Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

8.1 System is so slow off-line & on-line,but Avast & Malwareby

Started by oldrailroadgeek , Jul 22 2015 09:53 PM

  • Please log in to reply

#1
oldrailroadgeek
Posted 22 July 2015 - 09:53 PM

oldrailroadgeek

    Member

  • Member
  • PipPip
  • 83 posts

System was built 4/20/2014 Malwarebytes Premium was loaded as soon as the new Win 8.1 disc was installed and then Avast anti-virus.

Speecy url is attached after I paste Fbar results and Fbar addition.  System has never been as fast as XP on my old machine and I've had problems with Flash Player crashing as many as 8 times a day.  I have never been comfortable with the 8.1 OS and now here comes Win 10, so I've decided it is time to beg for some help from the best source I know of.  I use Open Office for all my word processing and accounting work and it was 5 times faster on my old XP machine, when I go on-line on Firefox the spinning circle beside the site name continues to spin for nearly 5 minutes before the site logo appears; this also happens when using google cloud.  When Flash Player crashes on either of my internet browsers, it locks up the browser for as much as 10 minutes and the information box keeps coming back for me to choose retry or stop player five or six times before it resets and unblocks the browser.  I have Flash Player set for automatic updates.  As best  as I can tell all Win 8.1 updates are installed.  I hope Win 10 works better for me than 8.1, but maybe I just am not grasping the logic of 8.1.  I loved XP and I still use the old machine off-line, but most of my banking is done on-line and I have to use the newer machine for all on-line work.  I hope you can figure out where I have to go to fix this problem.  Even Windows solitare games (which I like to play to relax) take forever to open, which upgrades the frustration level.

Oldrailroadgeek

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Sidney Bailey (administrator) on SIDSPC on 22-07-2015 22:01:16
Running from C:\Users\Sidney Bailey\Desktop
Loaded Profiles: Sidney Bailey (Available Profiles: Sidney Bailey)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_6.3.9600.20278_x64__8wekyb3d8bbwe\numbers.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-24] (Raptr, Inc)
HKU\S-1-5-21-750869950-1699461353-4148492085-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
Startup: C:\Users\Sidney Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-08-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-02] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-750869950-1699461353-4148492085-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-02] (Avast Software s.r.o.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll [2014-08-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-02] (Avast Software s.r.o.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-08-24] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{FCD86C83-3A43-43B4-9C46-6D8697C124FE}: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Sidney Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\8kihqbk7.default-1414722619705
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-08-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-08-24] (Oracle Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-03]

