Jump to content

super slow laptop, Windows 8.1 possibly hacked


cynde

Recommended Posts

Good evening. Im sorry that I messed up in my first post and now notice that the attachments for the logs didn't load. I have looked but can't determine how to delete my previous post.

I have a windows 8.1 laptop, HP that suddenly became very slow, running the disk use at 100%. I ran antimalwarebytes, slowly, and only found tracking cookies. Then, I was locked out, the password wasn't recognised or had been changed remotly . I changed that online. but am still with the same old problems.

 

When I tried to open in safe mode, the windows updates ran and then reported it could not be completed, reversed the updates, restarted in regular mode. I can not access the settings to try to update from there, it simply does not open.

Thanks for your help.

Cynde

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-10-2015
Ran by Scot (administrator) on SCOTS (29-10-2015 16:08:45)
Running from F:\
Loaded Profiles: Scot & Guest (Available Profiles: Scot & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Flux Software LLC) C:\Users\Scot\AppData\Local\FluxSoftware\Flux\flux.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-12-23] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3812264 2015-10-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3177360 2015-10-04] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [F.lux] => C:\Users\Scot\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [Google Update] => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [uTorrent] => C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe [1774432 2015-09-19] (BitTorrent Inc.)
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3608695737-4036035937-3015166867-501\...\Run: [uTorrent] => C:\Users\Guest\AppData\Roaming\uTorrent\uTorrent.exe [1672784 2014-04-21] (BitTorrent Inc.)
HKU\S-1-5-21-3608695737-4036035937-3015166867-501\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.59.160.15 64.59.161.69
Tcpip\..\Interfaces\{131F61D0-AFA9-495D-9F57-A2E421EF8848}: [DhcpNameServer] 64.59.160.15 64.59.161.69

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON13/4
HKU\S-1-5-21-3608695737-4036035937-3015166867-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON13/4
HKU\S-1-5-21-3608695737-4036035937-3015166867-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON13/4
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {ECD5D19E-F577-4A6F-9DF0-BC36C80A769F} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={1CF667E6-C1D9-4A4A-A967-49D6B1A54A91}&mid=42bc9e0076c847d39d14a5ac050f8016-c7610c852e90aed1a97ce0c03ee13f2fbf52cd4f〈=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-06 18:52:42&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3608695737-4036035937-3015166867-501 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-10-10] (IObit)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: No Name -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> No File
BHO-x32: No Name -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> No File

FireFox:
========
FF ProfilePath: C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385
FF Homepage: hxxps://mysearch.avg.com?pid=wtu&sg=&cid=%7B3484ee09-9add-45d1-8b6f-b736cc765c97%7D&mid=42bc9e0076c847d39d14a5ac050f8016-c7610c852e90aed1a97ce0c03ee13f2fbf52cd4f&cmpid=0415av&ds=AVG&v=4.1.8.599〈=en&pr=fr&d=2015-05-06%2018%3A52%3A42&sap=hp&form=QBLH&pc=AVG2
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.8\\npsitesafety.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Scot\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @talk.google.com/O1DPlugin -> C:\Users\Scot\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Scot\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Scot\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3608695737-4036035937-3015166867-501: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF user.js: detected! => C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\user.js [2014-12-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Scot\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Scot\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\searchplugins\avg-secure-search.xml [2015-05-06]
FF SearchPlugin: C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\searchplugins\imdb--.xml [2015-01-14]
FF SearchPlugin: C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\searchplugins\youtube.xml [2014-06-30]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-04]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\ascsurfingprotection@iobit.com [2015-10-10] [not signed]
FF Extension: iCloud Bookmarks - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\firefoxdav@icloud.com [2015-05-29]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\iobitascsurfingprotection@iobit.com [2015-05-27] [not signed]
FF Extension: Flashblock - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-29]
FF Extension: Pin It Button - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-10-06] [not signed]
FF Extension: Social Fixer - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\socialfixer@mattkruse.com.xpi [2014-10-31] [not signed]
FF Extension: Adblock Plus - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25]
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found
FF Extension: No Name - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\extensions\adblockpopups@jessehakanen.net.xpi [not found]
FF Extension: No Name - C:\Users\Scot\AppData\Roaming\Mozilla\Firefox\Profiles\xe80h8s8.default-1393885805385\extensions\avg@toolbar [not found]

Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AVG Secure Search) - C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-07-02]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-10-27]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Scot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-31] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604712 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3792880 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [596344 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339968 2014-12-23] (IDT, Inc.) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-03-13] (IObit)
R2 vToolbarUpdater40.1.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe [1875856 2015-10-04] (AVG Secure Search)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-12-12] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-29] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-10-04] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2015-01-08] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2015-05-12] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-09-11] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [293296 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [251312 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [314800 2015-08-31] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-06] (REALiX)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-19] (Atheros)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-04-06] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-29] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-29 16:08 - 2015-10-29 16:08 - 00000000 ____D C:\FRST
2015-10-28 23:19 - 2015-10-28 23:19 - 00002386 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Scot
2015-10-28 23:19 - 2015-10-28 23:19 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Scot.job
2015-10-28 20:50 - 2015-10-28 20:51 - 00280928 _____ C:\WINDOWS\Minidump\102815-64687-01.dmp
2015-10-28 20:34 - 2015-10-29 16:07 - 00001104 _____ C:\WINDOWS\setupact.log
2015-10-28 20:34 - 2015-10-28 20:34 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-28 20:15 - 2015-10-28 20:16 - 00007605 _____ C:\Users\Scot\AppData\Local\Resmon.ResmonCfg
2015-10-28 17:56 - 2015-10-28 17:56 - 00003164 _____ C:\WINDOWS\System32\Tasks\SmartDefrag3_Startup
2015-10-28 17:56 - 2015-10-28 17:56 - 00003162 _____ C:\WINDOWS\System32\Tasks\SmartDefrag3_Update
2015-10-28 17:55 - 2015-10-28 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2015-10-28 17:55 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2015-10-28 17:55 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2015-10-28 16:16 - 2015-10-28 16:16 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-10-28 16:16 - 2015-10-28 16:16 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-10-28 16:16 - 2015-10-28 16:16 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-10-28 16:16 - 2015-10-28 16:16 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-10-28 16:16 - 2015-10-28 16:16 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-10-28 16:16 - 2015-10-28 16:16 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-10-28 16:16 - 2015-10-28 16:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2015-10-28 16:15 - 2015-10-28 16:15 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-10-28 16:15 - 2015-10-28 16:15 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-28 16:15 - 2015-10-28 16:15 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-28 12:28 - 2015-10-28 12:28 - 00001094 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-28 12:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-28 12:27 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-28 12:27 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-28 11:26 - 2015-10-29 03:00 - 01176205 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-27 20:14 - 2015-10-27 20:14 - 00000000 ____D C:\Users\Scot\AppData\Roaming\AVG
2015-10-27 20:12 - 2015-10-27 20:12 - 00000912 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-10-27 20:07 - 2015-10-27 20:10 - 00000000 ____D C:\ProgramData\Avg
2015-10-27 20:06 - 2015-10-27 20:07 - 00000000 ____D C:\Users\Scot\AppData\Local\AvgSetupLog
2015-10-27 19:33 - 2015-10-28 20:50 - 460923423 _____ C:\WINDOWS\MEMORY.DMP
2015-10-26 08:51 - 2015-10-27 23:29 - 86802432 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2015-10-26 08:51 - 2015-10-27 23:29 - 00401408 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2015-10-26 08:51 - 2015-10-27 23:29 - 00032768 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2015-10-26 08:51 - 2015-10-27 23:29 - 00032768 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2015-10-15 18:59 - 2015-10-15 18:59 - 00269846 _____ C:\Users\Scot\Desktop\Hotline Bling iPhone.m4r
2015-10-13 19:10 - 2015-10-16 22:10 - 03996360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-10-11 11:27 - 2015-10-11 11:27 - 00034154 _____ C:\Users\Scot\Downloads\http _viralovocity.com_black-and-brown-eyeshadow_2_.htm
2015-10-10 15:04 - 2015-10-28 12:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-10 15:04 - 2015-10-28 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-10 15:04 - 2015-10-28 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-10 15:02 - 2015-10-10 15:02 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Scot\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-10 14:05 - 2015-10-10 14:05 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-10 14:05 - 2015-10-10 14:05 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-10 14:05 - 2015-10-10 14:05 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-10 14:04 - 2015-10-10 14:04 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-10 14:04 - 2015-10-10 14:04 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-10 14:04 - 2015-10-10 14:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-10 14:04 - 2015-10-10 14:04 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-10 14:04 - 2015-10-10 14:04 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-10 14:04 - 2015-10-10 14:04 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-10 14:04 - 2015-10-10 14:04 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-10 14:04 - 2015-10-10 14:04 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-10 14:04 - 2015-10-10 14:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-10 14:02 - 2015-10-10 14:02 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-10-10 14:02 - 2015-10-10 14:02 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-10-10 14:02 - 2015-10-10 14:02 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-10-10 14:02 - 2015-10-10 14:02 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-10 14:02 - 2015-10-10 14:02 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-10-10 14:02 - 2015-10-10 14:02 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-10 14:02 - 2015-10-10 14:02 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-10-10 14:02 - 2015-10-10 14:02 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-10-10 14:01 - 2015-10-10 14:01 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-10 14:01 - 2015-10-10 14:01 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-10 13:58 - 2015-10-10 13:58 - 07460168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-10 13:58 - 2015-10-10 13:58 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-10 13:58 - 2015-10-10 13:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-10 13:58 - 2015-10-10 13:58 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-10 13:58 - 2015-10-10 13:58 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-10 13:58 - 2015-10-10 13:58 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-10 13:58 - 2015-10-10 13:58 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-10 13:57 - 2015-10-10 13:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-10 13:56 - 2015-10-10 13:56 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-10 13:54 - 2015-10-10 13:54 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-10-10 13:54 - 2015-10-10 13:54 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-10-10 13:54 - 2015-10-10 13:54 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-10-10 13:54 - 2015-10-10 13:54 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-10-10 13:52 - 2015-10-10 13:52 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-10-10 13:52 - 2015-10-10 13:52 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-10-10 13:52 - 2015-10-10 13:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-10-10 13:48 - 2015-10-10 13:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-10 13:47 - 2015-10-10 13:47 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-10 13:47 - 2015-10-10 13:47 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-10 13:47 - 2015-10-10 13:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-10 13:47 - 2015-10-10 13:47 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-10-10 13:47 - 2015-10-10 13:47 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-10-10 13:47 - 2015-10-10 13:47 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-10-10 13:47 - 2015-10-10 13:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-10-10 13:47 - 2015-10-10 13:47 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-10-10 13:46 - 2015-10-10 13:46 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-10-10 13:46 - 2015-10-10 13:46 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-10-10 13:45 - 2015-10-10 13:45 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-10-10 13:45 - 2015-10-10 13:45 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-10-10 13:45 - 2015-10-10 13:45 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-10-10 13:45 - 2015-10-10 13:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-10-10 13:45 - 2015-10-10 13:45 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-10-10 13:45 - 2015-10-10 13:45 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-10-10 13:45 - 2015-10-10 13:45 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-10-10 13:45 - 2015-10-10 13:45 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-10 13:43 - 2015-10-10 13:43 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-10 13:43 - 2015-10-10 13:43 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-10 13:43 - 2015-10-10 13:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-10 13:43 - 2015-10-10 13:43 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-10 13:24 - 2015-10-28 16:49 - 00000252 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Scot.job
2015-10-10 13:24 - 2015-10-10 13:24 - 00002350 _____ C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Scot
2015-10-10 13:22 - 2015-10-10 13:22 - 48904992 _____ (IObit) C:\Users\Scot\Downloads\advanced-systemcare-setup(3).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-29 16:10 - 2013-04-25 19:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-29 15:52 - 2013-04-25 18:11 - 00000000 ____D C:\ProgramData\MFAData
2015-10-29 15:51 - 2015-09-15 19:43 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-29 15:42 - 2014-08-21 14:14 - 00000406 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Scot.job
2015-10-29 15:39 - 2014-08-21 14:14 - 00000406 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Scot.job
2015-10-29 15:33 - 2015-09-15 15:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002UA.job
2015-10-29 15:30 - 2015-09-15 15:25 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002Core.job
2015-10-29 13:03 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-28 23:53 - 2013-04-25 17:36 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3608695737-4036035937-3015166867-1002
2015-10-28 23:35 - 2013-12-15 13:04 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{78BFE714-D5B4-4ABC-B9F9-E87B0B4C5CBD}
2015-10-28 22:33 - 2015-09-15 19:43 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-28 22:29 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-28 20:56 - 2013-10-29 09:03 - 00000000 ____D C:\Users\Scot
2015-10-28 20:55 - 2014-12-23 16:27 - 00000000 ____D C:\ProgramData\ProductData
2015-10-28 20:50 - 2014-01-15 16:26 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-28 20:38 - 2013-08-22 07:44 - 00377256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-28 20:35 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-28 20:30 - 2014-04-09 23:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-28 17:55 - 2013-04-25 20:39 - 00000000 ____D C:\Users\Scot\AppData\Roaming\IObit
2015-10-28 17:55 - 2013-04-25 20:38 - 00000000 ____D C:\Program Files (x86)\IObit
2015-10-28 16:16 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-28 02:10 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-27 23:33 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-27 20:40 - 2015-05-21 08:13 - 00000000 ____D C:\Users\Scot\AppData\Local\Avg
2015-10-27 20:15 - 2013-04-26 19:17 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-27 20:13 - 2014-05-03 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-27 20:13 - 2013-04-26 19:18 - 00000000 ___HD C:\$AVG
2015-10-27 20:12 - 2012-07-26 01:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-27 08:58 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-26 00:32 - 2015-05-29 13:52 - 00000000 ____D C:\Users\Scot\Desktop\Made Cross Stitches
2015-10-26 00:32 - 2015-04-04 19:28 - 00000000 ____D C:\Users\Scot\AppData\Roaming\PCStitch 10
2015-10-26 00:14 - 2013-04-25 18:02 - 00000000 ____D C:\Users\Scot\AppData\Local\Paint.NET
2015-10-23 15:41 - 2013-05-05 10:22 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-10-16 22:10 - 2013-04-25 19:04 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-16 16:56 - 2013-05-06 09:07 - 00000000 ____D C:\Users\Scot\AppData\Roaming\vlc
2015-10-11 14:28 - 2013-10-29 09:51 - 00000000 __RDO C:\Users\Scot\SkyDrive
2015-10-11 14:17 - 2013-09-29 21:04 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-11 14:02 - 2013-09-29 20:51 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-11 14:01 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-10 16:48 - 2013-04-25 17:56 - 00000000 ____D C:\Users\Scot\AppData\Roaming\uTorrent
2015-10-10 14:58 - 2015-05-06 18:52 - 00000000 ____D C:\Users\Scot\AppData\Local\AVG Web TuneUp
2015-10-10 13:24 - 2014-12-23 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-10-10 13:16 - 2015-02-20 00:23 - 00000000 ____D C:\Users\Scot\AppData\Local\Deployment
2015-10-07 22:39 - 2013-05-09 19:37 - 06197760 ___SH C:\Users\Scot\Desktop\Thumbs.db
2015-10-04 08:49 - 2015-05-06 18:52 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2015-10-04 08:49 - 2015-05-06 18:52 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-10-01 03:39 - 2015-09-27 20:55 - 00000000 ____D C:\ProgramData\Avg_Update_0915tb

==================== Files in the root of some directories =======

2013-07-25 19:17 - 2013-07-26 14:40 - 0000096 _____ () C:\Users\Scot\AppData\Roaming\Camdata.ini
2013-07-25 19:17 - 2013-07-26 14:40 - 0000408 _____ () C:\Users\Scot\AppData\Roaming\CamLayout.ini
2013-07-25 19:17 - 2013-07-26 14:40 - 0000408 _____ () C:\Users\Scot\AppData\Roaming\CamShapes.ini
2013-07-25 19:17 - 2013-07-26 14:40 - 0004510 _____ () C:\Users\Scot\AppData\Roaming\CamStudio.cfg
2013-07-26 14:37 - 2013-07-26 14:37 - 0000098 _____ () C:\Users\Scot\AppData\Roaming\CamStudio.Producer.command
2013-07-26 14:39 - 2013-07-26 14:39 - 0000000 _____ () C:\Users\Scot\AppData\Roaming\CamStudio.Producer.Data.ini
2013-07-26 14:39 - 2013-07-26 14:39 - 0001206 _____ () C:\Users\Scot\AppData\Roaming\CamStudio.Producer.ini
2013-12-26 13:37 - 2014-03-10 15:23 - 0000308 _____ () C:\Users\Scot\AppData\Roaming\Rim.Desktop.Exception.log
2013-12-26 13:26 - 2014-09-09 17:48 - 0001937 _____ () C:\Users\Scot\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-12-26 13:37 - 2014-03-10 15:23 - 0000308 _____ () C:\Users\Scot\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-12-26 17:36 - 2013-12-26 17:37 - 0000077 _____ () C:\Users\Scot\AppData\Roaming\Rim.Transcoder.Exception.log
2013-07-04 07:06 - 2015-01-05 17:56 - 0021504 _____ () C:\Users\Scot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-09 11:40 - 2014-05-09 11:40 - 0058288 _____ () C:\Users\Scot\AppData\Local\recently-used.xbel
2015-10-28 20:15 - 2015-10-28 20:16 - 0007605 _____ () C:\Users\Scot\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-29 06:48

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-10-2015
Ran by Scot (2015-10-29 16:10:14)
Running from F:\
Windows 8.1 (X64) (2013-10-29 16:40:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3608695737-4036035937-3015166867-500 - Administrator - Disabled)
Guest (S-1-5-21-3608695737-4036035937-3015166867-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3608695737-4036035937-3015166867-1008 - Limited - Enabled)
Scot (S-1-5-21-3608695737-4036035937-3015166867-1002 - Administrator - Enabled) => C:\Users\Scot

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (Version: 16.4.7163 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4457 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.4.7163 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
f.lux (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\Flux) (Version: - )
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iExplorer 3.5.1.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
K-Lite Codec Pack 9.8.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.8.5 - )
K-Lite Codec Pack 9.8.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.5 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PCStitch 10 (HKLM-x32\...\{7D389358-56D0-4988-BAAC-5ACE907CCEBD}) (Version: 10.00.23 - M&R Technologies, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.1.0 - IObit)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
ToneSync for Windows (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS)
Transcriber 1.5.1 (HKLM-x32\...\Transcriber_is1) (Version: - DGA)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WPS Office (9.1.0.4746) (HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Scot\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scot\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-29 12:43 - 2015-08-29 12:43 - 00000002 ____A C:\WINDOWS\system32\Drivers\etc\hosts



==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0689B43F-7A13-4E91-8055-785DA64D46B7} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{FA72F96C-9A7A-4A1D-A3AE-CBFDF93BAAB2}.exe [2015-06-09] ()
Task: {0F901D70-862A-4485-9640-94841A28BD53} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {15C60C23-F270-4FD4-A8BC-AFA96767B6AB} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{55040800-E30C-4CD2-8C7E-1A5D0D5334C0}.exe
Task: {21AE6C3E-D605-487D-97BC-ACE52CEA25AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)
Task: {2D664CA3-E5EF-4728-A0AB-841C786341E6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {311F8CBA-101D-4F22-BF8F-BC0F8CD0C2AE} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {38165F00-C7EC-4668-8AB1-36420CF5BC65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {387D7CF4-C482-4806-944A-2B2A3E3E25FD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {3C550EFE-E0AC-4BEA-8676-9F6553E03353} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {42E75129-9BB3-46C1-BA08-992C11747570} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {50391A23-FF86-44C1-9AC3-BC0B33E18EB5} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {56406FA1-01FE-45FB-883D-D34E5EE1FEE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {564CF435-67E9-4B85-AB55-F2B006D6D518} - System32\Tasks\Driver Booster SkipUAC (Scot) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-05-14] (IObit)
Task: {5D69A520-3373-49CD-B814-ED1313B40274} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {5FE3C72B-285C-4B35-A35E-40B3D4A439B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {755D0203-1D64-4268-8A08-19DA475B9FD0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002UA => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {76AEB8F5-4477-4406-BF09-C59F22A048E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002Core => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {80088D15-A778-4B41-BCBC-2750A4C747E2} - System32\Tasks\Uninstaller_SkipUac_Scot => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {941DB113-D944-4842-8B3B-EF78CB4B366A} - System32\Tasks\WpsUpdateTask_Scot => C:\Users\Scot\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2014-08-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {9F895E54-CEB6-4808-B353-3BD9246A561A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-05-14] (IObit)
Task: {B0136AC4-5B9D-4B0D-857C-D45536A13316} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C82F9E0A-7F9C-4111-B117-DAAC9BD9CE9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C89547BD-DF29-45FA-9571-B883C6EEB086} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C8E9F45F-6F51-4583-AF11-DAD520711B07} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E597FDD2-9AB9-4782-90ED-08FB07504664} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E5E8039B-373B-4309-80A6-8AEFB035EB78} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-11-04] (IObit)
Task: {EB1CA640-36AF-4102-B23B-B4F242E850F4} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {F9E5A470-68A7-4117-B9F3-0FD3D1B23D6C} - System32\Tasks\ASC8_SkipUac_Scot => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {FEA28A65-FE3A-4365-9E98-3F938E4E4B37} - System32\Tasks\WpsNotifyTask_Scot => C:\Users\Scot\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-08-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {FED9D563-0874-4F6A-AE19-6BD695A951B6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FFCF22BC-25A9-4E93-9D24-E68BDE6DF26A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{FA72F96C-9A7A-4A1D-A3AE-CBFDF93BAAB2}.exe
Task: C:\WINDOWS\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{55040800-E30C-4CD2-8C7E-1A5D0D5334C0}.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Scot.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002Core.job => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3608695737-4036035937-3015166867-1002UA.job => C:\Users\Scot\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Scot.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Scot.job => C:\Users\Scot\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Scot.job => C:\Users\Scot\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-10-04 08:48 - 2015-10-04 08:47 - 01205136 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2012-08-08 10:36 - 2012-08-08 10:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-04 08:49 - 2015-10-04 08:47 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
2015-05-06 18:52 - 2015-10-04 08:47 - 03177360 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-12-23 16:27 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-10-04 08:49 - 2015-10-04 08:47 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\log4cplusU.dll
2015-10-28 17:55 - 2014-06-04 15:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2015-05-27 14:51 - 2015-03-13 13:22 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2015-05-27 14:51 - 2015-03-13 13:22 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2015-05-27 14:51 - 2015-03-13 13:22 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-05-27 14:51 - 2015-03-13 13:22 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll
2015-05-27 14:51 - 2015-03-13 13:22 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll
2015-05-27 14:51 - 2015-03-13 13:22 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll
2012-10-18 06:39 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-05-27 14:51 - 2015-03-13 13:23 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2015-05-06 18:52 - 2015-10-04 08:47 - 40638864 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2015-10-27 20:07 - 2015-10-27 20:06 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Scot\Desktop\tumblr_nidcj0yLuo1rem6lao1_r1_500.png
HKU\S-1-5-21-3608695737-4036035937-3015166867-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ApplePhotoStreams => c:\program files (x86)\common files\apple\internet services\applephotostreams.exe
MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: BtPreLoad =>
MSCONFIG\startupreg: HP Quick Launch => c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe
MSCONFIG\startupreg: iCloudServices => c:\program files (x86)\common files\apple\internet services\icloudservices.exe
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: OtShot =>
MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: SmartRAM => "c:\program files (x86)\iobit\advanced systemcare 6\suo10_smartram.exe" /m
MSCONFIG\startupreg: StartCCC => "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\StartupFolder: => "lollipop_12161546.lnk"
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "Advanced SystemCare 6"
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "Advanced SystemCare 8"
HKU\S-1-5-21-3608695737-4036035937-3015166867-1002\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1684D762-DC08-4FA0-A86F-C20CE46A98A9}] => (Allow) C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB893B88-1B6D-4FA6-9400-8DEED522ED94}] => (Allow) C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CB755691-C090-4867-B0C5-DAFDA5C3839B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [uDP Query User{E10BEF9F-1AF7-4233-AAE3-9078E52AB362}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{C9AE5F3A-8AAA-4176-BCC7-574D7A82B9DE}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{B65D69CE-68EC-4F15-9ABF-229825E61B8C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{55FDCDA6-8A8D-4279-AB44-47ED514419D0}] => (Allow) LPort=1900
FirewallRules: [{AEEC24FD-9AF9-4EA8-BC1E-CEE9158EB29F}] => (Allow) LPort=2869
FirewallRules: [{0AE85121-D5B4-49FC-9B25-5847489BE778}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{2C15A7C9-245C-4D42-81C5-B0774F516F77}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{3C890DA0-0083-4179-ABD6-A51033880456}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{12604934-DE8F-401E-9AD8-E54531A935EC}] => (Allow) C:\Users\Scot\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2C06D13D-0B38-4354-8ED2-37B41B89DD73}] => (Allow) C:\Users\Scot\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{EA41E6FB-98A4-4DB4-A188-596D14D1D199}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{09B81105-52DE-450A-AB5D-11867091A43A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{22CAB169-C582-41AB-90CC-DD767A04AAFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{A436DF0F-6DF7-41F5-ABDB-87DF064731A4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{3F7A88D7-2333-41F1-841A-B75BE6EBB7B6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{8C205378-D4A2-43BA-8677-EE4DFE31C7E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{F74BD154-19EB-48FF-BB4F-3DFBBE506152}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{338192E1-3F78-4AB5-9141-5A8CD09B4488}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B1880C89-3A3B-4037-A274-7AF9C03B64A8}] => (Allow) C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C4CB21D-F799-49EF-A756-8098C905C2C1}] => (Allow) C:\Users\Scot\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{67460D7C-DF54-4FDB-ADE5-1A7D7CBBDE7B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{09BD0A54-F655-46C9-86E6-919314A4B6C3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{9BCB1FAB-DE56-4B22-A899-8DF87520D451}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{64A8040D-F5DA-4533-82F8-09353606AFF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{12610425-7E00-415F-B193-44F1F7BF72D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{35E52AC2-27B2-4445-A0F8-47C42BAD36ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{43E7BE30-7C2A-4F63-A106-4B42F0FFB50F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{904C41D5-28EC-41C2-961F-170AAFC7DE5A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F6C7AFF3-3024-4B69-8573-6395F0805DC3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B827E738-506B-472C-ADF4-7328F1D005B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3BDF669D-2146-4543-B618-4AA94AE119C7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C1185363-7641-4AC5-A056-BF0F138122AD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F12B735A-3CC8-42BE-875F-0390D03B4BE4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0FF1541B-A426-4F44-AC0A-FD0454BDD4DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5B283B9E-4366-4154-BA6E-83604512D8F9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{44C294F5-CC62-484B-9270-E8781F70E0C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{48E349EA-AC5E-4456-A7F0-2796FC2862DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{9F22A6BA-A55C-4CD4-8B90-7E55129825C0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2015 02:43:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/29/2015 02:02:46 PM) (Source: ESENT) (EventID: 492) (User: )
Description: svchost (1864) SRUJet: The logfile sequence in "C:\WINDOWS\system32\SRU\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (10/29/2015 02:02:45 PM) (Source: ESENT) (EventID: 471) (User: )
Description: svchost (1864) SRUJet: Unable to rollback operation #409 on database C:\WINDOWS\system32\SRU\SRUDB.dat. Error: -1014. All future database updates will be rejected.

Error: (10/28/2015 11:38:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: be4

Start Time: 01d11213b60f5146

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: aef91db9-7e07-11e5-bf83-74e543eb69e5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/28/2015 11:30:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS)
Description: Activation of app GAMELOFTSA.DespicableMeMinionRush_0pp20fcewvvtj!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/28/2015 11:04:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 98c

Start Time: 01d1120eec9d6bfa

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: eaa86683-7e02-11e5-bf83-74e543eb69e5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/28/2015 10:56:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 918

Start Time: 01d1120d21a8c77f

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 5a8d4a72-7e01-11e5-bf83-74e543eb69e5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/28/2015 10:46:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/28/2015 10:46:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/28/2015 10:46:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCOTS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (10/29/2015 02:43:15 PM) (Source: DCOM) (EventID: 10010) (User: SCOTS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (10/29/2015 07:17:43 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (10/28/2015 10:40:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1058

Error: (10/28/2015 10:39:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053

Error: (10/28/2015 10:39:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

Error: (10/28/2015 10:38:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The File History Service service hung on starting.

Error: (10/28/2015 10:36:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.

Error: (10/28/2015 10:33:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Application Information service hung on starting.

Error: (10/28/2015 10:32:34 PM) (Source: DCOM) (EventID: 10010) (User: SCOTS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (10/28/2015 10:29:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31


CodeIntegrity:
===================================
Date: 2013-11-26 10:09:12.222
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0D797F3-F47B-4299-A084-F988533669CD}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-11-26 10:09:11.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B91FF7-05D4-4DCC-A68D-F0E377F3DEED}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-06-01 08:39:51.550
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-01 08:39:50.504
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-01 08:39:18.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-01 08:39:17.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-01 08:39:03.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-01 08:39:02.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-01 08:38:49.021
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-01 08:38:46.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 5602.26 MB
Available physical RAM: 3568.35 MB
Total Virtual: 11602.26 MB
Available Virtual: 9949.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:671.65 GB) (Free:289.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.87 GB) (Free:3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:0.15 GB) (Free:0.14 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 33044D6F)

Partition: GPT.

========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

I do not recommend usage of IOBIT products, they have bad reputation, and are prone to create problems. The company behind this product was found to be stealing the MBAM database. That is why I suggest to uninstall:
Advanced SystemCare 8
Driver Booster
Game Booster
IObit Malware Fighter
IObit Uninstaller
Smart Defrag 2
Surfing Protection
 
When you see a word "Booster", "Optimizer", "TuneUp" or similar it is often some kind of silly application. You cannot "boost" you system more than it actually is. Microsoft optimized Windows perfectly and they are constantly working on improvements, so these tools are just selling you nothing but "fog".
 
Only way to actually boost your system is to upgrade your hardware by adding SSD, more processor power or more ram memory.



51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.
Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

it's weird. nothing is happening on the computer right now, task manager is the only thing open - disk running between 4 and 100%, constantly changing. AVG is disabled as is wifi yet it is still humming and whirring and excessively slow. AVG resident shield service is using ~60% of CPU. uninstalled Avg completely. Humming quit entirely. I've opened multiple files and 2 large programs and it is nice and smooth and quick. Any ideas what to do next. free virus ware? I restarted, it took 20 minutes and it's very slow going  again, disk stable at 100%

 

thanks

 

Cynde

Link to post
Share on other sites

Let's perform one more fix:
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

done. the restart is taking forever. quick to the logon page then... 2 hours later, no icons on desktop. fortunately I was running from and saving to a USB stick so I have the log.

the restart brought up an error message

explorer.exe - Bad Image

C:\WINDOWS\System32\wlidprov.dll is either not designed to run on
Windows or it contains an error. Try installing the program again using
the original installation media or contact your system administrator or
the software vendor for support. Error status 0xc0000006

thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.