Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
How to remove Safesearch toolbar
Message
<blockquote data-quote="mdm2202" data-source="post: 389934" data-attributes="member: 36650"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015</p><p>Ran by User (administrator) on ASUS on 26-05-2015 11:42:29</p><p>Running from C:\Users\User\Downloads</p><p>Loaded Profiles: User (Available Profiles: User & riaalvarez)</p><p>Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)</p><p>Internet Explorer Version 11 (Default browser: IE)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe</p><p>(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe</p><p>(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dasHost.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxsrvc.exe</p><p>() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe</p><p>(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe</p><p>(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe</p><p>(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe</p><p>(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe</p><p>(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe</p><p>(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe</p><p>(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe</p><p>(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe</p><p>() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe</p><p>(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe</p><p>(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe</p><p>(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe</p><p>(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe</p><p>(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)</p><p>HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.)</p><p>HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)</p><p>Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)</p><p>HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations)</p><p>HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)</p><p>HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)</p><p>HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1</p><p>HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1</p><p>HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Policies\Explorer: [NoResolveSearch] 1</p><p>HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Policies\Explorer: [NoInternetOpenWith] 1</p><p>HKU\S-1-5-18\...\RunOnce: [Adobe Speed Launcher] => 1418312368</p><p>ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File</p><p>ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File</p><p>ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-06] (Avast Software s.r.o.)</p><p>ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)</p><p>ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)</p><p>ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi" target="_blank">https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = <a href="https://www.safesearch.net/?p=h&m=ie&c=na&s=na" target="_blank">https://www.safesearch.net/?p=h&m=ie&c=na&s=na</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = <a href="http://www.google.com" target="_blank">http://www.google.com</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi" target="_blank">https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = </p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = </p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi" target="_blank">https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi</a></p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi" target="_blank">https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi</a></p><p>SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = </p><p>SearchScopes: HKLM-x32 -> DefaultScope value is missing</p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = </p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = </p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = </p><p>BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)</p><p>BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-06] (Avast Software s.r.o.)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-18] (Oracle Corporation)</p><p>BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-06] (Avast Software s.r.o.)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-18] (Oracle Corporation)</p><p>Toolbar: HKU\S-1-5-21-1100405057-2461269165-2818533043-1001 -> No Name - {7AA3F318-16D7-40FA-B719-CA3706AA61D2} - No File</p><p>Hosts: Hosts file not detected in the default directory</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.15.1</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-18] (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-18] (Oracle Corporation)</p><p>FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:wrc@avast.com">wrc@avast.com</a>] - C:\Program Files\AVAST Software\Avast\WebRep\FF</p><p>FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-18]</p><p>FF HKLM-x32\...\Thunderbird\Extensions: [<a href="mailto:msktbird@mcafee.com">msktbird@mcafee.com</a>] - C:\Program Files\McAfee\MSK</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-06]</p><p>CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-06]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)</p><p>R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-03-26] (ASUS)</p><p>R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) []</p><p>R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.)</p><p>S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-26] (SurfRight B.V.)</p><p>R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)</p><p>R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)</p><p>R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)</p><p>R3 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [45488 2012-12-19] (ASUSTek Computer Inc.)</p><p>S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)</p><p>R3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-28] (Atheros) []</p><p>U4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-06] ()</p><p>R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-06] (Avast Software s.r.o.)</p><p>R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-06] (Avast Software s.r.o.)</p><p>R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-06] ()</p><p>R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-06] (Avast Software s.r.o.)</p><p>R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-06] (Avast Software s.r.o.)</p><p>R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-06] (Avast Software s.r.o.)</p><p>R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-06] ()</p><p>R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-02-06] (ASUS Corporation)</p><p>S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)</p><p>R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)</p><p>R2 fp; C:\Windows\System32\DRIVERS\fp.sys [19152 2015-05-12] (Windows (R) Win 7 DDK provider)</p><p>S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)</p><p>R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )</p><p>R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-26] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)</p><p>S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)</p><p>S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)</p><p>U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-05-26 11:42 - 2015-05-26 11:42 - 00018108 _____ () C:\Users\User\Downloads\FRST.txt</p><p>2015-05-26 11:41 - 2015-05-26 11:42 - 00000000 ____D () C:\FRST</p><p>2015-05-26 11:40 - 2015-05-26 11:41 - 02108928 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe</p><p>2015-05-26 11:34 - 2015-05-26 11:34 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DBC89F2B-FB51-46CE-83DE-A61A40F37D57}</p><p>2015-05-26 11:29 - 2015-05-26 11:29 - 00036562 _____ () C:\WINDOWS\system32\.crusader</p><p>2015-05-26 11:20 - 2015-05-26 11:20 - 00001911 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2015-05-26 11:20 - 2015-05-26 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2015-05-26 11:20 - 2015-05-26 11:20 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2015-05-26 11:19 - 2015-05-26 11:29 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2015-05-26 11:10 - 2015-05-26 11:10 - 00002310 _____ () C:\mawarebytes results.txt</p><p>2015-05-26 11:10 - 2015-05-26 11:09 - 00006588 _____ () C:\malwarebytes results.xml</p><p>2015-05-26 09:22 - 2015-05-26 11:31 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-05-26 09:22 - 2015-05-26 09:22 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2015-05-26 09:22 - 2015-05-26 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2015-05-26 09:21 - 2015-05-26 09:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2015-05-26 09:21 - 2015-05-26 09:21 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2015-05-26 09:21 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys</p><p>2015-05-26 09:21 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys</p><p>2015-05-26 09:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys</p><p>2015-05-26 08:46 - 2015-05-26 09:09 - 00000000 ____D () C:\AdwCleaner</p><p>2015-05-25 21:07 - 2015-05-26 08:39 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe</p><p>2015-05-25 21:07 - 2015-05-26 08:39 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool</p><p>2015-05-25 20:45 - 2015-05-25 20:45 - 00753184 _____ () C:\Users\User\Downloads\Adware-Removal-Tool-v3.9.1.exe</p><p>2015-05-23 19:01 - 2015-05-23 19:01 - 00000000 ____D () C:\Users\User\AppData\Local\TeamViewer</p><p>2015-05-23 18:56 - 2015-05-25 21:58 - 00000000 ____D () C:\Program Files (x86)\TeamViewer</p><p>2015-05-23 18:56 - 2015-05-23 18:56 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk</p><p>2015-05-23 18:56 - 2015-05-23 18:56 - 00001049 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk</p><p>2015-05-23 02:19 - 2015-05-23 02:19 - 00000000 _____ () C:\Recovery.txt</p><p>2015-05-21 16:02 - 2015-05-21 16:02 - 00003976 _____ () C:\WINDOWS\System32\Tasks\SafeSearchUpdate</p><p>2015-05-21 16:02 - 2015-05-21 16:02 - 00003204 _____ () C:\WINDOWS\System32\Tasks\SafeSearchVerify</p><p>2015-05-21 16:02 - 2015-05-12 13:04 - 00019152 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\fp.sys</p><p>2015-05-21 07:04 - 2015-05-21 16:02 - 00000258 __RSH () C:\Users\User\ntuser.pol</p><p>2015-05-21 07:04 - 2015-05-21 07:04 - 00000000 ____D () C:\Users\User\Documents\Add-in Express</p><p>2015-05-21 06:52 - 2015-05-21 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud</p><p>2015-05-20 22:14 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll</p><p>2015-05-20 22:14 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll</p><p>2015-05-17 15:45 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys</p><p>2015-05-17 15:45 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll</p><p>2015-05-17 15:45 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll</p><p>2015-05-17 15:45 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll</p><p>2015-05-17 15:45 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll</p><p>2015-05-17 15:45 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll</p><p>2015-05-17 15:45 - 2015-03-17 18:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS</p><p>2015-05-17 15:45 - 2015-03-09 03:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys</p><p>2015-05-17 15:44 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll</p><p>2015-05-17 15:44 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll</p><p>2015-05-17 15:44 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys</p><p>2015-05-17 15:44 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll</p><p>2015-05-17 15:44 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll</p><p>2015-05-17 15:44 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll</p><p>2015-05-17 15:44 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll</p><p>2015-05-17 15:43 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec</p><p>2015-05-17 15:43 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec</p><p>2015-05-17 15:43 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll</p><p>2015-05-17 15:43 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe</p><p>2015-05-17 15:43 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl</p><p>2015-05-17 15:43 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl</p><p>2015-05-17 15:43 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll</p><p>2015-05-17 15:43 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll</p><p>2015-05-17 15:43 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll</p><p>2015-05-17 15:43 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll</p><p>2015-05-17 15:43 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe</p><p>2015-05-17 15:43 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll</p><p>2015-05-17 15:43 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll</p><p>2015-05-17 15:43 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll</p><p>2015-05-17 15:43 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll</p><p>2015-05-17 15:43 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll</p><p>2015-05-17 15:43 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll</p><p>2015-05-17 15:43 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys</p><p>2015-05-17 15:43 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll</p><p>2015-05-17 15:43 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll</p><p>2015-05-17 15:43 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll</p><p>2015-05-17 15:43 - 2015-03-13 05:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys</p><p>2015-05-17 15:43 - 2015-03-13 05:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys</p><p>2015-05-17 15:43 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys</p><p>2015-05-17 15:43 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll</p><p>2015-05-17 15:43 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll</p><p>2015-05-17 15:43 - 2015-03-13 01:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml</p><p>2015-05-17 15:43 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe</p><p>2015-05-17 15:43 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe</p><p>2015-05-17 15:43 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll</p><p>2015-05-17 15:43 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll</p><p>2015-05-17 15:43 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll</p><p>2015-05-17 15:43 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll</p><p>2015-05-08 17:22 - 2015-05-17 17:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight</p><p>2015-05-08 17:22 - 2015-05-17 17:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight</p><p>2015-05-08 17:22 - 2015-05-17 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight</p><p>2015-05-08 13:10 - 2015-05-08 13:12 - 00000000 ____D () C:\ProgramData\HP</p><p>2015-05-07 11:04 - 2015-05-26 11:32 - 00000000 ___RD () C:\Users\User\OneDrive</p><p>2015-05-07 08:50 - 2015-05-07 08:50 - 00000359 _____ () C:\Users\User\Desktop\Favourites - Shortcut.lnk</p><p>2015-05-06 16:06 - 2015-05-06 16:06 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe</p><p>2015-05-06 16:06 - 2015-05-06 16:06 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr</p><p>2015-05-05 15:26 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll</p><p>2015-05-05 15:26 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll</p><p>2015-05-05 15:26 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll</p><p>2015-05-05 15:26 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll</p><p>2015-05-05 15:26 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll</p><p>2015-05-05 15:26 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll</p><p>2015-05-05 15:26 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll</p><p>2015-04-30 10:33 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll</p><p>2015-04-30 10:33 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll</p><p>2015-04-26 13:12 - 2015-04-26 13:12 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk</p><p>2015-04-26 13:12 - 2015-04-26 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>2015-04-26 13:11 - 2015-04-26 13:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7</p><p>2015-04-26 13:11 - 2015-04-26 13:12 - 00000000 ____D () C:\Program Files\iTunes</p><p>2015-04-26 13:11 - 2015-04-26 13:11 - 00000000 ____D () C:\Program Files\iPod</p><p>2015-04-26 13:11 - 2015-04-26 13:11 - 00000000 ____D () C:\Program Files (x86)\iTunes</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-05-26 11:36 - 2014-11-18 21:54 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1100405057-2461269165-2818533043-1001</p><p>2015-05-26 11:36 - 2014-08-07 19:09 - 00000062 _____ () C:\Users\User\AppData\Roaming\sp_data.sys</p><p>2015-05-26 11:36 - 2013-05-24 15:59 - 00003260 _____ () C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel</p><p>2015-05-26 11:36 - 2013-05-24 15:52 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU</p><p>2015-05-26 11:36 - 2013-05-24 15:52 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON</p><p>2015-05-26 11:36 - 2013-05-24 15:51 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus</p><p>2015-05-26 11:36 - 2013-05-24 15:43 - 00003542 _____ () C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)</p><p>2015-05-26 11:35 - 2013-05-24 15:53 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G</p><p>2015-05-26 11:35 - 2013-05-24 15:51 - 00003114 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update</p><p>2015-05-26 11:33 - 2014-11-21 14:02 - 01487757 _____ () C:\WINDOWS\WindowsUpdate.log</p><p>2015-05-26 11:31 - 2013-08-22 15:46 - 00299907 _____ () C:\WINDOWS\setupact.log</p><p>2015-05-26 11:31 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT</p><p>2015-05-26 11:30 - 2014-09-24 09:08 - 00178924 _____ () C:\WINDOWS\PFRO.log</p><p>2015-05-26 11:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI</p><p>2015-05-26 11:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru</p><p>2015-05-26 10:02 - 2014-09-24 16:35 - 00000000 ____D () C:\WINDOWS\en-GB</p><p>2015-05-25 22:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness</p><p>2015-05-25 22:53 - 2014-08-07 19:05 - 00000000 ____D () C:\Users\User\AppData\Local\Packages</p><p>2015-05-23 19:30 - 2013-08-22 15:44 - 00362576 _____ () C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2015-05-23 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF</p><p>2015-05-23 09:05 - 2014-09-24 17:21 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2015-05-21 07:39 - 2014-11-19 09:10 - 00000000 ____D () C:\Users\User\Documents\uncovering</p><p>2015-05-21 07:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp</p><p>2015-05-21 07:20 - 2014-12-06 09:46 - 00002032 _____ () C:\WINDOWS\IE10_main.log</p><p>2015-05-21 07:20 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel</p><p>2015-05-21 07:19 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers</p><p>2015-05-21 07:04 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy</p><p>2015-05-21 07:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy</p><p>2015-05-21 06:59 - 2014-11-19 09:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer</p><p>2015-05-21 06:57 - 2014-11-19 09:41 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer</p><p>2015-05-21 06:52 - 2014-11-19 09:39 - 00000000 ____D () C:\Program Files\Common Files\Apple</p><p>2015-05-21 06:43 - 2014-11-18 15:09 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update</p><p>2015-05-20 22:26 - 2014-11-18 16:47 - 00000000 ____D () C:\WINDOWS\system32\MRT</p><p>2015-05-17 16:27 - 2014-09-24 16:57 - 00000000 ____D () C:\Program Files\Windows Journal</p><p>2015-05-17 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache</p><p>2015-05-17 15:47 - 2014-11-18 17:43 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk</p><p>2015-05-17 15:47 - 2012-11-27 05:08 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk</p><p>2015-05-08 13:22 - 2014-11-19 09:03 - 00000000 ____D () C:\Users\User\Documents\Correspondence</p><p>2015-05-07 08:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat</p><p>2015-05-06 21:45 - 2014-12-10 15:53 - 00000000 ____D () C:\WINDOWS\system32\appraiser</p><p>2015-05-06 21:45 - 2014-09-24 19:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel</p><p>2015-05-06 16:06 - 2014-11-18 15:09 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys</p><p>2015-05-06 16:06 - 2014-11-18 15:09 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys</p><p>2015-05-06 16:06 - 2014-11-18 15:09 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys</p><p>2015-05-06 16:06 - 2014-11-18 15:09 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys</p><p>2015-05-06 16:06 - 2014-11-18 15:09 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys</p><p>2015-05-06 16:06 - 2014-11-18 15:09 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys</p><p>2015-05-06 16:06 - 2014-11-18 15:09 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys</p><p>2015-05-06 16:05 - 2014-11-18 15:09 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys</p><p>2015-05-05 18:59 - 2014-12-10 19:39 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2015-05-05 18:59 - 2014-12-10 19:39 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-04-30 10:07 - 2014-11-18 16:47 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2015-04-29 16:43 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager</p><p>2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera</p><p>2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui</p><p>2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup</p><p>2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz</p><p>2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB</p><p>2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com</p><p>2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices</p><p>2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer</p><p>2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform</p><p>2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System</p><p>2015-04-29 16:36 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe</p><p>2015-04-29 16:36 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism</p><p>2015-04-29 16:36 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing</p><p>2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc</p><p>2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns</p><p>2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform</p><p>2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sppui</p><p>2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup</p><p>2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz</p><p>2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB</p><p>2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Com</p><p>2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME</p><p>2015-04-29 16:35 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep</p><p>2015-04-29 16:35 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe</p><p>2015-04-29 16:35 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism</p><p>2015-04-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell</p><p>2015-04-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices</p><p>2015-04-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer</p><p>2015-04-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform</p><p>2015-04-29 16:13 - 2013-08-22 16:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll</p><p>2015-04-29 16:12 - 2013-08-22 16:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2014-08-07 19:09 - 2015-05-26 11:36 - 0000062 _____ () C:\Users\User\AppData\Roaming\sp_data.sys</p><p>2012-11-27 05:08 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd</p><p>2012-11-27 05:08 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe</p><p>2012-11-27 05:08 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\ProgramData\SetStretch.exe</p><p>C:\ProgramData\SetStretch.VBS</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-05-26 11:26</p><p></p><p>==================== End of log ============================</p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015</p><p>Ran by User at 2015-05-26 11:43:47</p><p>Running from C:\Users\User\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-1100405057-2461269165-2818533043-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-1100405057-2461269165-2818533043-501 - Limited - Enabled)</p><p>HomeGroupUser$ (S-1-5-21-1100405057-2461269165-2818533043-1003 - Limited - Enabled)</p><p>riaalvarez (S-1-5-21-1100405057-2461269165-2818533043-1004 - Limited - Enabled) => C:\Users\riaalvarez</p><p>User (S-1-5-21-1100405057-2461269165-2818533043-1001 - Administrator - Enabled) => C:\Users\User</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)</p><p>Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)</p><p>Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden</p><p>Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)</p><p>Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)</p><p>ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)</p><p>ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)</p><p>ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.1 - ASUS)</p><p>ASUS S200 Product Demo (HKLM-x32\...\{5E396FE4-6110-41C9-9B1F-2F30A4A13715}) (Version: 1.0.0 - ASUS)</p><p>ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)</p><p>ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.0.1 - ASUS)</p><p>ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)</p><p>ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)</p><p>ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)</p><p>ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.27 - ASUS)</p><p>ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)</p><p>Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)</p><p>ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)</p><p>Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)</p><p>BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )</p><p>Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)</p><p>Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)</p><p>Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )</p><p>Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden</p><p>Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)</p><p>iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)</p><p>Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)</p><p>iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)</p><p>Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)</p><p>Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)</p><p>Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden</p><p>MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)</p><p>OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)</p><p>Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)</p><p>Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)</p><p>Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.)