Chrome:
=======
CHR Profile: C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-15]
CHR Extension: (Google Drive) - C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-15]
CHR Extension: (YouTube) - C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-15]
CHR Extension: (Google Search) - C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-15]
CHR Extension: (Avast SafePrice) - C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-17]
CHR Extension: (Avast Online Security) - C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-15]
CHR Extension: (Gmail) - C:\Users\Sidney Bailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-02] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-02] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
R3 cpuz138; \??\C:\Users\SIDNEY~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 22:01 - 2015-07-22 22:02 - 00014688 _____ C:\Users\Sidney Bailey\Desktop\FRST.txt
2015-07-22 22:00 - 2015-07-22 22:01 - 00000000 ____D C:\FRST
2015-07-22 21:55 - 2015-07-22 21:55 - 02135552 _____ (Farbar) C:\Users\Sidney Bailey\Desktop\FRST64.exe
2015-07-21 10:45 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:45 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 10:45 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:45 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 21:38 - 2015-07-22 20:49 - 00021373 _____ C:\Users\Sidney Bailey\Documents\SIDSPC-Speecy.speccy
2015-07-19 21:12 - 2015-07-19 21:12 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-19 21:12 - 2015-07-19 21:12 - 00000794 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-19 21:12 - 2015-07-19 21:12 - 00000768 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-07-19 21:12 - 2015-07-19 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-07-19 21:12 - 2015-07-19 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-19 21:12 - 2015-07-19 21:12 - 00000000 ____D C:\Program Files\Speccy
2015-07-19 21:12 - 2015-07-19 21:12 - 00000000 ____D C:\Program Files\CCleaner
2015-07-19 21:11 - 2015-07-19 21:11 - 05127432 _____ (Piriform Ltd) C:\Users\Sidney Bailey\Downloads\spsetup128.exe
2015-07-19 21:11 - 2015-07-19 21:11 - 05127432 _____ (Piriform Ltd) C:\Users\Sidney Bailey\Downloads\spsetup128 (2).exe
2015-07-19 21:11 - 2015-07-19 21:11 - 05127432 _____ (Piriform Ltd) C:\Users\Sidney Bailey\Downloads\spsetup128 (1).exe
2015-07-19 20:07 - 2015-07-19 20:07 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2015-07-18 10:22 - 2015-07-18 10:22 - 00001367 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2015-07-18 10:22 - 2015-07-18 10:22 - 00000000 ____D C:\Users\Public\Foxit Software
2015-07-18 10:21 - 2015-07-18 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-07-16 11:03 - 2015-07-16 11:26 - 00000000 ____D C:\Users\Sidney Bailey\Documents\2015_07_16
2015-07-15 19:20 - 2015-07-15 19:37 - 00000000 ____D C:\Users\Sidney Bailey\Documents\2015_07_15
2015-07-15 06:39 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 06:39 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 06:38 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 06:38 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 06:38 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 06:38 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 06:38 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 06:38 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 06:37 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 06:37 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 06:37 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 06:37 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 06:37 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 06:37 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 06:37 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 06:37 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 06:37 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 06:37 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 06:37 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 06:37 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 06:37 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 06:37 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 06:37 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 06:37 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 06:37 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 06:37 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 06:37 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 06:37 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 06:37 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 06:37 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 06:37 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 06:37 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 06:37 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 06:37 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 06:37 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 06:37 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 06:37 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 06:37 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 06:37 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 06:37 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 06:37 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 06:37 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 06:37 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 06:37 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 06:37 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 06:37 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 06:37 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 06:37 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 06:37 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 06:37 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 06:37 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 06:37 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 06:37 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 06:37 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 06:37 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 06:37 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 06:37 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 06:36 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 06:36 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 06:36 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 06:36 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 06:36 - 2015-06-29 11:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 06:36 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 06:36 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 06:36 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 06:36 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 06:36 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 06:36 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 06:36 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 06:36 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 06:36 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 06:36 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 06:36 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 06:36 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 06:36 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 06:36 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 06:36 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 06:36 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 06:36 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 06:36 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 06:36 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 06:36 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 06:36 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 06:36 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 06:36 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 06:36 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 06:36 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 06:36 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 06:36 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 06:36 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 06:36 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 06:36 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-15 06:36 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 06:36 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-15 06:36 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-15 06:36 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-15 06:36 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 06:36 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 06:36 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-15 06:36 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-15 06:36 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-15 06:36 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-15 06:36 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-15 06:36 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-15 06:36 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-15 06:36 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-15 06:36 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-15 06:36 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-15 06:36 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-15 06:31 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 06:31 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 06:31 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 06:31 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 06:31 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-15 06:31 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 06:31 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 06:31 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-15 06:31 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-15 06:31 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-15 06:28 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-15 06:28 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-15 06:28 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 06:28 - 2015-05-01 19:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 21:45 - 2015-07-14 22:27 - 00000000 ____D C:\Users\Sidney Bailey\Documents\2015_07_14
2015-07-08 18:24 - 2015-07-15 09:24 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-07 10:26 - 2015-07-10 09:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-26 10:20 - 2015-06-26 10:20 - 00000000 ____D C:\Users\Sidney Bailey\Documents\2015_06_26

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 22:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-22 21:45 - 2014-12-04 09:19 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 21:28 - 2014-04-10 00:42 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E29F73AF-2143-4F61-9B40-E20F976A4CE2}
2015-07-22 21:24 - 2014-07-07 09:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-22 21:06 - 2014-04-10 00:33 - 02055781 _____ C:\Windows\WindowsUpdate.log
2015-07-22 20:48 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-22 20:44 - 2014-10-26 19:23 - 00576512 ___SH C:\Users\Sidney Bailey\Downloads\Thumbs.db
2015-07-22 16:45 - 2014-12-04 09:19 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 16:36 - 2014-05-02 03:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 15:29 - 2014-04-10 00:46 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-750869950-1699461353-4148492085-1001
2015-07-22 15:25 - 2014-06-21 08:42 - 00000000 ___DO C:\Users\Sidney Bailey\OneDrive
2015-07-22 09:08 - 2013-08-22 10:46 - 00066561 _____ C:\Windows\setupact.log
2015-07-22 09:08 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 09:08 - 2013-08-22 10:44 - 00362544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 00:02 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-22 00:01 - 2015-03-11 10:37 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-07-21 21:46 - 2014-12-04 09:20 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-21 19:11 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-21 01:06 - 2014-04-10 00:40 - 00000000 ____D C:\Users\Sidney Bailey
2015-07-19 20:17 - 2014-04-10 00:36 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-19 20:13 - 2014-06-13 15:32 - 00000000 ____D C:\Users\Sidney Bailey\Documents\SSB
2015-07-19 20:10 - 2014-06-16 10:21 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-07-19 10:31 - 2014-04-09 15:31 - 00151226 _____ C:\Windows\PFRO.log
2015-07-18 11:28 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-07-18 10:19 - 2014-11-02 21:35 - 00001082 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-18 10:10 - 2015-04-13 09:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-18 10:10 - 2015-04-13 09:37 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-18 10:09 - 2014-05-03 02:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-18 09:44 - 2014-05-02 03:37 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-18 09:44 - 2014-05-02 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-18 09:44 - 2014-05-02 03:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-17 23:56 - 2014-12-10 23:20 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 23:56 - 2014-07-09 10:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-17 23:56 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-17 23:56 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-07-17 14:43 - 2014-06-13 15:56 - 00000000 ____D C:\Users\Sidney Bailey\Documents\IUMC Bulletins
2015-07-17 10:59 - 2014-05-02 19:15 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 11:31 - 2014-06-23 09:50 - 01400832 ___SH C:\Users\Sidney Bailey\Documents\Thumbs.db
2015-07-16 10:59 - 2014-08-18 14:07 - 00000000 ____D C:\Users\Sidney Bailey\Documents\Class of '61
2015-07-15 16:40 - 2014-12-04 09:19 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 16:40 - 2014-12-04 09:19 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 09:24 - 2014-07-07 09:10 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 22:30 - 2014-11-02 21:36 - 00000000 ____D C:\Users\Sidney Bailey\AppData\Roaming\vlc
2015-07-14 22:09 - 2014-06-13 15:55 - 00000000 ____D C:\Users\Sidney Bailey\Documents\Church Related
2015-07-14 10:43 - 2014-06-13 15:56 - 00000000 ____D C:\Users\Sidney Bailey\Documents\IUMC Financial
2015-07-13 17:10 - 2015-03-12 20:46 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2015-03-12 20:46 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 09:04 - 2015-05-17 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 08:43 - 2014-05-02 19:15 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-26 09:36 - 2014-05-03 02:55 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-22 09:01 - 2014-10-19 07:46 - 00000000 ____D C:\Users\Sidney Bailey\AppData\Local\Adobe

==================== Files in the root of some directories =======

2014-05-10 19:03 - 2014-05-10 19:03 - 0000017 _____ () C:\Users\Sidney Bailey\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Sidney Bailey\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Sidney Bailey\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe
C:\Users\Sidney Bailey\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Sidney Bailey\AppData\Local\Temp\devcon64.exe
C:\Users\Sidney Bailey\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_z46y.dll
C:\Users\Sidney Bailey\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Sidney Bailey\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Sidney Bailey\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Sidney Bailey\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Sidney Bailey\AppData\Local\Temp\raptrpatch.exe
C:\Users\Sidney Bailey\AppData\Local\Temp\raptr_stub.exe
C:\Users\Sidney Bailey\AppData\Local\Temp\speccycpuid.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-19 11:29

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Sidney Bailey at 2015-07-22 22:02:48
Running from C:\Users\Sidney Bailey\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-750869950-1699461353-4148492085-500 - Administrator - Disabled)
Guest (S-1-5-21-750869950-1699461353-4148492085-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-750869950-1699461353-4148492085-1003 - Limited - Enabled)
Sidney Bailey (S-1-5-21-750869950-1699461353-4148492085-1001 - Administrator - Enabled) => C:\Users\Sidney Bailey

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.4.0 - AppEx Networks)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG2200 series User Registration (HKLM-x32\...\Canon MG2200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.5.116.602 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Games Manager (HKU\S-1-5-21-750869950-1699461353-4148492085-1001\...\GamesManager) (Version: 1.2.1.5 - Iplay)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-750869950-1699461353-4148492085-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sidney Bailey\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points =========================

01-07-2015 22:41:24 Scheduled Checkpoint
10-07-2015 09:59:26 Windows Update
17-07-2015 10:52:50 Windows Update
21-07-2015 19:07:18 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {077907C4-FD37-429E-9F6F-F7825CE9C823} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {24262012-2BB1-4014-84BF-A2AFEFCDAEC8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {4A19C322-C859-4CED-9704-51EC94050DD3} - System32\Tasks\avastBCLRestartS-1-5-21-750869950-1699461353-4148492085-1001 => Firefox.exe
Task: {4CEF580B-4D9F-4231-87BF-291270B16756} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {500A6DB2-442B-47BD-A633-7A592F6FE5D2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {97540148-96D0-4ACD-AAE0-495744D15972} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {E62B1D57-C823-45CC-8931-50A8A7D16172} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-06-16 10:27 - 2011-09-06 07:02 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-05-02 22:08 - 2015-05-02 22:08 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-02 22:08 - 2015-05-02 22:08 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-21 15:51 - 2015-07-21 15:51 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072101\algo.dll
2015-07-22 15:36 - 2015-07-22 15:36 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072201\algo.dll
2015-03-22 20:05 - 2015-03-22 20:05 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-21 21:46 - 2015-07-14 01:55 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\libglesv2.dll
2015-07-21 21:46 - 2015-07-14 01:55 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\libegl.dll
2015-07-21 21:46 - 2015-07-14 01:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.89\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Sidney Bailey\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-750869950-1699461353-4148492085-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img6.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-750869950-1699461353-4148492085-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-750869950-1699461353-4148492085-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-750869950-1699461353-4148492085-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{2DC19F28-CE83-4E87-BCD1-4FF8EAB11748}C:\users\sidney bailey\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sidney bailey\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C396B753-87C0-4916-A4BB-72B6FF4E0BE4}C:\users\sidney bailey\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sidney bailey\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4716E729-F489-4200-8CD8-089DBBBEBD42}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EFFFD854-8CD8-42ED-A577-ADF05FDBF5EB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5E550778-B5CA-4906-BB18-100B9EF25D07}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{64E2E265-E208-44B7-9657-541F162DA0FC}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BDD598C4-CCBE-4DBE-9917-1F489EF822D9}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E36F87E5-EC95-4A6C-A0B2-5277FC38E235}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B09F1E6B-7EE1-4906-8C5A-3E540A933779}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D508830D-0BF5-439B-A335-65C4CA07C9C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2015 03:25:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000110000009b
Faulting process id: 0xed8
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (07/22/2015 03:24:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000008
Fault offset: 0x000000000009310a
Faulting process id: 0x6e0
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (07/21/2015 09:43:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Solitaire.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10c0

Start Time: 01d0c41e79eb0c84

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\Solitaire.exe

Report Id: 168d5fc9-3013-11e5-8318-448a5b21d169

Faulting package full name: Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/21/2015 09:43:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SIDSPC)
Description: Package Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (07/21/2015 12:21:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e54

Start Time: 01d0c35fac7167f6

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c31d113d-2f5f-11e5-8318-448a5b21d169

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/20/2015 03:54:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000008
Fault offset: 0x000000000009310a
Faulting process id: 0x708
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (07/18/2015 08:45:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000110000009b
Faulting process id: 0x624
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (07/16/2015 10:49:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000110000009b
Faulting process id: 0x5e8
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (07/16/2015 10:29:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 478

Start Time: 01d0bfd323b629f7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 175afccf-2bc7-11e5-8312-448a5b21d169

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/11/2015 09:48:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.0.0.0, time stamp: 0x4f7a7000
Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
Exception code: 0xc0000005
Fault offset: 0x000023c6
Faulting process id: 0x8b8
Faulting application start time: 0xCNQMUPDT.EXE0
Faulting application path: CNQMUPDT.EXE1
Faulting module path: CNQMUPDT.EXE2
Report Id: CNQMUPDT.EXE3
Faulting package full name: CNQMUPDT.EXE4
Faulting package-relative application ID: CNQMUPDT.EXE5


System errors:
=============
Error: (07/22/2015 03:25:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 2 time(s).

Error: (07/22/2015 03:24:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/22/2015 09:08:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (07/22/2015 12:01:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (07/20/2015 08:48:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (07/20/2015 08:48:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:21:08 PM on ‎7/‎20/‎2015 was unexpected.

Error: (07/20/2015 03:54:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/20/2015 10:22:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (07/20/2015 10:22:00 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841180320

Error: (07/20/2015 10:22:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:36:47 AM on ‎7/‎20/‎2015 was unexpected.


Microsoft Office:
=========================
Error: (07/22/2015 03:25:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.1741554504177unknown0.0.0.000000000c0000005000000110000009bed801d0c4b41f66ec3bC:\Windows\system32\svchost.exeunknown5e66ab8a-30a7-11e5-8319-448a5b21d169

Error: (07/22/2015 03:24:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c0000008000000000009310a6e001d0c47f929cd215C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll476b6da9-30a7-11e5-8319-448a5b21d169

Error: (07/21/2015 09:43:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Solitaire.exe1.0.0.010c001d0c41e79eb0c844294967295C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe\Solitaire.exe168d5fc9-3013-11e5-8318-448a5b21d169Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbweApp

Error: (07/21/2015 09:43:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SIDSPC)
Description: Microsoft.MicrosoftSolitaireCollection_2.6.1502.901_x86__8wekyb3d8bbwe+App

Error: (07/21/2015 12:21:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20911e5401d0c35fac7167f64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exec31d113d-2f5f-11e5-8318-448a5b21d169microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/20/2015 03:54:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c0000008000000000009310a70801d0c2f780b9763bC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll2cf8598c-2f19-11e5-8317-448a5b21d169

Error: (07/18/2015 08:45:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.1741554504177unknown0.0.0.000000000c0000005000000110000009b62401d0c157aed241c0C:\Windows\system32\svchost.exeunknownee6c5284-2d4a-11e5-8314-448a5b21d169

Error: (07/16/2015 10:49:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.1741554504177unknown0.0.0.000000000c0000005000000110000009b5e801d0bfd6985421ceC:\Windows\system32\svchost.exeunknownd75f280a-2bc9-11e5-8313-448a5b21d169

Error: (07/16/2015 10:29:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2091147801d0bfd323b629f74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe175afccf-2bc7-11e5-8312-448a5b21d169microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/11/2015 09:48:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CNQMUPDT.EXE2.0.0.04f7a7000CNMDWLD.DLL1.0.0.04f5eedc8c0000005000023c68b801d0bbdc8fd04903C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXEC:\Program Files (x86)\Canon\Quick Menu\CNMDWLD.DLL91c82bd6-27d3-11e5-830d-448a5b21d169


==================== Memory info ===========================

Processor: AMD A6-5400K APU with Radeon™ HD Graphics
Percentage of memory in use: 76%
Total physical RAM: 3268.95 MB
Available physical RAM: 778.49 MB
Total Virtual: 5085.61 MB
Available Virtual: 1060.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:894.41 GB) NTFS
Drive e: () (Fixed) (Total:7.45 GB) (Free:5.62 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 41C64FC3)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==================== End of log ============================


  • 0

Advertisements

#2
RKinner
Posted 23 July 2015 - 09:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I'm not the best one to reply to this since I do not usually work on Win 8 but no one else seems to want it probably because there is no sign of malware in your logs.  I do see AODDriver errors.  Apparently ATI was taken over by AMD and they moved the driver files to a different folder but did not tell the installer to remove the old drivers from the old folder so the update doesn't work correctly and this causes a lot of problems.  See the discussion on http://www.tomshardware.com/forum/342005-33-event-7000-aoddriver4-error Apparently you have to manually completely remove any old drivers or references to old drivers before installing the latest driver.  I would do this in Safe Mode assuming you can get Win 8 to go into Safe Mode.  Then reboot and install the latest version of AMD Catalyst Install Manager

 

From the FRST log we see:

 

S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

 

Which agrees with the problem description:

 

The AODDriver2.sys is installed in:
c:\Program Files\AMD\ATI.ACE\Fuel\amd64\aoddriver2.sys

While the registry points to:
c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\

located at: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AODDriver4.x.x]

 

 

 

Perhaps you can just edit the registry to give it the correct file?  (Assuming the file is really where they say it is.)

 

You have another error with Windows Image Acquisition (WIA) service.  I suspect this is related to the svchost.exe_stisvc error.  This is usually something to do with transferring files from a camera. 

 

I have had some luck speeding up Win 8 systems using the DISM command

Open an Elevated Command Prompt (see:  http://www.eightforu...indows-8-a.html) then type:
 

Dism  /Online  /Cleanup-Image  /RestoreHealth

Understand this takes a while to finish so be patient.

 

That may fix the WMI errors.

 

You can also try Process Explorer.  I assume it works on Win 8.

 

 

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 

 

It may show us if there is something using too much CPU time.

 

If it is slow booting then have it make a boot log per step 2  on http://pcsupport.abo...up-settings.htm

 

 

I don't see the speccy file.  Can you attach it using the More Reply Options then Browse for the file and open it then Attach this File.  Don't know why they make it so hard.

 

Ron


  • 0

#3
oldrailroadgeek
Posted 23 July 2015 - 09:45 PM

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

RKinner,

     Just got you reply (11:43pm), will go through all you suggestions in the morning and send results tomorrow evening, will again try to send speecy report.  I attempted to attach it last night, I just did something wrong, I'm good at thinking something was sent when I missed a step and nothing went.

old railroad geek


  • 0

#4
oldrailroadgeek
Posted 30 July 2015 - 10:52 PM

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

RKinner,

     I finally got everything run.  I removed the old driver using FRST Fix.  I am attaching the System Idle Process log but when I try to attach the Speccy Log, I receive a message I do not have permission to post that type log.  How do I post the Speccy Snapshot?

Sid

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP