Jump to content

Search the Community

Showing results for tags 'hacked?'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 7 results

  1. Hello I saw my malwarebytes forums profile from a friend's profile and it showed that my last visited had been on Friday at 3:15pm but I didn't log at that time. I checked my recent devices and my last device was my computer and it said "last logged: Friday at 10:12 am" and there's no other device after that. Am I hacked or why doesn't it display a time I didn't log? Thanks in advance
  2. Good Afternoon, I received a mail from a hacker who is knowing an old password of a user of my home PC. He claims that he has installed a malware on my PC and he used my web browser (Firefox) as a RDP with a key logger providing access to the display and webcam. He gives me until 18:56 CET to pay $1 900 in bitcoins. Is it real or a false attempt to get some money. Here is his mail: From: Harri Salinas <gxuwilsonzpv@outlook.com> Sent: Thursday, April 9, 2020 18:58 To: me Subject: me : Old Password I know, Old Password, is your password. You don't know me and you're thinking why you received this e mail, right? Well, I actually placed a malware on the website and guess what, while you visited this web site, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account. What exactly did I do? I made a split-screen video. First part recorded the video you were viewing, and next part recorded your webcam. What should you do? Well, I believe, $1900 is a fair price for our little secret. You'll make the payment via Bitcoin to the below address (if you don't know this, search "how to buy bitcoin" in Google). BTC Address: bc1qc53lemeuaw5pm9sa6ypnjdfmsayul4lc6j4taw (It is cAsE sensitive, so copy and paste it)
  3. Good Afternoon, I received a mail from a hacker who is knowing an old password of a user of my home PC. He claims that he has installed a malware on my PC and he used my web browser (Firefox) as a RDP with a key logger providing access to the display and webcam. He gives me until 18:56 CET to pay $1 900 in bitcoins. Is it real or a false attempt to get some money?? PLEASE HEEELLLLP Here is his mail: From: Harri Salinas <gxuwilsonzpv@outlook.com> Sent: Thursday, April 9, 2020 18:58 To: me Subject: me : Old Password I know, Old Password, is your password. You don't know me and you're thinking why you received this e mail, right? Well, I actually placed a malware on the website and guess what, while you visited this web site, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account. What exactly did I do? I made a split-screen video. First part recorded the video you were viewing, and next part recorded your webcam. What should you do? Well, I believe, $1900 is a fair price for our little secret. You'll make the payment via Bitcoin to the below address (if you don't know this, search "how to buy bitcoin" in Google). BTC Address: bc1qc53lemeuaw5pm9sa6ypnjdfmsayul4lc6j4taw (It is cAsE sensitive, so copy and paste it)
  4. I was trying to type in YouTube.com, but I mistyped. I was redirected a few times, and I finally was taken out of safari to the Apple Music app, where it said, “You Already Have An Apple Music Subscription”, which I do. I tried to retype the misclick to see what happened(not very smart of me), but ended up on another site where I was redirected to an HVAC company. Does this mean I’m hacked? I didn’t click anything on the websites.
  5. So ever since this afternoon I went onto one of my usual wikias for a game, when out of nowhere it started acting strange. It hasn't done this until today, and that's including yesterday when I last used it. It's using an excessive amount of cookies, and the domains in my Ublock aren't looking like they normally are. It even redirected from the original wikia, to a strange URL, back to the wiki. I have no idea what happened, and I don't know if it's because of the site or suspected adware. What makes this even more confusing is that it doesn't seem to be happening to everyone. Neither Malwarebytes not ADWcleaner is picking it up, so I think it's a site issue. I honestly don't know what to do in a situation like this, because it's only the sites that are "Powered by Wikia." Do I have Adware, or is this something happening to the sites themselves?
  6. Good evening. Im sorry that I messed up in my first post and now notice that the attachments for the logs didn't load. I have looked but can't determine how to delete my previous post. I have a windows 8.1 laptop, HP that suddenly became very slow, running the disk use at 100%. I ran antimalwarebytes, slowly, and only found tracking cookies. Then, I was locked out, the password wasn't recognised or had been changed remotly . I changed that online. but am still with the same old problems. When I tried to open in safe mode, the windows updates ran and then reported it could not be completed, reversed the updates, restarted in regular mode. I can not access the settings to try to update from there, it simply does not open. Thanks for your help. Cynde Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-10-2015 Ran by Scot (administrator) on SCOTS (29-10-2015 16:08:45) Running from F:\ Loaded Profiles: Scot & Guest (Available Profiles: Scot & Guest) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Flux Software LLC) C:\Users\Scot\AppData\Local\FluxSoftware\Flux\flux.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Windows\System32\perfmon.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-12-23] (IDT, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3812264 2015-10-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3177360 2015-10-04] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [F.lux] => C:\Users\Scot\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC) HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [Google Update] => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [uTorrent] => C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe [1774432 2015-09-19] (BitTorrent Inc.) HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit) HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd) HKU\S-1-5-21-3608695737-4036035937-3015166867-501\...\Run: [uTorrent] => C:\Users\Guest\AppData\Roaming\uTorrent\uTorrent.exe [1672784 2014-04-21] (BitTorrent Inc.) HKU\S-1-5-21-3608695737-4036035937-3015166867-501\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => No File GroupPolicy: Restriction - Chrome <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 64.59.160.15 64.59.161.69 Tcpip\..\Interfaces\{131F61D0-AFA9-495D-9F57-A2E421EF8848}: [DhcpNameServer] 64.59.160.15 64.59.161.69 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON13/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON13/4 HKU\S-1-5-21-3608695737-4036035937-3015166867-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON13/4 HKU\S-1-5-21-3608695737-4036035937-3015166867-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON13/4 SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM -> {ECD5D19E-F577-4A6F-9DF0-BC36C80A769F} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={1CF667E6-C1D9-4A4A-A967-49D6B1A54A91}&mid=42bc9e0076c847d39d14a5ac050f8016-c7610c852e90aed1a97ce0c03ee13f2fbf52cd4f〈=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-06 18:52:42&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-501 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-10-10] (IObit) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: No Name -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> No File BHO-x32: No Name -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: No Name -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> No File FireFox: ======== FF ProfilePath: C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385 FF Homepage: hxxps://mysearch.avg.com?pid=wtu&sg=&cid=%7B3484ee09-9add-45d1-8b6f-b736cc765c97%7D&mid=42bc9e0076c847d39d14a5ac050f8016-c7610c852e90aed1a97ce0c03ee13f2fbf52cd4f&cmpid=0415av&ds=AVG&v=4.1.8.599〈=en&pr=fr&d=2015-05-06%2018%3A52%3A42&sap=hp&form=QBLH&pc=AVG2 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] () FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.8\\npsitesafety.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN) FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File] FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Scot\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @talk.google.com/O1DPlugin -> C:\Users\Scot\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Scot\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Scot\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-501: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File] FF user.js: detected! => C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\user.js [2014-12-23] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-23] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Scot\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Scot\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF SearchPlugin: C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\searchplugins\avg-secure-search.xml [2015-05-06] FF SearchPlugin: C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\searchplugins\imdb--.xml [2015-01-14] FF SearchPlugin: C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\searchplugins\youtube.xml [2014-06-30] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-04] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\ascsurfingprotection@iobit.com [2015-10-10] [not signed] FF Extension: iCloud Bookmarks - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\firefoxdav@icloud.com [2015-05-29] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\iobitascsurfingprotection@iobit.com [2015-05-27] [not signed] FF Extension: Flashblock - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-29] FF Extension: Pin It Button - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-10-06] [not signed] FF Extension: Social Fixer - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\socialfixer@mattkruse.com.xpi [2014-10-31] [not signed] FF Extension: Adblock Plus - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25] FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found FF Extension: No Name - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\extensions\adblockpopups@jessehakanen.net.xpi [not found] FF Extension: No Name - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\extensions\avg@toolbar [not found] Chrome: ======= CHR HomePage: Default -> mysearch.avg.com/?rvt=1 CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms} CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1 CHR Profile: C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (AVG Secure Search) - C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-07-02] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-10-27] CHR Extension: (Social Fixer for Facebook) - C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-12-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-31] (SUPERAntiSpyware.com) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604712 2015-10-12] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3792880 2015-10-12] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [596344 2015-10-12] (AVG Technologies CZ, s.r.o.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339968 2014-12-23] (IDT, Inc.) [File not signed] R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-03-13] (IObit) R2 vToolbarUpdater40.1.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe [1875856 2015-10-04] (AVG Secure Search) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-12-12] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-29] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-10-04] () ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2015-01-08] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2015-05-12] (Advanced Micro Devices) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-09-11] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [293296 2015-08-10] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [251312 2015-08-10] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [314800 2015-08-31] (AVG Technologies CZ, s.r.o.) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-06] (REALiX) S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-19] (Atheros) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-04-06] (Realtek Semiconductor Corp.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated) S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-29] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-29] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-29] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-29 16:08 - 2015-10-29 16:08 - 00000000 ____D C:\FRST 2015-10-28 23:19 - 2015-10-28 23:19 - 00002386 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Scot 2015-10-28 23:19 - 2015-10-28 23:19 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Scot.job 2015-10-28 20:50 - 2015-10-28 20:51 - 00280928 _____ C:\WINDOWS\Minidump\102815-64687-01.dmp 2015-10-28 20:34 - 2015-10-29 16:07 - 00001104 _____ C:\WINDOWS\setupact.log 2015-10-28 20:34 - 2015-10-28 20:34 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-10-28 20:15 - 2015-10-28 20:16 - 00007605 _____ C:\Users\Scot\AppData\Local\Resmon.ResmonCfg 2015-10-28 17:56 - 2015-10-28 17:56 - 00003164 _____ C:\WINDOWS\System32\Tasks\SmartDefrag3_Startup 2015-10-28 17:56 - 2015-10-28 17:56 - 00003162 _____ C:\WINDOWS\System32\Tasks\SmartDefrag3_Update 2015-10-28 17:55 - 2015-10-28 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3 2015-10-28 17:55 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll 2015-10-28 17:55 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys 2015-10-28 16:16 - 2015-10-28 16:16 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2015-10-28 16:16 - 2015-10-28 16:16 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2015-10-28 16:16 - 2015-10-28 16:16 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-10-28 16:16 - 2015-10-28 16:16 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe 2015-10-28 16:16 - 2015-10-28 16:16 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2015-10-28 16:16 - 2015-10-28 16:16 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys 2015-10-28 16:16 - 2015-10-28 16:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll 2015-10-28 16:15 - 2015-10-28 16:15 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-10-28 16:15 - 2015-10-28 16:15 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-10-28 16:15 - 2015-10-28 16:15 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-28 12:28 - 2015-10-28 12:28 - 00001094 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-28 12:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-10-28 12:27 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-10-28 12:27 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-10-28 11:26 - 2015-10-29 03:00 - 01176205 _____ C:\WINDOWS\WindowsUpdate.log 2015-10-27 20:14 - 2015-10-27 20:14 - 00000000 ____D C:\Users\Scot\AppData\Roaming\AVG 2015-10-27 20:12 - 2015-10-27 20:12 - 00000912 _____ C:\Users\Public\Desktop\AVG Protection.lnk 2015-10-27 20:07 - 2015-10-27 20:10 - 00000000 ____D C:\ProgramData\Avg 2015-10-27 20:06 - 2015-10-27 20:07 - 00000000 ____D C:\Users\Scot\AppData\Local\AvgSetupLog 2015-10-27 19:33 - 2015-10-28 20:50 - 460923423 _____ C:\WINDOWS\MEMORY.DMP 2015-10-26 08:51 - 2015-10-27 23:29 - 86802432 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2015-10-26 08:51 - 2015-10-27 23:29 - 00401408 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2015-10-26 08:51 - 2015-10-27 23:29 - 00032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2015-10-26 08:51 - 2015-10-27 23:29 - 00032768 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak 2015-10-15 18:59 - 2015-10-15 18:59 - 00269846 _____ C:\Users\Scot\Desktop\Hotline Bling iPhone.m4r 2015-10-13 19:10 - 2015-10-16 22:10 - 03996360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2015-10-11 11:27 - 2015-10-11 11:27 - 00034154 _____ C:\Users\Scot\Downloads\http _viralovocity.com_black-and-brown-eyeshadow_2_.htm 2015-10-10 15:04 - 2015-10-28 12:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-10-10 15:04 - 2015-10-28 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-10 15:04 - 2015-10-28 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-10 15:02 - 2015-10-10 15:02 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Scot\Downloads\mbam-setup-2.1.8.1057.exe 2015-10-10 14:05 - 2015-10-10 14:05 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-10-10 14:05 - 2015-10-10 14:05 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-10-10 14:05 - 2015-10-10 14:05 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-10-10 14:04 - 2015-10-10 14:04 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-10-10 14:04 - 2015-10-10 14:04 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-10-10 14:04 - 2015-10-10 14:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-10-10 14:04 - 2015-10-10 14:04 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-10-10 14:04 - 2015-10-10 14:04 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-10-10 14:04 - 2015-10-10 14:04 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-10-10 14:04 - 2015-10-10 14:04 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-10-10 14:04 - 2015-10-10 14:04 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-10-10 14:04 - 2015-10-10 14:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-10-10 14:02 - 2015-10-10 14:02 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2015-10-10 14:02 - 2015-10-10 14:02 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2015-10-10 14:02 - 2015-10-10 14:02 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2015-10-10 14:02 - 2015-10-10 14:02 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2015-10-10 14:02 - 2015-10-10 14:02 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2015-10-10 14:02 - 2015-10-10 14:02 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2015-10-10 14:02 - 2015-10-10 14:02 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2015-10-10 14:02 - 2015-10-10 14:02 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2015-10-10 14:01 - 2015-10-10 14:01 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2015-10-10 14:01 - 2015-10-10 14:01 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2015-10-10 13:58 - 2015-10-10 13:58 - 07460168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-10-10 13:58 - 2015-10-10 13:58 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-10-10 13:58 - 2015-10-10 13:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-10-10 13:58 - 2015-10-10 13:58 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2015-10-10 13:58 - 2015-10-10 13:58 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2015-10-10 13:58 - 2015-10-10 13:58 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2015-10-10 13:58 - 2015-10-10 13:58 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2015-10-10 13:57 - 2015-10-10 13:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-10 13:54 - 2015-10-10 13:54 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-10-10 13:54 - 2015-10-10 13:54 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-10-10 13:54 - 2015-10-10 13:54 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-10-10 13:54 - 2015-10-10 13:54 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-10-10 13:52 - 2015-10-10 13:52 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2015-10-10 13:52 - 2015-10-10 13:52 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2015-10-10 13:52 - 2015-10-10 13:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2015-10-10 13:48 - 2015-10-10 13:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-10-10 13:47 - 2015-10-10 13:47 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2015-10-10 13:47 - 2015-10-10 13:47 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2015-10-10 13:47 - 2015-10-10 13:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-10-10 13:47 - 2015-10-10 13:47 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-10-10 13:47 - 2015-10-10 13:47 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe 2015-10-10 13:47 - 2015-10-10 13:47 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe 2015-10-10 13:47 - 2015-10-10 13:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe 2015-10-10 13:47 - 2015-10-10 13:47 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe 2015-10-10 13:46 - 2015-10-10 13:46 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll 2015-10-10 13:46 - 2015-10-10 13:46 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll 2015-10-10 13:45 - 2015-10-10 13:45 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-10-10 13:45 - 2015-10-10 13:45 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-10-10 13:45 - 2015-10-10 13:45 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2015-10-10 13:45 - 2015-10-10 13:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-10-10 13:45 - 2015-10-10 13:45 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2015-10-10 13:45 - 2015-10-10 13:45 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2015-10-10 13:45 - 2015-10-10 13:45 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2015-10-10 13:45 - 2015-10-10 13:45 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-10-10 13:43 - 2015-10-10 13:43 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-10-10 13:43 - 2015-10-10 13:43 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-10-10 13:43 - 2015-10-10 13:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-10-10 13:43 - 2015-10-10 13:43 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-10-10 13:24 - 2015-10-28 16:49 - 00000252 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Scot.job 2015-10-10 13:24 - 2015-10-10 13:24 - 00002350 _____ C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Scot 2015-10-10 13:22 - 2015-10-10 13:22 - 48904992 _____ (IObit) C:\Users\Scot\Downloads\advanced-systemcare-setup(3).exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-29 16:10 - 2013-04-25 19:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-10-29 15:52 - 2013-04-25 18:11 - 00000000 ____D C:\ProgramData\MFAData 2015-10-29 15:51 - 2015-09-15 19:43 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-29 15:42 - 2014-08-21 14:14 - 00000406 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Scot.job 2015-10-29 15:39 - 2014-08-21 14:14 - 00000406 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Scot.job 2015-10-29 15:33 - 2015-09-15 15:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002UA.job 2015-10-29 15:30 - 2015-09-15 15:25 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002Core.job 2015-10-29 13:03 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-10-28 23:53 - 2013-04-25 17:36 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3608695737-4036035937-3015166867-1002 2015-10-28 23:35 - 2013-12-15 13:04 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{78BFE714-D5B4-4ABC-B9F9-E87B0B4C5CBD} 2015-10-28 22:33 - 2015-09-15 19:43 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-28 22:29 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-10-28 20:56 - 2013-10-29 09:03 - 00000000 ____D C:\Users\Scot 2015-10-28 20:55 - 2014-12-23 16:27 - 00000000 ____D C:\ProgramData\ProductData 2015-10-28 20:50 - 2014-01-15 16:26 - 00000000 ____D C:\WINDOWS\Minidump 2015-10-28 20:38 - 2013-08-22 07:44 - 00377256 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-10-28 20:35 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-10-28 20:30 - 2014-04-09 23:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-10-28 17:55 - 2013-04-25 20:39 - 00000000 ____D C:\Users\Scot\AppData\Roaming\IObit 2015-10-28 17:55 - 2013-04-25 20:38 - 00000000 ____D C:\Program Files (x86)\IObit 2015-10-28 16:16 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-10-28 02:10 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache 2015-10-27 23:33 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData 2015-10-27 20:40 - 2015-05-21 08:13 - 00000000 ____D C:\Users\Scot\AppData\Local\Avg 2015-10-27 20:15 - 2013-04-26 19:17 - 00000000 ____D C:\Program Files (x86)\AVG 2015-10-27 20:13 - 2014-05-03 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-10-27 20:13 - 2013-04-26 19:18 - 00000000 ___HD C:\$AVG 2015-10-27 20:12 - 2012-07-26 01:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-10-27 08:58 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2015-10-26 00:32 - 2015-05-29 13:52 - 00000000 ____D C:\Users\Scot\Desktop\Made Cross Stitches 2015-10-26 00:32 - 2015-04-04 19:28 - 00000000 ____D C:\Users\Scot\AppData\Roaming\PCStitch 10 2015-10-26 00:14 - 2013-04-25 18:02 - 00000000 ____D C:\Users\Scot\AppData\Local\Paint.NET 2015-10-23 15:41 - 2013-05-05 10:22 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log 2015-10-16 22:10 - 2013-04-25 19:04 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-10-16 16:56 - 2013-05-06 09:07 - 00000000 ____D C:\Users\Scot\AppData\Roaming\vlc 2015-10-11 14:28 - 2013-10-29 09:51 - 00000000 __RDO C:\Users\Scot\SkyDrive 2015-10-11 14:17 - 2013-09-29 21:04 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-10-11 14:02 - 2013-09-29 20:51 - 00000000 ____D C:\Program Files\Windows Journal 2015-10-11 14:01 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-10-10 16:48 - 2013-04-25 17:56 - 00000000 ____D C:\Users\Scot\AppData\Roaming\uTorrent 2015-10-10 14:58 - 2015-05-06 18:52 - 00000000 ____D C:\Users\Scot\AppData\Local\AVG Web TuneUp 2015-10-10 13:24 - 2014-12-23 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2015-10-10 13:16 - 2015-02-20 00:23 - 00000000 ____D C:\Users\Scot\AppData\Local\Deployment 2015-10-07 22:39 - 2013-05-09 19:37 - 06197760 ___SH C:\Users\Scot\Desktop\Thumbs.db 2015-10-04 08:49 - 2015-05-06 18:52 - 00000000 ____D C:\Program Files\AVG Web TuneUp 2015-10-04 08:49 - 2015-05-06 18:52 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp 2015-10-01 03:39 - 2015-09-27 20:55 - 00000000 ____D C:\ProgramData\Avg_Update_0915tb ==================== Files in the root of some directories ======= 2013-07-25 19:17 - 2013-07-26 14:40 - 0000096 _____ () C:\Users\Scot\AppData\Roaming\Camdata.ini 2013-07-25 19:17 - 2013-07-26 14:40 - 0000408 _____ () C:\Users\Scot\AppData\Roaming\CamLayout.ini 2013-07-25 19:17 - 2013-07-26 14:40 - 0000408 _____ () C:\Users\Scot\AppData\Roaming\CamShapes.ini 2013-07-25 19:17 - 2013-07-26 14:40 - 0004510 _____ () C:\Users\Scot\AppData\Roaming\CamStudio.cfg 2013-07-26 14:37 - 2013-07-26 14:37 - 0000098 _____ () C:\Users\Scot\AppData\Roaming\CamStudio.Producer.command 2013-07-26 14:39 - 2013-07-26 14:39 - 0000000 _____ () C:\Users\Scot\AppData\Roaming\CamStudio.Producer.Data.ini 2013-07-26 14:39 - 2013-07-26 14:39 - 0001206 _____ () C:\Users\Scot\AppData\Roaming\CamStudio.Producer.ini 2013-12-26 13:37 - 2014-03-10 15:23 - 0000308 _____ () C:\Users\Scot\AppData\Roaming\Rim.Desktop.Exception.log 2013-12-26 13:26 - 2014-09-09 17:48 - 0001937 _____ () C:\Users\Scot\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2013-12-26 13:37 - 2014-03-10 15:23 - 0000308 _____ () C:\Users\Scot\AppData\Roaming\Rim.DesktopHelper.Exception.log 2013-12-26 17:36 - 2013-12-26 17:37 - 0000077 _____ () C:\Users\Scot\AppData\Roaming\Rim.Transcoder.Exception.log 2013-07-04 07:06 - 2015-01-05 17:56 - 0021504 _____ () C:\Users\Scot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-09 11:40 - 2014-05-09 11:40 - 0058288 _____ () C:\Users\Scot\AppData\Local\recently-used.xbel 2015-10-28 20:15 - 2015-10-28 20:16 - 0007605 _____ () C:\Users\Scot\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-29 06:48 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-10-2015 Ran by Scot (2015-10-29 16:10:14) Running from F:\ Windows 8.1 (X64) (2013-10-29 16:40:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3608695737-4036035937-3015166867-500 - Administrator - Disabled) Guest (S-1-5-21-3608695737-4036035937-3015166867-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-3608695737-4036035937-3015166867-1008 - Limited - Enabled) Scot (S-1-5-21-3608695737-4036035937-3015166867-1002 - Administrator - Enabled) => C:\Users\Scot ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit) AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks) Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) AVG (Version: 16.4.7163 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4457 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.4.7163 - AVG Technologies) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit) Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) f.lux (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Flux) (Version: - ) FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP Connected Music (Meridian - player) (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent) HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) iExplorer 3.5.1.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - ) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit) iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.) Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle) Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle) K-Lite Codec Pack 9.8.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.8.5 - ) K-Lite Codec Pack 9.8.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.5 - ) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) PCStitch 10 (HKLM-x32\...\{7D389358-56D0-4988-BAAC-5ACE907CCEBD}) (Version: 10.00.23 - M&R Technologies, Inc.) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit) Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.1.0 - IObit) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) ToneSync for Windows (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS) Transcriber 1.5.1 (HKLM-x32\...\Transcriber_is1) (Version: - DGA) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WPS Office (9.1.0.4746) (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Scot\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scot\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-08-29 12:43 - 2015-08-29 12:43 - 00000002 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0689B43F-7A13-4E91-8055-785DA64D46B7} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{FA72F96C-9A7A-4A1D-A3AE-CBFDF93BAAB2}.exe [2015-06-09] () Task: {0F901D70-862A-4485-9640-94841A28BD53} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {15C60C23-F270-4FD4-A8BC-AFA96767B6AB} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{55040800-E30C-4CD2-8C7E-1A5D0D5334C0}.exe Task: {21AE6C3E-D605-487D-97BC-ACE52CEA25AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard) Task: {2D664CA3-E5EF-4728-A0AB-841C786341E6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: {311F8CBA-101D-4F22-BF8F-BC0F8CD0C2AE} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit) Task: {38165F00-C7EC-4668-8AB1-36420CF5BC65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {387D7CF4-C482-4806-944A-2B2A3E3E25FD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {3C550EFE-E0AC-4BEA-8676-9F6553E03353} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd) Task: {42E75129-9BB3-46C1-BA08-992C11747570} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {50391A23-FF86-44C1-9AC3-BC0B33E18EB5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe Task: {56406FA1-01FE-45FB-883D-D34E5EE1FEE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {564CF435-67E9-4B85-AB55-F2B006D6D518} - System32\Tasks\Driver Booster SkipUAC (Scot) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-05-14] (IObit) Task: {5D69A520-3373-49CD-B814-ED1313B40274} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated) Task: {5FE3C72B-285C-4B35-A35E-40B3D4A439B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {755D0203-1D64-4268-8A08-19DA475B9FD0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002UA => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {76AEB8F5-4477-4406-BF09-C59F22A048E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002Core => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {80088D15-A778-4B41-BCBC-2750A4C747E2} - System32\Tasks\Uninstaller_SkipUac_Scot => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit) Task: {941DB113-D944-4842-8B3B-EF78CB4B366A} - System32\Tasks\WpsUpdateTask_Scot => C:\Users\Scot\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-08-21] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {9F895E54-CEB6-4808-B353-3BD9246A561A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-05-14] (IObit) Task: {B0136AC4-5B9D-4B0D-857C-D45536A13316} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {C82F9E0A-7F9C-4111-B117-DAAC9BD9CE9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {C89547BD-DF29-45FA-9571-B883C6EEB086} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {C8E9F45F-6F51-4583-AF11-DAD520711B07} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {E597FDD2-9AB9-4782-90ED-08FB07504664} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {E5E8039B-373B-4309-80A6-8AEFB035EB78} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-11-04] (IObit) Task: {EB1CA640-36AF-4102-B23B-B4F242E850F4} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.) Task: {F9E5A470-68A7-4117-B9F3-0FD3D1B23D6C} - System32\Tasks\ASC8_SkipUac_Scot => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit) Task: {FEA28A65-FE3A-4365-9E98-3F938E4E4B37} - System32\Tasks\WpsNotifyTask_Scot => C:\Users\Scot\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-08-21] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {FED9D563-0874-4F6A-AE19-6BD695A951B6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {FFCF22BC-25A9-4E93-9D24-E68BDE6DF26A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{FA72F96C-9A7A-4A1D-A3AE-CBFDF93BAAB2}.exe Task: C:\WINDOWS\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{55040800-E30C-4CD2-8C7E-1A5D0D5334C0}.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Scot.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002Core.job => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002UA.job => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Scot.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_Scot.job => C:\Users\Scot\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Scot.job => C:\Users\Scot\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-10-04 08:48 - 2015-10-04 08:47 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2012-08-08 10:36 - 2012-08-08 10:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-04 08:49 - 2015-10-04 08:47 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe 2015-05-06 18:52 - 2015-10-04 08:47 - 03177360 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe 2014-12-23 16:27 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-10-04 08:49 - 2015-10-04 08:47 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\log4cplusU.dll 2015-10-28 17:55 - 2014-06-04 15:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll 2015-05-27 14:51 - 2015-03-13 13:22 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl 2015-05-27 14:51 - 2015-03-13 13:22 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl 2015-05-27 14:51 - 2015-03-13 13:22 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl 2015-05-27 14:51 - 2015-03-13 13:22 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll 2015-05-27 14:51 - 2015-03-13 13:22 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll 2015-05-27 14:51 - 2015-03-13 13:22 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll 2012-10-18 06:39 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-05-27 14:51 - 2015-03-13 13:23 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll 2015-05-06 18:52 - 2015-10-04 08:47 - 40638864 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll 2015-10-27 20:07 - 2015-10-27 20:06 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\100sexlinks.com -> 100sexlinks.com There are 4788 more sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Scot\Desktop\tumblr_nidcj0yLuo1rem6lao1_r1_500.png HKU\S-1-5-21-3608695737-4036035937-3015166867-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: ApplePhotoStreams => c:\program files (x86)\common files\apple\internet services\applephotostreams.exe MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe MSCONFIG\startupreg: BtPreLoad => MSCONFIG\startupreg: HP Quick Launch => c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe MSCONFIG\startupreg: iCloudServices => c:\program files (x86)\common files\apple\internet services\icloudservices.exe MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe MSCONFIG\startupreg: OtShot => MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime MSCONFIG\startupreg: SmartRAM => "c:\program files (x86)\iobit\advanced systemcare 6\suo10_smartram.exe" /m MSCONFIG\startupreg: StartCCC => "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\StartupFolder: => "lollipop_12161546.lnk" HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "Advanced SystemCare 6" HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "Advanced SystemCare 8" HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{1684D762-DC08-4FA0-A86F-C20CE46A98A9}] => (Allow) C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{AB893B88-1B6D-4FA6-9400-8DEED522ED94}] => (Allow) C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CB755691-C090-4867-B0C5-DAFDA5C3839B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [uDP Query User{E10BEF9F-1AF7-4233-AAE3-9078E52AB362}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [TCP Query User{C9AE5F3A-8AAA-4176-BCC7-574D7A82B9DE}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [{B65D69CE-68EC-4F15-9ABF-229825E61B8C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{55FDCDA6-8A8D-4279-AB44-47ED514419D0}] => (Allow) LPort=1900 FirewallRules: [{AEEC24FD-9AF9-4EA8-BC1E-CEE9158EB29F}] => (Allow) LPort=2869 FirewallRules: [{0AE85121-D5B4-49FC-9B25-5847489BE778}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{2C15A7C9-245C-4D42-81C5-B0774F516F77}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [uDP Query User{3C890DA0-0083-4179-ABD6-A51033880456}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{12604934-DE8F-401E-9AD8-E54531A935EC}] => (Allow) C:\Users\Scot\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{2C06D13D-0B38-4354-8ED2-37B41B89DD73}] => (Allow) C:\Users\Scot\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [TCP Query User{EA41E6FB-98A4-4DB4-A188-596D14D1D199}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [uDP Query User{09B81105-52DE-450A-AB5D-11867091A43A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{22CAB169-C582-41AB-90CC-DD767A04AAFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{A436DF0F-6DF7-41F5-ABDB-87DF064731A4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{3F7A88D7-2333-41F1-841A-B75BE6EBB7B6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{8C205378-D4A2-43BA-8677-EE4DFE31C7E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{F74BD154-19EB-48FF-BB4F-3DFBBE506152}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{338192E1-3F78-4AB5-9141-5A8CD09B4488}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{B1880C89-3A3B-4037-A274-7AF9C03B64A8}] => (Allow) C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6C4CB21D-F799-49EF-A756-8098C905C2C1}] => (Allow) C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{67460D7C-DF54-4FDB-ADE5-1A7D7CBBDE7B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{09BD0A54-F655-46C9-86E6-919314A4B6C3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{9BCB1FAB-DE56-4B22-A899-8DF87520D451}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{64A8040D-F5DA-4533-82F8-09353606AFF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{12610425-7E00-415F-B193-44F1F7BF72D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{35E52AC2-27B2-4445-A0F8-47C42BAD36ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{43E7BE30-7C2A-4F63-A106-4B42F0FFB50F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{904C41D5-28EC-41C2-961F-170AAFC7DE5A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F6C7AFF3-3024-4B69-8573-6395F0805DC3}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{B827E738-506B-472C-ADF4-7328F1D005B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{3BDF669D-2146-4543-B618-4AA94AE119C7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{C1185363-7641-4AC5-A056-BF0F138122AD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{F12B735A-3CC8-42BE-875F-0390D03B4BE4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{0FF1541B-A426-4F44-AC0A-FD0454BDD4DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{5B283B9E-4366-4154-BA6E-83604512D8F9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{44C294F5-CC62-484B-9270-E8781F70E0C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{48E349EA-AC5E-4456-A7F0-2796FC2862DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{9F22A6BA-A55C-4CD4-8B90-7E55129825C0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/29/2015 02:43:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/29/2015 02:02:46 PM) (Source: ESENT) (EventID: 492) (User: ) Description: svchost (1864) SRUJet: The logfile sequence in "C:\WINDOWS\system32\SRU\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup. Error: (10/29/2015 02:02:45 PM) (Source: ESENT) (EventID: 471) (User: ) Description: svchost (1864) SRUJet: Unable to rollback operation #409 on database C:\WINDOWS\system32\SRU\SRUDB.dat. Error: -1014. All future database updates will be rejected. Error: (10/28/2015 11:38:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: be4 Start Time: 01d11213b60f5146 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: aef91db9-7e07-11e5-bf83-74e543eb69e5 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (10/28/2015 11:30:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS) Description: Activation of app GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/28/2015 11:04:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 98c Start Time: 01d1120eec9d6bfa Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: eaa86683-7e02-11e5-bf83-74e543eb69e5 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (10/28/2015 10:56:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 918 Start Time: 01d1120d21a8c77f Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 5a8d4a72-7e01-11e5-bf83-74e543eb69e5 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (10/28/2015 10:46:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/28/2015 10:46:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/28/2015 10:46:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (10/29/2015 02:43:15 PM) (Source: DCOM) (EventID: 10010) (User: SCOTS) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (10/29/2015 07:17:43 AM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (10/28/2015 10:40:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: %%1058 Error: (10/28/2015 10:39:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Assistant Service service failed to start due to the following error: %%1053 Error: (10/28/2015 10:39:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect. Error: (10/28/2015 10:38:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The File History Service service hung on starting. Error: (10/28/2015 10:36:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Background Intelligent Transfer Service service hung on starting. Error: (10/28/2015 10:33:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Application Information service hung on starting. Error: (10/28/2015 10:32:34 PM) (Source: DCOM) (EventID: 10010) (User: SCOTS) Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (10/28/2015 10:29:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: %%31 CodeIntegrity: =================================== Date: 2013-11-26 10:09:12.222 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0D797F3-F47B-4299-A084-F988533669CD}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-11-26 10:09:11.078 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B91FF7-05D4-4DCC-A68D-F0E377F3DEED}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-06-01 08:39:51.550 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-01 08:39:50.504 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-01 08:39:18.896 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-01 08:39:17.874 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-01 08:39:03.073 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-01 08:39:02.018 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-01 08:38:49.021 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-01 08:38:46.181 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A6-4400M APU with Radeon HD Graphics Percentage of memory in use: 36% Total physical RAM: 5602.26 MB Available physical RAM: 3568.35 MB Total Virtual: 11602.26 MB Available Virtual: 9949.6 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:671.65 GB) (Free:289.79 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (RECOVERY) (Fixed) (Total:25.87 GB) (Free:3 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: () (Removable) (Total:0.15 GB) (Free:0.14 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 33044D6F) Partition: GPT. ======================================================== Disk: 1 (Size: 961 MB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  7. Good evening. I have a windows laptop, HP that suddenly became very slow, running the disk use at 100% . I ran antimalwarebytes, slowly, and only found tracking cookies. then, I was locked out, the password wasn't recognised or had been changed remotly . I chang d that online. but am still with the same problem When I tried to open in safe mode, the windows updates ran and then reported it could not be completed, reversed the updates, restarted in regular mode. I can not access the settings to try to update from there, it simply does not open. Thanks for your help Cynde
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.