[geeksugarbaby]

The first notice referenced XcodeGhost so I got with Apple and confirmed all my apps were clean

 

AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“xcodeghost”) was observed on May 27, 2016 at 8:19 AM EDT from the IP address 104.53.170.183. Our records indicate that this IP address was assigned to you at this time.

XcodeGhost refers to certain iPhone or iPad apps that were created with a tampered version of Apple's development tools and then uploaded to the iOS App Store. Apple recommends upgrading any affected apps to correct the issue. Detailed information, including a list of suspect apps, is available at https://blog.lookout...codeghost-apps/.        

=======================================================================

 

This morning I received this notice:

 

AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“unknown”) was observed on Jun 2, 2016 at 8:57 PM EDT from the IP address 104.53.170.183. Our records indicate that this IP address was assigned to you at this time.

Infected computers are often used as part of a zombie computer network (“botnet”). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of additional malware.

Because malware is designed to run in secret, an infected computer may display no obvious symptoms.

To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.

1. If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices.
2. Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware.

Additional tools and information:

• Tools for removing rootkits, bots, and other crimeware:
  • Norton Power Eraser: https://security.sym...m/nbrt/npe.aspx (Windows)
  • McAfee Rootkit Remover: http://www.mcafee.co...kitremover.aspx (Windows)
• Tools for general virus and malware removal:
  • Microsoft Safety & Security Center: http://www.microsoft.com/security/ (Windows)
  • Malwarebytes Anti-Malware: http://malwarebytes.org/ (Windows, Android)
  • Spybot +AV: http://www.safer-networking.org/ (Windows)
  • OS X Gatekeeper: http://support.apple.com/kb/HT5290 (OS X)

=======================================================================================================

 

--- My Windows updates are up to date

--  My WINDOWS DEFENDER is up to date and running

-- My FIREWALL shows that it's up and protecting

 

My computer shows no weirdness except I have recenty found it has required a password after waking from sleep.  I just went in to control panel to fix that... so not sure if that was a sign of malware???????

 

I have gotten good help from the dedicated geeks here in the past and so my first thought was to go here to troubleshoot this issue.

 

I have pasted below the resuts of the FRST64

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by WriterOne (administrator) on CRCS_LAPTOP (04-06-2016 09:57:12)
Running from C:\Users\WriterOne\Desktop
Loaded Profiles: WriterOne (Available Profiles: WriterOne)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\SET9C84.tmp
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\WINDOWS\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\WINDOWS\System32\SET9883.tmp
(Intel Corporation) C:\WINDOWS\System32\SET9E5F.tmp
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\wimserv.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Intel Corporation) C:\WINDOWS\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [677104 2013-03-25] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-10-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-10-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049712 2013-03-25] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1317184 2014-07-16] (FileOpen Systems Inc.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-08-02] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-53765274-808597211-3309349429-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160328 2014-01-11] (Siber Systems)
HKU\S-1-5-21-53765274-808597211-3309349429-1001\...\MountPoints2: {04de4e5a-7f92-11e3-be87-201a062e6f35} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\AutoList.wpl
HKU\S-1-5-21-53765274-808597211-3309349429-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{2050E461-BCC5-4030-AB0B-AC3BEE49E414}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{F38B1414-896B-4E1A-A542-9AE2CA6009D7}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-53765274-808597211-3309349429-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.aol.com/38767-111/aol-6/en-us/Suite.aspx
HKU\S-1-5-21-53765274-808597211-3309349429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-53765274-808597211-3309349429-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-53765274-808597211-3309349429-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aol.com/
SearchScopes: HKLM -> DefaultScope {4D2B801A-29FF-47E9-9B2C-654FCEBA8205} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-53765274-808597211-3309349429-1001 -> {4D2B801A-29FF-47E9-9B2C-654FCEBA8205} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-11-26] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-26] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-11-26] (Siber Systems Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-01-11] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKU\S-1-5-21-53765274-808597211-3309349429-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-11-26] (Siber Systems Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpIdfPlugin.cab