</p><p>Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)</p><p>TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)</p><p>UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin) <==== ATTENTION!</p><p>Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)</p><p>WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p>30-04-2015 17:56:45 Windows Update</p><p>06-05-2015 16:03:46 avast! antivirus system restore point</p><p>08-05-2015 16:40:43 Removed Microsoft Silverlight</p><p>17-05-2015 16:25:34 Windows Update</p><p>20-05-2015 22:09:54 Windows Update</p><p>25-05-2015 19:52:53 Online Armor installation</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {0E7F496C-D337-43C6-AAAA-A18521FF1BA4} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-02-06] (AsusTek)</p><p>Task: {12125F54-5BBE-4526-B538-7CF1B2ED182C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)</p><p>Task: {2E1EB4FF-07E4-4E8D-B430-4202A22DEEF3} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)</p><p>Task: {3191DCD3-F7F1-4879-A2C3-E4B241AE07F0} - System32\Tasks\SafeSearchUpdate => C:\Program Files\SafeSearch\1_9\se.exe</p><p>Task: {32248860-6FA0-4E85-8912-011B4957B002} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-30] (Microsoft Corporation)</p><p>Task: {40BFF649-2D49-4783-B0C5-C843BA4F6891} - System32\Tasks\UpdateAdmin => C:\Users\User\AppData\Local\UpdateAdmin\UpdateAdmin.exe <==== ATTENTION</p><p>Task: {4CA5E100-BEF2-4B23-8DEE-A0CA733ACA0E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)</p><p>Task: {5C2BF80D-B15A-467E-9886-0CBD5FB10375} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {69C078C9-9C26-4BFB-A0B9-AB6A30B08A18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)</p><p>Task: {72FADABD-3227-42B0-B9B3-790EBF660868} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)</p><p>Task: {76667CF4-6F71-4331-A642-9CB174F3A2C4} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-03-26] (ASUS)</p><p>Task: {7A02FCE3-07A5-4138-8ABA-C1C304BE6D65} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)</p><p>Task: {8B35739E-74F3-4351-85B7-4B3F8B432A7F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)</p><p>Task: {8E224FC2-2C18-433E-B262-D505DE9CD22A} - System32\Tasks\SafeSearchVerify => C:\Program Files\SafeSearch\1_9\se.exe</p><p>Task: {9D04BC61-0727-4ECD-8C00-9788C9619DEA} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)</p><p>Task: {B45541DE-D1E8-477D-959E-7A25D5577778} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)</p><p>Task: {B95DC31D-0517-4668-9793-A6F86B4DB8B3} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)</p><p>Task: {C375FBA7-FA7E-4B59-8B3F-8E38D0F53B81} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2013-01-29] (ASUSTeK Computer Inc.)</p><p>Task: {DAD254C5-A755-4FAD-B289-3637A4EFE851} - \ASP No Task File <==== ATTENTION</p><p>Task: {E69025F4-7B58-41E7-B923-371FBDB631CC} - System32\Tasks\{C7F9B5F3-CDAA-4371-BB7E-B54AD5C6FA4F} => pcalua.exe -a C:\Users\User\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe -c /UNINSTALL PARTNER=10801</p><p>Task: {F0E70101-BC67-4DCE-8FE4-56E6036E5B3E} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()</p><p>Task: {F2D4FEB5-586C-4A60-A107-CCA4769B19B1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-06] (Avast Software s.r.o.)</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2012-12-28 12:07 - 2012-12-28 12:07 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll</p><p>2012-12-28 12:04 - 2012-12-28 12:04 - 00084480 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll</p><p>2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll</p><p>2012-12-28 12:09 - 2012-12-28 12:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe</p><p>2013-03-26 14:38 - 2013-03-26 14:38 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll</p><p>2012-11-29 17:15 - 2012-11-29 17:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe</p><p>2015-05-06 16:06 - 2015-05-06 16:06 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll</p><p>2015-05-06 16:06 - 2015-05-06 16:06 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll</p><p>2015-05-26 09:24 - 2015-05-26 09:24 - 02948096 _____ () C:\Program Files\AVAST Software\Avast\defs\15052600\algo.dll</p><p>2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2015-05-06 16:06 - 2015-05-06 16:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll</p><p>2013-05-24 15:41 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p>AlternateDataStreams: C:\Users\User\OneDrive:ms-properties</p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"</p><p></p><p>==================== EXE Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\FullSizeRender.jpg</p><p>DNS Servers: 192.168.15.1</p><p></p><p>==================== MSCONFIG/TASK MANAGER Error getting ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</p><p>MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"</p><p>MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"</p><p>MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S</p><p>MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd</p><p>MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"</p><p>MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"</p><p>MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey</p><p>MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 </p><p>MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s</p><p>HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139</p><p>FirewallRules: [{11DBED5C-4CCB-4BEB-AA0E-81CB11D7E509}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{B182D5EB-ECD1-4446-8B65-251D47656286}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{5D3BC344-CC31-4E59-86CF-BE1368FDBF64}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{7DE56E10-6B24-479E-96E0-D7F6940DC69A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{0D37FF6B-BEC6-437A-AA75-F67AE6E2F642}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe</p><p>FirewallRules: [{748D29A3-63EB-408E-B8E4-2D0693D2FA97}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe</p><p>FirewallRules: [{967E2A47-828B-42F1-9994-E30081710B32}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe</p><p>FirewallRules: [{57C0F666-E390-4EA9-A1C4-F5B25AC7673B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe</p><p>FirewallRules: [{B1BA499D-34D7-4542-BC63-2EA7AB4F38B7}] => (Allow) LPort=1900</p><p>FirewallRules: [{9F3908B9-AF84-4AE4-AE0F-A3CA352764A1}] => (Allow) LPort=2869</p><p>FirewallRules: [{77FA44A0-0288-479D-A668-7DB1122CB865}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe</p><p>FirewallRules: [{D8A84CC3-CC20-4F10-B647-08AB3909F828}] => (Allow) C:\Users\User\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe</p><p>FirewallRules: [{56C792DE-B412-412E-83E7-F173A0D3B1B9}] => (Allow) C:\Program Files\iTunes\iTunes.exe</p><p>FirewallRules: [TCP Query User{8E494106-7671-4078-8506-07C3C2DF01BB}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe</p><p>FirewallRules: [UDP Query User{CDDE47EE-012D-4B45-B787-EA522BCE2B49}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe</p><p>FirewallRules: [{6FD570CA-16C1-49D3-A0EC-DC94989D5155}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe</p><p>FirewallRules: [{54318141-AE8D-4151-A37A-ED944D3DAFDE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe</p><p>FirewallRules: [{B1364A26-3C4A-46D3-8924-CB45352D4FEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe</p><p>FirewallRules: [{917452BA-CE9A-422D-8546-AD615EC7B254}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Virtual Bluetooth Support</p><p>Description: Virtual Bluetooth Support</p><p>Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}</p><p>Manufacturer: Qualcomm Atheros Communications</p><p>Service: AthBTPort</p><p>Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)</p><p>Resolution: Update the driver</p><p></p><p>Name: Bluetooth LWFLT Device</p><p>Description: Bluetooth LWFLT Device</p><p>Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}</p><p>Manufacturer: Qualcomm Atheros Communications</p><p>Service: BTATH_LWFLT</p><p>Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)</p><p>Resolution: Update the driver</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (05/26/2015 09:50:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS)</p><p>Description: Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (05/26/2015 09:50:42 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 1a84</p><p></p><p>Start Time: 01d09790fbb927b6</p><p></p><p>Termination Time: 4294967295</p><p></p><p>Application Path: UNKNOWN</p><p></p><p>Report Id: 469ae4cb-0384-11e5-bebe-2cd05aae1786</p><p></p><p>Faulting package full name: Microsoft.BingWeather_3.0.4.315_x64__8wekyb3d8bbwe</p><p></p><p>Faulting package-relative application ID: App</p><p></p><p>Error: (05/26/2015 09:50:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ASUS)</p><p>Description: App Microsoft.BingWeather_3.0.4.315_x64__8wekyb3d8bbwe+App did not launch within its allotted time.</p><p></p><p>Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 15829</p><p></p><p>Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 15829</p><p></p><p>Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 15390</p><p></p><p>Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 15390</p><p></p><p>Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (05/25/2015 10:12:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 13828</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (05/26/2015 11:37:01 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: ASUS)</p><p>Description: There was an error while attempting to read the local hosts file.</p><p></p><p>Error: (05/26/2015 11:31:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)</p><p>Description: There was an error while attempting to read the local hosts file.</p><p></p><p>Error: (05/26/2015 11:31:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )</p><p>Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: </p><p>%%0</p><p></p><p>Error: (05/26/2015 11:31:13 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)</p><p>Description: There was an error while attempting to read the local hosts file.</p><p></p><p>Error: (05/26/2015 11:20:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: ASUS)</p><p>Description: There was an error while attempting to read the local hosts file.</p><p></p><p>Error: (05/26/2015 11:13:29 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)</p><p>Description: There was an error while attempting to read the local hosts file.</p><p></p><p>Error: (05/26/2015 11:12:13 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)</p><p>Description: There was an error while attempting to read the local hosts file.</p><p></p><p>Error: (05/26/2015 11:11:07 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)</p><p>Description: There was an error while attempting to read the local hosts file.</p><p></p><p>Error: (05/26/2015 10:49:44 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)</p><p>Description: There was an error while attempting to read the local hosts file.</p><p></p><p>Error: (05/26/2015 10:43:43 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)</p><p>Description: There was an error while attempting to read the local hosts file.</p><p></p><p></p><p>Microsoft Office:</p><p>=========================</p><p>Error: (05/26/2015 09:50:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS)</p><p>Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142</p><p></p><p>Error: (05/26/2015 09:50:42 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: UNKNOWN0.0.0.01a8401d09790fbb927b64294967295UNKNOWN469ae4cb-0384-11e5-bebe-2cd05aae1786Microsoft.BingWeather_3.0.4.315_x64__8wekyb3d8bbweApp</p><p></p><p>Error: (05/26/2015 09:50:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ASUS)</p><p>Description: Microsoft.BingWeather_3.0.4.315_x64__8wekyb3d8bbwe+App</p><p></p><p>Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 15829</p><p></p><p>Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 15829</p><p></p><p>Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 15390</p><p></p><p>Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 15390</p><p></p><p>Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (05/25/2015 10:12:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 13828</p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2015-04-29 16:42:22.552</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-04-29 15:43:33.553</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-04-26 13:15:12.648</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-04-21 15:32:48.592</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-04-15 11:28:18.923</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-04-14 19:18:37.779</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-04-13 21:13:32.033</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-04-10 16:23:27.428</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-03-30 14:58:25.448</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-03-25 06:23:01.565</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz</p><p>Percentage of memory in use: 42%</p><p>Total physical RAM: 3981.81 MB</p><p>Available physical RAM: 2289.15 MB</p><p>Total Pagefile: 4685.81 MB</p><p>Available Pagefile: 2715.32 MB</p><p>Total Virtual: 131072 MB</p><p>Available Virtual: 131071.8 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:118.8 GB) (Free:66.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (Data) (Fixed) (Total:157.55 GB) (Free:157.23 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 298.1 GB) (Disk ID: 3E1AB738)</p><p></p><p>Partition: GPT Partition Type.</p><p></p><p>==================== End of log ============================</p></blockquote><p></p>
[QUOTE="mdm2202, post: 389934, member: 36650"] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015 Ran by User (administrator) on ASUS on 26-05-2015 11:42:29 Running from C:\Users\User\Downloads Loaded Profiles: User (Available Profiles: User & riaalvarez) Platform: Windows 8.1 (X64) OS Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-17] (Avast Software s.r.o.) HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations) HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-18\...\RunOnce: [Adobe Speed Launcher] => 1418312368 ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-06] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [URL]https://www.safesearch.net/?p=h&m=ie&c=na&s=na[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [URL]http://www.google.com[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi[/URL] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]https://www.safesearch.net/?p=h&m=ie&c=wi&s=wi[/URL] SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\.DEFAULT -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-06] (Avast Software s.r.o.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-18] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-06] (Avast Software s.r.o.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-18] (Oracle Corporation) Toolbar: HKU\S-1-5-21-1100405057-2461269165-2818533043-1001 -> No Name - {7AA3F318-16D7-40FA-B719-CA3706AA61D2} - No File Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.15.1 FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-18] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [[email]wrc@avast.com[/email]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-18] FF HKLM-x32\...\Thunderbird\Extensions: [[email]msktbird@mcafee.com[/email]] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-06] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-03-26] (ASUS) R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-26] (SurfRight B.V.) R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH) R3 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [45488 2012-12-19] (ASUSTek Computer Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-28] (Atheros) [] U4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-06] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-06] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-06] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-06] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-06] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-06] () R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-02-06] (ASUS Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R2 fp; C:\Windows\System32\DRIVERS\fp.sys [19152 2015-05-12] (Windows (R) Win 7 DDK provider) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-26 11:42 - 2015-05-26 11:42 - 00018108 _____ () C:\Users\User\Downloads\FRST.txt 2015-05-26 11:41 - 2015-05-26 11:42 - 00000000 ____D () C:\FRST 2015-05-26 11:40 - 2015-05-26 11:41 - 02108928 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-05-26 11:34 - 2015-05-26 11:34 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DBC89F2B-FB51-46CE-83DE-A61A40F37D57} 2015-05-26 11:29 - 2015-05-26 11:29 - 00036562 _____ () C:\WINDOWS\system32\.crusader 2015-05-26 11:20 - 2015-05-26 11:20 - 00001911 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2015-05-26 11:20 - 2015-05-26 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-05-26 11:20 - 2015-05-26 11:20 - 00000000 ____D () C:\Program Files\HitmanPro 2015-05-26 11:19 - 2015-05-26 11:29 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-05-26 11:10 - 2015-05-26 11:10 - 00002310 _____ () C:\mawarebytes results.txt 2015-05-26 11:10 - 2015-05-26 11:09 - 00006588 _____ () C:\malwarebytes results.xml 2015-05-26 09:22 - 2015-05-26 11:31 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-05-26 09:22 - 2015-05-26 09:22 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-26 09:22 - 2015-05-26 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-26 09:21 - 2015-05-26 09:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-26 09:21 - 2015-05-26 09:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-26 09:21 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-05-26 09:21 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-05-26 09:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-05-26 08:46 - 2015-05-26 09:09 - 00000000 ____D () C:\AdwCleaner 2015-05-25 21:07 - 2015-05-26 08:39 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe 2015-05-25 21:07 - 2015-05-26 08:39 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool 2015-05-25 20:45 - 2015-05-25 20:45 - 00753184 _____ () C:\Users\User\Downloads\Adware-Removal-Tool-v3.9.1.exe 2015-05-23 19:01 - 2015-05-23 19:01 - 00000000 ____D () C:\Users\User\AppData\Local\TeamViewer 2015-05-23 18:56 - 2015-05-25 21:58 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-05-23 18:56 - 2015-05-23 18:56 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-05-23 18:56 - 2015-05-23 18:56 - 00001049 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-05-23 02:19 - 2015-05-23 02:19 - 00000000 _____ () C:\Recovery.txt 2015-05-21 16:02 - 2015-05-21 16:02 - 00003976 _____ () C:\WINDOWS\System32\Tasks\SafeSearchUpdate 2015-05-21 16:02 - 2015-05-21 16:02 - 00003204 _____ () C:\WINDOWS\System32\Tasks\SafeSearchVerify 2015-05-21 16:02 - 2015-05-12 13:04 - 00019152 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\fp.sys 2015-05-21 07:04 - 2015-05-21 16:02 - 00000258 __RSH () C:\Users\User\ntuser.pol 2015-05-21 07:04 - 2015-05-21 07:04 - 00000000 ____D () C:\Users\User\Documents\Add-in Express 2015-05-21 06:52 - 2015-05-21 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2015-05-20 22:14 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-20 22:14 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-17 15:45 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-05-17 15:45 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-05-17 15:45 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-05-17 15:45 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-05-17 15:45 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-05-17 15:45 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-05-17 15:45 - 2015-03-17 18:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-05-17 15:45 - 2015-03-09 03:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2015-05-17 15:44 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-05-17 15:44 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-05-17 15:44 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-05-17 15:44 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2015-05-17 15:44 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-05-17 15:44 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-05-17 15:44 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-05-17 15:43 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-05-17 15:43 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-05-17 15:43 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-05-17 15:43 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-05-17 15:43 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-05-17 15:43 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-05-17 15:43 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-05-17 15:43 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-05-17 15:43 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2015-05-17 15:43 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-05-17 15:43 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-05-17 15:43 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-05-17 15:43 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-05-17 15:43 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-05-17 15:43 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-05-17 15:43 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-05-17 15:43 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-05-17 15:43 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-05-17 15:43 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-05-17 15:43 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-05-17 15:43 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-05-17 15:43 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-05-17 15:43 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-05-17 15:43 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-05-17 15:43 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-05-17 15:43 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-05-17 15:43 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-05-17 15:43 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-05-17 15:43 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-05-17 15:43 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-05-17 15:43 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-05-17 15:43 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-05-17 15:43 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-05-17 15:43 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-05-17 15:43 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-05-17 15:43 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-05-17 15:43 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-05-17 15:43 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-05-17 15:43 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-05-17 15:43 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-05-17 15:43 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-05-17 15:43 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-05-17 15:43 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2015-05-17 15:43 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2015-05-17 15:43 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2015-05-17 15:43 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2015-05-17 15:43 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-05-17 15:43 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-05-17 15:43 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-05-17 15:43 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-05-17 15:43 - 2015-03-13 05:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-05-17 15:43 - 2015-03-13 05:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-05-17 15:43 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2015-05-17 15:43 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-05-17 15:43 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-05-17 15:43 - 2015-03-13 01:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-05-17 15:43 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe 2015-05-17 15:43 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe 2015-05-17 15:43 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2015-05-17 15:43 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2015-05-17 15:43 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2015-05-17 15:43 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-05-08 17:22 - 2015-05-17 17:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-08 17:22 - 2015-05-17 17:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-08 17:22 - 2015-05-17 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-08 13:10 - 2015-05-08 13:12 - 00000000 ____D () C:\ProgramData\HP 2015-05-07 11:04 - 2015-05-26 11:32 - 00000000 ___RD () C:\Users\User\OneDrive 2015-05-07 08:50 - 2015-05-07 08:50 - 00000359 _____ () C:\Users\User\Desktop\Favourites - Shortcut.lnk 2015-05-06 16:06 - 2015-05-06 16:06 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe 2015-05-06 16:06 - 2015-05-06 16:06 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr 2015-05-05 15:26 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-05-05 15:26 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-05-05 15:26 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-05-05 15:26 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-05-05 15:26 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-05-05 15:26 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-05-05 15:26 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-04-30 10:33 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-04-30 10:33 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-04-26 13:12 - 2015-04-26 13:12 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-04-26 13:12 - 2015-04-26 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-04-26 13:11 - 2015-04-26 13:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-04-26 13:11 - 2015-04-26 13:12 - 00000000 ____D () C:\Program Files\iTunes 2015-04-26 13:11 - 2015-04-26 13:11 - 00000000 ____D () C:\Program Files\iPod 2015-04-26 13:11 - 2015-04-26 13:11 - 00000000 ____D () C:\Program Files (x86)\iTunes ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-26 11:36 - 2014-11-18 21:54 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1100405057-2461269165-2818533043-1001 2015-05-26 11:36 - 2014-08-07 19:09 - 00000062 _____ () C:\Users\User\AppData\Roaming\sp_data.sys 2015-05-26 11:36 - 2013-05-24 15:59 - 00003260 _____ () C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel 2015-05-26 11:36 - 2013-05-24 15:52 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU 2015-05-26 11:36 - 2013-05-24 15:52 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON 2015-05-26 11:36 - 2013-05-24 15:51 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus 2015-05-26 11:36 - 2013-05-24 15:43 - 00003542 _____ () C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64) 2015-05-26 11:35 - 2013-05-24 15:53 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G 2015-05-26 11:35 - 2013-05-24 15:51 - 00003114 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update 2015-05-26 11:33 - 2014-11-21 14:02 - 01487757 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-26 11:31 - 2013-08-22 15:46 - 00299907 _____ () C:\WINDOWS\setupact.log 2015-05-26 11:31 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-26 11:30 - 2014-09-24 09:08 - 00178924 _____ () C:\WINDOWS\PFRO.log 2015-05-26 11:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-26 11:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-26 10:02 - 2014-09-24 16:35 - 00000000 ____D () C:\WINDOWS\en-GB 2015-05-25 22:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-25 22:53 - 2014-08-07 19:05 - 00000000 ____D () C:\Users\User\AppData\Local\Packages 2015-05-23 19:30 - 2013-08-22 15:44 - 00362576 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-23 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-05-23 09:05 - 2014-09-24 17:21 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-21 07:39 - 2014-11-19 09:10 - 00000000 ____D () C:\Users\User\Documents\uncovering 2015-05-21 07:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-21 07:20 - 2014-12-06 09:46 - 00002032 _____ () C:\WINDOWS\IE10_main.log 2015-05-21 07:20 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-05-21 07:19 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers 2015-05-21 07:04 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-05-21 07:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy 2015-05-21 06:59 - 2014-11-19 09:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer 2015-05-21 06:57 - 2014-11-19 09:41 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer 2015-05-21 06:52 - 2014-11-19 09:39 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-05-21 06:43 - 2014-11-18 15:09 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-05-20 22:26 - 2014-11-18 16:47 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-05-17 16:27 - 2014-09-24 16:57 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-17 16:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-05-17 15:47 - 2014-11-18 17:43 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2015-05-17 15:47 - 2012-11-27 05:08 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-05-08 13:22 - 2014-11-19 09:03 - 00000000 ____D () C:\Users\User\Documents\Correspondence 2015-05-07 08:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-05-06 21:45 - 2014-12-10 15:53 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-05-06 21:45 - 2014-09-24 19:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-05-06 16:06 - 2014-11-18 15:09 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys 2015-05-06 16:06 - 2014-11-18 15:09 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-05-06 16:06 - 2014-11-18 15:09 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys 2015-05-06 16:06 - 2014-11-18 15:09 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-05-06 16:06 - 2014-11-18 15:09 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-05-06 16:06 - 2014-11-18 15:09 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-05-06 16:06 - 2014-11-18 15:09 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-05-06 16:05 - 2014-11-18 15:09 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys 2015-05-05 18:59 - 2014-12-10 19:39 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-05-05 18:59 - 2014-12-10 19:39 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-30 10:07 - 2014-11-18 16:47 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-29 16:43 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager 2015-04-29 16:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera 2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui 2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup 2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com 2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform 2015-04-29 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-04-29 16:36 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2015-04-29 16:36 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2015-04-29 16:36 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing 2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc 2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sppui 2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup 2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz 2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Com 2015-04-29 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-04-29 16:35 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-04-29 16:35 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-04-29 16:35 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism 2015-04-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell 2015-04-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2015-04-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-04-29 16:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform 2015-04-29 16:13 - 2013-08-22 16:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2015-04-29 16:12 - 2013-08-22 16:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll ==================== Files in the root of some directories ======= 2014-08-07 19:09 - 2015-05-26 11:36 - 0000062 _____ () C:\Users\User\AppData\Roaming\sp_data.sys 2012-11-27 05:08 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2012-11-27 05:08 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2012-11-27 05:08 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-26 11:26 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015 Ran by User at 2015-05-26 11:43:47 Running from C:\Users\User\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1100405057-2461269165-2818533043-500 - Administrator - Disabled) Guest (S-1-5-21-1100405057-2461269165-2818533043-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1100405057-2461269165-2818533043-1003 - Limited - Enabled) riaalvarez (S-1-5-21-1100405057-2461269165-2818533043-1004 - Limited - Enabled) => C:\Users\riaalvarez User (S-1-5-21-1100405057-2461269165-2818533043-1001 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.1 - ASUS) ASUS S200 Product Demo (HKLM-x32\...\{5E396FE4-6110-41C9-9B1F-2F30A4A13715}) (Version: 1.0.0 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.0.1 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.27 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.) Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.) iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS) OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6798 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer) UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin) <==== ATTENTION! Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 30-04-2015 17:56:45 Windows Update 06-05-2015 16:03:46 avast! antivirus system restore point 08-05-2015 16:40:43 Removed Microsoft Silverlight 17-05-2015 16:25:34 Windows Update 20-05-2015 22:09:54 Windows Update 25-05-2015 19:52:53 Online Armor installation ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E7F496C-D337-43C6-AAAA-A18521FF1BA4} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-02-06] (AsusTek) Task: {12125F54-5BBE-4526-B538-7CF1B2ED182C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {2E1EB4FF-07E4-4E8D-B430-4202A22DEEF3} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {3191DCD3-F7F1-4879-A2C3-E4B241AE07F0} - System32\Tasks\SafeSearchUpdate => C:\Program Files\SafeSearch\1_9\se.exe Task: {32248860-6FA0-4E85-8912-011B4957B002} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-30] (Microsoft Corporation) Task: {40BFF649-2D49-4783-B0C5-C843BA4F6891} - System32\Tasks\UpdateAdmin => C:\Users\User\AppData\Local\UpdateAdmin\UpdateAdmin.exe <==== ATTENTION Task: {4CA5E100-BEF2-4B23-8DEE-A0CA733ACA0E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {5C2BF80D-B15A-467E-9886-0CBD5FB10375} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {69C078C9-9C26-4BFB-A0B9-AB6A30B08A18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {72FADABD-3227-42B0-B9B3-790EBF660868} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS) Task: {76667CF4-6F71-4331-A642-9CB174F3A2C4} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-03-26] (ASUS) Task: {7A02FCE3-07A5-4138-8ABA-C1C304BE6D65} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {8B35739E-74F3-4351-85B7-4B3F8B432A7F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {8E224FC2-2C18-433E-B262-D505DE9CD22A} - System32\Tasks\SafeSearchVerify => C:\Program Files\SafeSearch\1_9\se.exe Task: {9D04BC61-0727-4ECD-8C00-9788C9619DEA} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.) Task: {B45541DE-D1E8-477D-959E-7A25D5577778} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.) Task: {B95DC31D-0517-4668-9793-A6F86B4DB8B3} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.) Task: {C375FBA7-FA7E-4B59-8B3F-8E38D0F53B81} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2013-01-29] (ASUSTeK Computer Inc.) Task: {DAD254C5-A755-4FAD-B289-3637A4EFE851} - \ASP No Task File <==== ATTENTION Task: {E69025F4-7B58-41E7-B923-371FBDB631CC} - System32\Tasks\{C7F9B5F3-CDAA-4371-BB7E-B54AD5C6FA4F} => pcalua.exe -a C:\Users\User\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe -c /UNINSTALL PARTNER=10801 Task: {F0E70101-BC67-4DCE-8FE4-56E6036E5B3E} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] () Task: {F2D4FEB5-586C-4A60-A107-CCA4769B19B1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-06] (Avast Software s.r.o.) ==================== Loaded Modules (Whitelisted) ============== 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-28 12:07 - 2012-12-28 12:07 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2012-12-28 12:04 - 2012-12-28 12:04 - 00084480 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-12-28 12:09 - 2012-12-28 12:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2013-03-26 14:38 - 2013-03-26 14:38 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-11-29 17:15 - 2012-11-29 17:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe 2015-05-06 16:06 - 2015-05-06 16:06 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-05-06 16:06 - 2015-05-06 16:06 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-05-26 09:24 - 2015-05-26 09:24 - 02948096 _____ () C:\Program Files\AVAST Software\Avast\defs\15052600\algo.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-06 16:06 - 2015-05-06 16:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-05-24 15:41 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\User\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1100405057-2461269165-2818533043-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\FullSizeRender.jpg DNS Servers: 192.168.15.1 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe" MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{11DBED5C-4CCB-4BEB-AA0E-81CB11D7E509}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B182D5EB-ECD1-4446-8B65-251D47656286}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5D3BC344-CC31-4E59-86CF-BE1368FDBF64}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7DE56E10-6B24-479E-96E0-D7F6940DC69A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0D37FF6B-BEC6-437A-AA75-F67AE6E2F642}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{748D29A3-63EB-408E-B8E4-2D0693D2FA97}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{967E2A47-828B-42F1-9994-E30081710B32}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{57C0F666-E390-4EA9-A1C4-F5B25AC7673B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{B1BA499D-34D7-4542-BC63-2EA7AB4F38B7}] => (Allow) LPort=1900 FirewallRules: [{9F3908B9-AF84-4AE4-AE0F-A3CA352764A1}] => (Allow) LPort=2869 FirewallRules: [{77FA44A0-0288-479D-A668-7DB1122CB865}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D8A84CC3-CC20-4F10-B647-08AB3909F828}] => (Allow) C:\Users\User\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe FirewallRules: [{56C792DE-B412-412E-83E7-F173A0D3B1B9}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{8E494106-7671-4078-8506-07C3C2DF01BB}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe FirewallRules: [UDP Query User{CDDE47EE-012D-4B45-B787-EA522BCE2B49}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe FirewallRules: [{6FD570CA-16C1-49D3-A0EC-DC94989D5155}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{54318141-AE8D-4151-A37A-ED944D3DAFDE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B1364A26-3C4A-46D3-8924-CB45352D4FEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{917452BA-CE9A-422D-8546-AD615EC7B254}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Faulty Device Manager Devices ============= Name: Virtual Bluetooth Support Description: Virtual Bluetooth Support Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: AthBTPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Bluetooth LWFLT Device Description: Bluetooth LWFLT Device Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: BTATH_LWFLT Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (05/26/2015 09:50:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS) Description: Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/26/2015 09:50:42 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a84 Start Time: 01d09790fbb927b6 Termination Time: 4294967295 Application Path: UNKNOWN Report Id: 469ae4cb-0384-11e5-bebe-2cd05aae1786 Faulting package full name: Microsoft.BingWeather_3.0.4.315_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (05/26/2015 09:50:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ASUS) Description: App Microsoft.BingWeather_3.0.4.315_x64__8wekyb3d8bbwe+App did not launch within its allotted time. Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15829 Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15829 Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15390 Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15390 Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/25/2015 10:12:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13828 System errors: ============= Error: (05/26/2015 11:37:01 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: ASUS) Description: There was an error while attempting to read the local hosts file. Error: (05/26/2015 11:31:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/26/2015 11:31:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: %%0 Error: (05/26/2015 11:31:13 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/26/2015 11:20:53 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: ASUS) Description: There was an error while attempting to read the local hosts file. Error: (05/26/2015 11:13:29 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/26/2015 11:12:13 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/26/2015 11:11:07 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/26/2015 10:49:44 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/26/2015 10:43:43 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Microsoft Office: ========================= Error: (05/26/2015 09:50:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142 Error: (05/26/2015 09:50:42 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: UNKNOWN0.0.0.01a8401d09790fbb927b64294967295UNKNOWN469ae4cb-0384-11e5-bebe-2cd05aae1786Microsoft.BingWeather_3.0.4.315_x64__8wekyb3d8bbweApp Error: (05/26/2015 09:50:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ASUS) Description: Microsoft.BingWeather_3.0.4.315_x64__8wekyb3d8bbwe+App Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15829 Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15829 Error: (05/26/2015 08:26:25 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15390 Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15390 Error: (05/25/2015 11:00:26 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/25/2015 10:12:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13828 CodeIntegrity Errors: =================================== Date: 2015-04-29 16:42:22.552 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-04-29 15:43:33.553 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-04-26 13:15:12.648 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-04-21 15:32:48.592 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-04-15 11:28:18.923 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-04-14 19:18:37.779 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-04-13 21:13:32.033 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-04-10 16:23:27.428 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-30 14:58:25.448 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-25 06:23:01.565 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz Percentage of memory in use: 42% Total physical RAM: 3981.81 MB Available physical RAM: 2289.15 MB Total Pagefile: 4685.81 MB Available Pagefile: 2715.32 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:118.8 GB) (Free:66.44 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:157.55 GB) (Free:157.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 3E1AB738) Partition: GPT Partition Type. ==================== End of log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top