Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avast free continually blocks getfilenow.co.il and other sites I have not opened


  • This topic is locked This topic is locked
7 replies to this topic

#1 bfalk9

bfalk9

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 09 December 2014 - 12:22 PM

I am using Win 8.1 and I run Avast free version, and malwarebytes on a regular basis.  Lately, I have had issues with both chrome and firefox flash player crashing and a problem with scripts on firefox.  Also, Avast keeps blocking sites that I have not opened.  Please help.  A run of both Avast and Malwarebytes shows nothing...



BC AdBot (Login to Remove)

 


#2 bfalk9

bfalk9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 09 December 2014 - 02:21 PM

resulsts of dds

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17416  BrowserJavaVersion: 11.25.2
Run by asus at 11:54:50 on 2014-12-09
Microsoft Windows 8.1  6.3.9600.0.1252.1.1033.18.3982.1710 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\WINDOWS\system32\DptfParticipantProcessorService.exe
C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\viakaraokesrv.exe
C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\System32\skydrive.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
C:\Users\rac\AppData\Local\Workspace\workspaceupdate.exe
C:\Users\rac\AppData\Local\Workspace\wben.exe
C:\Users\rac\AppData\Local\Workspace\workspacestatus.exe
C:\Program Files (x86)\Kitco\KcastWin8.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\nacl64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\splwow64.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe
C:\Users\rac\Downloads\AdwCleaner.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://asus13.msn.com
uProxyOverride = <-loopback>;192.168.*.*
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Power2GoExpress] <no file>
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
mRun: [ATLauncher] "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [ATUninstallIcon] "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
mPolicies-System: DisableCAD = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{15A9F596-E05E-444B-AA21-4EE95D192701} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{9191AE72-3FB5-4BD4-9D35-61A3A16A6BA4} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9191AE72-3FB5-4BD4-9D35-61A3A16A6BA4}\445414F5D4F62696C656F53323530333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9191AE72-3FB5-4BD4-9D35-61A3A16A6BA4}\44963736F6 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9191AE72-3FB5-4BD4-9D35-61A3A16A6BA4}\4657D6D6965637 : DHCPNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{9191AE72-3FB5-4BD4-9D35-61A3A16A6BA4}\6427565646F6D605F607F5632334 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B10FC986-FF69-4153-AC93-676E8A2C6BDA} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\v8yxr7ri.default-1414260219617\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\rac\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\rac\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\rac\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\rac\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\rac\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2013-8-25 65776]
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2013-8-25 267632]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-7-5 647736]
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2014-1-23 39768]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-4-27 157016]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswsnx.sys [2013-8-25 1050432]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswsp.sys [2013-8-25 436624]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2014-4-22 29208]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013-8-25 83280]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswstm.sys [2014-1-5 116728]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2013-9-25 312448]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-14 50344]
R2 DptfParticipantProcessorService;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application;C:\WINDOWS\System32\DptfParticipantProcessorService.exe [2013-1-15 30080]
R2 DptfPolicyConfigTDPService;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application;C:\WINDOWS\System32\DptfPolicyConfigTDPService.exe [2013-1-15 31616]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2013-7-22 697472]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-2-5 129856]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-2-6 193576]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-5 166720]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-10-6 65657]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-5 365376]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-14 271752]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\WINDOWS\System32\ViakaraokeSrv.exe [2013-1-15 27768]
R2 WakeupService;ASUS Wake Service;C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [2012-12-20 45488]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2013-9-25 323584]
R3 AiCharger;ASUS Charger Driver;C:\WINDOWS\System32\drivers\AiCharger.sys [2012-7-24 17152]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\WINDOWS\System32\drivers\btath_flt.sys [2013-9-25 89800]
R3 ATP;ASUS Input Device;C:\WINDOWS\System32\drivers\AsusTP.sys [2013-6-28 65784]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\WINDOWS\System32\drivers\btath_a2dp.sys [2013-9-25 338120]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\WINDOWS\System32\drivers\btath_avdt.sys [2013-9-25 116424]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\WINDOWS\System32\drivers\btath_bus.sys [2013-9-25 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\WINDOWS\System32\drivers\btath_hcrp.sys [2013-9-25 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\WINDOWS\System32\drivers\btath_lwflt.sys [2013-9-25 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\WINDOWS\System32\drivers\btath_rcp.sys [2013-9-25 137928]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2013-9-25 594632]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2014-4-27 226304]
R3 DptfDevDram;DptfDevDram;C:\WINDOWS\System32\drivers\DptfDevDram.sys [2013-1-15 107328]
R3 DptfDevFan;DptfDevFan;C:\WINDOWS\System32\drivers\DptfDevFan.sys [2013-1-15 42816]
R3 DptfDevGen;DptfDevGen;C:\WINDOWS\System32\drivers\DptfDevGen.sys [2013-1-15 64832]
R3 DptfDevPch;DptfDevPch;C:\WINDOWS\System32\drivers\DptfDevPch.sys [2013-1-15 96576]
R3 DptfDevProc;DptfDevProc;C:\WINDOWS\System32\drivers\DptfDevProc.sys [2013-1-15 229184]
R3 DptfManager;DptfManager;C:\WINDOWS\System32\drivers\DptfManager.sys [2013-1-15 363328]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2013-11-4 20280]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-9-23 449528]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\WINDOWS\System32\drivers\irstrtdv.sys [2013-2-6 43800]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-8-22 26008]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2013-9-18 130248]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 TunnelBearMaintenance;TunnelBear Maintenance;C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [2014-5-28 25536]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\System32\drivers\viahduaa.sys [2013-1-15 2207376]
S2 McSchedulerSvc;McAfee PC Task Scheduler Service;"C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [?]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AmUStor;AM USB Stroage Driver;C:\WINDOWS\System32\drivers\AmUStor.sys [2012-10-3 95232]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;C:\eSupport\eDriver\I386\AsPrOb64.sys [2013-2-5 12416]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-14 4012248]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\WINDOWS\System32\drivers\motfilt.sys [2013-3-20 6144]
S3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2013-8-22 131584]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-10-29 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-11-12 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-8-22 39320]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 motandroidusb;Mot ADB Interface Driver;C:\WINDOWS\System32\drivers\motoandroid.sys [2013-3-26 32768]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\System32\drivers\motccgp.sys [2013-3-19 23552]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\WINDOWS\System32\drivers\Motousbnet.sys [2013-3-19 27648]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-4-27 924504]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\WINDOWS\System32\drivers\RTWlanU.sys [2013-8-22 1975000]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2014-1-23 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-14 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-11-13 114496]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-11-13 368632]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-8-15 227840]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-12-09 17:50:05    --------    dc----w-    C:\AdwCleaner
2014-12-09 17:49:55    --------    d-----w-    C:\Users\rac\AppData\Roaming\WinPatrol
2014-12-09 17:49:35    --------    d-----w-    C:\ProgramData\InstallMate
2014-12-09 17:49:35    --------    d-----w-    C:\Program Files (x86)\Ruiware
2014-12-08 16:37:07    --------    d-----w-    C:\ProgramData\17972120452655662742
2014-12-08 16:37:07    --------    d-----w-    C:\Program Files (x86)\BuyNsavue
2014-12-08 16:36:27    --------    d-----w-    C:\ProgramData\ilhbnpfibbfaanglbhcgiopinnmfaeph
2014-11-27 16:03:57    --------    dc----w-    C:\FRST
2014-11-26 15:39:22    17536    ----a-w-    C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-11-25 00:34:12    98216    ----a-w-    C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2014-11-24 17:50:06    --------    d-----w-    C:\WINDOWS\System32\Logs
2014-11-18 22:06:16    991232    ----a-w-    C:\WINDOWS\System32\kerberos.dll
2014-11-18 22:06:16    806400    ----a-w-    C:\WINDOWS\SysWow64\kerberos.dll
2014-11-18 22:06:16    208896    ----a-w-    C:\WINDOWS\SysWow64\pku2u.dll
2014-11-18 22:06:15    259584    ----a-w-    C:\WINDOWS\System32\pku2u.dll
2014-11-14 20:33:55    --------    d-----w-    C:\Program Files (x86)\Unified Remote
