ColorUService
- Thread starter segal
- Start date
Please refer to the following and reply accordingly so you can be assisted properly - https://www.sysnative.com/forums/security-arena/2507-malware-removal-posting-instructions.html
Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Internet Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe
Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
View attachment Addition_06-02-2015_13-30-12.txtView attachment FRST_06-02-2015_13-30-13.txt
Here are the attachments required.
Thanks for the quick response.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by G56 (administrator) on ASUS on 06-02-2015 13:28:44
Running from C:\Users\G56\Downloads
Loaded Profiles: G56 (Available profiles: G56)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files\pia_manager\pia_manager.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Spotify Ltd) C:\Users\G56\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(http://www.ruby-lang.org/) C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\G56\AppData\Local\Temp\ocr854.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSPanel.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\ASUSWSLoader.exe [63272 2014-12-04] ()
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2014-01-11] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-29] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\Run: [Spotify Web Helper] => C:\Users\G56\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\MountPoints2: {87d78ba4-99d8-11e4-827a-54271ea2e5cc} - "F:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-4019362282-2020168261-1634841575-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4019362282-2020168261-1634841575-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
FireFox:
========
FF ProfilePath: C:\Users\G56\AppData\Roaming\Mozilla\Firefox\Profiles\2cvdvbjc.default-1419943619147
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\G56\AppData\Roaming\Mozilla\Firefox\Profiles\2cvdvbjc.default-1419943619147\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-30]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-23]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-29] (Windows (R) Win 7 DDK provider)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-26] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-29] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-08-06] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-26] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-26] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-05-26] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cpuz136; \??\C:\Users\G56\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
U0 msahci; system32\drivers\msahci.sys
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 13:28 - 2015-02-06 13:29 - 00026368 _____ () C:\Users\G56\Downloads\FRST.txt
2015-02-06 13:28 - 2015-02-06 13:28 - 00000000 ____D () C:\FRST
2015-02-06 13:23 - 2015-02-06 13:23 - 02131968 _____ (Farbar) C:\Users\G56\Downloads\FRST64.exe
2015-02-06 11:16 - 2015-02-06 13:23 - 00033857 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 11:11 - 2015-02-06 13:26 - 00001142 _____ () C:\Windows\setupact.log
2015-02-06 11:11 - 2015-02-06 11:11 - 00001520 _____ () C:\Windows\PFRO.log
2015-02-06 11:11 - 2015-02-06 11:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 10:34 - 2015-02-06 10:34 - 00000765 _____ () C:\Users\G56\.pia_manager_crash.log
2015-02-01 10:38 - 2015-01-31 17:31 - 00001015 _____ () C:\Users\G56\Desktop\Private Internet Access.lnk
2015-01-31 17:33 - 2015-01-31 17:33 - 00000000 ____D () C:\Users\G56\AppData\Roaming\Titanium
2015-01-31 17:31 - 2015-01-31 17:31 - 00003146 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2015-01-31 17:31 - 2015-01-31 17:31 - 00000000 ____D () C:\Users\G56\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2015-01-31 17:30 - 2015-02-01 02:20 - 00000000 ____D () C:\Program Files\pia_manager
2015-01-31 17:30 - 2015-01-31 17:31 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-01-31 17:29 - 2015-01-31 17:29 - 25723531 _____ () C:\Users\G56\Downloads\installer_win.exe
2015-01-28 23:02 - 2015-01-28 23:02 - 05135288 _____ (Piriform Ltd) C:\Users\G56\Downloads\spsetup128.exe
2015-01-27 19:51 - 2015-01-27 19:51 - 00016508 _____ () C:\Users\G56\Desktop\StudentRemoteDesktop-FastBroadband.RDP
2015-01-26 18:35 - 2015-01-26 18:35 - 00058639 _____ () C:\Users\G56\Downloads\CupDispencerSTEP.zip
2015-01-26 18:01 - 2015-01-26 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 03:02 - 2015-01-10 08:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 03:02 - 2015-01-10 08:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 03:02 - 2015-01-10 08:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-20 21:47 - 2015-01-20 21:47 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-20 21:47 - 2015-01-20 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-20 21:46 - 2015-01-20 21:47 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-20 21:46 - 2015-01-20 21:47 - 00000000 ____D () C:\Program Files\iTunes
2015-01-20 21:46 - 2015-01-20 21:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-20 21:46 - 2015-01-20 21:46 - 00000000 ____D () C:\Program Files\iPod
2015-01-14 19:37 - 2014-12-19 06:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:37 - 2014-12-12 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:37 - 2014-12-12 00:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 19:37 - 2014-12-09 01:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:37 - 2014-12-08 19:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 19:37 - 2014-12-08 19:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 19:37 - 2014-12-08 19:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 19:37 - 2014-12-08 19:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 19:37 - 2014-12-08 19:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 19:37 - 2014-12-08 19:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 19:37 - 2014-12-08 19:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 19:37 - 2014-12-08 19:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 19:37 - 2014-12-06 03:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 19:37 - 2014-12-06 01:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:37 - 2014-12-06 01:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 19:37 - 2014-10-29 04:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 19:37 - 2014-10-29 04:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 19:37 - 2014-10-29 03:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 19:37 - 2014-10-29 03:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 19:37 - 2014-10-29 03:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 19:37 - 2014-10-29 03:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 19:37 - 2014-10-29 03:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 19:37 - 2014-10-29 03:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 19:37 - 2014-10-29 03:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 19:37 - 2014-10-29 03:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 19:37 - 2014-10-29 03:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 19:37 - 2014-10-29 02:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 19:37 - 2014-10-29 01:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 19:37 - 2014-10-29 01:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 19:37 - 2014-10-29 01:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 19:37 - 2014-10-29 01:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 00:13 - 2014-12-13 10:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-14 00:13 - 2014-12-13 10:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-13 23:58 - 2015-01-13 23:58 - 00000000 ____D () C:\Users\G56\Documents\My Games
2015-01-13 23:58 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-13 23:58 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-13 23:58 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-13 23:58 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-13 23:58 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-13 22:36 - 2015-01-13 22:36 - 00000221 _____ () C:\Users\G56\Desktop\Borderlands 2.url
2015-01-13 22:36 - 2015-01-13 22:36 - 00000000 ____D () C:\Users\G56\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-13 22:04 - 2015-02-06 11:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-13 22:04 - 2015-01-13 22:04 - 00000981 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-01-13 22:04 - 2015-01-13 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-13 21:54 - 2015-01-13 21:54 - 01142128 _____ () C:\Users\G56\Downloads\SteamSetup.exe
2015-01-12 17:47 - 2015-01-12 17:47 - 00000000 ____D () C:\Users\G56\AppData\Roaming\HTC
2015-01-12 17:46 - 2015-02-06 11:15 - 00000000 ____D () C:\Users\G56\AppData\Local\HTC MediaHub
2015-01-12 17:46 - 2015-01-12 17:47 - 00000000 ____D () C:\Users\G56\Documents\HTC
2015-01-12 17:46 - 2015-01-12 17:46 - 00000000 ____D () C:\Users\G56\.android
2015-01-12 17:45 - 2015-01-12 17:45 - 00002049 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2015-01-12 17:45 - 2015-01-12 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-01-12 17:45 - 2015-01-12 17:45 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2015-01-12 17:43 - 2015-01-12 17:43 - 00000000 ____D () C:\Users\G56\AppData\Local\Downloaded Installations
2015-01-12 17:42 - 2015-01-12 17:45 - 00000000 ____D () C:\Program Files (x86)\HTC
2015-01-12 17:41 - 2015-01-23 03:06 - 00000000 ____D () C:\Temp
2015-01-12 17:41 - 2015-01-12 17:41 - 00000000 ____D () C:\ProgramData\HTC
2015-01-12 17:37 - 2015-01-12 17:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-07 13:49 - 2015-01-07 13:49 - 05317104 _____ (Piriform Ltd) C:\Users\G56\Downloads\ccsetup501.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 13:29 - 2013-12-17 05:44 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 13:24 - 2014-09-26 14:15 - 00004950 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ASUS-G56 ASUS
2015-02-06 13:22 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-06 12:16 - 2014-08-12 02:28 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4019362282-2020168261-1634841575-1001
2015-02-06 11:57 - 2014-10-18 15:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 11:20 - 2014-08-12 02:24 - 00000000 ____D () C:\Users\G56\AppData\Roaming\WebStorage
2015-02-06 11:17 - 2014-08-12 18:24 - 00000073 _____ () C:\Users\G56\AppData\Roaming\sp_data.sys
2015-02-06 11:16 - 2014-09-26 14:19 - 00000000 ___DO () C:\Users\G56\OneDrive
2015-02-06 11:15 - 2014-08-23 05:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-06 11:11 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 11:10 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-06 10:54 - 2014-10-12 10:41 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-06 10:49 - 2014-08-12 02:39 - 00000000 ____D () C:\Users\G56\AppData\Local\Google
2015-02-06 10:34 - 2014-08-12 18:22 - 00000000 ____D () C:\Users\G56
2015-02-06 10:32 - 2014-08-12 02:36 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{613383B4-8494-453F-B8FF-3F7B35067DE1}
2015-02-06 00:17 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-05 18:56 - 2014-09-24 13:38 - 00000000 ____D () C:\Users\G56\Desktop\University Stuff
2015-02-05 17:24 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-05 00:01 - 2014-10-08 20:06 - 00000000 ____D () C:\Users\G56\AppData\Roaming\Spotify
2015-02-04 19:58 - 2014-10-18 15:42 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 17:18 - 2014-10-08 20:07 - 00000000 ____D () C:\Users\G56\AppData\Local\Spotify
2015-02-01 01:32 - 2014-09-13 14:07 - 00000000 ____D () C:\Users\G56\AppData\Local\CrashDumps
2015-01-30 23:34 - 2014-08-22 12:39 - 00000000 ____D () C:\Asus WebStorage
2015-01-28 23:04 - 2014-08-12 11:38 - 00000810 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-01-28 23:03 - 2014-08-12 11:38 - 00000000 ____D () C:\Program Files\Speccy
2015-01-28 15:48 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-26 23:32 - 2014-08-12 02:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 16:19 - 2014-08-19 07:19 - 00000000 ____D () C:\Users\G56\Desktop\BSP
2015-01-25 15:56 - 2014-08-12 18:22 - 00000000 ____D () C:\Users\G56\AppData\Local\Packages
2015-01-24 20:20 - 2014-11-13 23:37 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 20:20 - 2014-11-13 23:37 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 03:06 - 2014-05-20 14:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-21 02:24 - 2014-08-12 02:48 - 00000000 ____D () C:\Users\G56\AppData\Roaming\Apple Computer
2015-01-20 21:46 - 2014-08-29 01:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-20 21:46 - 2014-08-12 02:48 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-20 21:46 - 2014-08-12 02:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-16 06:41 - 2014-10-12 11:41 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 06:41 - 2014-10-12 11:41 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 06:41 - 2014-10-12 11:41 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 06:41 - 2014-10-12 11:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-15 14:20 - 2014-08-15 12:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 14:12 - 2014-08-15 12:55 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 00:05 - 2013-08-22 14:44 - 05099192 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-12 17:46 - 2014-08-12 02:48 - 00000000 ____D () C:\Users\G56\AppData\Local\Apple Computer
2015-01-10 08:07 - 2014-05-20 14:42 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-10 08:07 - 2014-05-20 14:42 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-09 23:30 - 2014-05-20 14:43 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-09 23:30 - 2014-05-20 14:43 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-09 23:29 - 2014-05-20 14:43 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-09 23:29 - 2014-05-20 14:43 - 01097872 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-01-09 23:29 - 2014-05-20 14:43 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-09 23:29 - 2014-05-20 14:43 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-09 23:29 - 2014-05-20 14:43 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-01-09 23:29 - 2014-05-20 14:43 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-09 20:16 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-09 19:47 - 2014-05-20 14:43 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-07 13:50 - 2014-08-12 02:53 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-07 13:50 - 2014-08-12 02:53 - 00000000 ____D () C:\Program Files\CCleaner
==================== Files in the root of some directories =======
2014-08-12 18:24 - 2015-02-06 11:17 - 0000073 _____ () C:\Users\G56\AppData\Roaming\sp_data.sys
2014-11-23 19:42 - 2014-11-23 21:53 - 0000337 _____ () C:\Users\G56\AppData\Local\Perfmon.PerfmonCfg
2014-05-20 14:45 - 2014-05-20 14:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-17 05:36 - 2012-09-07 11:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-12-17 05:36 - 2009-07-22 10:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-17 05:36 - 2012-09-07 11:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-05-20 15:02 - 2014-05-20 15:02 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-05-20 15:01 - 2014-05-20 15:02 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2014-05-20 15:00 - 2014-05-20 15:01 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-05 18:08
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by G56 at 2015-02-06 13:29:38
Running from C:\Users\G56\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ASUS Video Magic 10 (x32 Version: 10.0.0.8404 - CyberLink Corp.) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.7 - ASUS)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.1.5 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0.0.8404 - CyberLink Corp.)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5920.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5920.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.9.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.0 - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.458 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.25 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
21-01-2015 14:51:41 Scheduled Checkpoint
28-01-2015 15:47:06 Windows Update
06-02-2015 12:25:13 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0AEB1AD9-2077-4747-82BD-F3EA21F71F23} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-01-22] (Realtek Semiconductor)
Task: {16F2340E-81B0-47D7-A978-57DDF9863E23} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {203E99D8-F56C-4B96-9942-2ACF44AA0E29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {30153512-9105-475E-BB36-4CCC3E51CF5F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {422B8578-5B27-4A13-9D72-33D9147CAB78} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-01-13] (Realtek Semiconductor)
Task: {428345A3-C5F1-44C2-82D2-E234FDC24AC8} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {4487FDCC-FC5B-44B9-9300-D75FBB58656E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {510AB47F-C414-434C-8E9C-659EB8370705} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {563F345D-F690-4CD8-B652-42AC030B4921} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {77BBEC57-3CBD-4EC1-B273-23762D16CD0A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ASUS-G56 ASUS => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {87B08D0F-5C77-467A-9FF0-46ED314E731C} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
Task: {8EB0141A-EE5E-4C55-953F-33917C6530F0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {8EE01D3D-156C-4AFA-9A18-8114439F009E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {932E260A-D78C-4FB3-8484-1D342C19ABCD} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-01-31] ()
Task: {A77DC966-07B9-47A1-9706-9E7A69525DB4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {AF3ADAEF-A04C-4762-BFFB-69F0B3567791} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {B06BEE96-7B98-4D4E-9175-DFFFF6C2106E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation)
Task: {B13A05C4-8B5B-4581-BD7D-CD40E11ACDB5} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {EBC37F14-C2FD-44BE-8891-9F4CFC3F5120} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F8C1017B-6B6D-46F6-B502-5D3FC62A3940} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {FAE45A2E-A3B9-4903-B740-D4CDE9E07C71} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {FF3F379E-E02C-4C89-B791-4D04450E5BDE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-05-20 14:43 - 2015-01-09 23:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-26 10:09 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-29 23:01 - 2013-08-29 23:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-11-21 22:59 - 2014-09-23 13:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-08-12 02:38 - 2009-12-12 22:12 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-12-18 15:10 - 2014-12-18 15:10 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-11-29 05:35 - 2013-11-29 05:35 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-11-29 05:32 - 2013-11-29 05:32 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-29 05:38 - 2013-11-29 05:38 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-05-20 15:02 - 2013-05-15 21:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2015-01-31 17:30 - 2015-01-31 17:31 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-12-04 07:37 - 2014-12-04 07:37 - 01358120 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSService.exe
2014-11-21 22:59 - 2014-11-21 22:59 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream64.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2015-01-31 17:30 - 2015-01-31 17:31 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2014-07-31 04:16 - 2014-07-31 04:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 04:35 - 2013-06-17 04:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 06:52 - 2013-05-08 06:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-12-18 15:06 - 2014-12-18 15:06 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 15:11 - 2014-12-18 15:11 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 15:14 - 2014-12-18 15:14 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-05-20 14:50 - 2013-10-23 20:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-09-10 01:23 - 2013-09-10 01:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-09 03:41 - 2013-10-09 03:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-01-13 22:08 - 2014-12-01 21:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-13 22:08 - 2014-12-01 21:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-13 22:08 - 2014-12-01 21:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-13 22:08 - 2014-12-01 21:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-13 22:09 - 2014-11-11 18:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 21:50 - 2014-12-02 00:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-13 22:09 - 2015-01-23 22:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-19 21:50 - 2014-12-02 00:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 21:50 - 2014-12-02 00:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-13 22:08 - 2014-12-01 21:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-13 22:08 - 2015-01-23 22:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-13 22:08 - 2015-01-15 23:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-02-06 11:16 - 2015-02-06 11:16 - 00012800 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00009728 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00014848 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-02-06 11:15 - 2015-02-06 11:15 - 00094208 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\src\rgloader\rgloader193.mswin.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00009216 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00094208 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00126976 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00087552 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00016384 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00127316 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\bin\libffi-6.dll
2015-02-06 11:16 - 2015-02-06 11:16 - 00008704 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00013312 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00095744 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00026624 _____ () C:\Users\G56\AppData\Local\Temp\ocrAFB9.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00012800 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00009728 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00014848 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00094208 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\src\rgloader\rgloader193.mswin.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00094208 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00118784 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00069120 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00083968 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\bin\zlib1.dll
2015-02-06 11:16 - 2015-02-06 11:16 - 00026624 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00275968 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00015360 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00008192 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00009216 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00023552 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00008704 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00008704 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00008704 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00008704 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00036352 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00126976 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00087552 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00016384 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00127316 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\bin\libffi-6.dll
2015-02-06 11:16 - 2015-02-06 11:16 - 00013312 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00095744 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-02-06 11:16 - 2015-02-06 11:16 - 00026624 _____ () C:\Users\G56\AppData\Local\Temp\ocr854.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-01-31 17:30 - 2015-01-31 17:31 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-01-31 17:30 - 2015-01-31 17:31 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-01-26 18:01 - 2015-01-26 18:01 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\G56\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\G56\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\StartupApproved\Run: => "Spotify"
==================== Accounts: =============================
Administrator (S-1-5-21-4019362282-2020168261-1634841575-500 - Administrator - Disabled)
G56 (S-1-5-21-4019362282-2020168261-1634841575-1001 - Administrator - Enabled) => C:\Users\G56
Guest (S-1-5-21-4019362282-2020168261-1634841575-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 00:20:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Error: (02/06/2015 11:08:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/06/2015 10:45:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1a40
Start Time: 01d041f9b227feca
Termination Time: 658
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Report Id: 38ca0ce2-aded-11e4-8280-54271ea2e5cc
Faulting package full name:
Faulting package-relative application ID:
Error: (02/06/2015 10:40:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/06/2015 10:40:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WWAHost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 2f8
Start Time: 01d041f938f8c80f
Termination Time: 4294967295
Application Path: C:\Windows\System32\WWAHost.exe
Report Id: 7ccfa6d7-adec-11e4-8280-54271ea2e5cc
Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: Windows.Store
Error: (02/06/2015 10:39:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ASUS)
Description: App winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store did not launch within its allotted time.
Error: (02/06/2015 00:25:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15078
Error: (02/06/2015 00:25:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15078
Error: (02/06/2015 00:25:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/05/2015 06:15:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
System errors:
=============
Error: (02/06/2015 11:10:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NvNetworkService service.
Error: (02/06/2015 11:10:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
Error: (02/06/2015 11:10:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Asus WebStorage Windows Service service.
Error: (02/06/2015 11:09:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062
Error: (02/06/2015 11:09:06 AM) (Source: DCOM) (EventID: 10010) (User: ASUS)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/06/2015 11:09:00 AM) (Source: DCOM) (EventID: 10010) (User: ASUS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/06/2015 11:09:00 AM) (Source: DCOM) (EventID: 10010) (User: ASUS)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/06/2015 11:08:56 AM) (Source: DCOM) (EventID: 10010) (User: ASUS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/06/2015 11:08:55 AM) (Source: DCOM) (EventID: 10010) (User: ASUS)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/06/2015 11:08:54 AM) (Source: DCOM) (EventID: 10010) (User: ASUS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Microsoft Office Sessions:
=========================
Error: (02/06/2015 00:20:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe
Error: (02/06/2015 11:08:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
Error: (02/06/2015 10:45:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.55001a4001d041f9b227feca658C:\Program Files (x86)\Mozilla Firefox\firefox.exe38ca0ce2-aded-11e4-8280-54271ea2e5cc
Error: (02/06/2015 10:40:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927142
Error: (02/06/2015 10:40:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.170312f801d041f938f8c80f4294967295C:\Windows\System32\WWAHost.exe7ccfa6d7-adec-11e4-8280-54271ea2e5ccwinstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store
Error: (02/06/2015 10:39:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ASUS)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store
Error: (02/06/2015 00:25:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15078
Error: (02/06/2015 00:25:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15078
Error: (02/06/2015 00:25:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/05/2015 06:15:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe
CodeIntegrity Errors:
===================================
Date: 2014-08-23 09:48:18.066
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-08-23 09:48:17.711
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-08-21 15:03:41.411
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-08-21 15:03:41.255
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Last edited by a moderator:
Hi, segal. Welcome to Sysnative.
The issue you are having does not appear to be a security issue. However, before I point you to the instructions, please note that you have an out-dated version of Java on your computer. Although most people do not need Java (see Java, The Never-Ending Saga, if you do for online gaming and the like, you should at least uninstall the old version, Java 7 Update 31.
As to the ASUS ColorUService, corruptions with the CNBJ2530.DPB file appear to be common in Windows 8 and 8.1. Reproduced below are the fevised instructions for this issue from GUIDE: CNBJ2530.DPB and prncacla.inf Corruptions - Windows 8/8.1.
Use DISM -
If this does not solve your problem, please let us know.
The issue you are having does not appear to be a security issue. However, before I point you to the instructions, please note that you have an out-dated version of Java on your computer. Although most people do not need Java (see Java, The Never-Ending Saga, if you do for online gaming and the like, you should at least uninstall the old version, Java 7 Update 31.
As to the ASUS ColorUService, corruptions with the CNBJ2530.DPB file appear to be common in Windows 8 and 8.1. Reproduced below are the fevised instructions for this issue from GUIDE: CNBJ2530.DPB and prncacla.inf Corruptions - Windows 8/8.1.
Use DISM -
- Press the Windows Key on your keyboard and X to open up the Power User Tasks Menu
- Click (or tap) Command Prompt (admin)
- When command prompt opens, copy and paste the following commands into it, press enter after each
DISM.exe /Online /Cleanup-image /Restorehealth
Wait for this to finish before you continue (approximately 15-20 minutes)
sfc /scannow
Wait for this to finish before you continue (approximately another 15 minutes)
If this does not solve your problem, please let us know.
