-23 11:35 - 00016454 _____ () C:\Users\SoundBlaster2\Downloads\EBC909927DF141BBB334FE4ED798C9273BC673C5.torrent
2015-03-23 08:26 - 2015-03-25 08:31 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\usas
2015-03-19 14:16 - 2015-03-19 14:16 - 00080384 _____ () C:\Users\SoundBlaster2\Downloads\10714.xls
2015-03-18 08:08 - 2015-03-18 08:08 - 00144896 _____ () C:\Users\SoundBlaster2\Desktop\price offer.xls
2015-03-17 08:27 - 2015-03-17 08:27 - 00094582 _____ () C:\Users\SoundBlaster2\Downloads\quote-template.xlsx
2015-03-13 23:30 - 2015-03-13 23:45 - 00000000 _____ () C:\WINDOWS\SysWOW64\杴条
2015-03-11 15:16 - 2015-03-11 15:16 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-03-05 23:54 - 2015-03-05 23:54 - 00043975 _____ () C:\Users\SoundBlaster2\Downloads\4-months-3-weeks-and-2-days-2007-720p-bluray-dts-x264-ea-(Z2)-davd4m.zip
2015-03-05 23:52 - 2015-03-05 23:52 - 00033682 _____ () C:\Users\SoundBlaster2\Downloads\4.Luni.3.Saptamani.Si.2.Zile.2007.Z2.zip
2015-03-05 20:33 - 2015-03-05 20:33 - 00014835 _____ () C:\Users\SoundBlaster2\Downloads\[kickass.to]4.luni.3.saptamani.si.2.zile.dvdrip.aac.ro.torrent
2015-03-05 14:37 - 2015-03-05 14:50 - 99819841 _____ () C:\Users\SoundBlaster2\Downloads\GR_Pickup_Truck_Mock-Up (1).rar
2015-03-05 11:54 - 2015-03-05 11:54 - 00000007 _____ () C:\Users\SoundBlaster2\Downloads\GR_Pickup_Truck_Mock-Up.rar
2015-03-05 11:40 - 2015-03-05 11:40 - 00000000 ____D () C:\Program Files (x86)\IVONA
2015-03-05 11:37 - 2015-03-05 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVONA
2015-03-05 11:37 - 2015-03-05 11:38 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\IVONA Reader
2015-03-05 11:37 - 2015-03-05 11:37 - 00000797 _____ () C:\Users\Public\Desktop\IVONA Reader.lnk
2015-03-05 11:37 - 2015-03-05 11:37 - 00000000 ___RD () C:\Users\SoundBlaster2\Documents\IVONA Reader Podcasts
2015-03-04 17:38 - 2015-03-05 08:31 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\WinCL
2015-03-04 16:30 - 2015-03-04 16:30 - 00229376 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Read Me Info.txt
2015-03-02 14:51 - 2015-03-02 14:51 - 00000913 _____ () C:\Users\SoundBlaster2\Desktop\µTorrent.lnk
2015-03-02 14:51 - 2015-03-02 14:51 - 00000893 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-03-02 11:40 - 2015-03-25 08:30 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 11:40 - 2015-03-02 11:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SoundBlaster2\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 11:40 - 2015-03-02 11:40 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 11:40 - 2015-03-02 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 11:40 - 2015-03-02 11:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-02 11:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-02 11:40 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-02 11:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-02 11:39 - 2015-03-02 11:39 - 00939355 _____ (company ) C:\Users\SoundBlaster2\Downloads\Malwarebytes Anti-Malware Premium 2.0.2.1012.exe
2015-03-02 10:17 - 2015-03-02 10:17 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-03-01 19:26 - 2015-03-01 19:26 - 00022802 _____ () C:\Users\SoundBlaster2\Downloads\VA-Pro Fm 90s Hits-PLeY.torrent
2015-03-01 19:23 - 2015-03-01 19:48 - 170674216 _____ (Emsisoft Ltd. ) C:\Users\SoundBlaster2\Downloads\EmsisoftAntiMalwareSetup.exe
2015-02-28 16:40 - 2015-03-25 09:16 - 00014728 _____ () C:\WINDOWS\PFRO.log
2015-02-27 09:14 - 2015-02-27 09:14 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\SoundBlaster2\Downloads\tdsskiller.exe
2015-02-27 08:21 - 2015-03-18 01:27 - 00002190 _____ () C:\WINDOWS\setupact.log
2015-02-27 08:21 - 2015-02-27 08:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-26 17:10 - 2015-02-26 17:10 - 00066048 _____ () C:\Users\SoundBlaster2\Downloads\MESSAGER à la Chapelle en Serval (1).xls
2015-02-26 17:02 - 2015-02-23 20:04 - 00001506 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20150226-170219.backup
2015-02-26 17:01 - 2015-02-23 20:04 - 00001506 __RSH () C:\WINDOWS\system32\Drivers\etc\hosts.20150226-170151.backup
2015-02-26 16:46 - 2015-02-26 16:46 - 01402880 _____ () C:\Users\SoundBlaster2\Downloads\hijackthis_hijackthis_2.0.4_anglais_17891 (1).msi
2015-02-26 08:19 - 2015-02-26 08:19 - 00003043 _____ () C:\Users\SoundBlaster2\Desktop\HiJackThis.lnk
2015-02-26 08:19 - 2015-02-26 08:19 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-02-26 08:19 - 2015-02-26 08:19 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-02-26 08:18 - 2015-02-26 08:18 - 01402880 _____ () C:\Users\SoundBlaster2\Downloads\hijackthis_hijackthis_2.0.4_anglais_17891.msi
2015-02-26 08:04 - 2015-03-02 10:52 - 00002279 _____ () C:\Users\SoundBlaster2\Desktop\Google Chrome.lnk
2015-02-26 08:02 - 2015-02-26 08:02 - 00000270 _____ () C:\WINDOWS\Sounds.h
2015-02-26 07:49 - 2015-02-26 07:53 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-25 22:57 - 2015-02-25 22:57 - 00504112 _____ () C:\Users\SoundBlaster2\Downloads\cacaoweb.exe
2015-02-25 14:47 - 2015-02-25 14:47 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Avg2014
2015-02-25 14:45 - 2015-02-25 14:45 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-25 10:09 - 2015-02-25 11:17 - 505544808 _____ () C:\Users\SoundBlaster2\Downloads\GR_Truck_Mock_Up.rar
2015-02-24 16:21 - 2015-02-24 16:21 - 00015682 _____ () C:\Users\SoundBlaster2\Downloads\VIR 26 K€.tif
2015-02-24 15:05 - 2015-02-24 15:05 - 00020314 _____ () C:\Users\SoundBlaster2\Downloads\IVONA Reader + IVONA Text to Speech MULTILANG - FiLELiST.torrent
2015-02-24 14:34 - 2015-02-24 14:34 - 00066048 _____ () C:\Users\SoundBlaster2\Downloads\MESSAGER à la Chapelle en Serval.xls
2015-02-24 14:09 - 2015-02-24 14:09 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-02-24 14:08 - 2015-03-02 14:49 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Citrix
2015-02-24 11:54 - 2015-02-24 11:55 - 04823833 _____ () C:\Users\SoundBlaster2\Downloads\GR_ModernArt_2_Photoshop_Action.rar
2015-02-23 16:54 - 2015-02-23 16:54 - 01657316 _____ () C:\Users\SoundBlaster2\Downloads\GR_Oil_Painting_Effect_Vol.03.rar
2015-02-23 16:05 - 2015-02-23 16:06 - 09315513 _____ () C:\Users\SoundBlaster2\Downloads\GR_25_HDR_Photo_FX_V.3_-_Photoshop_Action.rar
2015-02-23 14:40 - 2015-02-23 14:40 - 01368899 _____ () C:\Users\SoundBlaster2\Downloads\GR_Photo_Pop-Out_Creator.rar
2015-02-23 10:35 - 2015-02-23 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebExtractor360
2015-02-23 10:35 - 2015-02-23 10:35 - 00000000 ____D () C:\Program Files (x86)\WebExtractor360
2015-02-23 10:34 - 2015-02-23 10:34 - 00243875 _____ () C:\Users\SoundBlaster2\Downloads\WebExtractor360.zip
2015-02-23 09:36 - 2015-03-13 08:39 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Idvsoft
2015-02-23 09:35 - 2015-03-25 09:16 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Idcssoft
2015-02-23 09:33 - 2015-02-23 09:33 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\northworks.biz
2015-02-23 09:33 - 2015-02-23 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ECrawl Shareware
2015-02-23 09:33 - 2000-12-05 22:00 - 00209608 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TABCTL32.OCX
2015-02-23 09:30 - 2015-02-23 09:32 - 01632679 _____ () C:\Users\SoundBlaster2\Downloads\ECrawl.v2.60.rar
2015-02-23 09:24 - 2015-02-23 09:25 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Local Store
2015-02-23 09:21 - 2015-02-23 09:48 - 186845261 _____ () C:\Users\SoundBlaster2\Downloads\GR_Retro_Vintage_Text_Effects_10330477.rar
2015-02-23 09:20 - 2015-02-23 09:20 - 00015873 _____ () C:\Users\SoundBlaster2\Downloads\Super Email Extractor (1).torrent
2015-02-23 09:18 - 2015-02-23 09:18 - 00015879 _____ () C:\Users\SoundBlaster2\Downloads\Super Email Extractor.torrent
2015-02-23 08:39 - 2015-02-23 08:39 - 00015865 _____ () C:\Users\SoundBlaster2\Downloads\Atomic Email Hunter (1).torrent
2015-02-23 08:37 - 2015-02-23 08:37 - 00015865 _____ () C:\Users\SoundBlaster2\Downloads\Atomic Email Hunter.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-25 12:00 - 2013-08-20 13:40 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-03-25 12:00 - 2013-08-20 13:40 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-03-25 11:59 - 2015-01-22 16:45 - 02004897 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-25 11:30 - 2013-11-07 01:55 - 00001102 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 09:17 - 2013-11-06 20:04 - 00000073 _____ () C:\Users\SoundBlaster2\AppData\Roaming\sp_data.sys
2015-03-25 09:16 - 2013-11-07 01:55 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 09:16 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-25 09:16 - 2013-08-20 13:27 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-03-25 09:15 - 2013-11-07 02:02 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\uTorrent
2015-03-25 09:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\security
2015-03-25 08:45 - 2014-09-26 17:49 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-03-25 08:27 - 2014-09-04 08:18 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-25 08:19 - 2013-12-31 15:28 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1461E547-98FC-4A90-8DE7-508550600DD5}
2015-03-24 17:46 - 2013-11-06 20:29 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3588957260-3221095627-2875930436-1002
2015-03-24 16:31 - 2013-11-08 09:56 - 05175296 ___SH () C:\Users\SoundBlaster2\Downloads\Thumbs.db
2015-03-24 11:24 - 2013-11-07 16:36 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\ObviousIdea
2015-03-24 10:53 - 2013-11-26 16:56 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\EurekaLog
2015-03-23 17:57 - 2013-08-20 13:27 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-03-22 02:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-20 12:36 - 2014-08-25 16:49 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Adobe
2015-03-19 14:08 - 2013-11-07 03:44 - 06126080 ___SH () C:\Users\SoundBlaster2\Desktop\Thumbs.db
2015-03-19 13:49 - 2013-11-07 17:09 - 00000000 ____D () C:\Users\SoundBlaster2\Desktop\Andrei
2015-03-17 15:44 - 2013-11-07 19:42 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Microsoft Help
2015-03-13 10:05 - 2014-09-24 17:21 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-11 15:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-11 09:05 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 08:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-03-06 15:44 - 2014-09-14 22:30 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-03-06 10:16 - 2013-12-21 08:48 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\vlc
2015-03-06 08:40 - 2014-09-14 22:30 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-03-05 09:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-04 19:03 - 2014-08-26 08:11 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Adobe
2015-03-04 18:59 - 2014-10-21 09:19 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-03 09:35 - 2013-12-19 08:51 - 00000000 ____D () C:\Users\SoundBlaster2\Desktop\Photowork
2015-03-02 14:51 - 2014-01-09 19:08 - 00000000 ____D () C:\Program Files\ESET
2015-03-02 14:49 - 2014-07-06 16:18 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood
2015-03-02 14:49 - 2014-07-06 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2015-03-02 14:48 - 2013-08-20 13:38 - 00000000 ____D () C:\Program Files\ASUS
2015-03-02 14:15 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-03-02 10:41 - 2014-07-17 12:48 - 01525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-03-01 19:22 - 2014-07-17 12:48 - 02032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-02-28 16:41 - 2014-07-17 12:48 - 00837543 _____ () C:\ProgramData\yvd_ie_se.exe
2015-02-28 16:39 - 2014-10-25 03:13 - 00000000 ____D () C:\Users\SoundBlaster2
2015-02-26 17:01 - 2014-07-31 18:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-26 09:56 - 2014-11-24 13:41 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-26 09:56 - 2014-09-04 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-25 14:46 - 2014-11-28 09:41 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar

==================== Files in the root of some directories =======

2014-02-26 12:02 - 2014-02-26 14:02 - 0006830 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Comma Separated Values (Windows).EML
2014-01-29 10:33 - 2014-01-29 10:33 - 0000021 _____ () C:\Users\SoundBlaster2\AppData\Roaming\my_intel.sys
2015-03-04 16:30 - 2015-03-04 16:30 - 0229376 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Read Me Info.txt
2013-11-06 20:04 - 2015-03-25 09:17 - 0000073 _____ () C:\Users\SoundBlaster2\AppData\Roaming\sp_data.sys
2015-01-29 17:21 - 2015-01-29 17:21 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2014-07-17 12:48 - 2014-12-27 18:51 - 0761485 _____ () C:\ProgramData\ChromeTabExtension.crx
2013-04-26 00:15 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 00:15 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 00:15 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-07-07 12:40 - 2014-07-31 18:22 - 2212978 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.0.exe
2014-08-16 15:14 - 2014-09-02 00:37 - 2214299 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
2014-09-06 10:36 - 2014-09-06 10:36 - 2465619 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.3.exe
2014-09-10 05:45 - 2014-09-10 05:46 - 2465301 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.4.exe
2014-09-13 10:08 - 2014-09-22 21:17 - 2465411 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.5.exe
2014-07-17 12:48 - 2015-03-01 19:22 - 2032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2014-07-17 12:48 - 2015-03-02 10:41 - 1525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2014-07-17 12:48 - 2015-02-28 16:41 - 0837543 _____ () C:\ProgramData\yvd_ie_se.exe
2013-11-07 01:08 - 2013-11-07 01:11 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-11-07 01:07 - 2013-11-07 01:08 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.0.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.3.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.4.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.5.exe
C:\ProgramData\yvd_chrome_se.exe
C:\ProgramData\yvd_firefox_se.exe
C:\ProgramData\yvd_ie_se.exe


Some content of TEMP:
====================
C:\Users\SoundBlaster2\AppData\Local\Temp\dynwrapx.dll
C:\Users\SoundBlaster2\AppData\Local\Temp\mshta.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\sqlite3.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 09:47

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by SoundBlaster2 at 2015-03-25 12:04:17
Running from C:\Users\SoundBlaster2\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
AceBackup 3 (HKLM-x32\...\{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}) (Version: 3.0.2 - AceBIT)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
adsl TV (HKLM-x32\...\{3AFDD2C6-8663-46B5-B195-6CEB00D44768}) (Version: 2013.1 - adsl TV / FM)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
A-PDF Data Extractor (HKLM-x32\...\A-PDF Data Extractor_is1) (Version: - A-PDF Solution)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arbortext IsoView 7.3 (HKLM-x32\...\{4BDE5481-42B1-4A16-AF98-31B9FB1AB7C5}) (Version: 7.3.00.15 - PTC)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.6 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Auto Inventory (HKLM-x32\...\Auto Inventory2.4) (Version: 2.4 - Computer Specialties)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4315 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.3.0.879 - AVG Technologies)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
Canon MG2400 series User Registration (HKLM-x32\...\Canon MG2400 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Consult V4 RenaultTrucks (HKLM-x32\...\Consult V4 RenaultTrucks) (Version: - )
Consult VIN (HKLM-x32\...\Consult VIN) (Version: - )
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
ECrawl Shareware (HKLM-x32\...\ECrawl Shareware) (Version: - northworks.biz)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
eMail Extractor 3.2.0 (HKLM-x32\...\eMail Extractor_is1) (Version: - MAX Programming LLC)
Ethereal 0.99.0 (HKLM-x32\...\Ethereal) (Version: 0.99.0 - The Ethereal developer community, http://www.ethereal.com)
EZ YouTube Video Downloader (HKLM-x32\...\EZ YouTube Video Downloader) (Version: 1.2.0 - XtensionPlus) <==== ATTENTION
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gadwin PrintScreen (64-Bit) (HKLM\...\{2A271428-D127-40B1-9728-662DAA3472F6}) (Version: 5.3.1.0 - Gadwin Systems)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
ImTranslator for IE (HKLM-x32\...\ImTranslator for IE) (Version: - )
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
iPhone Backup Extractor (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\iPhone Backup Extractor) (Version: 5.1.9.0 - Reincubate Ltd)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.51 - IVONA Software Sp. z o.o.)
IVONA Reader (HKLM-x32\...\IVONA Reader) (Version: - IVONA Software Sp. z o.o.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Light Image Resizer 4.4.1.4 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.4.1.4 - ObviousIdea)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metal Slug Complete PC 1.0 (HKLM-x32\...\Metal Slug Complete PC) (Version: 1.0 - SNK PLAYMORE)
Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{004F0409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection (HKLM\...\{5677B005-B609-4B5B-9F3C-132BB085D3CF}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Multi (HKLM-x32\...\{7B2C1257-4965-4205-8EFC-71737AAE2C69}) (Version: 6.13.0 - Scania)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
NVIDIA Graphics Driver 311.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.66 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version: - PokerStars.fr)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.16 - ASUS)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast Tv Plugin 5.9 Setup (HKLM-x32\...\SopCast Tv Plugin 5.9 Setup) (Version: - )
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Totally Rad Dirty Pictures 1.5.1 (HKLM-x32\...\Totally Rad Dirty Pictures) (Version: 1.5.1 - Totally Rad!)
Tv_Online (HKLM-x32\...\Tv_Online) (Version: - Tv Online Uninstall)
Unity Web Player (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Web Data Extractor 8.3 (HKLM-x32\...\{2D889173-0C85-4325-8EAE-E6B68BCA71B7}) (Version: 8.3.0.1 - spadixbd.com)
Westwood Shared Internet Components (HKLM-x32\...\WOLAPI) (Version: - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

