Avira Antivirus detected and quarantined virus TR/Black.Gen 2. A follow up scan with AdwCleaner detected file: swdumon, however I'm unsure if AdwCleaner fully removed this, as it showed up on follow up scans. Many thanks for your assistance.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Asus (administrator) on G751 on 26-06-2015 07:19:48
Running from C:\Users\Asus\Downloads
Loaded Profiles: Asus (Available Profiles: Asus)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files\pia_manager\pia_manager.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(http://www.ruby-lang.org/) C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(BitTorrent Inc.) C:\Users\Asus\AppData\Roaming\BitTorrent\BitTorrent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(http://www.ruby-lang.org/) C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276040 2014-05-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Cyberlink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492808 2014-05-06] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Asus\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-30] (Oracle Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-30] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218

FireFox:
========
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8vu0kf5j.default-1435048585900
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-30] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: British English Dictionary - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8vu0kf5j.default-1435048585900\Extensions\en-GB@dictionaries.addons.mozilla.org [2015-06-23]
FF Extension: WOT - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8vu0kf5j.default-1435048585900\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-23]
FF Extension: uBlock - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8vu0kf5j.default-1435048585900\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-06-23]

Chrome:
=======
CHR StartupUrls: Default -> "https://uk.search.yahoo.com/?type=888596&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> 8790E33947437775DAB9AF3BD2BE78BE1975A67113FC29AEF2D0BE14163FF033
CHR DefaultSearchURL: Default -> B0DEBF26C478ED495FBDD48396ED9D96D78924FF37D82B6A9E4F532A7940EB57
CHR Profile: C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-16]
CHR Extension: (WOT) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-03-16]
CHR Extension: (YouTube) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-16]
CHR Extension: (Adblock Plus) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-16]
CHR Extension: (Google Search) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-16]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2015-04-15]
CHR Extension: (Google Sheets) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Avira Browser Safety) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]
CHR Extension: (Gmail) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-05-09] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-17] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [131312 2015-03-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-17] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-06-05] (Intel(R) Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-04-16] (Avira Operations GmbH & Co. KG)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-19] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-05-21] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-17] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-06-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-06-26] (SlimWare Utilities, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 07:19 - 2015-06-26 07:19 - 00021299 _____ C:\Users\Asus\Downloads\FRST.txt
2015-06-26 07:17 - 2015-06-26 07:19 - 00000000 ____D C:\FRST
2015-06-26 07:17 - 2015-06-26 07:17 - 02112512 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2015-06-26 07:03 - 2015-06-26 07:03 - 02244096 _____ C:\Users\Asus\Downloads\adwcleaner_4.207(1).exe
2015-06-26 06:56 - 2015-06-26 07:04 - 00000000 ____D C:\AdwCleaner
2015-06-26 06:55 - 2015-06-26 06:55 - 02244096 _____ C:\Users\Asus\Downloads\adwcleaner_4.207.exe
2015-06-26 06:27 - 2015-06-26 06:28 - 00000000 ____D C:\Games
2015-06-25 15:28 - 2015-06-26 07:05 - 00001276 _____ C:\Windows\setupact.log
2015-06-25 15:28 - 2015-06-25 15:28 - 00000000 _____ C:\Windows\setuperr.log
2015-06-25 10:29 - 2015-06-25 10:29 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-06-25 10:29 - 2015-06-17 10:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-25 10:29 - 2015-06-17 10:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-25 10:29 - 2015-06-17 10:10 - 00117392 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-25 10:29 - 2015-06-17 10:10 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-06-25 10:29 - 2015-06-17 07:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-21 06:45 - 2015-06-25 10:32 - 00000000 ____D C:\Program Files (x86)\Update Notifier
2015-06-21 06:45 - 2015-06-21 06:47 - 00000000 ____D C:\Users\Asus\AppData\Roaming\cspa
2015-06-21 05:46 - 2015-06-21 06:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-21 05:46 - 2015-06-21 05:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-21 05:46 - 2015-06-21 05:46 - 00001409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-21 05:46 - 2015-06-21 05:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-20 06:14 - 2015-06-20 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-20 06:14 - 2015-06-20 06:14 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-20 06:14 - 2015-06-20 06:14 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-20 06:14 - 2015-06-20 06:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-17 10:50 - 2015-06-17 10:50 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-17 10:50 - 2015-06-17 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-17 10:50 - 2015-06-17 10:50 - 00000000 ____D C:\Program Files\CCleaner