Further to Corrine's advice, if DISM stills at 40%, also please let us know. At the present time there is a bug in DISM (which we're currently trying to specifically identify so that we can report it to MS) which is causing DISM to stall on certain computers with a particular installed update from the last patch Tuesday (we're still trying to figure out which one). Since your computer does not have a Windows Update issue, and so it's likely you've got all Windows Updates installed, you're in a fairly high risk category for DISM stalling. It won't cause any issues though, we'll just fix the corruption manually if we need to.
Richard
Richard
Hi, segal.
Since that didn't work, I edited your post and pasted your logs rather than jumping back and forth between Notepad and the browser to do research. While doing that research, I ran across a similar situation as yours with ColorU preventing shutdown. Strangely, merely removing adware solved that person's problem. So, what I'd like you to do is follow the instructions below and we'll see if it helps.
1. Please do the following to run FRST:
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
2. FRST will automatically restart your computer. However, it will have closed all processes. Thus, after your computer restarts, please shut down/restart again. Let me know if you had to end the ColorU Service or if the computer shut down normally.
Since that didn't work, I edited your post and pasted your logs rather than jumping back and forth between Notepad and the browser to do research. While doing that research, I ran across a similar situation as yours with ColorU preventing shutdown. Strangely, merely removing adware solved that person's problem. So, what I'd like you to do is follow the instructions below and we'll see if it helps.
1. Please do the following to run FRST:
- Click Start
- Type notepad.exe in the search programs and files box and click Enter.
- A blank Notepad page should open.
- Copy/Paste the contents of the code box below, beginning with "start" and including "end" into Notepad.
Code:
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\Run: [AdobeBridge] => [X]
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\DP45977C.lfl
C:\ProgramData\SetStretch.cmd
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/d...nlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/d...nlhhddbepgkeaa [Not Found]
end- Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please copy/paste the the log in your next reply.
2. FRST will automatically restart your computer. However, it will have closed all processes. Thus, after your computer restarts, please shut down/restart again. Let me know if you had to end the ColorU Service or if the computer shut down normally.
It shutdown without having to end ColorUService, thanks so much.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by G56 at 2015-02-08 10:47:33 Run:1
Running from C:\Users\G56\Downloads\Farbar
Loaded Profiles: G56 (Available profiles: G56)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\Run: [AdobeBridge] => [X]
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\DP45977C.lfl
C:\ProgramData\SetStretch.cmd
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/d...nlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/d...nlhhddbepgkeaa [Not Found]
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\SetStretch.cmd => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
EmptyTemp: => Removed 426.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 10:48:44 ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by G56 at 2015-02-08 10:47:33 Run:1
Running from C:\Users\G56\Downloads\Farbar
Loaded Profiles: G56 (Available profiles: G56)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\...\Run: [AdobeBridge] => [X]
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\ProgramData\DP45977C.lfl
C:\ProgramData\SetStretch.cmd
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/d...nlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/d...nlhhddbepgkeaa [Not Found]
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4019362282-2020168261-1634841575-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\SetStretch.cmd => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
EmptyTemp: => Removed 426.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 10:48:44 ====
:dance: That is great news!
If you haven't yet, please be sure to uninstall the outdated Java 7 Update 31, mentioned previously.
Let's take care of removing the tools used. Please download Delfix from here.
Ensure the following boxes are checked:
If you haven't yet, please be sure to uninstall the outdated Java 7 Update 31, mentioned previously.
Let's take care of removing the tools used. Please download Delfix from here.
Ensure the following boxes are checked:
- Remove disinfection tools
- Create registry backup
- Purge system restore
- Click Run
Has Sysnative Forums helped you? Please consider donating to help us support the site!