FireFox:
========
FF ProfilePath: C:\Users\WriterOne\AppData\Roaming\Mozilla\Firefox\Profiles\y2qknv13.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.aol.com/
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-53765274-808597211-3309349429-1001: @citrixonline.com/appdetectorplugin -> C:\Users\WriterOne\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-29] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: AI Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-01-11] [not signed]

Chrome:
=======
CHR Profile: C:\Users\WriterOne\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [341312 2014-07-16] (FileOpen Systems Inc.)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-25] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 09:57 - 2016-06-04 09:59 - 00016815 _____ C:\Users\WriterOne\Desktop\FRST.txt
2016-06-04 09:55 - 2016-06-04 09:55 - 02384384 _____ (Farbar) C:\Users\WriterOne\Desktop\FRST64.exe
2016-06-04 09:49 - 2016-06-04 09:51 - 00000000 ____D C:\WINDOWS\LastGood
2016-06-03 14:09 - 2016-06-03 14:09 - 04176179 _____ C:\Users\WriterOne\Desktop\Structuring Your Novel Workbook - Matt Stone Digital Freedom.pdf
2016-06-03 14:07 - 2016-06-03 14:07 - 01631004 _____ C:\Users\WriterOne\Desktop\Structuring Your Novel Matt Stone Digital Freedom.pdf
2016-06-03 13:33 - 2016-06-03 13:33 - 00072336 _____ C:\Users\WriterOne\Desktop\J. Blanchard - Authors Message Worksheet.pdf
2016-06-03 13:30 - 2016-06-03 13:30 - 00107981 _____ C:\Users\WriterOne\Desktop\J. Blanchard Story Deconstruct CruelIntentions.pdf
2016-06-03 13:26 - 2016-06-03 13:26 - 00000370 _____ C:\Users\WriterOne\Desktop\BLANCHARD WORKSHOP monday JUNE 6th.website
2016-06-02 15:42 - 2016-06-02 15:42 - 00000000 ____D C:\Users\WriterOne\Documents\20 SONY Mp3 Players
2016-05-29 18:09 - 2016-05-29 18:15 - 236177968 _____ C:\Users\WriterOne\Desktop\4 BenMas Del Mar, CA 5_29_16.wav
2016-05-29 15:33 - 2016-05-29 15:33 - 00397372 _____ C:\Users\WriterOne\Desktop\DIVINATION - CClark Evolving.pdf
2016-05-29 15:33 - 2016-05-29 15:32 - 00424379 _____ C:\Users\WriterOne\Desktop\DIVINATION - CClark Merlin.pdf
2016-05-15 13:35 - 2016-05-26 21:36 - 00000000 ____D C:\Users\WriterOne\Desktop\Sort and Add to DOCUMENTS or DELETE
2016-05-11 08:18 - 2016-04-22 16:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 08:18 - 2016-04-22 16:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 08:18 - 2016-04-22 16:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 08:18 - 2016-04-22 16:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 08:18 - 2016-04-22 16:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 08:18 - 2016-04-22 16:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 08:18 - 2016-04-22 15:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 08:18 - 2016-04-22 15:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 08:18 - 2016-04-22 15:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-11 08:18 - 2016-04-22 15:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 08:18 - 2016-04-22 15:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 08:18 - 2016-04-22 15:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-11 08:18 - 2016-04-22 15:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-11 08:18 - 2016-04-22 15:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-11 08:18 - 2016-04-22 15:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-11 08:18 - 2016-04-22 15:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-11 08:18 - 2016-04-22 14:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 08:18 - 2016-04-22 14:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-11 08:18 - 2016-04-22 14:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 08:18 - 2016-04-22 14:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-11 08:18 - 2016-04-22 14:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-11 08:18 - 2016-04-22 14:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-11 08:18 - 2016-04-22 14:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-11 08:18 - 2016-04-22 14:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-11 08:18 - 2016-04-22 14:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 08:18 - 2016-04-22 14:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-11 08:18 - 2016-04-22 14:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-11 08:18 - 2016-04-22 14:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 08:18 - 2016-04-22 14:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-11 08:18 - 2016-03-31 02:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 08:18 - 2016-03-30 23:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 08:16 - 2016-04-06 17:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-11 08:16 - 2016-04-06 17:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-11 08:16 - 2016-04-06 14:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-11 08:16 - 2016-04-06 14:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-11 08:16 - 2016-04-06 14:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-11 08:16 - 2016-04-06 13:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-11 08:16 - 2016-04-06 13:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-11 08:16 - 2016-04-06 12:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-11 08:16 - 2016-04-06 12:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 08:16 - 2016-04-06 12:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-11 08:16 - 2016-04-06 11:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 08:15 - 2016-04-10 00:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 08:15 - 2016-04-10 00:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 08:15 - 2016-04-09 17:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 08:15 - 2016-04-09 17:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 08:15 - 2016-03-28 21:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 08:13 - 2016-04-10 03:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 08:13 - 2016-04-10 03:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 08:13 - 2016-03-10 13:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-11 08:13 - 2016-03-10 12:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-11 08:13 - 2016-03-05 13:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 08:13 - 2016-03-05 13:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 08:13 - 2016-02-27 14:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-11 08:13 - 2016-02-27 13:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-11 08:13 - 2016-02-27 13:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-11 08:13 - 2016-02-27 12:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-11 08:12 - 2016-04-11 02:21 - 00074584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-11 08:12 - 2016-04-10 01:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 08:12 - 2016-04-10 00:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 08:12 - 2016-04-09 18:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 08:12 - 2016-03-15 21:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-11 08:12 - 2016-03-15 21:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-11 08:12 - 2016-03-14 12:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-11 08:12 - 2016-03-11 20:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-11 08:12 - 2016-03-11 20:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-11 08:12 - 2016-03-11 20:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-11 08:12 - 2016-03-10 12:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-11 08:12 - 2016-03-10 12:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-11 08:12 - 2016-03-10 12:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-11 08:11 - 2016-04-09 19:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 09:57 - 2014-02-14 17:44 - 00000000 ____D C:\FRST
2016-06-04 09:55 - 2013-11-24 15:13 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-53765274-808597211-3309349429-1001
2016-06-04 09:51 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-06-04 09:32 - 2013-11-30 03:01 - 00000000 ____D C:\Users\WriterOne\AppData\Roaming\ClassicShell
2016-06-04 09:26 - 2014-04-15 18:33 - 00000000 ___DC C:\WINDOWS\Panther
2016-06-04 09:20 - 2014-06-29 11:59 - 00000610 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-53765274-808597211-3309349429-1001.job
2016-06-04 09:16 - 2015-06-11 22:24 - 00000706 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-53765274-808597211-3309349429-1001.job
2016-06-04 09:13 - 2014-03-18 06:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-03 13:26 - 2016-04-18 20:22 - 00000000 ____D C:\Users\WriterOne\Desktop\StoryFix Blogs Best
2016-06-03 13:24 - 2016-01-11 23:44 - 00000000 ____D C:\Users\WriterOne\Desktop\Nailing Scene Structre 2016
2016-06-03 12:43 - 2014-04-15 16:51 - 00000000 __RDO C:\Users\WriterOne\OneDrive
2016-06-02 15:33 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-02 15:32 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-02 09:18 - 2016-03-18 21:21 - 00000000 ____D C:\Users\WriterOne\Desktop\Trinfinity Academy
2016-06-01 22:04 - 2016-01-11 23:48 - 00000000 ____D C:\Users\WriterOne\Desktop\First Pages
2016-05-30 02:17 - 2014-04-15 14:42 - 00000000 ____D C:\Users\WriterOne
2016-05-21 11:56 - 2015-12-03 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-16 13:08 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 11:57 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 11:02 - 2013-08-22 10:44 - 00474904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-13 09:24 - 2015-04-16 01:00 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 09:24 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 07:16 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-12 08:32 - 2013-11-25 02:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-12 08:22 - 2013-11-25 02:36 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 16:08 - 2014-09-20 01:15 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 16:08 - 2014-09-20 01:15 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 08:05 - 2016-04-16 14:23 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 08:05 - 2016-04-16 14:23 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-11 08:05 - 2016-04-16 14:23 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-11 08:05 - 2016-04-16 14:23 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 08:05 - 2016-04-16 14:23 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-11 08:05 - 2016-04-16 14:23 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-11 08:05 - 2016-04-16 14:23 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-05-09 22:18 - 2016-04-16 15:12 - 00000000 ____D C:\Users\WriterOne\Desktop\JB Blogs
2016-05-09 22:09 - 2014-03-25 15:40 - 00000000 ____D C:\Users\WriterOne\Documents\My Nina Files
2016-05-08 08:32 - 2015-04-07 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-08 08:32 - 2015-04-07 13:04 - 00000000 ___SD C:\WINDOWS\system32\GWX