2014-11-14 17:51:56    --------    d-----w-    C:\WINDOWS\SysWow64\vbox
2014-11-14 17:51:56    --------    d-----w-    C:\WINDOWS\System32\vbox
2014-11-14 17:46:06    43152    ----a-w-    C:\WINDOWS\avastSS.scr
2014-11-13 21:21:37    3607040    ----a-w-    C:\WINDOWS\SysWow64\msi.dll
2014-11-13 21:21:37    3320320    ----a-w-    C:\WINDOWS\System32\msi.dll
2014-11-13 21:21:36    2773504    ----a-w-    C:\WINDOWS\System32\authui.dll
2014-11-13 21:21:34    2459136    ----a-w-    C:\WINDOWS\SysWow64\authui.dll
2014-11-13 21:21:33    428032    ----a-w-    C:\WINDOWS\System32\msihnd.dll
2014-11-13 21:21:33    325120    ----a-w-    C:\WINDOWS\SysWow64\msihnd.dll
2014-11-13 21:21:32    116032    ----a-w-    C:\WINDOWS\System32\consent.exe
2014-11-13 21:21:32    110080    ----a-w-    C:\WINDOWS\System32\appinfo.dll
2014-11-12 23:47:36    911360    ----a-w-    C:\WINDOWS\System32\audiosrv.dll
2014-11-12 23:46:58    670384    ----a-w-    C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2014-11-11 22:28:14    3231832    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-11-11 22:28:06    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-11-11 21:59:20    426496    ----a-w-    C:\WINDOWS\System32\schannel.dll
2014-11-11 21:59:19    88800    ----a-w-    C:\WINDOWS\SysWow64\ncryptsslp.dll
2014-11-11 21:59:19    357376    ----a-w-    C:\WINDOWS\SysWow64\schannel.dll
2014-11-11 21:59:19    185856    ----a-w-    C:\WINDOWS\System32\dpapisrv.dll
2014-11-11 21:59:19    104336    ----a-w-    C:\WINDOWS\System32\ncryptsslp.dll
2014-11-11 21:58:06    433664    ----a-w-    C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2014-11-11 21:57:56    28876456    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-11-11 21:57:54    28098072    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-11-11 21:53:42    2149376    ----a-w-    C:\WINDOWS\System32\msxml3.dll
2014-11-11 21:53:42    1346048    ----a-w-    C:\WINDOWS\SysWow64\msxml3.dll
2014-11-11 21:53:40    81408    ----a-w-    C:\WINDOWS\System32\packager.dll
2014-11-11 21:53:40    72192    ----a-w-    C:\WINDOWS\SysWow64\packager.dll
2014-11-11 21:51:31    4182016    ----a-w-    C:\WINDOWS\System32\win32k.sys
.
==================== Find3M  ====================
.
2014-12-09 14:44:27    62    ----a-w-    C:\Users\rac\AppData\Roaming\sp_data.sys
2014-12-09 05:51:15    129752    ----a-w-    C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-11-24 17:46:38    1050432    ----a-w-    C:\WINDOWS\System32\drivers\aswsnx.sys
2014-11-21 12:14:26    64216    ----a-w-    C:\WINDOWS\System32\drivers\mwac.sys
2014-11-21 12:14:12    93400    ----a-w-    C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-11-21 12:14:08    25816    ----a-w-    C:\WINDOWS\System32\drivers\mbam.sys
2014-11-20 20:51:37    714208    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-11-20 20:51:37    106976    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-11-14 17:46:07    93568    ----a-w-    C:\WINDOWS\System32\drivers\aswRdr2.sys
2014-11-14 17:46:07    83280    ----a-w-    C:\WINDOWS\System32\drivers\aswMonFlt.sys
2014-11-14 17:46:07    65776    ----a-w-    C:\WINDOWS\System32\drivers\aswRvrt.sys
2014-11-14 17:46:07    29208    ----a-w-    C:\WINDOWS\System32\drivers\aswHwid.sys
2014-11-14 17:46:07    267632    ----a-w-    C:\WINDOWS\System32\drivers\aswVmm.sys
2014-11-14 17:46:07    116728    ----a-w-    C:\WINDOWS\System32\drivers\aswstm.sys
2014-10-31 05:12:41    143872    ----a-w-    C:\WINDOWS\System32\wextract.exe
2014-10-31 05:12:05    13824    ----a-w-    C:\WINDOWS\System32\mshta.exe
2014-10-31 05:10:13    167424    ----a-w-    C:\WINDOWS\System32\iexpress.exe
2014-10-31 05:06:45    66560    ----a-w-    C:\WINDOWS\System32\iesetup.dll
2014-10-31 05:06:09    580096    ----a-w-    C:\WINDOWS\System32\vbscript.dll
2014-10-31 05:06:00    48640    ----a-w-    C:\WINDOWS\System32\ieetwproxystub.dll
2014-10-31 05:05:50    417280    ----a-w-    C:\WINDOWS\System32\html.iec
2014-10-31 05:04:28    88064    ----a-w-    C:\WINDOWS\System32\MshtmlDac.dll
2014-10-31 04:54:13    132096    ----a-w-    C:\WINDOWS\System32\IEAdvpack.dll
2014-10-31 04:52:22    108544    ----a-w-    C:\WINDOWS\System32\hlink.dll
2014-10-31 04:51:37    144384    ----a-w-    C:\WINDOWS\System32\ieUnatt.exe
2014-10-31 04:51:25    114688    ----a-w-    C:\WINDOWS\System32\ieetwcollector.exe
2014-10-31 04:50:44    814080    ----a-w-    C:\WINDOWS\System32\jscript9diag.dll
2014-10-31 04:50:11    6040064    ----a-w-    C:\WINDOWS\System32\jscript9.dll
2014-10-31 04:40:07    33280    ----a-w-    C:\WINDOWS\System32\licmgr10.dll
2014-10-31 04:30:28    77824    ----a-w-    C:\WINDOWS\System32\JavaScriptCollectionAgent.dll
2014-10-31 04:29:50    111616    ----a-w-    C:\WINDOWS\System32\iesysprep.dll
2014-10-31 04:29:17    87552    ----a-w-    C:\WINDOWS\System32\tdc.ocx
2014-10-31 04:15:11    1032704    ----a-w-    C:\WINDOWS\System32\inetcomm.dll
2014-10-31 04:03:02    2124288    ----a-w-    C:\WINDOWS\System32\inetcpl.cpl
2014-10-31 03:45:17    2365440    ----a-w-    C:\WINDOWS\System32\wininet.dll
2014-10-31 03:44:32    2865152    ----a-w-    C:\WINDOWS\System32\actxprxy.dll
2014-10-31 03:42:04    51200    ----a-w-    C:\WINDOWS\System32\imgutil.dll
2014-10-31 03:28:47    137728    ----a-w-    C:\WINDOWS\SysWow64\wextract.exe
2014-10-31 03:28:43    12800    ----a-w-    C:\WINDOWS\SysWow64\mshta.exe
2014-10-31 03:27:26    152064    ----a-w-    C:\WINDOWS\SysWow64\iexpress.exe
2014-10-31 03:24:47    501248    ----a-w-    C:\WINDOWS\SysWow64\vbscript.dll
2014-10-31 03:24:23    62464    ----a-w-    C:\WINDOWS\SysWow64\iesetup.dll
2014-10-31 03:23:37    47616    ----a-w-    C:\WINDOWS\SysWow64\ieetwproxystub.dll
2014-10-31 03:23:21    340992    ----a-w-    C:\WINDOWS\SysWow64\html.iec
2014-10-31 03:22:08    64000    ----a-w-    C:\WINDOWS\SysWow64\MshtmlDac.dll
2014-10-31 03:14:25    112128    ----a-w-    C:\WINDOWS\SysWow64\IEAdvpack.dll
2014-10-31 03:13:05    99328    ----a-w-    C:\WINDOWS\SysWow64\hlink.dll
2014-10-31 03:12:17    115712    ----a-w-    C:\WINDOWS\SysWow64\ieUnatt.exe
2014-10-31 03:11:30    620032    ----a-w-    C:\WINDOWS\SysWow64\jscript9diag.dll
2014-10-31 03:03:33    27136    ----a-w-    C:\WINDOWS\SysWow64\licmgr10.dll
2014-10-31 02:57:20    60416    ----a-w-    C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll
2014-10-31 02:56:44    90624    ----a-w-    C:\WINDOWS\SysWow64\iesysprep.dll
2014-10-31 02:56:18    73216    ----a-w-    C:\WINDOWS\SysWow64\tdc.ocx
2014-10-31 02:46:38    880128    ----a-w-    C:\WINDOWS\SysWow64\inetcomm.dll
2014-10-31 02:46:23    4298240    ----a-w-    C:\WINDOWS\SysWow64\jscript9.dll
2014-10-31 02:39:28    2051072    ----a-w-    C:\WINDOWS\SysWow64\inetcpl.cpl
2014-10-31 02:26:38    1042944    ----a-w-    C:\WINDOWS\SysWow64\actxprxy.dll
2014-10-31 02:24:42    40448    ----a-w-    C:\WINDOWS\SysWow64\imgutil.dll
2014-10-31 02:17:17    1892864    ----a-w-    C:\WINDOWS\SysWow64\wininet.dll
2014-10-25 18:30:43    111016    ----a-w-    C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2014-10-18 06:50:21    17408    ----a-w-    C:\WINDOWS\System32\wuaext.dll
2014-10-18 06:27:15    35840    ----a-w-    C:\WINDOWS\System32\wuapp.exe
2014-10-18 06:26:48    140288    ----a-w-    C:\WINDOWS\System32\wuwebv.dll
2014-10-18 06:23:51    407552    ----a-w-    C:\WINDOWS\System32\WUSettingsProvider.dll
2014-10-18 06:23:11    95744    ----a-w-    C:\WINDOWS\System32\wudriver.dll
2014-10-18 06:20:43    1714176    ----a-w-    C:\WINDOWS\System32\wucltux.dll
2014-10-18 06:14:54    29696    ----a-w-    C:\WINDOWS\SysWow64\wuapp.exe
2014-10-18 06:14:32    124928    ----a-w-    C:\WINDOWS\SysWow64\wuwebv.dll
2014-10-18 06:12:10    81920    ----a-w-    C:\WINDOWS\SysWow64\wudriver.dll
2014-10-17 07:01:28    789184    ----a-w-    C:\WINDOWS\System32\oleaut32.dll
2014-10-17 06:58:44    602768    ----a-w-    C:\WINDOWS\SysWow64\oleaut32.dll
2014-10-10 01:58:57    27456    ----a-w-    C:\WINDOWS\System32\drivers\rdpvideominiport.sys
2014-10-10 01:58:57    177472    ----a-w-    C:\WINDOWS\System32\drivers\ksecpkg.sys
2014-10-10 01:44:01    563976    ----a-w-    C:\WINDOWS\System32\drivers\cng.sys
2014-10-08 07:37:31    154112    ----a-w-    C:\WINDOWS\System32\msaudite.dll
2014-10-08 07:37:27    736768    ----a-w-    C:\WINDOWS\System32\adtschema.dll
2014-10-08 07:34:45    131584    ----a-w-    C:\WINDOWS\System32\rdpudd.dll
2014-10-08 07:24:03    40448    ----a-w-    C:\WINDOWS\System32\rfxvmt.dll
2014-10-08 06:56:48    445440    ----a-w-    C:\WINDOWS\System32\certcli.dll
2014-10-08 06:51:16    154112    ----a-w-    C:\WINDOWS\SysWow64\msaudite.dll
2014-10-08 06:51:03    736768    ----a-w-    C:\WINDOWS\SysWow64\adtschema.dll
2014-10-08 06:18:10    324096    ----a-w-    C:\WINDOWS\SysWow64\certcli.dll
2014-10-08 06:17:58    1441792    ----a-w-    C:\WINDOWS\System32\lsasrv.dll
2014-10-08 05:23:52    3547648    ----a-w-    C:\WINDOWS\System32\rdpcorets.dll
2014-10-07 06:28:00    500016    ----a-w-    C:\WINDOWS\System32\AudioSes.dll
2014-10-07 06:27:59    394120    ----a-w-    C:\WINDOWS\System32\AUDIOKSE.dll
2014-10-07 06:27:56    482872    ----a-w-    C:\WINDOWS\System32\AudioEng.dll
2014-10-07 06:27:56    272248    ----a-w-    C:\WINDOWS\System32\audiodg.exe
2014-10-07 06:27:55    108432    ----a-w-    C:\WINDOWS\System32\EncDump.dll
2014-10-07 03:34:02    370424    ----a-w-    C:\WINDOWS\SysWow64\AudioSes.dll
2014-10-07 03:34:01    344536    ----a-w-    C:\WINDOWS\SysWow64\AUDIOKSE.dll
2014-10-07 03:33:59    424544    ----a-w-    C:\WINDOWS\SysWow64\AudioEng.dll
2014-10-07 01:54:27    226304    ----a-w-    C:\WINDOWS\System32\AudioEndpointBuilder.dll
2014-09-22 04:38:24    1519488    ----a-w-    C:\WINDOWS\System32\user32.dll
2014-09-22 03:06:16    258368    ----a-w-    C:\WINDOWS\System32\drivers\WdFilter.sys
2014-09-22 03:06:16    114496    ----a-w-    C:\WINDOWS\System32\drivers\WdNisDrv.sys
2014-09-22 02:49:43    35320    ----a-w-    C:\WINDOWS\System32\drivers\WdBoot.sys
2014-09-19 17:20:29    2724864    ----a-w-    C:\WINDOWS\SysWow64\mshtml.tlb
2014-09-19 17:20:24    2724864    ----a-w-    C:\WINDOWS\System32\mshtml.tlb
2014-09-19 17:20:22    4096    ----a-w-    C:\WINDOWS\System32\ieetwcollectorres.dll
.
============= FINISH: 11:57:14.91 ===============
 



#3 bfalk9

bfalk9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 09 December 2014 - 02:22 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8.1
Boot Device: \Device\HarddiskVolume1
Install Date: 1/23/2014 2:26:40 PM
System Uptime: 12/9/2014 8:39:48 AM (3 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | S400CA
Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz | SOCKET 0 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 3.614 GiB free.
D: is FIXED (NTFS) - 258 GiB total, 7.242 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP76: 11/18/2014 8:44:11 PM - Windows Modules Installer
RP77: 11/26/2014 11:56:32 AM - Windows Update
RP78: 12/4/2014 6:14:00 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 ASUS VivoBook
???
????
Adobe AIR
Adobe Flash Player 15 Plugin
Adobe Reader X (10.1.12) MUI
Adobe Shockwave Player 12.1
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS S Series Product Demo
ASUS Screen Saver
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS WebStorage Sync Agent
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATK Package
Avast Free Antivirus
Bing Maps 3D
BitTorrent
Canon MP Navigator EX 1.0
Canon MP210 series
Citrix Online Launcher
CrystalDiskInfo 6.0.4
CyberLink LabelPrint 2.5
CyberLink Power2Go
D3DX10
Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition
Dropbox
ESET Online Scanner v3
FormatFactory 3.3.5.0
Galerie de photos
Galería de fotos
Google Chrome
Google Update Helper
GoPro Studio 2.0.1
GoToMeeting 7.0.3.1963
I.R.I.S. OCR
inSSIDer 3
Intel® Dynamic Platform and Thermal Framework
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Start Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Java 8 Update 25
Java 8 Update 25 (64-bit)
Java Auto Updater
Kcast for Windows
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.3.0
Movie Maker
Mozilla Firefox 34.0.5 (x86 en-US)
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MultiBit 0.5.18
MyBitCast 2.0
Photo Common
Photo Gallery
Platform
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
RSDLite
Screencast-O-Matic
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
swMSM
TunnelBear
Unified Remote
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft en-us Dictionary
Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VIA Platform Device Manager
VLC media player
Winamp
Windows Driver Package - ASUS (ATP) Mouse  (05/09/2013 1.0.0.173)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
Windows Live
Windows Live ???
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
WinPatrol
WinRAR 5.11 (64-bit)
Workspace Desktop
.
==== Event Viewer Messages From Past Week ========
.
12/9/2014 8:40:32 AM, Error: Service Control Manager [7000]  - The McAfee PC Task Scheduler Service service failed to start due to the following error:  The system cannot find the file specified.
12/2/2014 11:42:37 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
.
==== End Of File ===========================
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 AM

Posted 14 December 2014 - 10:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#5 bfalk9

bfalk9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 14 December 2014 - 03:19 PM

Hello nasdaq, 

  Thanks for your help with this.  I ran the scans per your advice and will post the results below.  After restarting my computer after the ADWCeaner I still get the following warnings from Avast:

 

  Avast Web Shield has blocked a harmful webpage or file.

  Object:  http://filesonlinehere.com/sync/?rmbs=...

Infection:  URL:Mal

Process:  C:\Program Files (x86)\...\chrome.exe

 

then this one:

Avast Web Shield has blocked a harmful webpage or file.

  Object:  http://allgoodtoolkitbest1.info/sync/?q=...

Infection:  URL:Mal

Process:  C:\Program Files (x86)\...\chrome.exe

 

then this one:

Avast Web Shield has blocked a harmful webpage or file.

  Object:  http://morefilesnow.co.il/sync/?q=C6qu...

Infection:  URL:Mal

Process:  C:\Program Files (x86)\...\chrome.exe

 

then this one:

Avast Web Shield has blocked a harmful webpage or file.

  Object:  http://bestaddon.co.il/sync/?q=C6qUojs...

Infection:  URL:Mal

Process:  C:\Program Files (x86)\...\chrome.exe

 

then:

Avast Web Shield has blocked a harmful webpage or file.

  Object:  http://getfilenow.co.il/sync/?rmbs=1g=C...

Infection:  URL:Mal

Process:  C:\Program Files (x86)\...\chrome.exe

 

then:

Avast Web Shield has blocked a harmful webpage or file.

  Object:  http://apps-infor.info/sync/?rmbs=1g=C...

Infection:  URL:Mal

Process:  C:\Program Files (x86)\...\chrome.exe

 

I have no idea what is going on!  Here are the results from the scans:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/14/2014
Scan Time: 12:28:34 PM
Logfile: mbam121414.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.14.06
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: asus

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397181
Time Elapsed: 36 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

# AdwCleaner v4.105 - Report created 14/12/2014 at 13:39:18
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : asus - PERSONAL
# Running from : C:\Users\rac\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\17972120452655662742