2015-06-13 21:47 - 2015-06-13 21:47 - 00000299 _____ C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2015-06-10 15:02 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 15:02 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 15:02 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 15:02 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 15:02 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 15:02 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 15:02 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 15:02 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 15:02 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 15:02 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 15:02 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 15:02 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 15:02 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 15:02 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 15:02 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 15:02 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 15:02 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 15:02 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 15:02 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 15:02 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 15:02 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 15:02 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 15:02 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 15:02 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 15:02 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 15:02 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 15:02 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 15:02 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 15:02 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 15:02 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 15:02 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 15:02 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 15:02 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 15:02 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 15:02 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 15:02 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 15:02 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 15:02 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 15:02 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 15:02 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 15:02 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 15:02 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 15:02 - 2015-05-22 14:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 15:02 - 2015-05-21 14:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 15:02 - 2015-05-21 14:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 15:02 - 2015-05-21 14:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 15:02 - 2015-05-21 14:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 15:02 - 2015-05-21 14:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 15:02 - 2015-05-21 14:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 15:02 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 15:02 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 15:02 - 2015-04-16 23:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 15:02 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-10 15:02 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-10 15:02 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-10 15:02 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-10 15:02 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-10 15:02 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-10 15:02 - 2015-04-08 23:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-10 15:02 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-10 15:02 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-10 15:02 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-10 15:02 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-10 15:02 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-10 15:02 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-10 15:02 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-10 15:02 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-10 15:02 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-10 15:02 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-10 15:02 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 15:02 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-10 15:02 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-10 15:02 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-10 15:02 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-10 15:02 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-10 15:02 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-10 15:02 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-10 15:02 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-10 15:02 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-10 15:02 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-10 15:01 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-08 07:28 - 2015-06-25 10:29 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-08 07:28 - 2015-05-28 08:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-08 07:28 - 2015-05-28 08:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-08 07:28 - 2015-05-28 08:04 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-08 07:28 - 2015-05-28 08:04 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-08 06:59 - 2015-06-25 05:20 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Skype
2015-06-04 04:51 - 2013-08-22 14:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150604-045130.backup
2015-06-03 13:53 - 2015-06-03 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-06-02 06:22 - 2015-06-02 06:22 - 00000000 ____D C:\Users\Asus\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 07:16 - 2015-03-03 09:48 - 01586919 _____ C:\Windows\WindowsUpdate.log
2015-06-26 07:15 - 2015-03-05 16:11 - 00000000 ____D C:\Users\Asus\AppData\Roaming\BitTorrent
2015-06-26 07:14 - 2015-03-06 11:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-26 07:11 - 2013-12-13 12:27 - 00810868 _____ C:\Windows\system32\perfh013.dat
2015-06-26 07:11 - 2013-12-13 12:27 - 00166216 _____ C:\Windows\system32\perfc013.dat
2015-06-26 07:11 - 2013-12-13 12:11 - 00814850 _____ C:\Windows\system32\perfh00C.dat
2015-06-26 07:11 - 2013-12-13 12:11 - 00163070 _____ C:\Windows\system32\perfc00C.dat
2015-06-26 07:11 - 2013-12-13 05:09 - 02783592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-26 07:10 - 2015-03-03 11:59 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4202764557-1761152932-1492796901-1001
2015-06-26 07:05 - 2015-05-07 10:10 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-06-26 07:05 - 2015-05-07 10:10 - 00000418 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2015-06-26 07:05 - 2015-03-03 11:54 - 00000093 _____ C:\Users\Asus\AppData\Roaming\sp_data.sys
2015-06-26 07:05 - 2015-03-03 09:52 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-26 07:05 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-26 07:04 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-26 07:01 - 2015-03-08 10:14 - 00000000 __SHD C:\Users\Asus\AppData\Local\EmieUserList
2015-06-26 07:01 - 2015-03-08 10:14 - 00000000 __SHD C:\Users\Asus\AppData\Local\EmieSiteList
2015-06-26 07:01 - 2015-03-08 10:14 - 00000000 __SHD C:\Users\Asus\AppData\Local\EmieBrowserModeList
2015-06-26 07:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-26 06:57 - 2015-03-06 15:34 - 00000000 __RDO C:\Users\Asus\OneDrive
2015-06-26 02:59 - 2015-03-16 12:53 - 00000000 ____D C:\Users\Asus\AppData\Roaming\vlc
2015-06-26 02:25 - 2015-03-05 15:41 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{31481147-3A5A-4832-888E-FFA8D7CBFAFF}
2015-06-25 12:00 - 2015-05-11 07:34 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-06-25 12:00 - 2015-05-11 07:34 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-06-25 11:47 - 2015-03-03 10:05 - 00000000 ____D C:\ProgramData\Temp
2015-06-25 11:46 - 2015-03-12 22:26 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-06-25 10:30 - 2015-03-03 09:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-25 10:17 - 2015-03-06 11:35 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-25 10:17 - 2015-03-05 17:43 - 00000000 ____D C:\Users\Asus\AppData\Local\Adobe
2015-06-25 07:24 - 2015-03-08 07:14 - 00000000 ____D C:\Users\Asus\AppData\Local\PokerStars.UK
2015-06-24 09:42 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-23 08:18 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-20 12:56 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-20 04:02 - 2015-03-06 15:07 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-20 04:02 - 2015-03-06 15:07 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 04:52 - 2015-03-03 11:54 - 00000000 ____D C:\Users\Asus
2015-06-17 10:10 - 2015-03-03 09:52 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-17 10:10 - 2015-03-03 09:52 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-17 10:10 - 2015-03-03 09:52 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-17 10:10 - 2015-03-03 09:52 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-17 10:10 - 2015-03-03 09:52 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-06-17 10:10 - 2015-03-03 09:52 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-06-17 10:10 - 2015-03-03 09:51 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-17 10:10 - 2015-03-03 09:51 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-17 10:10 - 2015-03-03 09:51 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-17 10:10 - 2015-03-03 09:51 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-17 10:10 - 2015-03-03 09:51 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-06-17 10:10 - 2015-03-03 09:51 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-06-17 10:10 - 2015-03-03 09:51 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-17 07:48 - 2015-03-03 09:52 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-17 07:48 - 2015-03-03 09:52 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-17 07:48 - 2015-03-03 09:52 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-17 07:48 - 2015-03-03 09:52 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-17 07:48 - 2015-03-03 09:52 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-17 07:48 - 2015-03-03 09:52 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-15 14:04 - 2015-05-23 09:14 - 00001134 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-15 14:04 - 2015-05-23 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-15 14:04 - 2015-05-23 09:14 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-15 14:04 - 2015-03-03 09:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-14 04:20 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-06-11 14:45 - 2015-03-08 07:13 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
2015-06-11 04:53 - 2013-08-22 15:44 - 00337976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 04:52 - 2015-03-25 08:10 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 04:52 - 2015-03-25 08:10 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 04:52 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-11 04:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-06-11 04:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-06-11 04:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 21:36 - 2015-03-05 16:56 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 21:35 - 2015-03-05 16:56 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 10:37 - 2015-05-23 09:16 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 10:37 - 2015-05-23 09:16 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-08 09:26 - 2015-05-01 06:34 - 00000000 ____D C:\Users\Asus\AppData\Local\SlimWare Utilities Inc
2015-06-08 09:02 - 2015-04-05 02:57 - 00000000 ____D C:\Windows\Minidump
2015-06-08 06:59 - 2015-03-08 06:52 - 00000000 ____D C:\ProgramData\Skype
2015-06-04 05:05 - 2015-04-02 12:42 - 00001017 _____ C:\Windows\wininit.ini
2015-06-02 15:11 - 2015-03-03 09:52 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-05-31 05:06 - 2015-03-08 06:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-28 08:04 - 2015-03-03 09:51 - 00052880 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

==================== Files in the root of some directories =======

2015-03-03 11:54 - 2015-06-26 07:05 - 0000093 _____ () C:\Users\Asus\AppData\Roaming\sp_data.sys
2015-03-10 09:15 - 2015-03-10 09:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-03-03 09:56 - 2015-03-03 09:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-13 05:09 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd

Some files in TEMP:
====================
C:\Users\Asus\AppData\Local\Temp\avgnt.exe
C:\Users\Asus\AppData\Local\Temp\Quarantine.exe
C:\Users\Asus\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-16 07:04

==================== End of log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Asus at 2015-06-26 07:20:08
Running from C:\Users\Asus\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4202764557-1761152932-1492796901-500 - Administrator - Disabled)
Asus (S-1-5-21-4202764557-1761152932-1492796901-1001 - Administrator - Enabled) => C:\Users\Asus
Guest (S-1-5-21-4202764557-1761152932-1492796901-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4202764557-1761152932-1492796901-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
ASUS Gaming Center (HKLM-x32\...\{23C8A788-4790-4F3C-B103-0ACC7D9DC5BE}) (Version: 1.0.2 - ASUS)
ASUS Intel Extreme Tuning Utility (HKLM-x32\...\{17933add-8de8-4586-b331-96f1070ae737}) (Version: 4.4.0.205 - Intel Corporation)
ASUS Intel Extreme Tuning Utility (x32 Version: 4.4.0.205 - Intel Corporation) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS ROG MacroKey (HKLM-x32\...\{348022C5-F497-4333-AFEE-208F22F169F2}_is1) (Version: 1.0.0.28 - G-spy Co., Ltd)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
BitTorrent (HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.4105 - CyberLink Corp.)
ETDWare PS/2-X64 11.5.13.9_WHQL (HKLM\...\Elantech) (Version: 11.5.13.9 - ELAN Microelectronic Corp.)
Free Stopwatch 3.0.2 (HKLM-x32\...\{A1FAC1AF-5615-47FE-B5C8-5E981EC8522B}_is1) (Version: 3.0 - Comfort Software Group)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.1 - Genesys Logic)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{5AE8ACA2-420B-4196-A8E0-20E8EB274E0F}) (Version: 17.1.1512.0771 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Maxx Audio Installer (x64) (Version: 1.6.4882.94 - Waves Audio Ltd.) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-GB)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.30 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version: - PokerStars.uk)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7417 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}) (Version: 2.2.45206 - SlimWare Utilities, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Thunderbolt(TM) Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: 2.0.4.250 - Intel(R) Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

08-06-2015 09:25:32 Removed SlimCleaner
22-06-2015 09:25:46 Scheduled Checkpoint
25-06-2015 10:18:21 SlimDrivers Installing Drivers

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0253208C-4A01-4EFB-86ED-409A6DF0D358} - System32\Tasks\Gaming Center => C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe [2014-04-30] (ASUSTek Computer Inc.)
Task: {103B5C55-4882-4864-9CDB-6F2E510069E0} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-26] ()
Task: {11D9535C-72C8-4566-BE52-D697C70998C1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {15481380-BBF4-4157-AD36-5848BC69A365} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {28515250-FF06-455D-83AF-0B3240A40E6E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2000-01-01] (Realtek Semiconductor)
Task: {297C07DD-64B4-4CCC-82A3-A260DB312A42} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {345A5E38-18F6-4437-A156-ED073C7F847D} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {40F61B3D-3125-4F57-93DF-8D457A9703AE} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-02-27] (SlimWare Utilities, Inc.)
Task: {46841E87-AFEA-4176-B248-0C2F4F151FD8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {8A8A8176-95CA-44AA-83FC-453ADE3570AC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {90A9BDA5-EFB3-434A-8F7B-BEE961FB695E} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2000-01-01] (Realtek Semiconductor)
Task: {97E5BA15-7F7B-410D-AA72-5D5D4E93D71C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {9D564E4F-7555-4C05-A36F-96E84FAB404F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {9DB2E73F-242B-4A34-8C54-6E83EB214422} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {9E7F0333-6C60-4600-8714-DD3236C561F5} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-03-08] ()
Task: {A6965D26-0A86-4D1B-AEEE-462AD7B86C61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {AA549970-30E5-4448-BCC6-A65150ABF907} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {B17748C0-16F7-497A-8112-7434E11F657B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {B2EA658D-A669-4369-B953-815EC05E7D63} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {B368B4ED-15BE-433F-A2D1-2CCB559641CE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B41B3E8E-78A5-49A9-B857-E5D6DCBA5E8B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B724322B-BA53-43D0-BE73-E5552FF58AE5} - System32\Tasks\TweakBit\PCSpeedUp\Time for deal => C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe <==== ATTENTION
Task: {BA7EDF28-87CA-4F31-A46F-CF063037CACE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C6CE6890-6B30-481D-84AA-B6A253709F4D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)
Task: {DAD73489-A395-4FD3-94C8-280B712A25D1} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {E1202477-C56C-4D96-89AD-D3C48E48D598} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {E6A49083-E13C-4CE9-85C8-382F25A2A130} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {EF847465-0BC7-49DD-A29A-AEA7D8AF5BB0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F8538E0D-27CA-4D10-A2EC-68BEF8DCD9DF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {FA27B8E7-A12F-4B14-8FCE-7E3AAD6BBE31} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-03 09:52 - 2015-06-17 07:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-05-09 13:21 - 2015-05-09 13:21 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-03-03 09:59 - 2014-02-26 04:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-03-06 12:13 - 2015-03-08 07:01 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-03-06 12:13 - 2015-03-08 07:01 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2015-03-06 12:13 - 2015-03-08 07:01 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2015-06-21 05:46 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-21 05:46 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-21 05:46 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-21 05:46 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-21 05:46 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-05-07 10:16 - 2015-06-17 10:10 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-26 07:05 - 2015-06-26 07:05 - 00012800 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00009728 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00014848 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00094208 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\src\rgloader\rgloader193.mswin.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00009216 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00094208 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00126976 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00087552 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00016384 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00127316 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\bin\libffi-6.dll
2015-06-26 07:05 - 2015-06-26 07:05 - 00008704 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00013312 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00095744 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00026624 _____ () C:\Users\Asus\AppData\Local\Temp\ocr68CC.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00012800 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00009728 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00014848 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00094208 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\src\rgloader\rgloader193.mswin.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00094208 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00118784 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00069120 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00083968 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\bin\zlib1.dll
2015-06-26 07:05 - 2015-06-26 07:05 - 00026624 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00275968 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00015360 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00008192 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00009216 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00023552 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00008704 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00008704 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00008704 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00008704 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00036352 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00126976 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00087552 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00016384 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00127316 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\bin\libffi-6.dll
2015-06-26 07:05 - 2015-06-26 07:05 - 00013312 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00095744 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-06-26 07:05 - 2015-06-26 07:05 - 00026624 _____ () C:\Users\Asus\AppData\Local\Temp\ocrBBAE.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-03-06 12:13 - 2015-03-08 07:01 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-03-06 12:13 - 2015-03-08 07:01 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-03-03 09:55 - 2013-10-23 14:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Asus\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Asus\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 12683 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Asus\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "ASUS ROG MacroKey"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\StartupApproved\Run: => "HP ENVY 4500 series (NET)"
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0E2D0E8C-39A3-4BDB-B158-25FFE77313D2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{211B59A3-56F3-42B9-9EE9-E50BF7668F14}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DBEEE043-7761-4107-BB4E-E5B80B3BEBDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D8899967-1FA3-445A-A89F-FC01764B52F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BE3EA452-9358-4264-9E3A-9B5D42E28753}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{065E05E2-3EAF-4E44-B270-82F82D49B582}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C6B2C93F-B29C-4C77-B11F-61D32D157778}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{1BA6D593-541F-4F63-853D-F937D3C936B5}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{04781A3E-4FF9-43F9-A9DD-FA47656089FD}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{DB75DE74-FD9E-4648-A3C2-8F5400E67759}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{E3AF2AA4-1AAC-448F-AB9E-98B81FBE7BFE}] => (Allow) C:\Users\Asus\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1AAB904B-ED1C-4BBE-A85E-D142E6C9E77C}] => (Allow) C:\Users\Asus\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BC425A47-A540-489C-810C-8DF8B6971C3B}] => (Allow) C:\Program Files (x86)\Intel\Extreme Tuning Utility\Client\PerfTune.exe
FirewallRules: [{43A20772-7501-4418-9231-E72872BCD1C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1C042886-83FD-44AA-B577-3B7EA1D9B6F3}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{D2981FB4-887C-43BE-98FF-383214B0B1C5}] => (Allow) LPort=5357
FirewallRules: [{26F55D82-E91E-4ABA-AA72-320E78481ADB}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6A1F14B2-B2EB-44A8-AE81-52ECF8306BDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{64A29A22-DB4E-404C-89A3-3AEE1E7E2A05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{38B98744-FAD6-4107-9C54-4CCF7D090CF2}C:\users\asus\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\asus\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A7D549FA-EEFD-4307-8C86-9EB2BC1A166E}C:\users\asus\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\asus\appdata\local\akamai\netsession_win.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2015 06:30:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/26/2015 06:30:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/26/2015 06:30:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/25/2015 10:32:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/25/2015 10:32:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/25/2015 10:32:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/25/2015 10:18:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Mozilla Maintenance Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/23/2015 01:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updrgui.exe, version: 15.0.11.550, time stamp: 0x555accca
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process ID: 0x1d10
Faulting application start time: 0xupdrgui.exe0
Faulting application path: updrgui.exe1
Faulting module path: updrgui.exe2
Report ID: updrgui.exe3
Faulting package full name: updrgui.exe4
Faulting package-relative application ID: updrgui.exe5

Error: (06/22/2015 02:17:55 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (06/22/2015 02:17:55 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).


System errors:
=============
Error: (06/26/2015 07:04:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s).

Error: (06/26/2015 07:04:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Extreme Tuning Utility Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/26/2015 07:04:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/26/2015 07:04:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/26/2015 07:04:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/26/2015 07:04:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (06/26/2015 07:04:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/26/2015 07:04:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/26/2015 07:04:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/26/2015 07:04:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (06/26/2015 06:30:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (06/26/2015 06:30:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar-2144927141

Error: (06/26/2015 06:30:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar-2144927141

Error: (06/25/2015 10:32:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar-2144927141

Error: (06/25/2015 10:32:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar-2144927141

Error: (06/25/2015 10:32:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: G751)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (06/25/2015 10:18:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Mozilla Maintenance Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/23/2015 01:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: updrgui.exe15.0.11.550555acccaunknown0.0.0.000000000c0000005000000001d1001d0adac711ec056C:\Program Files (x86)\Avira\Antivirus\updrgui.exeunknownb2915043-199f-11e5-830d-382c4aebc6bc

Error: (06/22/2015 02:17:55 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (06/22/2015 02:17:55 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 16%
Total physical RAM: 16333.1 MB
Available physical RAM: 13680.5 MB
Total Pagefile: 18765.1 MB
Available Pagefile: 15658.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.14 GB) (Free:53.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data1) (Fixed) (Total:455.75 GB) (Free:177.92 GB) NTFS
Drive e: (Data2) (Fixed) (Total:455.75 GB) (Free:455.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 8FFEFB6B)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 82EB289F)

Partition: GPT Partition Type.


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-06-26 07:32:55
-----------------------------
07:32:55.562 OS Version: Windows x64 6.2.9200
07:32:55.562 Number of processors: 8 586 0x3C03
07:32:55.562 ComputerName: G751 UserName: Asus
07:32:56.844 Initialize success
07:32:56.845 VM: initialized successfully
07:32:56.846 VM: Intel CPU supported
07:33:07.655 VM: disk I/O iaStorA.sys
07:33:27.802 AVAST engine defs: 15062501
07:33:31.819 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
07:33:31.820 Disk 0 Vendor: SanDisk_SD6SB1M128G1002 X231600 Size: 122104MB BusType: 11
07:33:31.822 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000003a
07:33:31.823 Disk 1 Vendor: HGST_HTS721010A9E630 JB0OA3J0 Size: 953869MB BusType: 11
07:33:31.851 Disk 0 MBR read successfully
07:33:31.852 Disk 0 MBR scan
07:33:31.855 Disk 0 unknown MBR code
07:33:31.857 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
07:33:31.868 Disk 0 scanning C:\Windows\system32\drivers
07:33:35.277 Service scanning
07:33:44.056 Modules scanning
07:33:44.060 Disk 0 trace - called modules:
07:33:44.064 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
07:33:44.067 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00009e1b060]
07:33:44.070 3 CLASSPNP.SYS[fffff800b7c02170] -> nt!IofCallDriver -> [0xffffe00007727a50]
07:33:44.072 5 ACPI.sys[fffff800b7a34c21] -> nt!IofCallDriver -> [0xffffe0000772bc40]
07:33:44.075 7 ACPI.sys[fffff800b7a34c21] -> nt!IofCallDriver -> \Device\00000038[0xffffe0000772b060]
07:33:45.196 AVAST engine scan C:\Windows
07:33:45.690 AVAST engine scan C:\Windows\system32
07:34:57.969 AVAST engine scan C:\Windows\system32\drivers
07:35:02.809 AVAST engine scan C:\Users\Asus
07:35:45.477 AVAST engine scan C:\ProgramData
07:36:05.510 Disk 0 statistics 4273222/0/0 @ 37.26 MB/s
07:36:05.514 Scan finished successfully
07:36:26.442 Disk 0 MBR has been saved successfully to "C:\Users\Asus\Downloads\MBR.dat"
07:36:26.445 The log file has been saved successfully to "C:\Users\Asus\Downloads\aswMBR.txt"



==================== End of log ============================

Welcome

This is from a SlimWare utility you have installed. Where as 44% remove it after installation.
http://www.shouldiremoveit.com/SlimWare-Utilities-5494-publisher.aspx

~~~~

Running from C:\Users\Asus\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
C:\Users\Asus\AppData\Local\Temp\avgnt.exe
C:\Users\Asus\AppData\Local\Temp\Quarantine.exe
C:\Users\Asus\AppData\Local\Temp\sqlite3.dll
Task: {B724322B-BA53-43D0-BE73-E5552FF58AE5} - System32\Tasks\TweakBit\PCSpeedUp\Time for deal => C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Asus\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Asus\SkyDrive:ms-properties
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~``

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Fixlog.txt
JRT.txt

Welcome

This is from a SlimWare utility you have installed. Where as 44% remove it after installation.
http://www.shouldiremoveit.com/SlimWare-Utilities-5494-publisher.aspx

~~~~

Running from C:\Users\Asus\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~``

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Fixlog.txt
JRT.txt


The fix has removed the adware...thanks a million

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Asus at 2015-06-27 15:24:42 Run:1
Running from C:\Users\Asus\Desktop
Loaded Profiles: Asus (Available Profiles: Asus)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
C:\Users\Asus\AppData\Local\Temp\avgnt.exe
C:\Users\Asus\AppData\Local\Temp\Quarantine.exe
C:\Users\Asus\AppData\Local\Temp\sqlite3.dll
Task: {B724322B-BA53-43D0-BE73-E5552FF58AE5} - System32\Tasks\TweakBit\PCSpeedUp\Time for deal => C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Asus\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Asus\SkyDrive:ms-properties
EmptyTemp:
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
C:\Users\Asus\AppData\Local\Temp\avgnt.exe => moved successfully.
C:\Users\Asus\AppData\Local\Temp\Quarantine.exe => moved successfully.
C:\Users\Asus\AppData\Local\Temp\sqlite3.dll => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B724322B-BA53-43D0-BE73-E5552FF58AE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B724322B-BA53-43D0-BE73-E5552FF58AE5}" => key removed successfully
C:\Windows\System32\Tasks\TweakBit\PCSpeedUp\Time for deal => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PCSpeedUp\Time for deal" => key removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
"C:\Users\Asus\OneDrive" => ":ms-properties" ADS not found.
"C:\Users\Asus\SkyDrive" => ":ms-properties" ADS not found.
EmptyTemp: => 954.7 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:24:52 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.9 (06.27.2015:2)
OS: Windows 8.1 x64
Ran by Asus on 27/06/2015 at 15:29:41.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] swdumon



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\SlimDrivers Startup
Successfully deleted: [Task] C:\Windows\tasks\SlimDrivers Startup.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}



~~~ Files

Successfully deleted: [File] C:\Users\Asus\AppData\Roaming\sp_data.sys
Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\update~1
Successfully deleted: [Folder] C:\Users\Asus\appdata\local\slimware utilities inc
Successfully deleted: [Folder] C:\users\public\documents\downloaded installers



~~~ Chrome


[C:\Users\Asus\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Asus\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Asus\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Asus\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/06/2015 at 15:31:11.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

How's your computer now?

My computer is running without any problems now - thanks.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.


Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.


Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.


Hi- The ESET scan didn't detect any additional problems.

The ESET scan didn't detect any additional problems.

Good deal

Please run this security check.

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Hi - The page won't load to screen 317 do you have an alternative?

Try this
http://www.bleepingcomputer.com/download/publisher/screen317/

Try this
http://www.bleepingcomputer.com/download/publisher/screen317/

Yes thanks.

Results of screen317's Security Check version 1.004
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Java 8 Update 45
Adobe Flash Player 18.0.0.194
Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Avira Antivirus sched.exe
Avira Antivirus avshadow.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Your good to go.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools


Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~~~~~~


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.