==================== Files in the root of some directories =======

2013-11-30 00:23 - 2014-02-17 16:10 - 0000369 _____ () C:\Users\WriterOne\AppData\Local\RegisteredPackageInformation.xml
2013-11-26 21:21 - 2013-11-26 21:21 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-09 21:52 - 2014-02-09 21:53 - 0002763 _____ () C:\ProgramData\connector.swf
2013-11-24 15:17 - 2013-11-24 15:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-02 16:08

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by WriterOne (2016-06-04 09:59:40)
Running from C:\Users\WriterOne\Desktop
Windows 8.1 (Update) (X64) (2014-04-15 20:47:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-53765274-808597211-3309349429-500 - Administrator - Disabled)
Guest (S-1-5-21-53765274-808597211-3309349429-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-53765274-808597211-3309349429-1003 - Limited - Enabled)
WriterOne (S-1-5-21-53765274-808597211-3309349429-1001 - Administrator - Enabled) => C:\Users\WriterOne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version:  - )
Amazon Kindle (HKU\S-1-5-21-53765274-808597211-3309349429-1001\...\Amazon Kindle) (Version: 1.13.1.42052 - Amazon)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{8B529F99-385C-4C5F-9464-CE9250812847}) (Version:  - )
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 6161072.1637756.4759644.48 - Audible, Inc.)
AVS Audio Converter version 6.2 (HKLM-x32\...\AVS Audio Converter 6.2_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Editor version 6.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Recorder version 3.9 (HKLM-x32\...\AVS Audio Recorder 3.9_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Computer Requirements 1.0 (HKLM-x32\...\{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1) (Version:  - Furst Person)
CyberLink Media Suite 8 (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)
CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)
CyberLink PowerBackup 2.5 (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9102 - CyberLink Corp.)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
FileOpen Client (x64) B945 (HKLM\...\{739832CC-EAFB-4E1D-A306-CE21B836AC6F}) (Version: 3.0.105.945 - FileOpen Systems, Inc.)
Fotor 1.3.0 (HKLM-x32\...\Fotor) (Version: 1.3.0 - Everimaging Co., Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-53765274-808597211-3309349429-1001\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.6.77 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5987 - Lenovo)
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
RoughDraft 3.0 (HKLM-x32\...\RoughDraft) (Version:  - )
Scapple (HKLM-x32\...\Scapple 1000) (Version: 1000 - Literature and Latte)
Scrivener (HKLM-x32\...\Scrivener 1860) (Version: 1860 - Literature and Latte)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snowflake Pro 1.1.1 (HKLM\...\SnowflakePro 1.1.1) (Version: 1.1.1 - Ingermanson Communications, Inc.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.2.5 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Driver Package - Lenovo Corporation (LAD) System  (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation)
Writer's Blocks (HKLM-x32\...\Writer's Blocks) (Version:  - )
yWriter4 (HKLM-x32\...\yWriter4_is1) (Version:  - Spacejock Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-53765274-808597211-3309349429-1001_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
CustomCLSID: HKU\S-1-5-21-53765274-808597211-3309349429-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-53765274-808597211-3309349429-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\WriterOne\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-53765274-808597211-3309349429-1001_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
CustomCLSID: HKU\S-1-5-21-53765274-808597211-3309349429-1001_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {296C5134-2533-4CC0-8B00-4331E339EDF3} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {3AAFD7BC-3625-488D-803C-2BE80B8E1EB9} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-01-14] (Realtek Semiconductor)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {50040A48-1A75-45AA-BB1A-0737C65EF540} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-25] (Synaptics Incorporated)
Task: {54C54541-120F-48C7-927A-68A2249B4E7C} - System32\Tasks\G2MUpdateTask-S-1-5-21-53765274-808597211-3309349429-1001 => C:\Users\WriterOne\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe [2016-04-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {82BA370A-9A0A-49E1-9B53-633E0FF8FC47} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-01-11] (Siber Systems)
Task: {8BDF53C8-07CF-49C2-A3A5-ED06518263D0} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMHMNMLMNMGMKMNMLJCNOJKJPMKJCNLMMJNMHMCNHMKMGMNJCNOJGMGMMMJMKMMJLMLMKJMMGMJNJICMIMCNGMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMIKNIGJLIKJNIALBJKJJNKJCMJNNICMJNDJCMKJBJ"
Task: {927F8CFD-9324-419F-868A-3668733E4BAC} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMHMNMLMNMGMKMNMLJCNOJKJPMKJCNLMMJNMHMCNHMKMGMNJCNOJGMGMMMJMKMMJLMLMKJMMGMJNJICMJMCNOMPMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMPMFMEKMICNJJCKFMLMKMJNHICMEKMICNJJCKJNBJCMIKNIGJLIKJNIALBJKJJNKJCMJNNICMJNDJCMKJBJ"
Task: {B630B8AC-3ECC-4991-B02E-BD4AA9B94B16} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-01-09] (Realtek Semiconductor)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C0C4AAF4-E22D-451F-8994-549DBDA2C905} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-12] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {F9182AB0-86C9-4A96-88AC-851954191CEF} - System32\Tasks\G2MUploadTask-S-1-5-21-53765274-808597211-3309349429-1001 => C:\Users\WriterOne\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe [2016-04-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FB9A51A6-F1AE-40D8-8714-B41094D18481} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-53765274-808597211-3309349429-1001.job => C:\Users\WriterOne\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-53765274-808597211-3309349429-1001.job => C:\Users\WriterOne\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-25 02:34 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2015-03-28 18:37 - 2012-04-26 15:51 - 00040448 _____ () C:\WINDOWS\System32\pdf995mon64.dll
2015-08-25 02:34 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-08-25 02:34 - 2012-08-31 15:03 - 03034112 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hp1100su.dll
2015-08-25 02:34 - 2012-08-31 15:02 - 01038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-08-25 02:34 - 2012-08-31 15:03 - 00373760 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hp1100sd.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-26 10:17 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-10-26 10:49 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-53765274-808597211-3309349429-1001\...\eset.com -> hxxps://www.eset.com
IE trusted site: HKU\S-1-5-21-53765274-808597211-3309349429-1001\...\eset.eu -> hxxps://www.eset.eu

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-53765274-808597211-3309349429-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\WriterOne\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "EnergyUtility"
HKLM\...\StartupApproved\Run: => "Energy Management"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Smart Update"
HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKU\S-1-5-21-53765274-808597211-3309349429-1001\...\StartupApproved\Run: => "HP Deskjet 3510 series (NET)"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2EE448C9-CB8A-4681-9B04-AF242F07DE24}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS11B3\HPDiagnosticCoreUI.exe
FirewallRules: [{920E0416-92CC-4602-971D-21363B2220CA}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS11B3\HPDiagnosticCoreUI.exe
FirewallRules: [{A3C435AB-B26E-4708-8A74-1D59EAB38274}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
FirewallRules: [{34ABD3BB-E595-49D4-955B-580E04A4F0AE}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS0FF7\HPDiagnosticCoreUI.exe
FirewallRules: [{EECFC779-6C9B-4A5E-9550-5A81195683AC}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS786E\HPDiagnosticCoreUI.exe
FirewallRules: [{B16BB6E3-B4DA-4E3E-A866-15CEF08BC0A4}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS786E\HPDiagnosticCoreUI.exe
FirewallRules: [{1D868CDB-6A7A-4C2B-88D2-51FF88FA4170}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS4020\hppiw.exe
FirewallRules: [{74C90B44-426D-44BB-A463-FAB09FA40A2C}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS4020\hppiw.exe
FirewallRules: [{8A875867-EAC2-457C-A278-E1032400BC4D}] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{A634580E-1E46-4FFD-8E14-ABD04737DEBA}] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{21EACD3E-F175-44E6-A980-8E33AC8D06E9}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{A1C5B60B-6017-412E-828F-16E6ED558F7F}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{1A4B78BE-C9C1-428A-8DB8-7FE7753E3C99}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS7A4C\hppiw.exe
FirewallRules: [{48DD33DA-B342-44DF-A0CE-0E292FEFB89F}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS7A4C\hppiw.exe
FirewallRules: [{2FD9BF8B-4B07-4CEA-A556-9A47C77B7319}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{FBF8C429-25F8-4815-B5FA-02BDC7F848A6}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{274494DE-D632-4680-BFD6-FD3714F7AACE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B143E6F-E090-43F1-969D-F46B8BAE1153}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A708785B-92AD-4C5C-8E4E-C72186D3CD59}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69A79693-289B-4418-B713-088A0AAEC329}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{444B770F-0E07-4F2D-B3D2-6701E5129B49}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{21A0ECD4-AFD7-476C-BD5C-4F59330ED28E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B44560EA-AC77-4E59-81EB-176C79BC870D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8CA5D5F4-032F-41F6-949B-202316F46BB2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{024FFD07-CF77-44B0-8CAB-DB9B66CF847F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4BB91B53-38B2-4FAE-B1E5-B57ACC8144C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{652B2086-577E-4F64-AFAD-BC7339D3EAAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E0396BE-8601-4498-A4C1-EDABC18844A7}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{E23DDD79-86B1-47F1-84BD-05FFA0DEE14D}] => (Allow) E:\ProductInst64.exe
FirewallRules: [{F3CC8836-057D-4D3B-AF2E-B216ABE0639F}] => (Allow) LPort=9100
FirewallRules: [{EF42AB43-ABBE-4925-980C-297E77846C01}] => (Allow) LPort=427
FirewallRules: [{4378AC01-B477-487E-B2B8-FE2A9033FAF9}] => (Allow) LPort=161
FirewallRules: [{4933A8AE-7555-40CF-B986-3C1D44DA2686}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS73F4\HPDiagnosticCoreUI.exe
FirewallRules: [{F62324C8-5951-421F-B233-3F1283CC6DE6}] => (Allow) C:\Users\WriterOne\AppData\Local\Temp\7zS73F4\HPDiagnosticCoreUI.exe
FirewallRules: [{9F6B1519-427E-4F7B-A11E-0B37A249A61C}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{8B10FC7E-D131-4F35-A6D7-ED01EE935F67}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{440FF017-DB97-4070-A4E7-065D8BCDCAB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2925762F-D9FB-453B-821C-5137E758D8F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

16-05-2016 13:06:36 Windows Update
24-05-2016 09:12:07 Scheduled Checkpoint
31-05-2016 11:50:08 Scheduled Checkpoint
04-06-2016 09:47:08 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2016 09:50:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.18231, time stamp: 0x56b8c9f1
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17904, time stamp: 0x557b0ffa
Exception code: 0xc000027b
Fault offset: 0x000000000082cfbe
Faulting process id: 0xc78
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (06/04/2016 09:21:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1950

Start Time: 01d1be62fe5c372c

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 4b508d85-2a57-11e6-8073-201a062e6f35

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

Error: (06/03/2016 04:44:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a74

Start Time: 01d1bdd7ef45027b

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: e428cf32-29cb-11e6-8073-201a062e6f35

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

Error: (06/02/2016 03:42:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f00

Start Time: 01d1bd05cf8cfb27

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 1ce43c6e-28fa-11e6-8073-201a062e6f35

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

Error: (06/01/2016 09:30:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e40

