Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop is working extremely slow


  • This topic is locked This topic is locked
58 replies to this topic

#1 brigihey

brigihey

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 05 October 2016 - 07:24 AM

Hi, I've got an Asus laptop which was doing fine until a month ago. All of sudden it became really slow so I cleaned up everything with CCleaner, downloaded Malwarebytes and changed my antivirus from AVG to Avast, to no avail yet. I also followed the 'preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help' tutorial.
 
This is the output of FRST:
https://www.dropbox.com/s/1y7y8uj4csdxf0y/FRST.txt?dl=0
https://www.dropbox.com/s/e6owjijvsmyuz3k/Addition.txt?dl=0
This is the output of MiniToolBox:
https://www.dropbox.com/s/7ckdkniptpt7k1x/MTB.txt?dl=0

And this is the output of Security check:
https://www.dropbox.com/s/w793j0tnj36qduh/checkup.txt?dl=0

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by zenbook (administrator) on ZENBOOK-PC (05-10-2016 12:21:41)
Running from C:\Users\zenbook\Downloads
Loaded Profiles: UpdatusUser & zenbook (Available Profiles: UpdatusUser & zenbook)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Users\zenbook\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
(StagWare) C:\Program Files (x86)\NoteBook FanControl\NoteBookFanControl.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Dropbox, Inc.) C:\Users\zenbook\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(StagWare) C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710752 2015-10-12] (NVIDIA Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-05] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\Run: [TouchFreeze] => C:\Users\zenbook\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\Run: [NBFC-ClientApplication] => C:\Program Files (x86)\NoteBook FanControl\NoteBookFanControl.exe [416256 2015-05-09] (StagWare)
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\RunOnce: [Uninstall C:\Users\zenbook\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\zenbook\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\MountPoints2: {b7f35acb-094f-11e6-88d4-c48508235216} - E:\SetupWi-Fi.exe
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\MountPoints2: {d27db43f-b001-11e3-9b4b-c48508235216} - E:\LaunchU3.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-08-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-08-07] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-05] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-02-24]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\zenbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01DF8F38-25CD-49FE-925B-AC0A6DB8089A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5EBFFEE0-D7BF-4DC9-84FF-7A78D0C4613C}: [DhcpNameServer] 10.103.0.1 10.103.120.2
Tcpip\..\Interfaces\{BDF49615-1098-4CA7-979D-AF8E1263FDBF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2588937725-306486299-874216558-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-2588937725-306486299-874216558-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-2588937725-306486299-874216558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/
HKU\S-1-5-21-2588937725-306486299-874216558-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2588937725-306486299-874216558-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2588937725-306486299-874216558-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll [2012-09-11] (ASUSTeK Computer Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-05] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-25] (Oracle Corporation)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll [2012-09-11] (ASUSTeK Computer Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-05] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-25] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\zenbook\AppData\Roaming\Mozilla\Firefox\Profiles\ph5hxspj.default-1451658478786 [2016-10-05]
FF Homepage: Mozilla\Firefox\Profiles\ph5hxspj.default-1451658478786 -> hxxp://www.google.com
FF Extension: (Google Scholar Button) - C:\Users\zenbook\AppData\Roaming\Mozilla\Firefox\Profiles\ph5hxspj.default-1451658478786\Extensions\button@scholar.google.com.xpi [2016-04-27]
FF Extension: (Firefox Hotfix) - C:\Users\zenbook\AppData\Roaming\Mozilla\Firefox\Profiles\ph5hxspj.default-1451658478786\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\zenbook\AppData\Roaming\Mozilla\Firefox\Profiles\ph5hxspj.default-1451658478786\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-06]
FF ProfilePath: C:\Users\zenbook\AppData\Roaming\Gapminder Foundation\Gapminder World\Profiles\mpyr5jx3.default [2015-02-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-05]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-12-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default [2016-10-05]
CHR Extension: (Google Slides) - C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-17]
CHR Extension: (Google Docs) - C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (Google Drive) - C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (YouTube) - C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Google Search) - C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Google Sheets) - C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-17]
CHR Extension: (Google Docs Offline) - C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-29]
CHR Extension: (Gmail) - C:\Users\zenbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
CHR HKU\S-1-5-21-2588937725-306486299-874216558-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-05] (AVAST Software)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [7168 2015-05-09] (StagWare) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-29] (ASUS Corporation) [File not signed]
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-04-12] (Windows ® Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2012-04-12] (Windows ® Win 7 DDK provider)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-10-05] (AVAST Software)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [124936 2015-05-27] (ASIX Electronics Corp.)
R3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 gpslc64; C:\Windows\System32\Drivers\gpslc64.sys [102624 2010-03-10] (Mobile Action Technology Inc.)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2016-02-01] (OpenLibSys.org)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 uxdiifog; \??\C:\Users\zenbook\AppData\Local\Temp\uxdiifog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-05 12:21 - 2016-10-05 12:24 - 00030309 _____ C:\Users\zenbook\Downloads\FRST.txt
2016-10-05 12:21 - 2016-10-05 12:21 - 02405376 _____ (Farbar) C:\Users\zenbook\Downloads\FRST64.exe
2016-10-05 12:21 - 2016-10-05 12:21 - 00000000 ____D C:\FRST
2016-10-05 11:44 - 2016-03-11 14:53 - 00380928 _____ C:\Users\zenbook\Downloads\gmer.exe
2016-10-05 11:06 - 2016-10-05 11:06 - 00852798 _____ C:\Users\zenbook\Downloads\SecurityCheck.exe
2016-10-05 11:04 - 2016-10-05 11:05 - 00033503 _____ C:\Users\zenbook\Downloads\MTB.txt
2016-10-05 11:03 - 2016-10-05 11:03 - 00892416 _____ (Farbar) C:\Users\zenbook\Downloads\MiniToolBox.exe
2016-10-05 09:29 - 2016-10-05 10:37 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1475652536
2016-10-05 09:29 - 2016-10-05 09:29 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-10-05 09:29 - 2016-10-05 09:29 - 00000000 ____D C:\Users\zenbook\AppData\Roaming\AVAST Software
2016-10-05 09:29 - 2016-10-05 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-10-05 09:27 - 2016-10-05 09:27 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-10-05 09:27 - 2016-10-05 09:27 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-10-05 09:27 - 2016-10-05 09:27 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-10-05 09:27 - 2016-10-05 09:27 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-10-05 09:27 - 2016-10-05 09:26 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-10-05 09:27 - 2016-10-05 09:26 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-10-05 09:27 - 2016-10-05 09:26 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-10-05 09:27 - 2016-10-05 09:26 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-10-05 09:27 - 2016-10-05 09:26 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-10-05 09:27 - 2016-10-05 09:26 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-10-05 09:27 - 2016-10-05 09:26 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-10-05 09:26 - 2016-10-05 09:26 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-10-05 09:26 - 2016-10-05 09:26 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-10-05 09:25 - 2016-10-05 09:26 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-05 09:25 - 2016-10-05 09:26 - 00000000 ____D C:\Program Files\AVAST Software
2016-10-05 09:22 - 2016-10-05 09:24 - 231192896 _____ (AVAST Software) C:\Users\zenbook\Downloads\avast_free_antivirus_setup_offline.exe
2016-10-05 09:22 - 2016-10-05 09:22 - 00000000 ____D C:\Users\zenbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-21 16:55 - 2016-06-26 02:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-09-21 16:55 - 2016-06-26 02:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-09-21 16:55 - 2016-06-22 15:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-09-21 16:55 - 2016-06-17 20:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-09-21 16:55 - 2016-06-17 20:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-09-21 16:55 - 2016-06-17 20:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-09-21 16:55 - 2016-06-17 20:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-09-21 16:55 - 2016-06-17 20:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-09-21 16:55 - 2016-06-17 20:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-09-21 15:23 - 2016-09-21 15:23 - 00098935 _____ C:\Users\zenbook\Desktop\MasterThesisAward2016_Reglement.pdf
2016-09-20 20:33 - 2016-09-20 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-20 20:32 - 2016-06-11 08:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-20 20:32 - 2016-06-11 06:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-20 20:32 - 2016-06-10 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-20 20:32 - 2016-06-10 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-20 20:32 - 2016-06-10 23:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-20 20:32 - 2016-06-10 23:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-20 20:32 - 2016-06-10 23:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-20 20:32 - 2016-06-10 23:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-20 20:32 - 2016-06-10 23:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-20 20:32 - 2016-06-10 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-20 20:32 - 2016-06-10 23:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-20 20:32 - 2016-06-10 23:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-20 20:32 - 2016-06-10 23:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-20 20:32 - 2016-06-10 23:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-20 20:32 - 2016-06-10 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-20 20:32 - 2016-06-10 23:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-20 20:32 - 2016-06-10 22:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-20 20:32 - 2016-06-10 22:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-20 20:32 - 2016-06-10 22:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-20 20:32 - 2016-06-10 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-20 20:32 - 2016-06-10 22:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-20 20:32 - 2016-06-10 22:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-20 20:32 - 2016-06-10 22:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-20 20:32 - 2016-06-10 22:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-20 20:32 - 2016-06-10 22:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-20 20:32 - 2016-06-10 22:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-20 20:32 - 2016-06-10 22:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-20 20:32 - 2016-06-10 22:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-20 20:32 - 2016-06-10 22:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-20 20:32 - 2016-06-10 21:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-20 20:32 - 2016-06-10 21:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-20 20:32 - 2016-06-10 21:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-20 20:32 - 2016-06-10 21:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-20 20:32 - 2016-06-10 21:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-20 20:32 - 2016-06-10 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-20 20:32 - 2016-06-10 20:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-20 20:32 - 2016-06-10 20:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-20 20:32 - 2016-06-10 20:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-20 20:32 - 2016-06-10 20:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-20 20:32 - 2016-06-10 20:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-20 20:32 - 2016-06-10 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-20 20:32 - 2016-06-10 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-20 20:32 - 2016-06-10 20:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-20 20:32 - 2016-06-10 20:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-20 20:32 - 2016-06-10 20:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-20 20:32 - 2016-06-10 20:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-20 20:32 - 2016-06-10 20:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-20 20:32 - 2016-06-10 20:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-20 20:32 - 2016-06-10 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-20 20:32 - 2016-06-10 20:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-20 20:32 - 2016-06-10 20:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-20 20:32 - 2016-06-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-20 20:32 - 2016-06-10 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-20 20:32 - 2016-06-10 20:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-20 20:32 - 2016-06-10 20:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-20 20:32 - 2016-06-10 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-20 20:32 - 2016-06-10 20:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-20 20:32 - 2016-06-10 20:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-20 20:32 - 2016-06-10 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-20 20:32 - 2016-06-10 19:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-20 20:32 - 2016-06-10 19:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-20 20:32 - 2016-06-10 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-20 20:32 - 2016-06-10 19:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-20 20:31 - 2016-06-10 23:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-20 20:31 - 2016-06-10 23:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-20 20:31 - 2016-06-10 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-20 20:30 - 2016-09-20 20:31 - 22851472 _____ (Malwarebytes ) C:\Users\zenbook\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-20 20:29 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-20 20:29 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-09-20 20:29 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-09-20 20:29 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-09-20 20:29 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-09-20 20:29 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-09-20 20:29 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-09-20 20:29 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-09-20 20:29 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-09-20 20:29 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-09-20 20:24 - 2016-09-20 20:27 - 00237916 _____ C:\TDSSKiller.3.1.0.11_20.09.2016_20.24.12_log.txt
2016-09-20 20:23 - 2016-09-20 20:23 - 04747704 _____ (AO Kaspersky Lab) C:\Users\zenbook\Downloads\tdsskiller.exe
2016-09-20 20:00 - 2016-06-14 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-20 17:57 - 2016-09-20 17:57 - 00317538 _____ C:\Users\zenbook\Downloads\cc_20160920_175730.reg
2016-09-20 17:17 - 2016-09-20 17:17 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-09-20 17:17 - 2016-09-20 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-20 17:17 - 2016-09-20 17:17 - 00000000 ____D C:\Program Files\CCleaner
2016-09-20 17:15 - 2016-09-20 17:15 - 08244656 _____ (Piriform Ltd) C:\Users\zenbook\Downloads\ccsetup522.exe
2016-09-20 17:11 - 2016-09-20 17:11 - 01877856 _____ ( ) C:\Users\zenbook\Downloads\CCleaner_5.22.exe
2016-09-20 16:45 - 2016-09-20 16:45 - 00000000 ____D C:\ProgramData\TweakBit
2016-09-20 16:42 - 2016-09-20 16:42 - 00410344 _____ (TweakBit) C:\Users\zenbook\Downloads\Windows%207-repairkit.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-05 12:19 - 2014-09-23 13:43 - 00000000 ____D C:\Users\zenbook\Documents\Outlook Files
2016-10-05 12:12 - 2012-06-26 23:30 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-10-05 12:10 - 2015-06-25 20:00 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588937725-306486299-874216558-1001UA.job
2016-10-05 12:10 - 2013-05-14 16:17 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-05 11:32 - 2015-02-08 18:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-05 11:10 - 2015-06-25 20:00 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588937725-306486299-874216558-1001Core.job
2016-10-05 10:57 - 2009-07-14 07:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-05 10:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-10-05 10:39 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-05 10:39 - 2009-07-14 06:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-05 10:30 - 2013-05-14 16:17 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-05 10:30 - 2012-06-26 23:30 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-10-05 10:29 - 2014-10-23 08:33 - 00000000 ____D C:\Users\zenbook\AppData\Local\Avg
2016-10-05 10:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-05 10:28 - 2014-03-11 18:06 - 00000000 ____D C:\Program Files\WinRAR
2016-10-05 10:28 - 2013-02-14 17:41 - 00000000 ____D C:\ProgramData\MFAData
2016-10-05 10:26 - 2013-10-06 15:18 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-10-05 10:24 - 2012-06-26 23:35 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-10-05 10:16 - 2012-02-24 04:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-10-05 10:16 - 2012-02-24 04:42 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-10-05 10:10 - 2014-10-13 10:00 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-05 10:09 - 2014-10-23 08:29 - 00000000 ____D C:\ProgramData\AVG
2016-10-05 10:09 - 2013-02-14 17:46 - 00000000 ____D C:\Program Files (x86)\AVG
2016-10-05 10:08 - 2016-06-06 14:38 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-05 10:08 - 2015-10-26 10:58 - 00000000 ____D C:\Users\zenbook\AppData\Local\AvgSetupLog
2016-10-05 09:49 - 2014-03-11 18:06 - 00000000 ____D C:\Users\zenbook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-05 09:49 - 2014-03-11 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-05 09:46 - 2013-08-07 20:15 - 00000000 ____D C:\Users\zenbook\AppData\Roaming\Skype
2016-10-05 09:40 - 2014-10-08 09:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-05 09:40 - 2013-08-07 20:14 - 00000000 ____D C:\ProgramData\Skype
2016-10-05 09:23 - 2015-06-25 20:00 - 00000000 ____D C:\Users\zenbook\AppData\Local\Dropbox
2016-10-05 09:22 - 2013-02-13 15:32 - 00000000 ____D C:\Users\zenbook\AppData\Roaming\Dropbox
2016-09-23 10:51 - 2014-01-28 14:37 - 00000000 ____D C:\Windows\Minidump
2016-09-23 10:36 - 2014-12-12 08:22 - 00000000 ____D C:\Windows\system32\appraiser
2016-09-21 16:11 - 2009-07-14 06:45 - 00491376 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-21 15:36 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-09-21 15:32 - 2013-08-18 14:58 - 00000000 ____D C:\Windows\system32\MRT
2016-09-21 15:12 - 2013-03-10 19:59 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-20 17:52 - 2016-07-10 09:35 - 00000000 ____D C:\Users\zenbook\AppData\Roaming\MPC-HC
2016-09-20 17:07 - 2012-06-26 23:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-20 14:03 - 2016-03-02 08:19 - 00000000 ____D C:\Temp
2016-09-19 14:55 - 2016-02-22 16:08 - 00000000 ____D C:\Program Files (x86)\MusicBee
2016-09-18 19:43 - 2015-01-18 14:57 - 00000000 ____D C:\Users\zenbook\AppData\Local\ElevatedDiagnostics
2016-09-18 17:52 - 2015-05-15 09:08 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 20:35 - 2015-02-08 18:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-15 20:34 - 2013-02-14 17:37 - 00796352 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-15 20:34 - 2013-02-14 17:37 - 00142528 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-15 20:33 - 2013-02-14 17:37 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-15 20:32 - 2012-02-24 04:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2015-05-23 12:07 - 2015-05-23 12:07 - 0124133 _____ () C:\Program Files (x86)\Acknowledgements.rtf
2015-09-22 19:23 - 2016-08-30 09:44 - 0000288 _____ () C:\Users\zenbook\AppData\Roaming\PDFShaper.ini
2015-01-19 12:55 - 2015-01-19 12:55 - 0004096 ____H () C:\Users\zenbook\AppData\Local\keyfile3.drm
2015-05-07 12:51 - 2015-11-24 16:08 - 0000024 _____ () C:\Users\zenbook\AppData\Local\pdfshaper.ini
2012-02-24 04:42 - 2010-10-06 19:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-06-26 23:45 - 2012-06-26 23:46 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-06-26 23:44 - 2012-06-26 23:45 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-06-26 23:44 - 2012-06-26 23:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-10 03:58

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by zenbook (05-10-2016 12:25:22)
Running from C:\Users\zenbook\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-09 18:42:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2588937725-306486299-874216558-500 - Administrator - Disabled)
Guest (S-1-5-21-2588937725-306486299-874216558-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2588937725-306486299-874216558-1000 - Limited - Enabled) => C:\Users\UpdatusUser
zenbook (S-1-5-21-2588937725-306486299-874216558-1001 - Administrator - Enabled) => C:\Users\zenbook

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
ArcGIS 10.3.1 for Desktop (HKLM-x32\...\ArcGIS 10.3.1 for Desktop) (Version: 10.3.4959 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.3.1 for Desktop (x32 Version: 10.3.4959 - Environmental Systems Research Institute, Inc.) Hidden
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.25 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.3 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.2 - ASUS)
ASUS PWR Option (HKLM-x32\...\{B800CE44-D206-475D-A6E2-5B3808E2D60A}) (Version: 1.1.0 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0011 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.32 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.11 - ASUS)
AsusScr_UX32VD (HKLM-x32\...\AsusScr_UX32VD) (Version: 1.0.0003 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
AX88772B Windows 7 Drivers (HKLM-x32\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.2.0 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (x32 Version: 1.0.2.0 - ASIX Electronics Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\Dropbox) (Version: 11.4.21 - Dropbox, Inc.)
ExpressCache (HKLM\...\{FF607B1F-A78B-4F1D-BC8E-6C2AB3B75405}) (Version: 1.0.87 - Diskeeper Corporation)
G*Power 3.1.9.2 (HKLM-x32\...\{F9C59D86-6F65-4EDB-89A2-FBA1F78762D2}) (Version: 3.1.92 - Franz Faul, Uni Kiel, Germany)
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
Geospatial Modelling Environment (HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\04e9c5a591ad8209) (Version: 1.0.0.5 - Geospatial Modelling Environment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.3 - ASUS)
Intel® Dynamic Platform & Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.1.1067 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1024 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel® AT Service signup (HKLM-x32\...\{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}) (Version: 2.0.0.3 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
K-Lite Codec Pack 12.2.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.2.5 - KLCP)
Mendeley Desktop 1.12.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.12.3 - Mendeley Ltd.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NoteBook FanControl (HKLM-x32\...\{542c1677-eab5-49ee-99aa-5a08eeb3033c}) (Version: 1.3.4.0 - Stefan Hirschmann - StagWare)
NoteBook FanControl (x32 Version: 1.3.4.0 - Stefan Hirschmann - StagWare) Hidden
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Online Plug-in (x32 Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden
PDF Shaper Free 5.1 (HKLM-x32\...\PDF Shaper Free_is1) (Version: - Burnaware)
R for Windows 3.2.3 (HKLM\...\R for Windows 3.2.3_is1) (Version: 3.2.3 - R Core Team)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6612 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.39025 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Self-service Plug-in (x32 Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (08/27/2012 1.0.0.125) (HKLM\...\2BD897DEE9289F769D9176245811D5330A360B0B) (Version: 08/27/2012 1.0.0.125 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2588937725-306486299-874216558-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\zenbook\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {066BCCFD-D303-40D9-A56A-5F7992A07DC6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2588937725-306486299-874216558-1001
Task: {076B1183-9E32-43D6-9A57-95145B797622} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-05-15] (ASUS)
Task: {17178E34-8430-4A5F-B022-F091C698349A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {27AE9128-BF38-47D4-BAEB-77DAA5CD48D7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-05] (AVAST Software)
Task: {2A479390-9427-4DF0-BA75-2EEB59E44138} - System32\Tasks\Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2012-03-14] ()
Task: {2F29DB36-D42B-4ABE-A9E3-950DE1663801} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {363636A7-E973-4F37-A32B-43A5D856FB98} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2588937725-306486299-874216558-1001Core => C:\Users\zenbook\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {3EC3BDF0-5CDD-47A5-A628-E3E935BD2105} - System32\Tasks\{0D8A0BA3-E14C-4F18-8869-D2D15C7FC2B6} => pcalua.exe -a C:\Users\zenbook\Downloads\Setup.exe -d C:\Users\zenbook\Downloads
Task: {43176C45-3A49-461E-A4D8-569F812845AA} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {4FD47F0D-93B3-4507-A5C3-A5975E0056C1} - System32\Tasks\{524F607C-9E60-40C8-B1AE-DC375AE36FEB} => Firefox.exe hxxp://ui.skype.com/ui/0/7.24.85.104/en/go/help.faq.installer?LastError=1618
Task: {66EE9A21-E5D0-4F1D-8DEB-3E7C7C7E7482} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {74E8000D-578D-46E9-8FAD-DF7B31A3E6B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {7A43E8E9-C44A-4FAD-9140-06AE474A5793} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-15] (Adobe Systems Incorporated)
Task: {7D34C346-034D-4511-9435-FD4C300334B1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2588937725-306486299-874216558-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {7FE715D1-1CB8-40DF-91EE-5041DE539B0A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-10-05] (AVAST Software)
Task: {8FC5EE3B-27B9-4C3F-869C-3C27956AE87E} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {9D91FEE9-4E06-467D-8039-C71770D22AE7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2588937725-306486299-874216558-1001UA => C:\Users\zenbook\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {AE285905-09D3-4CB4-8953-B6A75AE63FBD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {C0D8196D-86AA-41B7-9728-0ACC748D2F67} - System32\Tasks\{CEE59FE8-84CE-45AC-ABC8-073DF3DD187C} => pcalua.exe -a C:\Users\zenbook\Downloads\datacasting\FeedReader.exe -d C:\Users\zenbook\Downloads\datacasting
Task: {C2C00031-FC39-43F8-868E-6C81F1FF7F3C} - System32\Tasks\Java™ Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation)
Task: {C4EA5081-1E63-482A-ACB0-F8EDA5DB3B54} - System32\Tasks\SafeZone scheduled Autoupdate 1475652536 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {C748CC22-9048-4661-90F5-88F4CA3B392B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {E0DE17C2-8EC8-47C8-BC6C-C99DFF843A3E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2588937725-306486299-874216558-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {E3127F00-8D2C-414E-BA4B-EF08EC430A43} - System32\Tasks\AVG_SYS_TASK_0415av_RUN => C:\ProgramData\Avg_Update_0415av\AVG-Secure-Search-Update_0415av.exe
Task: {E4E16631-D801-40A9-B6EC-432AC2592EC1} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {F24BD649-327F-4385-AD71-A4C89AF4AC03} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {FD359693-B8CA-4431-B01A-93A6A38DEF01} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-07-07] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588937725-306486299-874216558-1001Core.job => C:\Users\zenbook\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588937725-306486299-874216558-1001UA.job => C:\Users\zenbook\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-25 12:15 - 2015-08-07 13:06 - 00012080 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-06-26 23:26 - 2015-08-07 06:34 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-27 09:48 - 2012-04-02 10:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-24 21:26 - 2012-07-24 21:26 - 00040960 _____ () C:\Users\zenbook\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
2012-04-27 09:50 - 2012-02-20 05:31 - 00018944 ____N () C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
2012-04-27 09:50 - 2012-02-20 05:31 - 00019968 ____N () C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-14 19:59 - 2012-03-14 19:59 - 00556976 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2016-10-05 09:26 - 2016-10-05 09:26 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-05 09:32 - 2016-10-05 09:32 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100401\algo.dll
2016-10-05 09:26 - 2016-10-05 09:26 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-09-25 12:15 - 2015-08-07 13:06 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-05-19 07:37 - 2015-10-12 05:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-07-24 21:26 - 2012-07-24 21:26 - 00034304 _____ () C:\Users\zenbook\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll
2016-09-20 14:24 - 2016-09-09 02:53 - 00035792 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-10-05 09:22 - 2016-09-09 02:53 - 00145864 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-10-05 09:22 - 2016-09-09 02:54 - 00019408 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-10-05 09:22 - 2016-09-09 02:53 - 00116688 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-09-20 14:24 - 2016-09-09 02:53 - 00100296 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-09-20 14:24 - 2016-09-09 02:53 - 00018888 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\select.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00019760 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-09-20 14:24 - 2016-09-09 02:53 - 00694224 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00020816 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-09-20 14:24 - 2016-09-09 02:54 - 00123856 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 01682760 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00020808 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00105928 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00021312 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00052024 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00038696 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-10-05 09:22 - 2016-09-09 02:53 - 00392144 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-10-05 09:22 - 2016-09-09 02:55 - 00020936 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00024528 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00116176 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00381752 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00124880 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00025424 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00024016 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00175560 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00030160 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00043472 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00048592 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00057808 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00024016 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00246592 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00026456 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00028616 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-09-20 14:24 - 2016-09-09 02:54 - 00241104 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00023376 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00020800 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00019776 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00020800 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00020280 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-09-20 14:24 - 2016-09-09 02:55 - 00350152 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00022352 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00024392 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-10-05 09:22 - 2016-09-09 02:51 - 00036296 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\librsync.dll
2016-10-05 09:22 - 2016-09-30 19:43 - 00084280 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-10-05 09:22 - 2016-09-30 19:43 - 01826096 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-09-20 14:24 - 2016-09-09 02:54 - 00083912 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\sip.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00531248 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-10-05 09:22 - 2016-09-30 19:44 - 03928880 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 01972528 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00133424 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00224056 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00207672 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00020288 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-10-05 09:22 - 2016-09-09 02:58 - 00017864 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-10-05 09:22 - 2016-09-09 02:58 - 01631184 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-09-20 14:24 - 2016-09-09 02:55 - 00060880 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-09-20 14:24 - 2016-09-30 19:44 - 00024904 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00546096 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00357680 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00042808 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-10-05 09:22 - 2016-09-30 19:43 - 00168760 _____ () C:\Users\zenbook\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-10-05 09:26 - 2016-10-05 09:26 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-06-26 23:29 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 03:42 - 2015-11-11 03:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2588937725-306486299-874216558-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zenbook\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dropbox Update => "C:\Users\zenbook\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{31AEB530-824D-4FA2-BE01-4E99C7878D2F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3399846A-7C58-4A09-9CA5-8F33DC82C6F4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9651D52F-5FAF-4620-BD90-C368C9967955}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3AD5BAD4-A559-401E-AB0D-3A691CF6DC87}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{1ADD0578-DFE7-4E4E-8486-8AE7356E0E91}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7766494E-738D-4B83-B894-BBCAF6D6642C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1E48DACC-A38B-4D6E-94DE-BFB73D98EE3A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5DF91D39-787F-4FC2-9189-35074108978E}] => (Allow) C:\Users\zenbook\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{408D7B09-5695-42F3-B649-1E2EF20A2C8C}] => (Allow) C:\Users\zenbook\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{336C9890-30CF-4DCA-A6EF-00713F10406A}C:\users\zenbook\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\zenbook\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{211F32E6-A84A-4FEA-B511-24DF8A8966D1}C:\users\zenbook\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\zenbook\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{79F75745-5F35-4B02-A406-415EC051B038}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAC39D04-9BFB-4877-8778-813EBD06F80B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C640D2B2-4367-41CF-8294-95FDAF5749C8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{54AE783E-B6A2-41C4-BE46-F55AFE40C26B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A8608AF2-41FB-4F5F-9E40-1F51C650DCC6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{48B02B83-F428-454F-9EE9-501F05EA640E}] => (Allow) LPort=2869
FirewallRules: [{1A923CE2-4756-4AF3-9503-A187D1768651}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{CA7B03FA-8892-4F17-A879-09CC161CBEA5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A7F9A2ED-CEBB-42C3-8DAE-9CA8C4803A98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{82BCCE5C-2CA0-4F07-94A9-DB06279050C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7D3C696C-6C43-422B-9755-FA671D395949}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0E05E6D9-AF8D-4FCF-B0FA-A86944E66D4B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7D213EEB-F668-432B-B11D-EBA39465BBD7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FC73C57-75E9-4BFD-AE0B-9886625EE6D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{871FE2EC-E08C-4027-A69A-D742622BC3B7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{85555D2A-DF86-4F70-AA12-2630F583FD98}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{DB1C127B-C726-47E6-B7C5-9027045DB3DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B110798A-0295-40EE-8921-30CA87F772A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0272E823-74CD-4834-9029-6B47146051D2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{BEA1DAD3-6D30-4FEB-8E0E-BBCD0DB3A56E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{25546BAB-0E71-4A7A-97F2-CC7F3A67C5CE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{1477B846-AD5E-46D3-AFEC-5DB53EA7BE3E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{48F29654-335B-4D56-9956-CE2F85B9DF07}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3035BBA2-BE82-4775-9ABC-AC9FC812CE3E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D437327C-9569-46FF-8294-1E94EC5211B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/05/2016 10:30:09 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/05/2016 10:27:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: InsOnSrv.exe, version: 2.3.1.1, time stamp: 0x4f878af7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x8ac
Faulting application start time: 0x01d21ed4670a38d3
Faulting application path: C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
Faulting module path: unknown
Report Id: 96651691-8ad5-11e6-bc03-c48508235216

Error: (10/05/2016 10:25:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.23432, time stamp: 0x570fb30c
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x5668a2c5
Exception code: 0xc0000005
Fault offset: 0x65ddcd89
Faulting process id: 0x1d38
Faulting application start time: 0x01d21ee214893927
Faulting application path: C:\Windows\syswow64\MsiExec.exe
Faulting module path: QuickTime.qts
Report Id: 53914cef-8ad5-11e6-bc03-c48508235216

Error: (10/05/2016 09:52:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.23432, time stamp: 0x570fb30c
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x5668a2c5
Exception code: 0xc0000005
Fault offset: 0x5d4acd89
Faulting process id: 0x11b8
Faulting application start time: 0x01d21edd62aac844
Faulting application path: C:\Windows\syswow64\MsiExec.exe
Faulting module path: QuickTime.qts
Report Id: a0e43b8d-8ad0-11e6-bc03-c48508235216

Error: (10/05/2016 09:51:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.23432, time stamp: 0x570fb30c
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x55c3a9ef
Exception code: 0xc0000005
Fault offset: 0x5d4acce9
Faulting process id: 0x1a90
Faulting application start time: 0x01d21edd3eab51e4
Faulting application path: C:\Windows\syswow64\MsiExec.exe
Faulting module path: QuickTime.qts
Report Id: 7e2ba1d7-8ad0-11e6-bc03-c48508235216

Error: (10/05/2016 09:06:53 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (09/24/2016 06:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusTPCenter.exe, version: 1.0.0.32, time stamp: 0x503c69b9
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc00000fd
Fault offset: 0x00000000000502fa
Faulting process id: 0x17fc
Faulting application start time: 0x01d2168044138983
Faulting application path: C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 71dfa0ff-8275-11e6-ab01-c48508235216

Error: (09/23/2016 10:41:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: zenbook-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (09/23/2016 10:41:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: zenbook-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (09/23/2016 10:41:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: zenbook-PC)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.


System errors:
=============
Error: (10/05/2016 11:44:12 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (10/05/2016 10:31:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/05/2016 10:29:10 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (10/05/2016 10:07:24 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (10/05/2016 09:45:47 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/05/2016 08:49:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/24/2016 06:34:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/24/2016 06:34:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.

Error: (09/24/2016 06:33:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (09/24/2016 06:29:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WMI Performance Adapter service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 62%
Total physical RAM: 3981.89 MB
Available physical RAM: 1484.83 MB
Total Virtual: 7961.96 MB
Available Virtual: 5510.33 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:108.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:254.14 GB) (Free:122.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C61722B1)

Partition: GPT.

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 47C413B1)

Partition: GPT.

==================== End of Addition.txt ============================

I hope someone has a solution for this...

Edited by Oh My!, 05 October 2016 - 08:23 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 AM

Posted 05 October 2016 - 08:20 PM

Greetings brigihey and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 AM

Posted 05 October 2016 - 09:12 PM

Thank you for your patience.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CloseProcesses:
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\MountPoints2: {b7f35acb-094f-11e6-88d4-c48508235216} - E:\SetupWi-Fi.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR HKU\S-1-5-21-2588937725-306486299-874216558-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 uxdiifog; \??\C:\Users\zenbook\AppData\Local\Temp\uxdiifog.sys [X]
2012-06-26 23:45 - 2012-06-26 23:46 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-06-26 23:44 - 2012-06-26 23:45 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-06-26 23:44 - 2012-06-26 23:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Running Chkdsk /r From Command Prompt with Report

--------------------
  • Close any open programs
  • Click Start, Programs, Accessories
  • Right click on Command Prompt and select Run as Administrator
  • Copy and paste the following after the command prompt and press Enter

CMD /C ECHO Y|CHKDSK /R C: /R | SHUTDOWN /R /T 10

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot
  • Click Start, type Powershell, right click on Powershell above and select Run as administrator
  • Copy and paste the following after the Powershell Command Prompt

Get-WinEvent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.Providername –match "wininit"} | fl timecreated, message

  • Right click on the top bar of the Powershell window, click Edit, then Select All
  • Hit the Ctrl + C keys at the same time to copy the information
  • Right click in the reply screen and select Paste (or you can paste it in a Notepad document to save it)
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • CHKDSKResults report
  • GSmart report
  • Attached System Summary report

Edited by Oh My!, 06 October 2016 - 09:14 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 brigihey

brigihey
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 06 October 2016 - 03:09 AM

Hi Gary,

 

Thanks for helping me out on this.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by zenbook (06-10-2016 09:36:09) Run:2
Running from C:\Users\zenbook\Downloads
Loaded Profiles: UpdatusUser & zenbook (Available Profiles: UpdatusUser & zenbook)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\MountPoints2: {b7f35acb-094f-11e6-88d4-c48508235216} - E:\SetupWi-Fi.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR HKU\S-1-5-21-2588937725-306486299-874216558-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 uxdiifog; \??\C:\Users\zenbook\AppData\Local\Temp\uxdiifog.sys [X]
2012-06-26 23:45 - 2012-06-26 23:46 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-06-26 23:44 - 2012-06-26 23:45 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-06-26 23:44 - 2012-06-26 23:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
*****************

Processes closed successfully.
HKU\S-1-5-21-2588937725-306486299-874216558-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7f35acb-094f-11e6-88d4-c48508235216} => key not found.
HKCR\CLSID\{b7f35acb-094f-11e6-88d4-c48508235216} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key not found.
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found.
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value not found.
HKU\S-1-5-21-2588937725-306486299-874216558-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found.
MBAMSwissArmy => service not found.
uxdiifog => service not found.
"C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log" => not found.
"C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log" => not found.
"C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log" => not found.


The system needed a reboot.

==== End of Fixlog 09:36:11 ====

 

I copy/pasted the line for the Powershell command prompt but I got an error:

Unexpected token 'match' in expression or statement.

At line:1 char:91

+ get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

      + CategoryInfo               : ParserError: <match:String> [], ParentContainsErrorRecordException

      + FullyQualifiedErrorId   : UnexpectedToken

 

Did I do something wrong?

 

Regards,

Brigitte



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 AM

Posted 06 October 2016 - 09:16 AM

Greetings Brigitte.

Is it possible you ran the Fixlist twice?

No you didn't do anything wrong, sorry about that. I modified the instructions so please try it again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 brigihey

brigihey
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 06 October 2016 - 10:12 AM

Thanks Gary but it's still not doing what you describe. I started afresh again.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by zenbook (06-10-2016 16:32:25) Run:3
Running from C:\Users\zenbook\Downloads
Loaded Profiles: UpdatusUser & zenbook (Available Profiles: UpdatusUser & zenbook)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-2588937725-306486299-874216558-1001\...\MountPoints2: {b7f35acb-094f-11e6-88d4-c48508235216} - E:\SetupWi-Fi.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR HKU\S-1-5-21-2588937725-306486299-874216558-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 uxdiifog; \??\C:\Users\zenbook\AppData\Local\Temp\uxdiifog.sys [X]
2012-06-26 23:45 - 2012-06-26 23:46 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-06-26 23:44 - 2012-06-26 23:45 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-06-26 23:44 - 2012-06-26 23:44 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
*****************

Processes closed successfully.
HKU\S-1-5-21-2588937725-306486299-874216558-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7f35acb-094f-11e6-88d4-c48508235216} => key not found.
HKCR\CLSID\{b7f35acb-094f-11e6-88d4-c48508235216} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key not found.
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found.
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value not found.
HKU\S-1-5-21-2588937725-306486299-874216558-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found.
MBAMSwissArmy => service not found.
uxdiifog => service not found.
"C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log" => not found.
"C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log" => not found.
"C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log" => not found.


The system needed a reboot.

==== End of Fixlog 16:32:27 ====

 

I don't have 'Powershell' as such, only Windows Powershell and with (x86) etc. I choose Windows Powershell and pasted your command prompt but nothing happened (PS C:\windows\system32> came on the next line).

 

What should I do?

 

Regards,

Brigitte



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 AM

Posted 06 October 2016 - 01:30 PM

Sorry, just skip that step. The next step is more critical.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 brigihey

brigihey
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 07 October 2016 - 01:30 AM

Hi Gary,

 

Apparently my C: drive is split into 2 and I have a small SSD of 32GB (I never knew this). I ran the test for both of them, I didn't do it for my D: drive as this doesn't contain any programms.

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Device Model:     Hitachi HTS545050A7E380
Serial Number:    TE95113RGR9LHS
LU WWN Device Id: 5 000cca 6f7ca2430
Firmware Version: GG2OA6C0
User Capacity:    500,107,862,016 bytes [500 GB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 6
Local Time is:    Fri Oct 07 08:12:08 2016 SAST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00)    Offline data collection activity
                    was never started.
                    Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0)    The previous self-test routine completed
                    without error or no self-test has ever
                    been run.
Total time to complete Offline
data collection:         (   45) seconds.
Offline data collection
capabilities:              (0x5b) SMART execute Offline immediate.
                    Auto Offline data collection on/off support.
                    Suspend Offline collection upon new
                    command.
                    Offline surface scan supported.
                    Self-test supported.
                    No Conveyance Self-test supported.
                    Selective Self-test supported.
SMART capabilities:            (0x0003)    Saves SMART data before entering
                    power-saving mode.
                    Supports SMART auto save timer.
Error logging capability:        (0x01)    Error logging supported.
                    General Purpose Logging supported.
Short self-test routine
recommended polling time:      (   2) minutes.
Extended self-test routine
recommended polling time:      ( 108) minutes.
SCT capabilities:            (0x003d)    SCT Status supported.
                    SCT Error Recovery Control supported.
                    SCT Feature Control supported.
                    SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   100   100   062    Pre-fail  Always       -       0
  2 Throughput_Performance  0x0005   100   100   040    Pre-fail  Offline      -       0
  3 Spin_Up_Time            0x0007   253   253   033    Pre-fail  Always       -       1
  4 Start_Stop_Count        0x0012   095   095   000    Old_age   Always       -       8631
  5 Reallocated_Sector_Ct   0x0033   100   100   005    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000b   100   100   067    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0005   100   100   040    Pre-fail  Offline      -       0
  9 Power_On_Hours          0x0012   095   095   000    Old_age   Always       -       2537
 10 Spin_Retry_Count        0x0013   100   100   060    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   099   099   000    Old_age   Always       -       2281
191 G-Sense_Error_Rate      0x000a   100   100   000    Old_age   Always       -       0
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       9
193 Load_Cycle_Count        0x0012   097   097   000    Old_age   Always       -       36561
194 Temperature_Celsius     0x0002   253   253   000    Old_age   Always       -       23 (Min/Max 3/41)
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0022   100   100   000    Old_age   Always       -       16
198 Offline_Uncorrectable   0x0008   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x000a   200   200   000    Old_age   Always       -       0
223 Load_Retry_Count        0x000a   100   100   000    Old_age   Always       -       0

SMART Error Log Version: 1
ATA Error Count: 15744 (device log contains only the most recent five errors)
    CR = Command Register [HEX]
    FR = Features Register [HEX]
    SC = Sector Count Register [HEX]
    SN = Sector Number Register [HEX]
    CL = Cylinder Low Register [HEX]
    CH = Cylinder High Register [HEX]
    DH = Device/Head Register [HEX]
    DC = Device Command Register [HEX]
    ER = Error register [HEX]
    ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.

Error 15744 occurred at disk power-on lifetime: 2537 hours (105 days + 17 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 58 6a 6a 00  Error: UNC at LBA = 0x006a6a58 = 6974040

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 40 58 f8 a7 0e 40 00      00:06:28.699  READ FPDMA QUEUED
  60 08 50 78 c5 6c 40 00      00:06:28.200  READ FPDMA QUEUED
  60 10 48 f8 c6 67 40 00      00:06:27.701  READ FPDMA QUEUED
  60 08 40 58 6a 6a 40 00      00:06:27.164  READ FPDMA QUEUED
  60 20 38 a0 0e 32 40 00      00:06:27.164  READ FPDMA QUEUED

Error 15743 occurred at disk power-on lifetime: 2537 hours (105 days + 17 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 58 6a 6a 00  Error: UNC at LBA = 0x006a6a58 = 6974040

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 c8 00 fa bd 40 00      00:06:25.827  READ FPDMA QUEUED
  60 38 c0 a0 c2 67 40 00      00:06:25.329  READ FPDMA QUEUED
  60 40 b8 b8 a7 0e 40 00      00:06:24.643  READ FPDMA QUEUED
  60 08 b0 18 c5 6c 40 00      00:06:24.144  READ FPDMA QUEUED
  60 08 a8 40 c2 6b 40 00      00:06:23.706  READ FPDMA QUEUED

Error 15742 occurred at disk power-on lifetime: 2537 hours (105 days + 17 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 58 6a 6a 00  Error: UNC at LBA = 0x006a6a58 = 6974040

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 08 08 08 11 6f 40 00      00:06:22.131  READ FPDMA QUEUED
  60 40 00 08 4e f1 40 00      00:06:21.289  READ FPDMA QUEUED
  61 98 f8 f0 f1 67 40 00      00:06:21.243  WRITE FPDMA QUEUED
  60 08 e8 08 21 6f 40 00      00:06:20.790  READ FPDMA QUEUED
  60 08 e0 60 f9 03 40 00      00:06:20.291  READ FPDMA QUEUED

Error 15741 occurred at disk power-on lifetime: 2537 hours (105 days + 17 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 58 6a 6a 00  Error: WP at LBA = 0x006a6a58 = 6974040

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  61 01 90 b8 33 0b 40 00      00:06:17.875  WRITE FPDMA QUEUED
  60 08 88 e0 c4 6c 40 00      00:06:17.155  READ FPDMA QUEUED
  60 40 80 c8 4d f1 40 00      00:06:16.656  READ FPDMA QUEUED
  61 40 78 80 60 bb 40 00      00:06:16.229  WRITE FPDMA QUEUED
  61 08 70 68 41 54 40 00      00:06:16.228  WRITE FPDMA QUEUED

Error 15740 occurred at disk power-on lifetime: 2537 hours (105 days + 17 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 08 58 6a 6a 00  Error: WP at LBA = 0x006a6a58 = 6974040

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  61 08 48 20 a6 0e 40 00      00:06:15.832  WRITE FPDMA QUEUED
  60 08 40 68 95 6c 40 00      00:06:13.255  READ FPDMA QUEUED
  61 40 38 c0 5f bb 40 00      00:06:12.613  WRITE FPDMA QUEUED
  61 20 30 a0 5f bb 40 00      00:06:12.608  WRITE FPDMA QUEUED
  61 20 28 20 1e b2 40 00      00:06:12.604  WRITE FPDMA QUEUED

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%      2537         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

 

For the SSD the test was aborted (I tried it twice).

 

For the msinfo: nothing happened when I clicked on system summary so I did file/export and rarred it. However, I am apparently not permitted to upload this kind of file so...

https://www.dropbox.com/s/1scuifr4t16poww/summary.rar?dl=0

or else unzipped:

https://www.dropbox.com/s/bqsdn3zw96os7nk/summary.txt?dl=0

 

Regards,

Brigitte



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 AM

Posted 07 October 2016 - 09:48 AM

Thank you Brigitte.

No Dropbox files are available.

Can you provide an update on your computer performance?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 brigihey

brigihey
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 07 October 2016 - 12:58 PM

I'm terribly sorry Gary, I cleaned up my folder and deleted these files too. They're back up now!

 

Regards,

Brigitte



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 AM

Posted 07 October 2016 - 01:05 PM

Thanks. How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 brigihey

brigihey
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 07 October 2016 - 01:09 PM

I've been working on my desktop for everything else because the laptop wasn't useable anymore. However, there are programms on there that I don't have on my desktop so I still need it.

It's still slow...



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 AM

Posted 07 October 2016 - 02:14 PM

Thank you,

Please do this.

===================================================

Windows Repair (All in One)

--------------------
  • Boot your computer into Safe Mode with Networking
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the tweaking.com icon and click Run
  • Continually click Next, then Finish
  • If you are advised a newer version is available click Yes to download the new version
  • Note: If you are unable to complete one of the steps simply continue on with the next step
  • Go to Step 3 and allow it to run See if Check Disk is Needed by clicking on the Check button:
  • If your see Errors Found On The Drive! Check Disk Is Needed click Open Check Disk At Next Boot
  • Select the /r option and click Add To Next Boot
  • Close the Check Disk (chkdsk) At Next Boot window
  • Go to Step 4 and click Do It under System File Check
  • Go to Step 5 and click Create under System Restore
  • Go to the Repairs tab
  • Uncheck Automatically Do A Registry Backup then click Open Repairs
  • Leave the default check marks and click Start Repairs
  • Ignore any notice about Desktop Gadgets
  • Click Yes to reboot your computer and check the performance
  • Hit the Windows Key + E at the same time
  • Navigate to one of the two following file locations to locate the file

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

  • Please zip and attach the Logs folder to your repy
===================================================

Creating a New User Profile

--------------
  • Click Start, Control Panel, then User Accounts
  • NOTE: For Windows 8/10 press the Windows Key + X to get to the Control Panel
  • Click Manage Another Account
  • Click Create a new account
  • Type BC as the User name then click Next
  • Select Computer administrator then click Create Account
  • Close the User Accounts window
  • Click Start, then click the arrow to the right of Shut down
  • Click Switch user and log in as BC
  • Check your computer behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • All in One files
  • How does the new User Profile function?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 brigihey

brigihey
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 07 October 2016 - 03:27 PM

Hi Gary,

It is still running step 3 and is nowhere near the end so I am going to let it run and post the log tomorrow morning.

Regards,

Brigitte



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:45 AM

Posted 07 October 2016 - 03:36 PM

Sounds good, or you can stop it and restart tomorrow. That might be a better option.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users