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R0].txt - [815 octets] - [09/12/2014 11:50:18]
AdwCleaner[R1].txt - [874 octets] - [14/12/2014 13:27:30]
AdwCleaner[R2].txt - [933 octets] - [14/12/2014 13:32:54]
AdwCleaner[R3].txt - [992 octets] - [14/12/2014 13:36:02]
AdwCleaner[S0].txt - [916 octets] - [14/12/2014 13:39:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [975 octets] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014
Ran by asus (administrator) on PERSONAL on 14-12-2014 13:48:58
Running from C:\Users\rac\Desktop
Loaded Profile: asus (Available profiles: asus & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
(Starfield Technologies) C:\Users\rac\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies, LLC) C:\Users\rac\AppData\Local\Workspace\wben.exe
(Starfield Technologies) C:\Users\rac\AppData\Local\Workspace\workspacestatus.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\AVRemoteControl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5301880 2012-11-30] (VIA)
HKLM\...\Run: [VIAAUD] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe [2538104 2012-11-30] (VIA)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-30] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [ATUninstallIcon] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Run: [Power2GoExpress] =>                                                                                                                                                                                                          (the data entry has 824 more characters).
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-10-02] (Unified Intents AB)
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Run: [Starfield Updater] => C:\Users\rac\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-09-19] (Starfield Technologies)
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Run: [wben] => C:\Users\rac\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Run: [Workspace Status] => C:\Users\rac\AppData\Local\Workspace\workspacestatus.exe [694760 2013-09-19] (Starfield Technologies)
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Run: [KcastWin] => C:\Program Files (x86)\Kitco\KcastWin8.exe [3928064 2014-05-04] (Kitco Metals Inc)
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Run: [BitTorrent] => C:\Users\rac\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Run: [GoogleChromeAutoLaunch_9551E1C1FBAA8F6DD8374036CB9CF102] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\MountPoints2: {732ba4fa-69ba-11e4-bf4d-6c71d94f1b2e} - "E:\MotoCastSetup.exe" -a
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\MountPoints2: {8aa750a9-4adb-11e4-bf37-6c71d94f1b2e} - "E:\MotoCastSetup.exe" -a
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\MountPoints2: {df645c44-4dae-11e4-bf3a-6c71d94f1b2e} - "E:\LiteAuto.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2140469121-2640114346-301954300-1001 -> {8EE75733-316D-4AC2-BE7C-476A50423B7B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\rac\AppData\Roaming\Mozilla\Firefox\Profiles\v8yxr7ri.default-1414260219617
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2140469121-2640114346-301954300-1001: @citrixonline.com/appdetectorplugin -> C:\Users\rac\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2140469121-2640114346-301954300-1001: @starfield.com/off -> C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-2140469121-2640114346-301954300-1001: @starfield.com/off64 -> C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-2140469121-2640114346-301954300-1001: @starfield.com/wbe -> C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-2140469121-2640114346-301954300-1001: @starfield.com/wbe64 -> C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\rac\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\rac\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\rac\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\rac\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\rac\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-09-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\rac\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Online Storage plug-in) - C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
CHR Plugin: (Workspace Webmail plug-in 1.0.21.46) - C:\Users\rac\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Profile: C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-03]
CHR Extension: (Docs Offline Background Page) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-03]
CHR Extension: (Google Search) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-03]
CHR Extension: (Yesware Email Tracking) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp [2014-07-11]
CHR Extension: (Avast Online Security) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-06]
CHR Extension: (Google Wallet) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-03]
CHR Extension: (BuyNsavue) - C:\ProgramData\ilhbnpfibbfaanglbhcgiopinnmfaeph\ [2013-09-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-09-30] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2012-09-30] (Intel Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [25536 2014-05-28] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-11-30] (VIA Technologies, Inc.)
R2 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [45488 2012-12-20] (ASUSTek Computer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
S2 McSchedulerSvc; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\Windows\system32\drivers\AmUStor.SYS [95232 2012-10-03] (Alcor Micro, Corp.) [File not signed]
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-09-30] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-09-30] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-09-30] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-09-30] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-09-30] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-09-30] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 MotDev; \SystemRoot\system32\DRIVERS\motodrv.sys [X]
S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 13:48 - 2014-12-14 13:49 - 00029950 _____ () C:\Users\rac\Desktop\FRST.txt
2014-12-14 13:48 - 2014-12-14 13:48 - 00000000 ____D () C:\Users\rac\Desktop\FRST-OlderVersion
2014-12-14 13:39 - 2014-12-14 13:39 - 00000992 _____ () C:\Users\rac\Desktop\AdwCleaner[R3].txt
2014-12-14 13:26 - 2014-12-14 13:26 - 00001050 _____ () C:\Users\rac\Desktop\mbam121414.txt
2014-12-12 13:45 - 2014-12-12 13:46 - 00000000 ____D () C:\Users\rac\Desktop\433 TampicoWay
2014-12-12 07:50 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-12 07:50 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-10 14:06 - 2014-12-10 14:06 - 00324224 _____ (Dropbox, Inc.) C:\Users\rac\Downloads\DropboxInstaller.exe
2014-12-10 13:18 - 2014-12-10 13:18 - 00000000 ____D () C:\WINDOWS\Sun
2014-12-09 16:29 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-09 16:29 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-09 16:29 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-09 16:29 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-09 16:15 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-09 16:15 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-09 16:15 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-09 16:15 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-09 16:15 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-09 16:15 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-09 16:15 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-09 16:15 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-09 16:14 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-09 16:14 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-09 16:14 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-09 16:14 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-09 16:14 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-09 16:14 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-09 16:14 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-09 16:14 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-09 16:14 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-09 16:14 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-09 16:14 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-09 16:14 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-09 16:14 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-09 16:14 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-09 16:14 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-09 16:14 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-09 16:14 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-09 16:14 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-09 16:14 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-09 16:14 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-09 16:14 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-09 16:14 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-09 16:14 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-09 16:14 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-09 16:14 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-09 16:14 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-09 16:14 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-09 16:14 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-09 16:14 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-09 16:14 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-09 16:14 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-09 16:13 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-09 16:13 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-09 16:12 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-09 16:12 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-09 16:12 - 2014-10-12 20:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-09 16:12 - 2014-10-12 20:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-09 16:12 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-09 16:12 - 2014-10-12 20:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 11:57 - 2014-12-09 11:57 - 00035047 _____ () C:\Users\rac\Desktop\dds.txt
2014-12-09 11:57 - 2014-12-09 11:57 - 00007721 _____ () C:\Users\rac\Desktop\attach.txt
2014-12-09 11:54 - 2014-12-09 11:54 - 00688992 ____R (Swearware) C:\Users\rac\Downloads\dds.com
2014-12-09 11:50 - 2014-12-14 13:39 - 00000000 ___DC () C:\AdwCleaner
2014-12-09 11:49 - 2014-12-09 11:49 - 00000000 ____D () C:\Users\rac\AppData\Roaming\WinPatrol
2014-12-09 11:49 - 2014-12-09 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-12-09 11:49 - 2014-12-09 11:49 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-09 11:49 - 2014-12-09 11:49 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-12-09 11:48 - 2014-12-09 11:48 - 02166272 _____ () C:\Users\rac\Desktop\AdwCleaner.exe
2014-12-09 11:47 - 2014-12-09 11:48 - 01156136 _____ (Ruiware) C:\Users\rac\Downloads\wpsetup.exe
2014-12-09 07:59 - 2014-12-09 08:38 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E01 Chopped and Dropped Model A Part1 HDTV x264-FUM[ettv]
2014-12-09 04:44 - 2014-12-09 07:38 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E02 Chopped and Dropped Model A Part2 HDTV x264-FUM[ettv]
2014-12-09 03:53 - 2014-12-09 07:38 - 00000000 ____D () C:\Users\rac\Downloads\Fast.N.Loud.S05E04.Super.Sonic.Camaro.Part.2.HDTV.x264-TRiAL
2014-12-09 03:52 - 2014-12-09 07:38 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E03 Super Sonic Camaro Part1 HDTV x264-FUM[ettv]
2014-12-09 00:40 - 2014-12-09 07:38 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E05 Pikes Peak or Bust Part1 HDTV x264-FUM[ettv]
2014-12-09 00:39 - 2014-12-09 07:38 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E06 Pikes Peak or Bust Part2 HDTV x264-FUM[ettv]
2014-12-09 00:38 - 2014-12-09 07:38 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E07 The Shorty Short VW Bus HDTV x264-FUM[ettv]
2014-12-09 00:37 - 2014-12-09 07:38 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E08 One Cool Impala HDTV x264-FUM[ettv]
2014-12-09 00:34 - 2014-12-09 07:39 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E09 Big Bad C10 Build Part1 HDTV x264-FUM[ettv]
2014-12-08 19:06 - 2014-12-08 22:36 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E10 Big Bad C10 Build Part2 HDTV x264-FUM[ettv]
2014-12-08 19:05 - 2014-12-08 22:36 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E11 NHRA and A 55 Pink Caddy Part1 HDTV x264-FUM[ettv]
2014-12-08 19:04 - 2014-12-08 22:36 - 00000000 ____D () C:\Users\rac\Downloads\Fast N Loud S05E12 NHRA and A 55 Pink Caddy Part2 HDTV x264-FUM[ettv]
2014-12-08 10:37 - 2014-12-08 10:37 - 00000000 ____D () C:\Program Files (x86)\BuyNsavue
2014-12-08 10:36 - 2014-12-08 10:36 - 00000000 ____D () C:\ProgramData\ilhbnpfibbfaanglbhcgiopinnmfaeph
2014-12-06 14:26 - 2014-12-07 20:19 - 00000000 ____D () C:\Users\rac\Downloads\Prospectors.S02
2014-12-06 12:29 - 2014-12-06 12:33 - 24743106 _____ () C:\Users\rac\Downloads\vlc-2.1.5-win32.exe
2014-12-06 11:13 - 2014-12-06 11:13 - 00244104 _____ () C:\Users\rac\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-06 01:37 - 2014-12-06 03:32 - 00000000 ____D () C:\Users\rac\Downloads\Gold Rush S05E08 Gold Blooded HDTV x264-FUM[ettv]
2014-12-05 18:58 - 2014-12-06 07:32 - 00000000 ____D () C:\Users\rac\Downloads\Tusk.2014.HDRip.XviD-iFT
2014-12-05 16:01 - 2014-12-06 07:32 - 00000000 ____D () C:\Users\rac\Downloads\Blue Ruin (2013)
2014-12-05 16:00 - 2014-12-06 07:32 - 00000000 ____D () C:\Users\rac\Downloads\Night Moves (2013)
2014-12-05 15:12 - 2014-12-06 07:32 - 00000000 ____D () C:\Users\rac\Downloads\Moonshiners.S04E04.HDTV.x264-KILLERS
2014-12-05 15:11 - 2014-12-06 00:41 - 00000000 ____D () C:\Users\rac\Downloads\Moonshiners.S04E05.HDTV.x264-KILLERS[ettv]
2014-12-05 15:10 - 2014-12-05 17:44 - 542247800 _____ () C:\Users\rac\Downloads\Moonshiners.S04E03.Bullet.Proof.HDTV x264-NOGRP.mp4
2014-12-05 15:09 - 2014-12-05 16:38 - 518732383 _____ () C:\Users\rac\Downloads\Moonshiners.S04E02.720p.HDTV.x264-KILLERS.mp4
2014-12-05 13:04 - 2014-12-05 13:04 - 00000197 _____ () C:\WINDOWS\system32\2014-12-05-19-04-28.072-AvastVBoxSVC.exe-2952.log
2014-12-05 11:12 - 2014-12-05 14:52 - 00000000 ____D () C:\Users\rac\Downloads\They Came Together (2014)
2014-12-04 17:04 - 2014-12-04 19:47 - 00000000 ____D () C:\Users\rac\Downloads\The Double (2013)
2014-12-04 11:42 - 2014-12-04 11:42 - 00000197 _____ () C:\WINDOWS\system32\2014-12-04-17-42-46.007-AvastVBoxSVC.exe-2768.log
2014-12-02 19:05 - 2014-12-04 20:36 - 00000000 ____D () C:\Users\rac\Downloads\Fury.2014.DVDSCR XviD-SaM[ETRG]
2014-12-02 11:51 - 2014-12-02 19:02 - 00000000 ____D () C:\Users\rac\Downloads\Gold Rush S05E07 Goldzilla HDTV x264-FUM[ettv]
2014-12-02 11:47 - 2014-12-02 11:49 - 00000197 _____ () C:\WINDOWS\system32\2014-12-02-17-47-12.001-AvastVBoxSVC.exe-2236.log
2014-12-01 12:09 - 2014-12-01 12:11 - 00000197 _____ () C:\WINDOWS\system32\2014-12-01-18-09-39.077-AvastVBoxSVC.exe-2772.log
2014-11-27 10:07 - 2014-11-27 10:10 - 00045885 _____ () C:\Users\rac\Downloads\Addition.txt
2014-11-27 10:04 - 2014-11-27 10:10 - 00069225 _____ () C:\Users\rac\Downloads\FRST.txt
2014-11-27 10:03 - 2014-12-14 13:49 - 00000000 ___DC () C:\FRST
2014-11-27 10:03 - 2014-12-14 13:48 - 02119680 ____C (Farbar) C:\Users\rac\Desktop\FRST64.exe
2014-11-26 14:52 - 2014-11-26 14:54 - 00000000 ____D () C:\Users\rac\Downloads\Gold Rush Season 5
2014-11-24 20:44 - 2014-11-24 20:45 - 00000197 _____ () C:\WINDOWS\system32\2014-11-25-02-44-03.099-AvastVBoxSVC.exe-3012.log
2014-11-24 20:41 - 2014-11-24 20:41 - 00285144 _____ () C:\WINDOWS\Minidump\112414-41281-01.dmp
2014-11-24 18:34 - 2014-11-24 18:33 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-11-24 18:33 - 2014-11-24 18:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-24 13:28 - 2014-11-24 13:29 - 00000197 _____ () C:\WINDOWS\system32\2014-11-24-19-28-56.056-AvastVBoxSVC.exe-2772.log
2014-11-24 09:19 - 2014-11-24 09:20 - 00000197 _____ () C:\WINDOWS\system32\2014-11-24-15-19-55.031-AvastVBoxSVC.exe-2844.log
2014-11-23 07:32 - 2014-11-23 07:33 - 00000197 _____ () C:\WINDOWS\system32\2014-11-23-13-32-11.055-AvastVBoxSVC.exe-2464.log
2014-11-22 13:29 - 2014-11-22 14:03 - 00000000 ____D () C:\Users\rac\Downloads\Calvary (2014)
2014-11-22 13:27 - 2014-11-22 14:02 - 00000000 ____D () C:\Users\rac\Downloads\Guardians of the Galaxy (2014)
2014-11-22 13:25 - 2014-11-22 14:05 - 00000000 ____D () C:\Users\rac\Downloads\The November Man (2014)
2014-11-22 13:06 - 2014-11-22 13:40 - 00000000 ____D () C:\Users\rac\Downloads\When the Game Stands Tall (2014)
2014-11-22 13:03 - 2014-11-22 13:23 - 00000000 ____D () C:\Users\rac\Downloads\Good People (2014)
2014-11-22 12:40 - 2014-11-22 12:56 - 1116020528 _____ () C:\Users\rac\Downloads\After.Porn.Ends.DVDRip.x264.AAC.MVGroup.org.mp4
2014-11-21 09:48 - 2014-11-21 09:48 - 00000197 _____ () C:\WINDOWS\system32\2014-11-21-15-48-34.016-AvastVBoxSVC.exe-2784.log
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FM20.DLL
2014-11-18 16:06 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-18 16:06 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-18 16:06 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-18 16:06 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-14 14:33 - 2014-11-14 14:33 - 00001049 _____ () C:\Users\rac\Desktop\Unified Remote.lnk
2014-11-14 14:33 - 2014-11-14 14:33 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unified Remote
2014-11-14 14:33 - 2014-11-14 14:33 - 00000000 ____D () C:\Program Files (x86)\Unified Remote
2014-11-14 13:25 - 2014-11-14 13:26 - 00000197 _____ () C:\WINDOWS\system32\2014-11-14-19-25-37.059-AvastVBoxSVC.exe-2060.log
2014-11-14 12:17 - 2014-11-14 12:17 - 00000247 _____ () C:\WINDOWS\system32\2014-11-14-18-17-39.089-aswFe.exe-2564.log
2014-11-14 12:12 - 2014-11-14 12:17 - 00000247 _____ () C:\WINDOWS\system32\2014-11-14-18-12-25.027-aswFe.exe-3920.log
2014-11-14 12:12 - 2014-11-14 12:12 - 00000197 _____ () C:\WINDOWS\system32\2014-11-14-18-12-22.050-AvastVBoxSVC.exe-4304.log
2014-11-14 11:51 - 2014-11-14 11:52 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-11-14 11:51 - 2014-11-14 11:52 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-11-14 11:46 - 2014-11-14 11:46 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-14 11:46 - 2014-11-14 11:46 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-14 11:46 - 2014-11-14 11:46 - 00001942 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 13:46 - 2014-01-23 14:29 - 00000000 ___DO () C:\Users\rac\SkyDrive
2014-12-14 13:45 - 2014-01-05 21:57 - 00000062 _____ () C:\Users\rac\AppData\Roaming\sp_data.sys
2014-12-14 13:44 - 2014-06-25 10:25 - 00000000 ____D () C:\Users\rac\AppData\Local\HockeyCrashes
2014-12-14 13:44 - 2014-06-25 10:24 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-12-14 13:44 - 2014-03-13 19:00 - 00000570 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2140469121-2640114346-301954300-1001.job
2014-12-14 13:44 - 2014-01-23 14:20 - 01098041 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-14 13:44 - 2014-01-05 17:40 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2014-12-14 13:44 - 2014-01-05 17:40 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2014-12-14 13:43 - 2013-09-03 18:09 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 13:42 - 2014-04-27 20:50 - 00000000 ____D () C:\Users\rac\AppData\Roaming\Atheros
2014-12-14 13:42 - 2013-09-24 12:15 - 00000000 ____D () C:\Temp
2014-12-14 13:41 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-14 13:40 - 2014-04-05 21:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 13:40 - 2014-04-05 21:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 13:40 - 2013-11-14 01:20 - 00082636 _____ () C:\WINDOWS\PFRO.log
2014-12-14 13:40 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-14 13:35 - 2014-06-27 11:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-14 13:11 - 2013-07-11 10:05 - 00000000 ____D () C:\Users\rac\Documents\Bluetooth Folder
2014-12-14 13:00 - 2013-09-03 18:09 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 13:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-14 12:28 - 2014-05-14 19:16 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 11:49 - 2013-08-25 19:58 - 00000000 ____D () C:\Users\rac\AppData\Roaming\vlc
2014-12-14 11:25 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-14 11:14 - 2014-02-03 16:06 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{641ECE7F-4A15-4B1C-8A5E-591B8BC4392F}
2014-12-13 14:01 - 2013-07-11 10:10 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2140469121-2640114346-301954300-1001
2014-12-13 13:27 - 2014-04-05 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 13:47 - 2013-11-14 01:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-12 13:42 - 2014-11-10 17:29 - 00002616 _____ () C:\WINDOWS\setupact.log
2014-12-12 08:25 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-12 08:03 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-12 07:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-12 07:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-12 07:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 09:38 - 2013-07-17 06:41 - 00000000 ____D () C:\Users\rac\AppData\Local\CrashDumps
2014-12-10 09:27 - 2014-04-05 19:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 09:25 - 2013-08-19 22:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 09:20 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-10 09:20 - 2013-08-19 22:40 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 13:02 - 2014-11-06 09:00 - 00000000 ____D () C:\Users\rac\Documents\RealEstDocs
2014-12-09 11:36 - 2014-06-27 11:43 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-09 08:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\System
2014-12-09 08:38 - 2013-08-25 20:24 - 00000000 ____D () C:\Users\rac\AppData\Roaming\BitTorrent
2014-12-07 03:29 - 2012-11-27 12:26 - 08418382 _____ () C:\WINDOWS\AsDebug.log
2014-12-06 13:58 - 2014-11-11 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-06 13:16 - 2014-05-14 19:16 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 13:16 - 2014-05-14 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 13:16 - 2014-05-14 19:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-06 12:33 - 2013-08-25 19:57 - 00001084 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-06 11:24 - 2014-08-16 07:21 - 00001161 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-06 11:24 - 2014-01-07 19:56 - 00001173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-05 13:01 - 2014-01-23 14:01 - 00000000 ____D () C:\Users\rac
2014-12-03 12:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-02 11:47 - 2013-08-25 19:16 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-11-27 09:15 - 2013-09-03 18:16 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 15:10 - 2014-09-19 15:22 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 15:10 - 2014-09-19 15:22 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 20:41 - 2014-11-04 10:57 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-24 11:46 - 2013-08-25 19:16 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-21 06:14 - 2014-05-14 19:16 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-05-14 19:16 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-05-14 19:16 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-19 12:08 - 2014-09-04 10:09 - 00000000 ____D () C:\Users\rac\Documents\NoticeToCreditors
2014-11-19 11:19 - 2014-04-05 19:44 - 00000000 ____D () C:\Users\rac\AppData\Local\Microsoft Help
2014-11-18 15:52 - 2014-03-13 19:00 - 00003568 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2140469121-2640114346-301954300-1001
2014-11-14 13:24 - 2013-02-06 00:01 - 00017170 _____ () C:\WINDOWS\system32\results.xml
2014-11-14 13:19 - 2014-10-29 13:21 - 00000728 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2014-11-14 13:19 - 2013-02-06 00:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-11-14 11:46 - 2014-04-22 19:44 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-14 11:46 - 2014-01-05 18:30 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-11-14 11:46 - 2013-08-25 19:16 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-14 11:46 - 2013-08-25 19:16 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-14 11:46 - 2013-08-25 19:16 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-11-14 11:46 - 2013-08-25 19:16 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-11-14 11:46 - 2013-08-25 19:16 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-14 08:57 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 08:57 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 08:57 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 08:57 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-14 08:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-14 08:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\rac\AppData\Local\Temp\Quarantine.exe
C:\Users\rac\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-12 08:03

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014
Ran by asus at 2014-12-14 13:51:15
Running from C:\Users\rac\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.26 - ASUS)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.145.62246 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.9.145.62246 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.5 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS S Series Product Demo (HKLM-x32\...\{387AA3E2-B9FE-4DA1-A097-A0D2213E8794}) (Version: 1.0.0 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.0 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.0 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
BitTorrent (HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
CrystalDiskInfo 6.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2914 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
GoToMeeting 7.0.3.1963 (HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\GoToMeeting) (Version: 7.0.3.1963 - CitrixOnline)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.6.1082 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kcast for Windows (HKLM-x32\...\{0668483D-B010-46A4-B33E-5EDE8E1F6627}) (Version: 3.2.0.0 - Kitco)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RSDLite (HKLM-x32\...\{EAC93E1D-4807-43E2-B39A-8170B731B7D0}) (Version: 5.6 - Motorola)
Screencast-O-Matic (HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic) <==== ATTENTION!
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TunnelBear (HKLM-x32\...\{625f2249-d094-455e-8548-72ca683eb9d3}) (Version: 2.2.21.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.21.0 - TunnelBear) Hidden
Unified Remote (HKLM-x32\...\{D7930C67-5816-417B-BF28-54BB75EFDAF9}) (Version: 2.14.4.0 - Unified Remote)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse  (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Workspace Desktop (HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\workspacedesktop) (Version:  - Starfield Technologies)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2140469121-2640114346-301954300-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\rac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2140469121-2640114346-301954300-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\rac\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-2140469121-2640114346-301954300-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\rac\AppData\Local\Citrix\GoToMeeting\1767\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2140469121-2640114346-301954300-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\rac\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
CustomCLSID: HKU\S-1-5-21-2140469121-2640114346-301954300-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\rac\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2140469121-2640114346-301954300-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2140469121-2640114346-301954300-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2140469121-2640114346-301954300-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2140469121-2640114346-301954300-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-11-2014 17:56:32 Windows Update
05-12-2014 00:14:00 Scheduled Checkpoint
10-12-2014 15:13:41 Windows Update
13-12-2014 18:50:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04F65CA1-81F3-4049-822E-8753220F5D27} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {0C2B556B-389F-4EF9-BA23-BC3122994325} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {11CCE1F5-C50B-424F-AE54-44BB70B4712E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {3030FA68-82B8-4F0A-BA7F-6E37EBE202DA} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-06-28] (AsusTek)
Task: {40EE3F9D-E3AC-4026-A7CC-A20CC364830E} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {4D6C93E3-F13B-4C65-977A-3E595AD40E19} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03] (Google Inc.)
Task: {4D98EAF4-99D0-43F1-AB67-3B6560314978} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {4FC0A102-BE29-431C-8264-29C807474B33} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [2012-11-07] (ASUSTek Computer INC.)
Task: {52F7A9F4-12E4-4D45-8F11-6C692F647168} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {6EA14C34-94F5-4B75-89F8-5F8B648ADE63} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {6EFBACF0-3A8C-4D6F-9A88-B673BDAF6A57} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2014-05-28] (TunnelBear)
Task: {6F3B92F6-7E2D-4885-9930-982533D6EA09} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2012-12-25] (ASUSTeK Computer Inc.)
Task: {7AD8C17B-E5A2-454D-B3AE-1D084863F2BE} - System32\Tasks\G2MUpdateTask-S-1-5-21-2140469121-2640114346-301954300-1001 => C:\Users\rac\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe [2014-11-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {88B71636-D5B5-45C1-AB09-7A209C800033} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-14] (AVAST Software)
Task: {95438405-9BEC-4A86-B010-3F55665B5857} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2140469121-2640114346-301954300-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {B17C7990-5C38-4375-85E6-BF326579D7AE} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {D0BCB5AC-0E71-4A18-9409-4177AC644172} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.)
Task: {D3E18A97-63B0-4A6D-8760-CA37406AA0DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03] (Google Inc.)
Task: {DE18FA90-2DC7-4963-B817-C75CFF4A7CA6} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {E887F6AC-3E3B-40B4-921A-BCB7DFBF609A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {E89CECFA-2BB3-4F61-BBC4-C55567400C47} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {EB7E2BD1-5E36-4FCC-8781-1FB644DA89EE} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS)
Task: {FD1487BA-430C-4E48-9C87-FBD291C5482A} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\elbyExecuteWithUAC.job => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2140469121-2640114346-301954300-1001.job => C:\Users\rac\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 08:19 - 2012-09-18 14:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2013-08-30 08:19 - 2012-09-18 14:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-08-22 01:19 - 2013-08-22 00:54 - 00049664 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Graphics.winmd
2013-08-22 01:19 - 2013-08-22 00:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2013-09-25 02:04 - 2013-09-25 02:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 02:01 - 2013-09-25 02:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 02:08 - 2013-09-25 02:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-02-06 00:03 - 2012-11-14 01:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-02-06 00:03 - 2012-11-14 01:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-09-25 02:09 - 2013-09-25 02:09 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-05-28 09:44 - 2014-05-28 09:44 - 00025536 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2014-12-13 09:48 - 2014-12-13 09:48 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121300\algo.dll
2014-12-14 13:47 - 2014-12-14 13:47 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121401\algo.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 09:05 - 2013-10-31 09:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-04-29 14:17 - 2013-04-29 14:17 - 00587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-11-14 11:46 - 2014-11-14 11:46 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2013-02-05 23:58 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\rac\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "CineForm Status.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "ATLauncher"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ATUninstallIcon"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\StartupApproved\Run: => "Unified Remote v2"
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\StartupApproved\Run: => "cdloader"
HKU\S-1-5-21-2140469121-2640114346-301954300-1001\...\StartupApproved\Run: => "BitTorrent"