11-03-2015 09:55:14 Scheduled Checkpoint
20-03-2015 03:58:23 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-03-25 08:45 - 00001509 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
85.25.107.66 www.google-analytics.com.
85.25.107.66 google-analytics.com.
85.25.107.66 connect.facebook.net.
94.242.254.157 www.google-analytics.com.
94.242.254.157 google-analytics.com.
94.242.254.157 connect.facebook.net.
195.162.69.251 www.google-analytics.com.
195.162.69.251 google-analytics.com.
195.162.69.251 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08D94BB2-CF63-4159-83CB-F43945C93983} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {113699D2-12AE-49D5-8EDD-6CD5C36696A5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {12650F01-C4B4-48AE-9D0E-466E47F871E0} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2013-01-22] (ASUS)
Task: {12978E33-22AD-40FB-9BEE-D69DDA47C72C} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {314DC277-E453-460D-84C3-2BC2B28EAEF8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {36F27201-86AC-4123-BEB6-A59F2447CE9E} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe
Task: {3A6643F2-1D41-4485-B6DB-CD34B7EFBDBF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3E95A098-A851-455E-8DA9-708E6816721C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {4FC8513B-E821-45CC-8EB9-F02118A89276} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {573E1ACB-80AD-4F66-A1C9-F7DB219AEBA7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {61F8546B-779F-4684-8618-6F49244F35D6} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {6201E03A-3626-4DC9-A33E-58168C3DC2CD} - System32\Tasks\{4D23D2A9-AB16-4AFB-9AE1-9DDEDA2CFDF8} => pcalua.exe -a F:\AutoStarter.exe -d F:\
Task: {81501A38-0080-4496-B094-43F6E4E058CD} - \FF Watcher {43B1C9E7-D441-4F3B-AC0D-3B1C27E5D758} No Task File <==== ATTENTION
Task: {85C48BF2-93DB-4E64-9565-E82C90CECA65} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {8A4A2C3D-DBD8-4C5A-9333-A0069C322BD8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {9486BF60-C192-476F-8908-B39D961C4504} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {971BFCEA-BEE5-49B5-90B1-F3E09E2FCE08} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-16] (AsusTek)
Task: {A174FFAE-A60A-4DAB-BC23-35BB54B115FB} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {AFEABCD5-9353-4117-B72B-E249D1E47AF3} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid= ... mp;lang=en
Task: {CA33ED1A-6DD3-4DBD-BE43-53D9DF03B7F1} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {DFBCA31F-E395-4A22-8DD4-8E4EAF0BB8BA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {FF086CCE-2494-4634-A665-989BDA300987} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/

==================== Loaded Modules (whitelisted) ==============

2013-11-12 10:50 - 2012-12-06 14:52 - 00136704 _____ () C:\WINDOWS\System32\zlhp2600.dll
2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-25 14:46 - 2015-02-25 14:46 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2012-04-16 14:45 - 2012-04-16 14:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2013-10-01 12:02 - 2013-10-01 12:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-04-16 11:42 - 2012-04-16 11:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-04-16 11:41 - 2012-04-16 11:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 11:56 - 2012-04-16 11:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 11:38 - 2012-04-16 11:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2014-07-31 18:34 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-31 18:34 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-31 18:34 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-25 14:46 - 2015-02-25 14:46 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2014-07-31 18:34 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-31 18:34 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-07-19 16:05 - 2011-07-19 16:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 20:17 - 2011-08-15 20:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 16:04 - 2011-07-19 16:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2013-08-20 13:25 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-28 10:35 - 2014-03-28 10:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-03-21 15:31 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 15:31 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 15:31 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-10 02:05 - 2010-01-10 02:05 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-01-10 19:37 - 2010-01-10 19:37 - 00058208 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
2015-03-21 15:31 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\SoundBlaster2\Desktop\mock-up-truck-front.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "V-bates"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Andy"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "Gadwin PrintScreen (64-bit)"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "BluetoothS"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "IVONA Reader"

==================== Accounts: =============================

Administrator (S-1-5-21-3588957260-3221095627-2875930436-500 - Administrator - Disabled)
Guest (S-1-5-21-3588957260-3221095627-2875930436-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3588957260-3221095627-2875930436-1004 - Limited - Enabled)
SoundBlaster2 (S-1-5-21-3588957260-3221095627-2875930436-1002 - Administrator - Enabled) => C:\Users\SoundBlaster2
UpdatusUser (S-1-5-21-3588957260-3221095627-2875930436-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 10:25:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/25/2015 09:54:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/25/2015 09:48:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/24/2015 07:01:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/23/2015 09:20:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/23/2015 09:15:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/21/2015 03:47:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/20/2015 03:58:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(DefaultUserTemplate). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {51ce39d3-e790-47eb-8d64-ee7828b7b0de}

Error: (03/20/2015 03:30:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/19/2015 10:06:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (03/25/2015 10:25:48 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/25/2015 10:25:18 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 10:20:33 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/25/2015 10:20:03 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 10:15:07 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/25/2015 10:14:37 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 09:54:46 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 09:54:03 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/25/2015 09:48:24 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/25/2015 09:47:54 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (03/25/2015 10:25:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/25/2015 09:54:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/25/2015 09:48:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/24/2015 07:01:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/23/2015 09:20:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/23/2015 09:15:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/21/2015 03:47:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/20/2015 03:58:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(DefaultUserTemplate)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {51ce39d3-e790-47eb-8d64-ee7828b7b0de}

Error: (03/20/2015 03:30:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/19/2015 10:06:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 12165.73 MB
Available physical RAM: 9016.21 MB
Total Pagefile: 24453.73 MB
Available Pagefile: 20468.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:249.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.6 GB) (Free:283.09 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:3.7 GB) (Free:3.62 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FE9A1DC4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
ijo90
Active Member
 
Posts: 7
Joined: March 25th, 2015, 3:53 am
Advertisement
Register to Remove

Re: Trojan Infection with FRST Logs

Unread postby wannabeageek » March 27th, 2015, 9:46 pm

Checking your logs over - be back soon
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Infection with FRST Logs

Unread postby wannabeageek » March 27th, 2015, 11:11 pm

Hi ijo90,
I have 3 things I need you to do for me.

Step 1.
DESKTOP WARNING!
C:\Users\SoundBlaster2\Downloads\FRST64.exe
Please be sure to Save and then Run all your programs from your Desktop. These programs are designed to operate from the desktop.
If you have saved files to your download folder; %userprofile%\Downloads, please copy them to your desktop; %userprofile%\desktop
You can easily do this by copying the colored text and pasting into the "Search programs and files" bar and hitting enter to open the folders.
Running from C:\Users\SoundBlaster2\Downloads



Step 2.
P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
µTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)

  1. Right-click in the screen's bottom-left corner and choose the Control Panel from the pop-up menu.
  2. When the Control Panel appears, choose Uninstall a Program from the Programs category.
  3. Locate the following program:
    µTorrent
    EZ YouTube Video Downloader
    Spybot - Search & Destroy
  4. Click on the Uninstall button to uninstall it.
  5. When Windows asks whether you're sure, click Yes.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Repeat steps 2 and 3 for each program listed.
  6. When the program(s) have been uninstalled... Close Control Panel.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware


Step 3.
Please post any reports from AVG listing the infections you mentioned and their complete names.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Infection with FRST Logs

Unread postby wannabeageek » March 29th, 2015, 11:28 pm

Hi ijo90,

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Infection with FRST Logs

Unread postby ijo90 » March 30th, 2015, 2:52 am

hello, utorrent and Spybot have been uninstalled. EZ youtube downloader is no where to be found so it is probaby deleted also but left a trace on my PC.

Since my last message I managed to get rid of some trojans ( I hope ) while in Safe Mode, but my system is not completely clean and I still get redirected to other pages while browsing on Google Chrome.

So here are the frst scans while it was run from my desktop :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by SoundBlaster2 (administrator) on SOUNDBLASTER on 30-03-2015 08:26:35
Running from C:\Users\SoundBlaster2\Desktop
Loaded Profiles: UpdatusUser & SoundBlaster2 (Available profiles: UpdatusUser & SoundBlaster2)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [901632 2015-01-08] ()
HKLM-x32\...\Run: [HitmanPro35] => C:\Program Files (x86)\Hitman Pro 3.5\HitmanPro35.exe [5937984 2010-05-30] (SurfRight B.V.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1041736 2012-10-16] ()
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14634656 2014-06-19] (Gadwin Systems)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Run: [IVONA Reader] => "D:\Software\IVONA Reader\IVONA Reader.exe.exe" -t -nosplash
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [201576 2013-05-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://cool-tvlive.net/terra
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cool-tvlive.net/terra
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3588957260-3221095627-2875930436-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWow64\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-02] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-3588957260-3221095627-2875930436-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{18BBE6FA-4809-4EF6-B2C2-3DA47FA3A60E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4632F52F-B99D-4846-8141-9E099FE4F4E6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9966B9C6-BFB2-4E9E-ADC4-9DBD861E9FCC}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A06625E7-54A1-480E-BE55-F13D58A77E63}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{DB92D200-F11F-4D6D-B505-BD72CABB609F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-01-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-31] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3588957260-3221095627-2875930436-1002: @citrixonline.com/appdetectorplugin -> C:\Users\SoundBlaster2\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-3588957260-3221095627-2875930436-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\SoundBlaster2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-01] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]
CHR Extension: (Google Docs) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-07]
CHR Extension: (Google Drive) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07]
CHR Extension: (YouTube) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07]
CHR Extension: (Adblock Plus) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-02]
CHR Extension: (Google Search) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07]
CHR Extension: (Google Sheets) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Gmail) - C:\Users\SoundBlaster2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-01-23] (AVG Technologies CZ, s.r.o.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-06-01] (CACE Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 08:26 - 2015-03-30 08:27 - 00027530 _____ () C:\Users\SoundBlaster2\Desktop\FRST.txt
2015-03-30 08:23 - 2015-03-30 08:23 - 00000085 _____ () C:\WINDOWS\wininit.ini
2015-03-30 08:23 - 2015-03-30 08:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2015-03-27 13:17 - 2015-03-27 13:17 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-03-27 13:17 - 2015-03-27 13:17 - 00001104 _____ () C:\WINDOWS\system32\bootdelete.lst
2015-03-27 13:09 - 2015-03-27 13:09 - 00001959 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-03-27 13:09 - 2015-03-27 13:09 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-27 13:08 - 2015-03-27 13:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-26 09:40 - 2015-03-26 09:40 - 02168320 _____ () C:\Users\SoundBlaster2\Downloads\adwcleaner_4.113 (1).exe
2015-03-26 09:36 - 2015-03-26 09:36 - 10995632 _____ (SurfRight B.V.) C:\Users\SoundBlaster2\Downloads\HitmanPro_x64.exe
2015-03-26 09:35 - 2015-03-26 09:40 - 00003266 _____ () C:\WINDOWS\System32\Tasks\Hitman Pro 3.5 Boot Task
2015-03-26 09:35 - 2015-03-26 09:35 - 02168320 _____ () C:\Users\SoundBlaster2\Downloads\adwcleaner_4.113.exe
2015-03-26 09:35 - 2015-03-26 09:35 - 00000000 ____D () C:\Program Files (x86)\Hitman Pro 3.5
2015-03-26 09:34 - 2015-03-26 09:34 - 00010182 _____ () C:\Users\SoundBlaster2\Downloads\[REQ]Hitman Pro v3.5.5 Build 98 (32-bit) + Crack [RH].torrent
2015-03-25 15:36 - 2015-03-25 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse Games Collection
2015-03-25 15:27 - 2015-03-25 15:27 - 00000000 ____D () C:\WINDOWS\SSMaui Wowee
2015-03-25 15:27 - 2004-09-20 17:00 - 00802816 _____ (Sprout Games, LLC) C:\WINDOWS\FeedingFrenzy.scr
2015-03-25 15:27 - 1999-02-16 09:02 - 00049664 _____ (Magic Modules) C:\WINDOWS\SSMaui Wowee.scr
2015-03-25 15:26 - 2005-08-03 14:48 - 00389120 _____ (GameHouse) C:\WINDOWS\Adventure Inlay.scr
2015-03-25 15:26 - 2005-01-07 12:39 - 00057344 _____ (Reflexive) C:\WINDOWS\SysWOW64\Big Kahuna Reef.scr
2015-03-25 13:04 - 2015-03-25 13:04 - 00046832 _____ () C:\Users\SoundBlaster2\Downloads\Addition.txt
2015-03-25 13:03 - 2015-03-30 08:26 - 00000000 ____D () C:\FRST
2015-03-25 13:03 - 2015-03-25 13:04 - 00049323 _____ () C:\Users\SoundBlaster2\Downloads\FRST.txt
2015-03-25 11:43 - 2015-03-25 11:43 - 02095616 _____ (Farbar) C:\Users\SoundBlaster2\Desktop\FRST64.exe
2015-03-25 11:42 - 2015-03-25 11:42 - 00688992 _____ (Swearware) C:\Users\SoundBlaster2\Downloads\dds.scr
2015-03-25 09:46 - 2015-03-25 09:46 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\SoundBlaster2\Downloads\SpyHunter-Installer.exe
2015-03-24 18:13 - 2015-03-24 18:13 - 00080384 _____ () C:\Users\SoundBlaster2\Downloads\10563.xls
2015-03-24 16:55 - 2015-03-24 16:59 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\BSplayer PRO
2015-03-24 16:55 - 2015-03-24 16:55 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2015-03-24 16:55 - 2015-03-24 16:55 - 00001165 _____ () C:\Users\Public\Desktop\BS.Player PRO.lnk
2015-03-24 16:55 - 2015-03-24 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2015-03-24 16:55 - 2015-03-24 16:55 - 00000000 ____D () C:\Program Files (x86)\Webteh
2015-03-24 16:54 - 2015-03-24 16:54 - 00057448 _____ () C:\Users\SoundBlaster2\Downloads\Retro.Games.Pack-FL.torrent
2015-03-24 16:52 - 2015-03-24 16:52 - 00026169 _____ () C:\Users\SoundBlaster2\Downloads\BS Player Pro 2.67.1076 - CORE.torrent
2015-03-23 15:39 - 2015-03-23 15:39 - 01457152 _____ () C:\Users\SoundBlaster2\Downloads\La PRO et le gros PÉNIS.pps
2015-03-23 12:35 - 2015-03-23 12:35 - 00016454 _____ () C:\Users\SoundBlaster2\Downloads\EBC909927DF141BBB334FE4ED798C9273BC673C5.torrent
2015-03-23 09:26 - 2015-03-25 09:31 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\usas
2015-03-19 15:16 - 2015-03-19 15:16 - 00080384 _____ () C:\Users\SoundBlaster2\Downloads\10714.xls
2015-03-18 09:08 - 2015-03-18 09:08 - 00144896 _____ () C:\Users\SoundBlaster2\Desktop\price offer.xls
2015-03-17 09:27 - 2015-03-17 09:27 - 00094582 _____ () C:\Users\SoundBlaster2\Downloads\quote-template.xlsx
2015-03-14 00:30 - 2015-03-14 00:45 - 00000000 _____ () C:\WINDOWS\SysWOW64\杴条
2015-03-06 00:54 - 2015-03-06 00:54 - 00043975 _____ () C:\Users\SoundBlaster2\Downloads\4-months-3-weeks-and-2-days-2007-720p-bluray-dts-x264-ea-(Z2)-davd4m.zip
2015-03-06 00:52 - 2015-03-06 00:52 - 00033682 _____ () C:\Users\SoundBlaster2\Downloads\4.Luni.3.Saptamani.Si.2.Zile.2007.Z2.zip
2015-03-05 21:33 - 2015-03-05 21:33 - 00014835 _____ () C:\Users\SoundBlaster2\Downloads\[kickass.to]4.luni.3.saptamani.si.2.zile.dvdrip.aac.ro.torrent
2015-03-05 15:37 - 2015-03-05 15:50 - 99819841 _____ () C:\Users\SoundBlaster2\Downloads\GR_Pickup_Truck_Mock-Up (1).rar
2015-03-05 12:54 - 2015-03-05 12:54 - 00000007 _____ () C:\Users\SoundBlaster2\Downloads\GR_Pickup_Truck_Mock-Up.rar
2015-03-05 12:40 - 2015-03-05 12:40 - 00000000 ____D () C:\Program Files (x86)\IVONA
2015-03-05 12:37 - 2015-03-05 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVONA
2015-03-05 12:37 - 2015-03-05 12:38 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\IVONA Reader
2015-03-05 12:37 - 2015-03-05 12:37 - 00000797 _____ () C:\Users\Public\Desktop\IVONA Reader.lnk
2015-03-05 12:37 - 2015-03-05 12:37 - 00000000 ___RD () C:\Users\SoundBlaster2\Documents\IVONA Reader Podcasts
2015-03-04 18:38 - 2015-03-05 09:31 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\WinCL
2015-03-04 17:30 - 2015-03-04 17:30 - 00229376 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Read Me Info.txt
2015-03-02 12:40 - 2015-03-25 09:30 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 12:40 - 2015-03-02 12:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SoundBlaster2\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-02 12:40 - 2015-03-02 12:40 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-02 12:40 - 2015-03-02 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-02 12:40 - 2015-03-02 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-02 12:40 - 2014-11-21 07:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-02 12:40 - 2014-11-21 07:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-02 12:40 - 2014-11-21 07:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-02 11:17 - 2015-03-02 11:17 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-03-01 20:26 - 2015-03-01 20:26 - 00022802 _____ () C:\Users\SoundBlaster2\Downloads\VA-Pro Fm 90s Hits-PLeY.torrent
2015-03-01 20:23 - 2015-03-01 20:48 - 170674216 _____ (Emsisoft Ltd. ) C:\Users\SoundBlaster2\Downloads\EmsisoftAntiMalwareSetup.exe
2015-02-28 17:40 - 2015-03-26 09:38 - 00015078 _____ () C:\WINDOWS\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 08:24 - 2013-11-07 03:02 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\uTorrent
2015-03-30 08:23 - 2014-07-31 19:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-30 08:23 - 2014-07-31 19:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-30 08:20 - 2015-01-22 17:45 - 01702116 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-30 08:20 - 2013-12-31 16:28 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1461E547-98FC-4A90-8DE7-508550600DD5}
2015-03-30 08:17 - 2013-11-07 02:55 - 00001102 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 08:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-29 22:09 - 2014-09-04 09:18 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-29 22:07 - 2014-09-24 18:21 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-29 22:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-29 08:30 - 2013-11-07 02:55 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 18:57 - 2013-08-20 14:27 - 00000870 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-03-27 13:21 - 2013-11-06 21:29 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3588957260-3221095627-2875930436-1002
2015-03-27 13:08 - 2013-11-08 10:56 - 05507072 ___SH () C:\Users\SoundBlaster2\Downloads\Thumbs.db
2015-03-27 12:28 - 2013-08-20 14:40 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-03-27 12:28 - 2013-08-20 14:40 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-03-26 18:50 - 2014-08-25 17:49 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Adobe
2015-03-26 09:39 - 2013-11-06 21:04 - 00000073 _____ () C:\Users\SoundBlaster2\AppData\Roaming\sp_data.sys
2015-03-26 09:38 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-26 09:38 - 2013-08-20 14:27 - 00000868 _____ () C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-03-26 09:37 - 2014-07-07 13:30 - 00000000 ____D () C:\AdwCleaner
2015-03-26 09:37 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-26 09:35 - 2015-02-27 09:21 - 00002424 _____ () C:\WINDOWS\setupact.log
2015-03-26 09:35 - 2013-11-08 19:33 - 00000000 ____D () C:\Program Files (x86)\HP
2015-03-25 15:45 - 2013-11-07 04:44 - 06158336 ___SH () C:\Users\SoundBlaster2\Desktop\Thumbs.db
2015-03-25 10:16 - 2015-02-23 10:35 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Idcssoft
2015-03-25 10:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\security
2015-03-25 09:45 - 2014-09-26 18:49 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2015-03-25 09:45 - 2013-08-22 15:25 - 00001509 ___SH () C:\WINDOWS\system32\Drivers\etc\hosts.hitmanpro
2015-03-24 12:24 - 2013-11-07 17:36 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\ObviousIdea
2015-03-24 11:53 - 2013-11-26 17:56 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\EurekaLog
2015-03-19 14:49 - 2013-11-07 18:09 - 00000000 ____D () C:\Users\SoundBlaster2\Desktop\Andrei
2015-03-17 16:44 - 2013-11-07 20:42 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Microsoft Help
2015-03-13 09:39 - 2015-02-23 10:36 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Idvsoft
2015-03-11 10:05 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 09:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-03-06 11:16 - 2013-12-21 09:48 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\vlc
2015-03-05 10:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-04 20:03 - 2014-08-26 09:11 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Adobe
2015-03-04 19:59 - 2014-10-21 10:19 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-03 10:35 - 2013-12-19 09:51 - 00000000 ____D () C:\Users\SoundBlaster2\Desktop\Photowork
2015-03-02 15:51 - 2014-01-09 20:08 - 00000000 ____D () C:\Program Files\ESET
2015-03-02 15:49 - 2015-02-24 15:08 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Local\Citrix
2015-03-02 15:49 - 2014-07-06 17:18 - 00000000 ____D () C:\Users\SoundBlaster2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood
2015-03-02 15:49 - 2014-07-06 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood
2015-03-02 15:48 - 2013-08-20 14:38 - 00000000 ____D () C:\Program Files\ASUS
2015-03-02 15:15 - 2013-08-22 17:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-03-02 11:52 - 2015-02-26 09:04 - 00002279 _____ () C:\Users\SoundBlaster2\Desktop\Google Chrome.lnk
2015-03-02 11:41 - 2014-07-17 13:48 - 01525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2015-03-01 20:22 - 2014-07-17 13:48 - 02032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2015-02-28 17:41 - 2014-07-17 13:48 - 00837543 _____ () C:\ProgramData\yvd_ie_se.exe
2015-02-28 17:39 - 2014-10-25 04:13 - 00000000 ____D () C:\Users\SoundBlaster2

==================== Files in the root of some directories =======

2014-02-26 13:02 - 2014-02-26 15:02 - 0006830 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Comma Separated Values (Windows).EML
2014-01-29 11:33 - 2014-01-29 11:33 - 0000021 _____ () C:\Users\SoundBlaster2\AppData\Roaming\my_intel.sys
2015-03-04 17:30 - 2015-03-04 17:30 - 0229376 _____ () C:\Users\SoundBlaster2\AppData\Roaming\Read Me Info.txt
2013-11-06 21:04 - 2015-03-26 09:39 - 0000073 _____ () C:\Users\SoundBlaster2\AppData\Roaming\sp_data.sys
2015-01-29 18:21 - 2015-01-29 18:21 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2014-07-17 13:48 - 2014-12-27 19:51 - 0761485 _____ () C:\ProgramData\ChromeTabExtension.crx
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 01:15 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 01:15 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-07-07 13:40 - 2014-07-31 19:22 - 2212978 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.0.exe
2014-08-16 16:14 - 2014-09-02 01:37 - 2214299 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
2014-09-06 11:36 - 2014-09-06 11:36 - 2465619 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.3.exe
2014-09-10 06:45 - 2014-09-10 06:46 - 2465301 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.4.exe
2014-09-13 11:08 - 2014-09-22 22:17 - 2465411 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.5.exe
2014-07-17 13:48 - 2015-03-01 20:22 - 2032503 _____ () C:\ProgramData\yvd_chrome_se.exe
2014-07-17 13:48 - 2015-03-02 11:41 - 1525193 _____ () C:\ProgramData\yvd_firefox_se.exe
2014-07-17 13:48 - 2015-02-28 17:41 - 0837543 _____ () C:\ProgramData\yvd_ie_se.exe
2013-11-07 02:08 - 2013-11-07 02:11 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-11-07 02:07 - 2013-11-07 02:08 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.0.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.1.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.3.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.4.exe
C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.2.5.exe
C:\ProgramData\yvd_chrome_se.exe
C:\ProgramData\yvd_firefox_se.exe
C:\ProgramData\yvd_ie_se.exe


Some content of TEMP:
====================
C:\Users\SoundBlaster2\AppData\Local\Temp\dynwrapx.dll
C:\Users\SoundBlaster2\AppData\Local\Temp\mshta.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\Quarantine.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\sqlite3.dll
C:\Users\SoundBlaster2\AppData\Local\Temp\sqlite3.exe
C:\Users\SoundBlaster2\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 09:52

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by SoundBlaster2 at 2015-03-30 08:28:29
Running from C:\Users\SoundBlaster2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
AceBackup 3 (HKLM-x32\...\{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}) (Version: 3.0.2 - AceBIT)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
adsl TV (HKLM-x32\...\{3AFDD2C6-8663-46B5-B195-6CEB00D44768}) (Version: 2013.1 - adsl TV / FM)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
A-PDF Data Extractor (HKLM-x32\...\A-PDF Data Extractor_is1) (Version: - A-PDF Solution)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arbortext IsoView 7.3 (HKLM-x32\...\{4BDE5481-42B1-4A16-AF98-31B9FB1AB7C5}) (Version: 7.3.00.15 - PTC)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.6 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Auto Inventory (HKLM-x32\...\Auto Inventory2.4) (Version: 2.4 - Computer Specialties)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4315 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
Canon MG2400 series User Registration (HKLM-x32\...\Canon MG2400 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Consult V4 RenaultTrucks (HKLM-x32\...\Consult V4 RenaultTrucks) (Version: - )
Consult VIN (HKLM-x32\...\Consult VIN) (Version: - )
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
eMail Extractor 3.2.0 (HKLM-x32\...\eMail Extractor_is1) (Version: - MAX Programming LLC)
Ethereal 0.99.0 (HKLM-x32\...\Ethereal) (Version: 0.99.0 - The Ethereal developer community, http://www.ethereal.com)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gadwin PrintScreen (64-Bit) (HKLM\...\{2A271428-D127-40B1-9728-662DAA3472F6}) (Version: 5.3.1.0 - Gadwin Systems)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GameHouse Games Collection: Academy of Magic (HKLM-x32\...\Academy of Magic) (Version: - )
GameHouse Games Collection: Adventure Inlay - Safari Edition (HKLM-x32\...\Adventure Inlay - Safari Edition) (Version: - )
GameHouse Games Collection: Adventure Inlay (HKLM-x32\...\Adventure Inlay) (Version: - )
GameHouse Games Collection: Air Strike 3D (HKLM-x32\...\Air Strike 3D) (Version: - )
GameHouse Games Collection: Alien Sky (HKLM-x32\...\Alien Sky) (Version: - )
GameHouse Games Collection: Aloha Solitaire (HKLM-x32\...\Aloha Solitaire) (Version: - )
GameHouse Games Collection: Aloha TriPeaks (HKLM-x32\...\Aloha TriPeaks) (Version: - )
GameHouse Games Collection: Ancient Tri-Jong (HKLM-x32\...\Ancient Tri-Jong) (Version: - )
GameHouse Games Collection: Ancient Tripeaks (HKLM-x32\...\Ancient Tripeaks) (Version: - )
GameHouse Games Collection: Astrobatics (HKLM-x32\...\Astrobatics) (Version: - )
GameHouse Games Collection: Atlantis (HKLM-x32\...\Atlantis) (Version: - )
GameHouse Games Collection: Atomaders (HKLM-x32\...\Atomaders) (Version: - )
GameHouse Games Collection: Bejeweled 2 (HKLM-x32\...\Bejeweled 2) (Version: - )
GameHouse Games Collection: Bewitched (HKLM-x32\...\Bewitched) (Version: - )
GameHouse Games Collection: Big Kahuna Reef (HKLM-x32\...\Big Kahuna Reef) (Version: - )
GameHouse Games Collection: Boggle Supreme (HKLM-x32\...\Boggle Supreme) (Version: - )
GameHouse Games Collection: Bounce Out Blitz (HKLM-x32\...\Bounce Out Blitz) (Version: - )
GameHouse Games Collection: Casino Island To Go (HKLM-x32\...\Casino Island To Go) (Version: - )
GameHouse Games Collection: Chainz (HKLM-x32\...\Chainz) (Version: - )
GameHouse Games Collection: Chainz 2 - Relinked (HKLM-x32\...\Chainz 2: Relinked) (Version: - )
GameHouse Games Collection: Charm Solitaire (HKLM-x32\...\Charm Solitaire) (Version: - )
GameHouse Games Collection: Charm Tale (HKLM-x32\...\Charm Tale) (Version: - )
GameHouse Games Collection: Chicktionary (HKLM-x32\...\Chicktionary) (Version: - )
GameHouse Games Collection: Chuzzle Deluxe (HKLM-x32\...\Chuzzle Deluxe) (Version: - )
GameHouse Games Collection: Collapse! Crunch (HKLM-x32\...\Collapse! Crunch) (Version: - )
GameHouse Games Collection: Combo Chaos! (HKLM-x32\...\Combo Chaos!) (Version: - )
GameHouse Games Collection: Crystal Path (HKLM-x32\...\Crystal Path) (Version: - )
GameHouse Games Collection: Cubis Gold 2 (HKLM-x32\...\Cubis Gold 2) (Version: - )
GameHouse Games Collection: Digby's Donuts (HKLM-x32\...\Digby's Donuts) (Version: - )
GameHouse Games Collection: Diner Dash (HKLM-x32\...\Diner Dash) (Version: - )
GameHouse Games Collection: Feeding Frenzy (HKLM-x32\...\Feeding Frenzy) (Version: - )
GameHouse Games Collection: Fiber Twig (HKLM-x32\...\Fiber Twig) (Version: - )
GameHouse Games Collection: Five Card Deluxe (HKLM-x32\...\Five Card Deluxe) (Version: - )
GameHouse Games Collection: Flip Words (HKLM-x32\...\Flip Words) (Version: - )
GameHouse Games Collection: Flying Leo (HKLM-x32\...\Flying Leo) (Version: - )
GameHouse Games Collection: Fortune Tiles Gold (HKLM-x32\...\Fortune Tiles Gold) (Version: - )
GameHouse Games Collection: Fresco Wizard (HKLM-x32\...\Fresco Wizard) (Version: - )
GameHouse Games Collection: GameHouse Sudoku (HKLM-x32\...\GameHouse Sudoku) (Version: - )
GameHouse Games Collection: Gearz (HKLM-x32\...\Gearz) (Version: - )
GameHouse Games Collection: Granny in Paradise (HKLM-x32\...\Granny in Paradise) (Version: - )
GameHouse Games Collection: Gutterball (HKLM-x32\...\Gutterball) (Version: - )
GameHouse Games Collection: Gutterball 2 (HKLM-x32\...\Gutterball 2) (Version: - )
GameHouse Games Collection: Hamsterball (HKLM-x32\...\Hamsterball) (Version: - )
GameHouse Games Collection: Hello! (HKLM-x32\...\Hello!) (Version: - )
GameHouse Games Collection: Holiday Express (HKLM-x32\...\Holiday Express) (Version: - )
GameHouse Games Collection: Iggle Pop! (HKLM-x32\...\Iggle Pop!) (Version: - )
GameHouse Games Collection: Incadia (HKLM-x32\...\Incadia) (Version: - )
GameHouse Games Collection: Incredible Ink (HKLM-x32\...\Incredible Ink) (Version: - )
GameHouse Games Collection: Insaniquarium Deluxe (HKLM-x32\...\Insaniquarium Deluxe) (Version: - )
GameHouse Games Collection: Inspector Parker (HKLM-x32\...\Inspector Parker) (Version: - )
GameHouse Games Collection: Invadazoid (HKLM-x32\...\Invadazoid) (Version: - )
GameHouse Games Collection: Jewel Quest (HKLM-x32\...\Jewel Quest) (Version: - )
GameHouse Games Collection: Lemonade Tycoon (HKLM-x32\...\Lemonade Tycoon) (Version: - )
GameHouse Games Collection: Luxor (HKLM-x32\...\Luxor) (Version: - )
GameHouse Games Collection: Mad Caps (HKLM-x32\...\Mad Caps) (Version: - )
GameHouse Games Collection: Magic Ball (HKLM-x32\...\Magic Ball Deluxe) (Version: - )
GameHouse Games Collection: Magic Ball 2 - New Worlds (HKLM-x32\...\Magic Ball 2 - New Worlds) (Version: - )
GameHouse Games Collection: Magic Ball 2 (HKLM-x32\...\Magic Ball 2) (Version: - )
GameHouse Games Collection: Magic Inlay (HKLM-x32\...\Magic Inlay) (Version: - )
GameHouse Games Collection: Magic Vines (HKLM-x32\...\Magic Vines) (Version: - )
GameHouse Games Collection: Mah Jong Adventures (HKLM-x32\...\Mah Jong Adventures) (Version: - )
GameHouse Games Collection: Mah Jong Medley (HKLM-x32\...\Mah Jong Medley) (Version: - )
GameHouse Games Collection: Mah Jong Quest (HKLM-x32\...\Mah Jong Quest) (Version: - )
GameHouse Games Collection: Mahjong Garden To Go (HKLM-x32\...\Mahjong Garden To Go) (Version: - )
GameHouse Games Collection: Mahjong Towers Eternity (HKLM-x32\...\Mahjong Towers Eternity) (Version: - )
GameHouse Games Collection: Maui Wowee (HKLM-x32\...\Maui Wowee) (Version: - )
GameHouse Games Collection: Phlinx To Go (HKLM-x32\...\Phlinx To Go) (Version: - )
GameHouse Games Collection: Pin High Country Club Golf (HKLM-x32\...\Pin High Country Club Golf) (Version: - )
GameHouse Games Collection: Pizza Frenzy (HKLM-x32\...\Pizza Frenzy) (Version: - )
GameHouse Games Collection: Platypus (HKLM-x32\...\Platypus) (Version: - )
GameHouse Games Collection: Poker Superstars (HKLM-x32\...\Poker Superstars) (Version: - )
GameHouse Games Collection: Puzzle Express (HKLM-x32\...\Puzzle Express) (Version: - )
GameHouse Games Collection: Puzzle Inlay (HKLM-x32\...\Puzzle Inlay) (Version: - )
GameHouse Games Collection: Puzzle Solitaire (HKLM-x32\...\Puzzle Solitaire) (Version: - )
GameHouse Games Collection: QBz (HKLM-x32\...\QBz) (Version: - )
GameHouse Games Collection: Reader's Digest Super Word Power (HKLM-x32\...\Reader's Digest Super Word Power) (Version: - )
GameHouse Games Collection: Ricochet (HKLM-x32\...\Ricochet) (Version: - )
GameHouse Games Collection: Ricochet Lost Worlds - Recharged (HKLM-x32\...\Ricochet Lost Worlds: Recharged) (Version: - )
GameHouse Games Collection: Ricochet Lost Worlds (HKLM-x32\...\Ricochet Lost Worlds) (Version: - )
GameHouse Games Collection: Roller Rush (HKLM-x32\...\Roller Rush) (Version: - )
GameHouse Games Collection: Saints & Sinners Bingo (HKLM-x32\...\Saints & Sinners Bingo) (Version: - )
GameHouse Games Collection: SCRABBLE (HKLM-x32\...\SCRABBLE) (Version: - )
GameHouse Games Collection: Shape Shifter (HKLM-x32\...\Shape Shifter) (Version: - )
GameHouse Games Collection: Slingo Deluxe (HKLM-x32\...\Slingo Deluxe) (Version: - )
GameHouse Games Collection: Spelvin (HKLM-x32\...\Spelvin) (Version: - )
GameHouse Games Collection: Splash (HKLM-x32\...\Splash) (Version: - )
GameHouse Games Collection: Spring Sprang Sprung (HKLM-x32\...\Spring Sprang Sprung) (Version: - )
GameHouse Games Collection: Super 5-Line Slots (HKLM-x32\...\Super 5-Line Slots) (Version: - )
GameHouse Games Collection: Super Blackjack! (HKLM-x32\...\Super Blackjack!) (Version: - )
GameHouse Games Collection: Super Bounce Out! (HKLM-x32\...\Super Bounce Out!) (Version: - )
GameHouse Games Collection: Super Candy Cruncher (HKLM-x32\...\Super Candy Cruncher) (Version: - )
GameHouse Games Collection: Super Collapse! (HKLM-x32\...\Super Collapse!) (Version: - )
GameHouse Games Collection: Super Collapse! II (HKLM-x32\...\Super Collapse! II) (Version: - )
GameHouse Games Collection: Super Collapse! II Platinum (HKLM-x32\...\Super Collapse! II Platinum) (Version: - )
GameHouse Games Collection: Super Fruit Frolic (HKLM-x32\...\Super Fruit Frolic) (Version: - )
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1 (HKLM-x32\...\Super GameHouse Solitaire Vol. 1) (Version: - )
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2 (HKLM-x32\...\Super GameHouse Solitaire Vol. 2) (Version: - )
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3 (HKLM-x32\...\Super GameHouse Solitaire Vol. 3) (Version: - )
GameHouse Games Collection: Super Gem Drop (HKLM-x32\...\Super Gem Drop) (Version: - )
GameHouse Games Collection: Super Glinx! (HKLM-x32\...\Super Glinx!) (Version: - )
GameHouse Games Collection: Super Letter Linker (HKLM-x32\...\Super Letter Linker) (Version: - )
GameHouse Games Collection: Super Mah Jong Solitaire (HKLM-x32\...\Super Mah Jong Solitaire) (Version: - )
GameHouse Games Collection: Super Nisqually (HKLM-x32\...\Super Nisqually) (Version: - )
GameHouse Games Collection: Super PileUp! (HKLM-x32\...\Super PileUp!) (Version: - )
GameHouse Games Collection: Super Pool (HKLM-x32\...\Super Pool) (Version: - )
GameHouse Games Collection: Super Pop & Drop! (HKLM-x32\...\Super Pop & Drop!) (Version: - )
GameHouse Games Collection: Super Rumble Cube (HKLM-x32\...\Super Rumble Cube) (Version: - )
GameHouse Games Collection: Super SpongeBob Collapse! (HKLM-x32\...\Super SpongeBob Collapse!) (Version: - )
GameHouse Games Collection: Super TextTwist (HKLM-x32\...\Super TextTwist) (Version: - )
GameHouse Games Collection: Super WHATword (HKLM-x32\...\Super WHATword) (Version: - )
GameHouse Games Collection: Super Wild Wild Words (HKLM-x32\...\Super Wild Wild Words) (Version: - )
GameHouse Games Collection: Tap a Jam (HKLM-x32\...\Tap a Jam) (Version: - )
GameHouse Games Collection: Ten Pin Championship Bowling Pro (HKLM-x32\...\Ten Pin Championship Bowling Pro) (Version: - )
GameHouse Games Collection: Tennis Titans (HKLM-x32\...\Tennis Titans) (Version: - )
GameHouse Games Collection: Tradewinds 2 (HKLM-x32\...\Tradewinds 2) (Version: - )
GameHouse Games Collection: Trivia Machine (HKLM-x32\...\Trivia Machine) (Version: - )
GameHouse Games Collection: Tropical Swaps (HKLM-x32\...\Tropical Swaps) (Version: - )
GameHouse Games Collection: Tumblebugs (HKLM-x32\...\Tumblebugs) (Version: - )
GameHouse Games Collection: Turtle Bay (HKLM-x32\...\Turtle Bay) (Version: - )
GameHouse Games Collection: Twistingo (HKLM-x32\...\Twistingo) (Version: - )
GameHouse Games Collection: Ultimate Dominoes (HKLM-x32\...\Ultimate Dominoes) (Version: - )
GameHouse Games Collection: Varmintz Deluxe (HKLM-x32\...\Varmintz Deluxe) (Version: - )
GameHouse Games Collection: Walls of Jericho, The (HKLM-x32\...\Walls of Jericho, The) (Version: - )
GameHouse Games Collection: Wheel of Fortune (HKLM-x32\...\Wheel of Fortune) (Version: - )
GameHouse Games Collection: Word Jolt (HKLM-x32\...\Word Jolt) (Version: - )
GameHouse Games Collection: Word Slinger (HKLM-x32\...\Word Slinger) (Version: - )
GameHouse Games Collection: WordJong To Go (HKLM-x32\...\WordJong To Go) (Version: - )
GameHouse Games Collection: Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version: - )
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hitman Pro 3.5 (HKLM-x32\...\HitmanPro35) (Version: 3.5.5.98 - SurfRight B.V.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
ImTranslator for IE (HKLM-x32\...\ImTranslator for IE) (Version: - )
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
iPhone Backup Extractor (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\iPhone Backup Extractor) (Version: 5.1.9.0 - Reincubate Ltd)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.51 - IVONA Software Sp. z o.o.)
IVONA Reader (HKLM-x32\...\IVONA Reader) (Version: - IVONA Software Sp. z o.o.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Light Image Resizer 4.4.1.4 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.4.1.4 - ObviousIdea)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Metal Slug Complete PC 1.0 (HKLM-x32\...\Metal Slug Complete PC) (Version: 1.0 - SNK PLAYMORE)
Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{004F0409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection (HKLM\...\{5677B005-B609-4B5B-9F3C-132BB085D3CF}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Multi (HKLM-x32\...\{7B2C1257-4965-4205-8EFC-71737AAE2C69}) (Version: 6.13.0 - Scania)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.27.1 - NETGEAR Inc.)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
NVIDIA Graphics Driver 311.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.66 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PokerStars.fr (HKLM-x32\...\PokerStars.fr) (Version: - PokerStars.fr)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.16 - ASUS)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SopCast Tv Plugin 5.9 Setup (HKLM-x32\...\SopCast Tv Plugin 5.9 Setup) (Version: - )
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Totally Rad Dirty Pictures 1.5.1 (HKLM-x32\...\Totally Rad Dirty Pictures) (Version: 1.5.1 - Totally Rad!)
Tv_Online (HKLM-x32\...\Tv_Online) (Version: - Tv Online Uninstall)
Unity Web Player (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Web Data Extractor 8.3 (HKLM-x32\...\{2D889173-0C85-4325-8EAE-E6B68BCA71B7}) (Version: 8.3.0.1 - spadixbd.com)
Westwood Shared Internet Components (HKLM-x32\...\WOLAPI) (Version: - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

11-03-2015 10:55:14 Scheduled Checkpoint
20-03-2015 04:58:23 Scheduled Checkpoint
26-03-2015 09:32:32 Removed Dot4
27-03-2015 13:15:34 Point de contrôle créé par HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-03-27 13:17 - 00000019 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07F14C3A-B07B-45CE-8EBD-A961ECB87616} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {08D94BB2-CF63-4159-83CB-F43945C93983} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {113699D2-12AE-49D5-8EDD-6CD5C36696A5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {12650F01-C4B4-48AE-9D0E-466E47F871E0} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2013-01-22] (ASUS)
Task: {22763995-DE96-4B87-B3AD-C4B743290519} - System32\Tasks\Hitman Pro 3.5 Boot Task => C:\Program Files (x86)\Hitman Pro 3.5\HitmanPro35.exe [2010-05-30] (SurfRight B.V.)
Task: {314DC277-E453-460D-84C3-2BC2B28EAEF8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {36F27201-86AC-4123-BEB6-A59F2447CE9E} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe
Task: {3A6643F2-1D41-4485-B6DB-CD34B7EFBDBF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3E95A098-A851-455E-8DA9-708E6816721C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {573E1ACB-80AD-4F66-A1C9-F7DB219AEBA7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {6201E03A-3626-4DC9-A33E-58168C3DC2CD} - System32\Tasks\{4D23D2A9-AB16-4AFB-9AE1-9DDEDA2CFDF8} => pcalua.exe -a F:\AutoStarter.exe -d F:\
Task: {81501A38-0080-4496-B094-43F6E4E058CD} - \FF Watcher {43B1C9E7-D441-4F3B-AC0D-3B1C27E5D758} No Task File <==== ATTENTION
Task: {85C48BF2-93DB-4E64-9565-E82C90CECA65} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {8A4A2C3D-DBD8-4C5A-9333-A0069C322BD8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {9486BF60-C192-476F-8908-B39D961C4504} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {971BFCEA-BEE5-49B5-90B1-F3E09E2FCE08} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-16] (AsusTek)
Task: {A174FFAE-A60A-4DAB-BC23-35BB54B115FB} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {AFEABCD5-9353-4117-B72B-E249D1E47AF3} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid= ... mp;lang=en
Task: {BB325FF4-F22D-4573-8649-6C184553B745} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {DFBCA31F-E395-4A22-8DD4-8E4EAF0BB8BA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {FF086CCE-2494-4634-A665-989BDA300987} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/

==================== Loaded Modules (whitelisted) ==============

2013-11-12 11:50 - 2012-12-06 15:52 - 00136704 _____ () C:\WINDOWS\System32\zlhp2600.dll
2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-01-09 22:17 - 2010-01-09 22:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 03:40 - 2010-01-21 03:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-16 15:45 - 2012-04-16 15:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-15 21:12 - 2011-08-15 21:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-04-16 12:42 - 2012-04-16 12:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 21:12 - 2011-08-15 21:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 21:15 - 2011-08-15 21:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 17:41 - 2011-08-17 17:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 17:48 - 2011-08-17 17:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 17:48 - 2011-08-17 17:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 20:23 - 2011-08-15 20:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-04-16 12:41 - 2012-04-16 12:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 12:56 - 2012-04-16 12:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 12:38 - 2012-04-16 12:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 17:05 - 2011-07-19 17:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 21:17 - 2011-08-15 21:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 17:04 - 2011-07-19 17:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2013-08-20 14:25 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2010-01-09 22:18 - 2010-01-09 22:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-21 03:34 - 2010-01-21 03:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2010-01-09 22:18 - 2010-01-09 22:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-21 16:31 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 16:31 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 16:31 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2010-01-10 03:05 - 2010-01-10 03:05 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-01-10 20:37 - 2010-01-10 20:37 - 00058208 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
2015-03-21 16:31 - 2015-03-14 12:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3588957260-3221095627-2875930436-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\SoundBlaster2\Desktop\mock-up-truck-front.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "V-bates"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Andy"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "Gadwin PrintScreen (64-bit)"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "BluetoothS"
HKU\S-1-5-21-3588957260-3221095627-2875930436-1002\...\StartupApproved\Run: => "IVONA Reader"

==================== Accounts: =============================

Administrator (S-1-5-21-3588957260-3221095627-2875930436-500 - Administrator - Disabled)
Guest (S-1-5-21-3588957260-3221095627-2875930436-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3588957260-3221095627-2875930436-1004 - Limited - Enabled)
SoundBlaster2 (S-1-5-21-3588957260-3221095627-2875930436-1002 - Administrator - Enabled) => C:\Users\SoundBlaster2
UpdatusUser (S-1-5-21-3588957260-3221095627-2875930436-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2015 05:10:05 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/28/2015 11:33:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/27/2015 06:40:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/27/2015 01:15:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(DefaultUserTemplate). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e8f6e3fb-654b-47f2-90cc-71a6223e36df}

Error: (03/27/2015 01:15:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4fc65042-f4a4-4f31-be9c-c04bb239621d}

Error: (03/27/2015 01:15:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(DefaultUserTemplate). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e8f6e3fb-654b-47f2-90cc-71a6223e36df}

Error: (03/26/2015 09:55:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/26/2015 09:32:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(DefaultUserTemplate). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5314c0f8-fcdb-4115-981e-008cbb531e53}

Error: (03/25/2015 01:18:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (03/25/2015 01:13:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (03/29/2015 05:10:53 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/29/2015 05:10:23 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/28/2015 11:32:59 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/28/2015 11:32:15 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/27/2015 06:41:19 PM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/27/2015 06:40:49 PM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/27/2015 06:12:19 PM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/26/2015 09:53:06 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/26/2015 09:52:36 AM) (Source: DCOM) (EventID: 10010) (User: SoundBlaster)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/26/2015 09:37:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1069


Microsoft Office Sessions:
=========================
Error: (03/29/2015 05:10:05 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/28/2015 11:33:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/27/2015 06:40:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/27/2015 01:15:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(DefaultUserTemplate)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e8f6e3fb-654b-47f2-90cc-71a6223e36df}

Error: (03/27/2015 01:15:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4fc65042-f4a4-4f31-be9c-c04bb239621d}

Error: (03/27/2015 01:15:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(DefaultUserTemplate)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e8f6e3fb-654b-47f2-90cc-71a6223e36df}

Error: (03/26/2015 09:55:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/26/2015 09:32:32 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(DefaultUserTemplate)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data
ijo90
Active Member
 
Posts: 7
Joined: March 25th, 2015, 3:53 am

Re: Trojan Infection with FRST Logs

Unread postby ijo90 » March 30th, 2015, 2:53 am

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5314c0f8-fcdb-4115-981e-008cbb531e53}

Error: (03/25/2015 01:18:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

Error: (03/25/2015 01:13:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 12165.73 MB
Available physical RAM: 8657.78 MB
Total Pagefile: 14021.73 MB
Available Pagefile: 8644.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:258.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.6 GB) (Free:281.8 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:3.7 GB) (Free:3.62 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FE9A1DC4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
ijo90
Active Member
 
Posts: 7
Joined: March 25th, 2015, 3:53 am

Re: Trojan Infection with FRST Logs

Unread postby wannabeageek » March 31st, 2015, 12:17 am

ijo90,

Run the following and post the results.

Run CKScanner
  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Infection with FRST Logs

Unread postby ijo90 » March 31st, 2015, 2:47 am

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\help\cracks.html
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\cracks\crumbling
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\cracks\gouges
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\cracks\hairline
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\cracks\long and wide
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\cracks\pock marked
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\cracks\shattered
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\cracks\short and rough
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\cracks\smooth and shallow
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\cracks\spidery
c:\users\soundblaster2\desktop\andrei\photoshop\plug-ins\alien skin xenofex 2\settings\shatter\big cracks
c:\users\soundblaster2\desktop\photowork\nch.inventoria.stock.manager.v3.36.incl.keygen-brd\bism336a.zip
c:\users\soundblaster2\desktop\photowork\nch.inventoria.stock.manager.v3.36.incl.keygen-brd\brd.nfo
c:\users\soundblaster2\desktop\photowork\nch.inventoria.stock.manager.v3.36.incl.keygen-brd\file_id.diz
c:\users\soundblaster2\desktop\photowork\nch.inventoria.stock.manager.v3.36.incl.keygen-brd\invsetup.exe
c:\users\soundblaster2\desktop\photowork\nch.inventoria.stock.manager.v3.36.incl.keygen-brd\keygen\keygen.exe
c:\users\soundblaster2\downloads\microsoft office 2010 professional plus version 14 0 4760 1000 rtm (x64 and x86 - no cd key or crack needed)-[pdu].torrent
c:\users\soundblaster2\downloads\nch.inventoria.stock.manager.v3.36.incl.keygen-brd.rar
c:\users\soundblaster2\downloads\[kickass.to]email.extractor.v3.2.cracked.arn.torrent
c:\users\soundblaster2\downloads\[req]hitman pro v3.5.5 build 98 (32-bit) + crack [rh].torrent
c:\users\soundblaster2\downloads\[scenefz.net]armatactics.beta.cracked-p2pgames.torrent
scanner sequence 3.ZZ.11.JRAPIZ
----- EOF -----
ijo90
Active Member
 
Posts: 7
Joined: March 25th, 2015, 3:53 am

Re: Trojan Infection with FRST Logs

Unread postby Gary R » April 1st, 2015, 12:26 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 323 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware