Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop slowed to a freeze, please help


  • This topic is locked This topic is locked
27 replies to this topic

#1 yomatius

yomatius

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 06 July 2015 - 03:24 PM

Hi fellow, my wife has an Asus S56C ultrabook.
 
It used to be a nice computer but recently it started hanging up, freezing and is altogether very slow. After some tries and a complete freeze in mid of Windows update we had to perform a full recovery to factory settings just to get the computer up and running again, it sort of worked, but the computer is still very slow as it was before.
 
So far chckdisk and memory check did not find any errors, and Norton antivirus did not find anything as well. This laptop takes forever to boot, chrome spends forever to load websites and error messages appear literally minutes after events take place.

We thought that a full reset would work, and we cannot find the hardware problem.  I have just downloaded and ran FRST as recommended in the preparation guide. I hope the information below helps to find the flaw.
 
I am asking the experts around to take a look, perhaps you can detect what is going on. My wife uses her computer as an entertainment center instead of cable, so it is quite important for her, your help is much appreciated!
 
M
 
here are the reports I mentioned
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Mariana (administrator) on MARIAN on 06-07-2015 13:18:54
Running from C:\Users\Mariana\Documents\av tools
Loaded Profiles: UpdatusUser & Mariana (Available Profiles: UpdatusUser & Mariana)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\NS.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\NS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\iscsicpl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DsmUserTask.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DsmUserTask.exe
(Microsoft Corporation) C:\Windows\System32\drvinst.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3515957402-3506899161-1375660014-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3515957402-3506899161-1375660014-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-3515957402-3506899161-1375660014-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3515957402-3506899161-1375660014-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3515957402-3506899161-1375660014-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3515957402-3506899161-1375660014-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3515957402-3506899161-1375660014-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3515957402-3506899161-1375660014-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-29] (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3515957402-3506899161-1375660014-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3B799074-6C1F-4772-B6AE-616D08F22AE3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9F414924-12C5-4017-862F-E7293657E034}: [DhcpNameServer] 192.168.16.1
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-01] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn [2015-07-01]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-01]
CHR Extension: (Google Docs) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-01]
CHR Extension: (Google Drive) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-01]
CHR Extension: (YouTube) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-01]
CHR Extension: (Norton Security Toolbar) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-01]
CHR Extension: (Google Search) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-01]
CHR Extension: (Google Sheets) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-01]
CHR Extension: (Norton Identity Safe) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-07-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-01]
CHR Extension: (Google Wallet) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-01]
CHR Extension: (Gmail) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-01]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-06-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-06-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations) [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-09-30] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2012-09-30] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-17] (McAfee, Inc.)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\NS.exe [282016 2015-06-17] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150625.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-09-30] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-09-30] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-09-30] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-09-30] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-09-30] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-09-30] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-30] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150703.001\IDSvia64.sys [692984 2015-06-30] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150705.032\ENG64.SYS [138488 2015-06-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150705.032\EX64.SYS [2146040 2015-06-30] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NSx64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1605000.07C\SymELAM.sys [23568 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)
U0 msahci; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 12:34 - 2015-07-06 12:49 - 00000597 _____ C:\WINDOWS\setupact.log
2015-07-06 12:34 - 2015-07-06 12:34 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-06 10:06 - 2015-07-06 10:49 - 00097969 _____ C:\Users\Mariana\Downloads\3C78.tmp
2015-07-01 20:12 - 2015-07-01 20:12 - 00000000 ___SH C:\DkHyperbootSync
2015-07-01 19:01 - 2015-07-01 19:24 - 212284084 _____ (NVIDIA Corporation) C:\Users\Mariana\Downloads\Unconfirmed 965005.crdownload
2015-07-01 18:45 - 2015-07-06 13:19 - 00000000 ____D C:\FRST
2015-07-01 18:39 - 2015-07-01 18:39 - 00002790 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-07-01 18:39 - 2015-07-01 18:39 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-01 18:39 - 2015-07-01 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-01 18:39 - 2015-07-01 18:39 - 00000000 ____D C:\Program Files\CCleaner
2015-07-01 18:34 - 2015-07-01 19:22 - 00007597 _____ C:\Users\Mariana\AppData\Local\Resmon.ResmonCfg
2015-07-01 10:44 - 2015-07-01 10:44 - 00000000 ____D C:\sources
2015-07-01 08:32 - 2015-07-01 13:10 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3515957402-3506899161-1375660014-1002
2015-07-01 08:27 - 2015-07-01 08:27 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-01 08:27 - 2015-07-01 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-01 08:26 - 2015-07-06 14:37 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 08:26 - 2015-07-06 08:46 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 08:26 - 2015-07-01 08:31 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-01 08:26 - 2015-07-01 08:31 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-01 08:26 - 2015-07-01 08:27 - 00000000 ____D C:\Users\Mariana\AppData\Local\Google
2015-07-01 08:26 - 2015-07-01 08:27 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-01 08:26 - 2015-07-01 08:26 - 00000000 ____D C:\Users\Mariana\AppData\Local\Deployment
2015-07-01 08:26 - 2015-07-01 08:26 - 00000000 ____D C:\Users\Mariana\AppData\Local\Apps\2.0
2015-07-01 07:29 - 2015-07-01 07:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2015-07-01 07:27 - 2015-07-01 07:27 - 00102616 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-07-01 07:27 - 2015-07-01 07:27 - 00008166 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-07-01 07:27 - 2015-07-01 07:27 - 00003218 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-07-01 07:27 - 2015-07-01 07:27 - 00002393 _____ C:\Users\Public\Desktop\Norton Security.LNK
2015-07-01 07:27 - 2015-07-01 07:27 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-01 07:25 - 2015-07-01 07:25 - 00000000 ____D C:\NPE
2015-07-01 07:24 - 2015-07-01 07:34 - 00000000 ____D C:\Users\Mariana\AppData\Local\NPE
2015-07-01 07:24 - 2015-07-01 07:24 - 03088296 _____ (Symantec Corporation) C:\Users\Mariana\Downloads\NPE.exe
2015-07-01 07:22 - 2015-07-01 07:22 - 01110424 _____ (Symantec Corporation) C:\Users\Mariana\Downloads\NSDownloader.exe
2015-06-30 21:25 - 2015-07-01 07:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-06-30 21:25 - 2015-06-30 21:25 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2015-06-30 21:25 - 2015-06-30 21:25 - 00000000 ____D C:\Program Files (x86)\Norton Security
2015-06-30 19:27 - 2014-05-14 21:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-06-30 19:27 - 2014-05-14 18:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-06-30 19:27 - 2014-05-14 18:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-06-30 19:27 - 2014-05-14 18:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-06-30 19:27 - 2014-05-14 18:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-06-30 19:07 - 2013-08-16 01:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-06-30 19:07 - 2012-11-06 00:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
2015-06-30 19:06 - 2012-11-06 00:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-06-30 18:03 - 2015-06-27 02:01 - 00022362 _____ C:\Users\Mariana\Documents\gmerjune26.log
2015-06-30 17:53 - 2015-06-30 18:03 - 00000000 ____D C:\Users\Mariana\Documents\mariana usb
2015-06-30 17:53 - 2015-06-27 12:51 - 00000000 ____D C:\Users\Mariana\Documents\Fotos Mariana
2015-06-30 17:43 - 2015-06-30 17:53 - 00000000 ____D C:\Users\Mariana\Documents\Contactos Mariana
2015-06-30 17:40 - 2015-06-30 17:43 - 00000000 ____D C:\Users\Mariana\Documents\Carpeta Mariana
2015-06-30 17:38 - 2015-07-01 18:47 - 00000000 ____D C:\Users\Mariana\Documents\av tools
2015-06-30 17:36 - 2015-07-01 07:26 - 00001261 _____ C:\Users\Mariana\Desktop\Norton Installation Files.lnk
2015-06-30 17:33 - 2015-07-01 07:34 - 00000000 ____D C:\ProgramData\Norton
2015-06-30 17:33 - 2015-06-30 17:33 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-30 17:02 - 2015-06-30 17:02 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\ASUS WebStorage
2015-06-30 16:57 - 2015-06-30 16:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2015-06-30 16:56 - 2015-06-30 16:57 - 00000000 ____D C:\Users\Mariana\Documents\Bluetooth Folder
2015-06-30 16:56 - 2015-06-30 16:56 - 00000000 ____D C:\Users\Mariana\AppData\Local\BMExplorer
2015-06-30 16:50 - 2015-06-30 16:50 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Atheros
2015-06-30 16:49 - 2015-07-01 07:26 - 00000401 _____ C:\Users\Mariana\AppData\Roaming\sp_data.sys
2015-06-30 16:46 - 2015-06-30 16:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-06-30 16:36 - 2015-06-30 16:36 - 00001436 _____ C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-30 16:34 - 2015-06-30 16:34 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Macromedia
2015-06-30 16:31 - 2015-06-30 16:31 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Adobe
2015-06-30 16:24 - 2015-06-30 16:26 - 00000000 ____D C:\ProgramData\FolderView
2015-06-30 16:24 - 2015-06-30 16:25 - 00000000 __RSD C:\Users\Public\Desktop\ASUS
2015-06-30 16:20 - 2015-06-30 16:23 - 00000134 _____ C:\WINDOWS\SysWOW64\mcmarkclean.log
2015-06-30 15:54 - 2015-06-30 15:54 - 00000000 ____D C:\Users\Mariana\AppData\Local\VirtualStore
2015-06-30 15:49 - 2015-06-30 17:01 - 00000000 ____D C:\Users\Mariana\AppData\Local\Packages
2015-06-30 15:49 - 2015-06-30 15:52 - 00000000 ____D C:\Users\Mariana\AppData\Local\ASUS
2015-06-30 15:46 - 2015-07-01 20:18 - 01803613 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-30 15:45 - 2015-06-30 16:42 - 00000000 ____D C:\Users\Mariana
2015-06-30 15:45 - 2015-06-30 15:45 - 00000020 ___SH C:\Users\Mariana\ntuser.ini
2015-06-30 15:45 - 2012-11-27 14:27 - 00002102 _____ C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2015-06-30 15:45 - 2012-07-26 04:13 - 00000000 ___RD C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-30 15:45 - 2012-07-26 04:13 - 00000000 ___RD C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-30 15:45 - 2012-07-26 04:13 - 00000000 ___RD C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-30 15:45 - 2012-07-26 04:13 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 15:05 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-06 15:01 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-06 13:58 - 2013-02-06 00:56 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-07-01 19:49 - 2012-08-02 04:40 - 00439442 _____ C:\WINDOWS\system32\prfh0804.dat
2015-07-01 19:49 - 2012-08-02 04:40 - 00135630 _____ C:\WINDOWS\system32\prfc0804.dat
2015-07-01 19:49 - 2012-08-02 04:35 - 00804546 _____ C:\WINDOWS\system32\perfh00A.dat
2015-07-01 19:49 - 2012-08-02 04:35 - 00165432 _____ C:\WINDOWS\system32\perfc00A.dat
2015-07-01 19:49 - 2012-07-26 03:28 - 02353978 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-01 19:41 - 2012-07-26 03:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-01 18:41 - 2012-08-01 22:20 - 00000000 ____D C:\WINDOWS\Panther
2015-07-01 18:08 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\rescache
2015-07-01 15:11 - 2012-11-27 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-07-01 15:11 - 2012-11-27 14:26 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-07-01 12:56 - 2013-02-06 00:51 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-07-01 12:56 - 2013-02-06 00:51 - 00000000 ____D C:\WINDOWS\system32\NV
2015-07-01 12:54 - 2013-02-06 00:49 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-01 11:17 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-07-01 11:17 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-01 11:17 - 2012-07-26 03:52 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-01 11:16 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-01 11:16 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-01 11:16 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-01 11:16 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-01 11:16 - 2012-07-26 01:37 - 00000000 ____D C:\WINDOWS\servicing
2015-07-01 11:14 - 2012-08-02 04:30 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-07-01 11:14 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-07-01 11:14 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-07-01 11:14 - 2012-07-26 03:49 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-07-01 11:14 - 2012-07-26 03:49 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-07-01 11:14 - 2012-07-26 03:49 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-07-01 11:14 - 2012-07-26 03:49 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-07-01 11:14 - 2012-07-26 01:38 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-07-01 11:14 - 2012-07-26 01:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-07-01 11:13 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-07-01 11:13 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-07-01 11:11 - 2012-07-26 04:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-01 11:11 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-07-01 11:11 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-01 11:11 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\IME
2015-07-01 11:10 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-07-01 11:10 - 2012-07-26 03:49 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-07-01 11:10 - 2012-07-26 03:49 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-07-01 11:10 - 2012-07-26 03:49 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-07-01 11:10 - 2012-07-26 01:38 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-01 11:10 - 2012-07-26 01:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-07-01 11:10 - 2012-07-26 01:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-07-01 11:09 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-07-01 11:09 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-07-01 11:09 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\Com
2015-07-01 11:09 - 2012-07-26 03:49 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-07-01 10:53 - 2012-07-26 03:49 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-07-01 10:41 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\Globalization
2015-07-01 10:36 - 2012-11-27 14:28 - 00000000 ____D C:\Program Files\mcafee
2015-07-01 07:35 - 2012-07-26 01:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-01 07:27 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-01 07:25 - 2012-11-27 14:28 - 00000000 ____D C:\ProgramData\McAfee
2015-07-01 07:25 - 2012-11-27 14:28 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-07-01 07:24 - 2012-07-26 01:26 - 00008192 ___SH C:\WINDOWS\system32\config\BBI
2015-06-30 18:44 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\restore
2015-06-30 16:57 - 2013-02-06 01:01 - 00000000 ____D C:\ProgramData\Atheros
2015-06-30 16:30 - 2012-08-01 21:36 - 00000000 ____D C:\WINDOWS\Log
2015-06-30 16:29 - 2012-11-27 14:26 - 00000000 ____D C:\ProgramData\ChangeFolderView
2015-06-30 09:41 - 2012-07-26 04:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
 