========================= Accounts: ==========================

Administrator (S-1-5-21-2140469121-2640114346-301954300-500 - Administrator - Disabled)
asus (S-1-5-21-2140469121-2640114346-301954300-1001 - Administrator - Enabled) => C:\Users\rac
Guest (S-1-5-21-2140469121-2640114346-301954300-501 - Limited - Enabled) => C:\Users\Guest

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 01:00:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1408

Start Time: 01d017cf77322ec3

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 6c374723-83c3-11e4-bf5f-6c71d94f1b2e

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/14/2014 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19c4

Start Time: 01d017c92e0bffb7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 2256a395-83bd-11e4-bf5f-6c71d94f1b2e

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/14/2014 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11b0

Start Time: 01d017c92dfb823c

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 22ddc4d8-83bd-11e4-bf5f-6c71d94f1b2e

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/14/2014 11:47:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 183c

Start Time: 01d017c554d06053

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 49afb9ef-83b9-11e4-bf5f-6c71d94f1b2e

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/13/2014 04:17:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/13/2014 03:33:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/13/2014 03:26:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/13/2014 02:14:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/13/2014 02:12:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/13/2014 02:07:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (12/14/2014 01:41:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee PC Task Scheduler Service service failed to start due to the following error:
%%2

Error: (12/12/2014 07:48:16 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (12/12/2014 07:42:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee PC Task Scheduler Service service failed to start due to the following error:
%%2

Error: (12/12/2014 07:39:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (12/10/2014 05:39:08 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (12/10/2014 05:20:23 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/09/2014 08:40:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee PC Task Scheduler Service service failed to start due to the following error:
%%2

Error: (12/06/2014 02:00:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee PC Task Scheduler Service service failed to start due to the following error:
%%2

Error: (12/06/2014 10:52:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee PC Task Scheduler Service service failed to start due to the following error:
%%2

Error: (12/05/2014 01:02:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee PC Task Scheduler Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/14/2014 01:00:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031140801d017cf77322ec34294967295C:\WINDOWS\syswow64\wwahost.exe6c374723-83c3-11e4-bf5f-6c71d94f1b2eMicrosoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (12/14/2014 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068919c401d017c92e0bffb74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe2256a395-83bd-11e4-bf5f-6c71d94f1b2emicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/14/2014 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703111b001d017c92dfb823c4294967295C:\WINDOWS\syswow64\wwahost.exe22ddc4d8-83bd-11e4-bf5f-6c71d94f1b2eMicrosoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (12/14/2014 11:47:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031183c01d017c554d060534294967295C:\WINDOWS\syswow64\wwahost.exe49afb9ef-83b9-11e4-bf5f-6c71d94f1b2eMicrosoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (12/13/2014 04:17:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/13/2014 03:33:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/13/2014 03:26:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/13/2014 02:14:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/13/2014 02:12:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/13/2014 02:07:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


==================== Memory info ===========================

Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 30%
Total physical RAM: 3981.7 MB
Available physical RAM: 2750.84 MB
Total Pagefile: 8077.7 MB
Available Pagefile: 6684.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:7.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:7.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 04A53D1B)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: D566DB05)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

and Avast popped up one more while I was posting the logs.  Again, thanks for your help!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 AM

Posted 15 December 2014 - 08:42 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [ATUninstallIcon] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\internal-nacl-plugin No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Extension: (Google Wallet) - C:\Users\rac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (BuyNsavue) - C:\ProgramData\ilhbnpfibbfaanglbhcgiopinnmfaeph\ [2013-09-03]
S2 McSchedulerSvc; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 MotDev; \SystemRoot\system32\DRIVERS\motodrv.sys [X]
S3 motmodem; \SystemRoot\system32\DRIVERS\motmodem.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:054203E4
C:\ProgramData\ilhbnpfibbfaanglbhcgiopinnmfaeph

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

======

If AVAST still blocking site execute this.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

How is the computer running now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 AM

Posted 21 December 2014 - 09:09 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 AM

Posted 27 December 2014 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users