==================== Files in the root of some directories =======
 
2015-06-30 16:49 - 2015-07-01 07:26 - 0000401 _____ () C:\Users\Mariana\AppData\Roaming\sp_data.sys
2015-07-01 18:34 - 2015-07-01 19:22 - 0007597 _____ () C:\Users\Mariana\AppData\Local\Resmon.ResmonCfg
2012-11-27 14:26 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 14:26 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 14:26 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-08-01 21:20
 
==================== End of log ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Mariana at 2015-07-06 15:18:18
Running from C:\Users\Mariana\Documents\av tools
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3515957402-3506899161-1375660014-500 - Administrator - Disabled)
Guest (S-1-5-21-3515957402-3506899161-1375660014-501 - Limited - Disabled)
Mariana (S-1-5-21-3515957402-3506899161-1375660014-1002 - Administrator - Enabled) => C:\Users\Mariana
UpdatusUser (S-1-5-21-3515957402-3506899161-1375660014-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.6.1082 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.0.124 - Symantec Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6754 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
30-06-2015 18:44:27 Windows Update
01-07-2015 20:08:52 Language Pack Removal
06-07-2015 10:48:04 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {398FA26F-E171-4972-AB1B-5CDDDF57FF05} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {4BDD40CA-043E-47F0-88F9-A2D2F3E9FEE8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {50A16FEF-2190-4EA0-BB70-300A3F1718E0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {5F0341CD-6EE0-4B2D-AC36-C815EBC42AC9} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {6B24A360-05B7-4FC7-9357-369634341E6A} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {BAFD92FF-1352-4727-BF94-7E389701169A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-01] (Google Inc.)
Task: {C564987A-3D7E-448D-820C-0A307969A59F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-01] (Google Inc.)
Task: {D71ACE9A-4C4F-4FB8-A4AC-F92BDE6D75C6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3515957402-3506899161-1375660014-1002
Task: {E0927806-765D-4B83-898E-039FC279D26F} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {E9029A27-5F56-4905-8690-18F389FD9123} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {EBCF69B3-066D-4209-BF7F-DCA7F3A967FB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-24 21:26 - 2012-08-24 21:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-02-06 00:52 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3515957402-3506899161-1375660014-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mariana\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\abookofsleep2.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "ACMON"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B817702A-CB1E-4ABB-8461-53568BAEC851}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{963C85A6-046F-40AB-92E5-424F10D98037}] => (Allow) LPort=2869
FirewallRules: [{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}] => (Allow) LPort=1900
FirewallRules: [{4DEA6AFA-3F8F-455D-89E5-51E0F1D1E77B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CB66700D-CC05-40D0-8D5B-B5B18B7E39DF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FB33744F-2BF8-4874-B954-DCAE9CAEE64C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{660BC194-D8E7-46E5-A34F-AAB62A47F965}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{11E42656-FECB-47F1-87FB-A4B4167971EB}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{A001E7AE-F64A-4519-83A1-536589D20B63}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{77132093-20C2-4E8A-8D5F-2E931E1D561C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2015 00:31:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 6.2.9200.16384, time stamp: 0x50109efd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16384, time stamp: 0x5010ab2d
Exception code: 0x00000000
Fault offset: 0x00000000000189cc
Faulting process id: 0x1288
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report Id: mmc.exe3
Faulting package full name: mmc.exe4
Faulting package-relative application ID: mmc.exe5
 
Error: (07/06/2015 00:24:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fd4
 
Start Time: 01d0b7fc110db8d2
 
Termination Time: 16
 
Application Path: C:\WINDOWS\explorer.exe
 
Report Id: 1cf090e5-23fb-11e5-be79-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/06/2015 10:57:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b2c
 
Start Time: 01d0b7f300178e15
 
Termination Time: 16
 
Application Path: C:\WINDOWS\explorer.exe
 
Report Id: cf9af20b-23ee-11e5-be79-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/06/2015 10:49:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 43.0.2357.130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c0c
 
Start Time: 01d0b7ec22e15eb0
 
Termination Time: 12
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 3ad2a767-23ea-11e5-be79-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/06/2015 09:00:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 150c
 
Start Time: 01d0b7ea5ee0dc78
 
Termination Time: 16
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 9bae9024-23de-11e5-be79-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/06/2015 08:50:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: db4
 
Start Time: 01d0b7e9163c6b03
 
Termination Time: 0
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: 1e14fc33-23dd-11e5-be79-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/01/2015 05:11:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4c8
 
Start Time: 01d0b44127cd1137
 
Termination Time: 0
 
Application Path: C:\WINDOWS\explorer.exe
 
Report Id: 06a3bb4e-2035-11e5-be77-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/01/2015 05:04:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: delegate_execute.exe, version: 43.0.2357.130, time stamp: 0x5584c777
Faulting module name: delegate_execute.exe, version: 43.0.2357.130, time stamp: 0x5584c777
Exception code: 0xc0000005
Fault offset: 0x0002b194
Faulting process id: 0xc48
Faulting application start time: 0xdelegate_execute.exe0
Faulting application path: delegate_execute.exe1
Faulting module path: delegate_execute.exe2
Report Id: delegate_execute.exe3
Faulting package full name: delegate_execute.exe4
Faulting package-relative application ID: delegate_execute.exe5
 
Error: (07/01/2015 05:01:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a0
 
Start Time: 01d0b440b57e6b14
 
Termination Time: 15
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: 343bc402-2034-11e5-be77-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/01/2015 05:01:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program InsOnCfg.exe version 3.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 12c0
 
Start Time: 01d0b440b517e49e
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
 
Report Id: 1d92bb9d-2034-11e5-be77-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/06/2015 00:45:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (07/06/2015 00:44:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LMS service.
 
Error: (07/06/2015 00:43:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.
 
Error: (07/06/2015 08:58:57 AM) (Source: DCOM) (EventID: 10010) (User: MARIAN)
Description: {329B80EC-2230-47B8-905D-A2DCF5171C6F}
 
Error: (07/06/2015 08:58:27 AM) (Source: DCOM) (EventID: 10010) (User: MARIAN)
Description: {329B80EC-2230-47B8-905D-A2DCF5171C6F}
 
Error: (07/06/2015 08:57:57 AM) (Source: DCOM) (EventID: 10010) (User: MARIAN)
Description: {329B80EC-2230-47B8-905D-A2DCF5171C6F}
 
Error: (07/01/2015 07:28:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the msiserver service.
 
Error: (07/01/2015 05:59:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASLDR Service service failed to start due to the following error: 
%%1053
 
Error: (07/01/2015 05:59:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ASLDR Service service to connect.
 
Error: (07/01/2015 05:22:21 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
 
Microsoft Office:
=========================
Error: (07/06/2015 00:31:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mmc.exe6.2.9200.1638450109efdKERNELBASE.dll6.2.9200.163845010ab2d0000000000000000000189cc128801d0b8075d6f89deC:\WINDOWS\system32\mmc.exeC:\WINDOWS\system32\KERNELBASE.dll780b80cc-23fc-11e5-be79-2016d8859519
 
Error: (07/06/2015 00:24:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.2.9200.16384fd401d0b7fc110db8d216C:\WINDOWS\explorer.exe1cf090e5-23fb-11e5-be79-2016d8859519
 
Error: (07/06/2015 10:57:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.2.9200.163841b2c01d0b7f300178e1516C:\WINDOWS\explorer.execf9af20b-23ee-11e5-be79-2016d8859519
 
Error: (07/06/2015 10:49:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.130c0c01d0b7ec22e15eb012C:\Program Files (x86)\Google\Chrome\Application\chrome.exe3ad2a767-23ea-11e5-be79-2016d8859519
 
Error: (07/06/2015 09:00:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.2.9200.16384150c01d0b7ea5ee0dc7816C:\Windows\explorer.exe9bae9024-23de-11e5-be79-2016d8859519
 
Error: (07/06/2015 08:50:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.16384db401d0b7e9163c6b030C:\WINDOWS\Explorer.EXE1e14fc33-23dd-11e5-be79-2016d8859519
 
Error: (07/01/2015 05:11:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.2.9200.163844c801d0b44127cd11370C:\WINDOWS\explorer.exe06a3bb4e-2035-11e5-be77-2016d8859519
 
Error: (07/01/2015 05:04:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe43.0.2357.1305584c777delegate_execute.exe43.0.2357.1305584c777c00000050002b194c4801d0b441699eff55C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\delegate_execute.execc0c07e9-2034-11e5-be77-2016d8859519
 
Error: (07/01/2015 05:01:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.163841a001d0b440b57e6b1415C:\WINDOWS\Explorer.EXE343bc402-2034-11e5-be77-2016d8859519
 
Error: (07/01/2015 05:01:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: InsOnCfg.exe3.0.2.012c001d0b440b517e49e0C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe1d92bb9d-2034-11e5-be77-2016d8859519
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 42%
Total physical RAM: 6029.51 MB
Available physical RAM: 3447.48 MB
Total Pagefile: 10125.51 MB
Available Pagefile: 7652.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.26 GB) (Free:327.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:537.6 GB) (Free:520.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C2B20764)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 6DA4766D)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

Edit: Moved topic from Windows 8 to the more appropriate forum. Also merged separate topic that included malware log attachments to this original topic for log continuity. ~ Animal

Attached Files



BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 11 July 2015 - 11:40 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, yomatius

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Do you still require help?

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 yomatius

yomatius
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 11 July 2015 - 11:27 PM

I still require help. Please, what should I do? Do you guys make any sense of these reports? Is it malware?

 

I am at a loss here, any ideas are much appeciated,

 

yours, M



#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 12 July 2015 - 12:32 AM

McAfee could probably be the issue here.

Please download the below link and run McAfee Consumer Product Removal (MCPR) and follow the instructions set out.

http://us.mcafee.com/apps/supporttools/mcpr/mcpr.asp

Once done, reboot your machine and run FRST again for review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 yomatius

yomatius
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 15 July 2015 - 06:42 PM

Dear friend, I was on the road for a few days. Today I returned and turned on my wife's laptop to do that. Unfortunately, Windows Update updated, and it took literally 12 hours to complete the update (I thought about stopping it but I could hear the hard drive doing things). After that, the laptop fell into an autorepair start loop, and the only option I could go through was to clean computer to zero.

 

That process is running at the moment, very very slowly, but it reminds me of my first try, so I am very worried that this computer will become unusable. What do you think is happening?

 

best regards,

 

Mateo



#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 16 July 2015 - 06:10 AM

It sounds like you're doing a factory reset. If that's really the case, then most likely all the previous data will be gone. Maybe you could take a picture on what's happening right now on the laptop so that I can tell what you're going through?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 yomatius

yomatius
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 16 July 2015 - 08:34 AM

Indeed, this was a factory reset. It was the only option I could run through because the laptop would start up in autorepair mode and take me to the troubleshoot screen. There I tried to start up normally, returned to same screen. Safe mode, same thing. Restore to last update, failed, same thing. Etc. So to take the machine out of the loop I resorted to that. I have a backup of most important data, so now I am only concerned the computer works.

 

Mind this is the second time this has happened. Something is seriously wrong deep at Windows innards, I do not know whether it is a result of malware or what. 

 

BTW, it took the lap all night! to get back into a Windows settings selection and then to the log in screen. After logging in to Windows account I see a black screen with a responsive pointer (only the pointer). I am gonna do a play by play here. 

 

ten minutes. No keyboard responses but some things happening in the background because I hear the hard drive working and sometimes the blue ring that indicates a process appears. Eventually a Mccaffee sign appears bottom right, with a "your computer is at risk" message. I click cancel and wait.

 

20 minutes. Command prompt appears! mcmark.exe and something else but it goes out too quick for me to take a picture or write it down! Now onto an Asus screen that says configuring your system, please wait. So far the process has taken some 10 minutes. And then back to a black screen with a mouse pointer. Still no keyboard response. 

 

25 minutes. Again command prompt. something about "disable s4s3..." then it goes away. This is taking forever but I hear the hard disk working. I get a desktop with Asus default screen but still no response from keyboard or clicks.

 

40 minutes. I will wait longer and I get windows start screen and then my wife's desktop image. This has taken very very long and I always here the hard drive working, but it might be because it is a first setup. I insert a USB key with her documents and some tools like the farbar recovery tool and mcaffee uninstaller, among others, it takes a long time for the machine to recognize it and it starts setting it up, it takes forever.S

 

2 hours. still usb drive is not recognized. I am running the MCafee uninstall from windows and a message of incomplete uninstall prompts me to uninstall in compatibility mode. At the same time I turn on IExplorer (factory reset default browser) to download removal tool, etc. A suspicious message appears "web browser Stop running this script? a script on this page is causing your web browser to run slowly, If it continues to run, your computer might become unresponsive  YES NO"  I do not like it so I do not click anything, I cannot access any website at all.

 

Now I have to go to work and travel for a couple days, I will leave the computer there, and see what has happened when I return.

 

 

Best regards

 

M



#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 16 July 2015 - 09:18 AM

This doesn't sound right to me. Things should feel snappy after a factory reset since all programs installed will be gone. Are you still seeing old programs installed inside or everything is back to where you first purchased the laptop?


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 yomatius

yomatius
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 16 July 2015 - 03:59 PM

Hi, no, I did not see any old programs installed, but the computer is terribly terribly slow. And I did get those weird messages. Now I am on the road and I do not return until Friday, so I will check up later on.

 

A couple important things I noticed that might help (forensics)

 

-As originally posted, this computer went through one factory reset before. It used to have Windows 8.1 before the first factory reset. After that factory reset it returned to Windows 8 but problems continued, as above. 

-hard drive is constantly doing something.

-I performed a checkdisk and memory check previously and both turned out ok,

-Everything hangs up or freezes for a while, but clicks are registered and menus eventually appear. 

-USB drive was very unresponsive.

-Mccafee was there  still, though I left it uninstalling.,

-I think I saw in the task manager that bitlocker was running, but when I went to control panel there was no bitlocker found,

-what is this script message I am getting?, and why Internet would not work. The laptop connects to the wifi network easily but browser hangs and becomes unresponsive. And I am talking about the native Internet Explorer.

 

 

I am really stumped. But I want to salvage the machine because it is the only entertainment my wife has and I travel a lot. I do not have funds to buy a new one now. I wll keep you posted as soon as I get back. Feel free to theoricize here because I truly have no idea how this is even possible,



#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 16 July 2015 - 09:40 PM

It seems to be that hardware could be failing, but I could be wrong.

 

Meanwhile, try checking the temperature. Download SpeedFan


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 16 July 2015 - 11:00 PM

Hi yomatius,

 

Please get these downloaded as well while we're at it.

 

GSmartControl for Windows

-------------------

  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply

===================================================

System Summary Information

--------------------

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 yomatius

yomatius
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 17 July 2015 - 09:50 AM

Sure, I return home today and I will try my best. Thanks a lot for your help.



#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:36 AM

Posted 17 July 2015 - 09:46 PM

Take your time. :)


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 yomatius

yomatius
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 July 2015 - 02:17 PM

Hello and back here again. Better news, computer seems to be working now, at least I can use it to post here, so it is a BIG advance. I do not want to celebrate yet.
 
I had left it removing mccaffee and frozen, when I returned two days later it was able to boot up kind of normally. I still ran the mcaffee removal tool just to make sure it was not there and ccleaner. 
 
Now I downloaded the tools mentioned and these are results>
 
1. temperature (in celsius) GPU. 56c. HD1 at 45C, Cores at 65C. is this too much? does not seem so.
2. gsmart hd test. apparently no errors, attached file.
3. Fbar recovery scan tool, results copied below in length
 
Conclusion, computer seems doing better, for not other reason than removing Mccaffee. It does not explain behaviour really. It did freeze for a while with Asus live update kicking in, but I uninstalled it and moved on. 
What should I do next? Should I test something else? install antivirus? start installing Office, Update to 8.1? etc? I do want to feel happy about this but I am wary still.
 
Thanks so much for your support so far. Amazing.
 
Best, Matius
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Mariana (administrator) on MARIANA on 18-07-2015 15:10:36
Running from D:\av tools
Loaded Profiles: UpdatusUser & Mariana (Available Profiles: UpdatusUser & Mariana)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Almico Software (almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-29] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-29] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3515957402-3506899161-1375660014-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3515957402-3506899161-1375660014-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-3515957402-3506899161-1375660014-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-3515957402-3506899161-1375660014-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3515957402-3506899161-1375660014-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3515957402-3506899161-1375660014-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-29] (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3B799074-6C1F-4772-B6AE-616D08F22AE3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9F414924-12C5-4017-862F-E7293657E034}: [DhcpNameServer] 192.168.16.1
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-18]
CHR Extension: (Google Docs) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-18]
CHR Extension: (Google Drive) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18]
CHR Extension: (YouTube) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-18]
CHR Extension: (Google Search) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-18]
CHR Extension: (Google Sheets) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-18]
CHR Extension: (Google Wallet) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-18]
CHR Extension: (Gmail) - C:\Users\Mariana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0102271437204542mcinstcleanup; C:\WINDOWS\TEMP\010227~1.EXE [831600 2012-09-23] (McAfee, Inc.)
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations) [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-09-30] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2012-09-30] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-09-30] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-09-30] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-09-30] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-09-30] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-09-30] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-09-30] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
U0 msahci; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-18 15:05 - 2015-07-18 15:10 - 00000000 ____D C:\FRST
2015-07-18 15:05 - 2015-07-18 15:05 - 00000218 _____ C:\Users\Mariana\.recently-used.xbel
2015-07-18 15:04 - 2015-07-18 15:04 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\gtk-2.0
2015-07-18 14:58 - 2015-07-18 15:05 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\gsmartcontrol
2015-07-18 14:57 - 2015-07-18 15:05 - 00000000 ____D C:\Program Files (x86)\GSmartControl
2015-07-18 14:57 - 2015-07-18 14:57 - 00002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSmartControl.lnk
2015-07-18 14:48 - 2015-07-18 14:52 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-07-18 14:48 - 2015-07-18 14:48 - 00001013 _____ C:\Users\Mariana\Desktop\SpeedFan.lnk
2015-07-18 14:48 - 2015-07-18 14:48 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2015-07-18 14:48 - 2015-07-18 14:48 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-07-18 14:47 - 2015-07-18 14:47 - 08267997 _____ C:\Users\Mariana\Downloads\gsmartcontrol-0.8.7.exe
2015-07-18 14:47 - 2015-07-18 14:47 - 02218504 _____ C:\Users\Mariana\Downloads\instspeedfan451.exe
2015-07-18 14:01 - 2015-07-18 14:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-18 14:01 - 2015-07-03 08:43 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-18 13:34 - 2015-07-18 13:34 - 00000000 ___SH C:\DkHyperbootSync
2015-07-18 03:42 - 2015-07-18 03:42 - 00000000 ____D C:\WINDOWS\LastGood
2015-07-18 03:41 - 2015-07-18 03:41 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-18 03:37 - 2015-07-18 03:37 - 00002792 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-07-18 03:37 - 2015-07-18 03:37 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-18 03:37 - 2015-07-18 03:37 - 00000000 ____D C:\Program Files\CCleaner
2015-07-18 03:36 - 2015-07-18 14:46 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-18 03:36 - 2015-07-18 10:37 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-18 03:36 - 2015-07-18 03:41 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-18 03:36 - 2015-07-18 03:41 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-18 03:36 - 2015-07-18 03:37 - 00000000 ____D C:\Users\Mariana\AppData\Local\Google
2015-07-18 03:36 - 2015-07-18 03:36 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-18 03:36 - 2015-07-18 03:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-18 03:36 - 2015-07-18 03:36 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-18 03:35 - 2015-07-18 10:38 - 00000401 _____ C:\Users\Mariana\AppData\Roaming\sp_data.sys
2015-07-18 03:35 - 2015-07-18 03:35 - 00000000 ____D C:\Users\Mariana\Documents\Bluetooth Folder
2015-07-18 03:35 - 2015-07-18 03:35 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Atheros
2015-07-18 03:35 - 2015-07-18 03:35 - 00000000 ____D C:\Users\Mariana\AppData\Local\BMExplorer
2015-07-18 03:32 - 2015-07-18 03:32 - 00000000 ____D C:\ProgramData\McAfee
2015-07-18 03:29 - 2015-07-18 03:29 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Macromedia
2015-07-18 03:29 - 2015-07-18 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-18 03:20 - 2015-07-18 03:20 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-16 10:11 - 2014-05-19 22:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-16 10:11 - 2014-05-19 19:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-16 10:11 - 2014-05-19 19:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-16 10:11 - 2014-05-19 19:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-16 10:11 - 2014-05-19 19:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-16 10:11 - 2014-05-19 19:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-16 10:11 - 2014-05-19 19:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-16 10:11 - 2014-05-19 19:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-07-16 10:11 - 2014-05-19 19:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-16 10:11 - 2013-08-16 01:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-16 10:11 - 2013-08-16 01:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-16 10:11 - 2013-08-15 18:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-16 10:11 - 2012-11-06 00:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-07-16 10:11 - 2012-11-06 00:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
2015-07-16 10:07 - 2014-05-14 18:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-16 10:07 - 2014-05-14 18:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-16 10:07 - 2014-05-14 18:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-16 10:07 - 2014-05-14 18:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-16 08:54 - 2015-07-16 08:54 - 00003198 _____ C:\WINDOWS\System32\Tasks\{9C4A223D-3F9E-485B-922E-0670EE524CDF}
2015-07-16 08:06 - 2015-07-18 14:47 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3515957402-3506899161-1375660014-1002
2015-07-16 08:05 - 2015-07-16 08:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-07-16 08:02 - 2015-07-16 08:02 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\ASUS WebStorage
2015-07-16 07:45 - 2015-07-16 07:45 - 00001436 _____ C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-16 07:45 - 2015-07-16 07:45 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Adobe
2015-07-16 07:40 - 2015-07-16 07:41 - 00000192 _____ C:\WINDOWS\FixPatch.log
2015-07-16 07:39 - 2015-07-16 07:40 - 00000000 ____D C:\ProgramData\FolderView
2015-07-16 07:39 - 2015-07-16 07:39 - 00000134 _____ C:\WINDOWS\SysWOW64\mcmarkclean.log
2015-07-16 07:39 - 2015-07-16 07:39 - 00000000 __RSD C:\Users\Public\Desktop\ASUS
2015-07-16 07:21 - 2015-07-16 07:21 - 00000000 ____D C:\Users\Mariana\AppData\Local\VirtualStore
2015-07-16 07:18 - 2015-07-18 14:44 - 00000000 ____D C:\Users\Mariana\AppData\Local\Packages
2015-07-16 07:17 - 2015-07-18 14:48 - 01498060 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-16 07:17 - 2015-07-16 07:20 - 00000000 ____D C:\Users\Mariana\AppData\Local\ASUS
2015-07-16 07:16 - 2015-07-18 15:05 - 00000000 ____D C:\Users\Mariana
2015-07-16 07:16 - 2015-07-16 07:16 - 00000020 ___SH C:\Users\Mariana\ntuser.ini
2015-07-16 07:16 - 2012-11-27 14:27 - 00002102 _____ C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2015-07-16 07:16 - 2012-07-26 04:13 - 00000000 ___RD C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-16 07:16 - 2012-07-26 04:13 - 00000000 ___RD C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-16 07:16 - 2012-07-26 04:13 - 00000000 ___RD C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-16 07:16 - 2012-07-26 04:13 - 00000000 ____D C:\Users\Mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-18 15:03 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-18 15:00 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-18 14:45 - 2012-11-27 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-07-18 14:45 - 2012-11-27 14:26 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-07-18 14:44 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-07-18 13:29 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\rescache
2015-07-18 03:42 - 2013-02-06 00:49 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-18 03:40 - 2012-08-02 04:45 - 00453762 _____ C:\WINDOWS\system32\prfh0404.dat
2015-07-18 03:40 - 2012-08-02 04:45 - 00135630 _____ C:\WINDOWS\system32\prfc0404.dat
2015-07-18 03:40 - 2012-08-02 04:40 - 00439442 _____ C:\WINDOWS\system32\prfh0804.dat
2015-07-18 03:40 - 2012-08-02 04:40 - 00135630 _____ C:\WINDOWS\system32\prfc0804.dat
2015-07-18 03:40 - 2012-08-02 04:35 - 00804546 _____ C:\WINDOWS\system32\perfh00A.dat
2015-07-18 03:40 - 2012-08-02 04:35 - 00165432 _____ C:\WINDOWS\system32\perfc00A.dat
2015-07-18 03:40 - 2012-08-02 04:31 - 00806622 _____ C:\WINDOWS\system32\perfh00C.dat
2015-07-18 03:40 - 2012-08-02 04:31 - 00158162 _____ C:\WINDOWS\system32\perfc00C.dat
2015-07-18 03:40 - 2012-07-26 03:28 - 03868852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-18 03:35 - 2013-02-06 01:01 - 00000000 ____D C:\ProgramData\Atheros
2015-07-18 03:34 - 2012-07-26 03:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-18 03:33 - 2012-08-01 21:20 - 00021382 _____ C:\WINDOWS\PFRO.log
2015-07-18 03:32 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-07-18 03:32 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-07-18 03:32 - 2012-07-26 01:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-18 03:31 - 2012-07-26 01:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-18 03:30 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-16 10:10 - 2012-07-26 04:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-07-16 10:10 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-07-16 09:31 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\restore
2015-07-16 08:05 - 2012-07-26 03:21 - 00038490 _____ C:\WINDOWS\setupact.log
2015-07-16 07:43 - 2012-11-27 14:26 - 00000000 ____D C:\ProgramData\ChangeFolderView
2015-07-16 07:42 - 2012-08-01 21:36 - 00000000 ____D C:\WINDOWS\Log
2015-07-16 07:41 - 2012-11-27 14:26 - 07271876 _____ C:\WINDOWS\AsDebug.log
2015-07-16 07:41 - 2012-11-27 14:26 - 01088956 _____ C:\WINDOWS\AsCDProc.log
2015-07-16 07:19 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-16 07:17 - 2012-07-26 04:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
 
==================== Files in the root of some directories =======
 
2015-07-18 03:35 - 2015-07-18 10:38 - 0000401 _____ () C:\Users\Mariana\AppData\Roaming\sp_data.sys
2012-11-27 14:26 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 14:26 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 14:26 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
 
 
Some files in TEMP:
====================
C:\Users\Mariana\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Mariana\AppData\Local\Temp\sfareca00001.dll
C:\Users\Mariana\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-08-01 21:20
 
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Mariana at 2015-07-18 15:07:01
Running from D:\av tools
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3515957402-3506899161-1375660014-500 - Administrator - Disabled)
Guest (S-1-5-21-3515957402-3506899161-1375660014-501 - Limited - Disabled)
Mariana (S-1-5-21-3515957402-3506899161-1375660014-1002 - Administrator - Enabled) => C:\Users\Mariana
UpdatusUser (S-1-5-21-3515957402-3506899161-1375660014-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.6.1082 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NVIDIA Graphics Driver 306.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6754 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
16-07-2015 09:31:09 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B830CFE-825E-4D47-B2B4-366CCE2277A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {398FA26F-E171-4972-AB1B-5CDDDF57FF05} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {50A16FEF-2190-4EA0-BB70-300A3F1718E0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {6B24A360-05B7-4FC7-9357-369634341E6A} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {9E246544-5BF4-4E8D-80EC-35A88396D162} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {D35A2B9B-F649-4BEF-B80F-3E3436608A02} - System32\Tasks\{9C4A223D-3F9E-485B-922E-0670EE524CDF} => pcalua.exe -a "C:\Program Files\McAfee\MSC\mcuihost.exe" -c /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
Task: {E46AD27E-108E-4FAA-8144-286F7B5EA969} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.)
Task: {E9029A27-5F56-4905-8690-18F389FD9123} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {FA706458-6784-49CC-BD81-D8F3E2982906} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-18] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-24 21:26 - 2012-08-24 21:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-09-29 23:02 - 2012-09-29 23:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-29 22:59 - 2012-09-29 22:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-29 23:01 - 2012-09-29 23:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-01-11 02:15 - 2012-10-15 00:09 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-07-26 03:58 - 2012-07-26 03:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-02-06 00:52 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-08-24 21:17 - 2012-08-24 21:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2015-07-18 03:36 - 2015-07-13 17:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-18 03:36 - 2015-07-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-18 03:36 - 2015-07-13 17:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
2015-07-18 14:52 - 2015-07-18 14:52 - 00158720 _____ () C:\Users\Mariana\AppData\Local\Temp\sfareca00001.dll
2015-07-18 14:52 - 2015-07-18 14:52 - 00192512 _____ () C:\Users\Mariana\AppData\Local\Temp\sfamcc00001.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3515957402-3506899161-1375660014-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mariana\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\abookofsleep2.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B817702A-CB1E-4ABB-8461-53568BAEC851}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{963C85A6-046F-40AB-92E5-424F10D98037}] => (Allow) LPort=2869
FirewallRules: [{89A8808F-8A4A-4CD6-8FFD-B8643FC13ABF}] => (Allow) LPort=1900
FirewallRules: [{4DEA6AFA-3F8F-455D-89E5-51E0F1D1E77B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CB66700D-CC05-40D0-8D5B-B5B18B7E39DF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FB33744F-2BF8-4874-B954-DCAE9CAEE64C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{660BC194-D8E7-46E5-A34F-AAB62A47F965}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D1EB451F-F9AE-4079-B658-38486701ABC5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/18/2015 02:40:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1034
 
Start Time: 01d0c167504ec078
 
Termination Time: 641
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: 673a3091-2d7c-11e5-be76-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/18/2015 02:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARIANA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/18/2015 02:39:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fe8
 
Start Time: 01d0c189161f6914
 
Termination Time: 4294967295
 
Application Path: UNKNOWN
 
Report Id: 5ec4553b-2d7c-11e5-be76-2016d8859519
 
Faulting package full name: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.Calendar
 
Error: (07/18/2015 02:39:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MARIANA)
Description: App microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar did not launch within its allotted time.
 
Error: (07/18/2015 01:05:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Netflix.exe version 1.23.0.89 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 120
 
Start Time: 01d0c168ae4c6084
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.23.0.89_x64__mcm4njqhnhss8\Netflix.exe
 
Report Id: cda32e63-2d6d-11e5-be76-2016d8859519
 
Faulting package full name: 4DF9E0F8.Netflix_1.23.0.89_x64__mcm4njqhnhss8
 
Faulting package-relative application ID: App
 
Error: (07/18/2015 12:55:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MARIANA)
Description: Package 4DF9E0F8.Netflix_1.23.0.89_x64__mcm4njqhnhss8 was terminated because it took too long to suspend.
 
Error: (07/18/2015 03:42:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Solitaire.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 13c0
 
Start Time: 01d0c12d3ac4f996
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Solitaire.exe
 
Report Id: 8296087b-2d20-11e5-be76-2016d8859519
 
Faulting package full name: Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (07/18/2015 03:42:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MARIANA)
Description: Package Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe was terminated because it took too long to suspend.
 
Error: (07/18/2015 03:34:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 010227~1.EXE, version: 7.50.129.0, time stamp: 0x4f8da259
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x70c
Faulting application start time: 0x010227~1.EXE0
Faulting application path: 010227~1.EXE1
Faulting module path: 010227~1.EXE2
Report Id: 010227~1.EXE3
Faulting package full name: 010227~1.EXE4
Faulting package-relative application ID: 010227~1.EXE5
 
Error: (07/18/2015 03:26:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mcuihost.exe version 11.6.334.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 26c
 
Start Time: 01d0bfc64d1f9729
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\McAfee\MSC\mcuihost.exe
 
Report Id: 49e6dd16-2d1e-11e5-be75-2016d8859519
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/18/2015 02:48:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 8 for x64-based Systems (KB3003743).
 
Error: (07/18/2015 02:39:59 PM) (Source: DCOM) (EventID: 10010) (User: MARIANA)
Description: Microsoft.WindowsLive.Calendar.wwa
 
Error: (07/18/2015 02:29:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 8 for x64-based Systems (KB2798162).
 
Error: (07/18/2015 02:26:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 8 for x64-based Systems (KB2845533).
 
Error: (07/18/2015 02:09:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 8 for x64-based Systems (KB2862966).
 
Error: (07/18/2015 01:58:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 8 for x64-based Systems (KB2992611).
 
Error: (07/18/2015 01:36:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 8 for x64-based Systems (KB3061518).
 
Error: (07/18/2015 01:32:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 8 for x64-based Systems (KB2808679).
 
Error: (07/18/2015 01:22:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 8 for x64-based Systems (KB2836988).
 
Error: (07/18/2015 03:35:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0102271437204542) service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (07/18/2015 02:40:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.16384103401d0c167504ec078641C:\WINDOWS\Explorer.EXE673a3091-2d7c-11e5-be76-2016d8859519
 
Error: (07/18/2015 02:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARIANA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar-2144927142
 
Error: (07/18/2015 02:39:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: UNKNOWN0.0.0.0fe801d0c189161f69144294967295UNKNOWN5ec4553b-2d7c-11e5-be76-2016d8859519microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Calendar
 
Error: (07/18/2015 02:39:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MARIANA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar
 
Error: (07/18/2015 01:05:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Netflix.exe1.23.0.8912001d0c168ae4c60844294967295C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.23.0.89_x64__mcm4njqhnhss8\Netflix.execda32e63-2d6d-11e5-be76-2016d88595194DF9E0F8.Netflix_1.23.0.89_x64__mcm4njqhnhss8App
 
Error: (07/18/2015 12:55:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MARIANA)
Description: 4DF9E0F8.Netflix_1.23.0.89_x64__mcm4njqhnhss8
 
Error: (07/18/2015 03:42:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Solitaire.exe1.0.0.013c001d0c12d3ac4f9964294967295C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Solitaire.exe8296087b-2d20-11e5-be76-2016d8859519Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbweApp
 
Error: (07/18/2015 03:42:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MARIANA)
Description: Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe
 
Error: (07/18/2015 03:34:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 010227~1.EXE7.50.129.04f8da259unknown0.0.0.000000000c00000050000000070c01d0c12c33f6b274C:\WINDOWS\TEMP\010227~1.EXEunknown738019ef-2d1f-11e5-be76-2016d8859519
 
Error: (07/18/2015 03:26:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mcuihost.exe11.6.334.026c01d0bfc64d1f97294294967295C:\Program Files\McAfee\MSC\mcuihost.exe49e6dd16-2d1e-11e5-be75-2016d8859519
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 53%
Total physical RAM: 6029.51 MB
Available physical RAM: 2829.32 MB
Total Virtual: 10125.51 MB
Available Virtual: 6366.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.26 GB) (Free:321.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:537.6 GB) (Free:520.42 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C2B20764)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 6DA4766D)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

Attached Files


Edited by yomatius, 18 July 2015 - 02:24 PM.


#15 yomatius

yomatius
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 July 2015 - 06:20 PM

Update, sadly, laptop started freezing again after a while of working all right. Restarted, Windows update kicked in and froze at 85 of 163, it has been there for 4 hours already. WTF


Edited by yomatius, 18 July 2015 - 06:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users