Start Time: 01d1bc6d3c9e87f0

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 88fc1148-2861-11e6-8072-201a062e6f35

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

Error: (05/31/2016 02:09:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: igd10iumd32.dll, version: 10.18.10.3958, time stamp: 0x54256dd3
Exception code: 0xc0000005
Fault offset: 0x00042c6c
Faulting process id: 0x13a8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (05/31/2016 12:33:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: MSHTML.dll, version: 11.0.9600.18321, time stamp: 0x571a83f8
Exception code: 0xc0000005
Fault offset: 0x005d9915
Faulting process id: 0x1418
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (05/31/2016 11:09:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 158

Start Time: 01d1bb4d61bc878e

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: ae003273-2741-11e6-8071-201a062e6f35

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

Error: (05/30/2016 12:04:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: MSHTML.dll, version: 11.0.9600.18321, time stamp: 0x571a83f8
Exception code: 0xc0000005
Fault offset: 0x005d9915
Faulting process id: 0xcd4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (05/29/2016 01:14:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1014

Start Time: 01d1b9ccd0d34d63

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: c36ee6fb-25c0-11e6-8070-201a062e6f35

Faulting package full name: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Faulting package-relative application ID: App

System errors:
=============
Error: (06/04/2016 09:26:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240054: Upgrade to Windows 10 Home, version 1511, 10586.

Error: (06/02/2016 05:15:37 PM) (Source: DCOM) (EventID: 10010) (User: CRCS_LAPTOP)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (06/02/2016 03:34:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The TeamViewer 9 service hung on starting.

Error: (06/02/2016 03:33:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (06/02/2016 03:32:27 PM) (Source: DCOM) (EventID: 10010) (User: CRCS_LAPTOP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/01/2016 09:22:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The TeamViewer 9 service hung on starting.

Error: (06/01/2016 09:21:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (05/31/2016 01:36:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (05/31/2016 11:01:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The TeamViewer 9 service hung on starting.

Error: (05/31/2016 11:00:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

CodeIntegrity:
===================================
  Date: 2016-06-04 09:59:24.565
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-04 09:59:23.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 16:10:48.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 09:13:24.563
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 09:13:24.204
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 09:11:16.999
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-02 09:11:16.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-01 22:30:37.023
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-01 22:30:36.664
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-01 22:30:35.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 55%
Total physical RAM: 3960.25 MB
Available physical RAM: 1764.43 MB
Total Virtual: 4664.25 MB
Available Virtual: 2062.56 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.36 GB) (Free:352.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.07 GB) NTFS
Drive f: (ATTACHE) (Removable) (Total:3.84 GB) (Free:2.8 GB) FAT32
Drive g: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1567.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 44661907)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Many thanks!!

[Advertisements]

Uninstall Bonjour.  

Uninstall Java 7 Update 45  (very out of date and dangerous)

 

Separate Replies for each log as you get them are best.

 

Download aswMBR.exe  to your desktop.

Right click on aswMBR.exe and Run As ADmin

uncheck trace disk IO calls

Change the Quickscan to C:\

 (Allow the Avast engine download if asked) Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7+ => right click and Run As Administrator).

 

 

 

Click on Scan  and follow the prompts.  Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

Copy the next line:

 

DISM /Online /Cleanup-Image /RestoreHealth

 

Open an Elevated Command Prompt  (http://www.eightforu...indows-8-a.html )  

 

Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.  Wait for the prompt to return then type:

 

sfc  /scannow

and hit Enter.  Does this say:  “Windows Resource Protection did not find any integrity violations.” when it finishes?

 

If not then:

 

Copy the next two lines:

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 

Paste them into an Elevated Command Prompt and hit Enter.  Notepad should open.  Copy and Paste the text from notepad.

 

Have you run a free ESET scan yet?  (May take a few hours)

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  

 

# Check Scan Archives

# Push the Start button.

# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

# When the scan completes, push LIST OF THREATS FOUND

# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

# Push the BACK button.

# Push Finish

# Once the scan is completed, you may close the window.

# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

# Copy and paste that log as a reply.

 

 

Let's also try the bitdefender quickscan.

 

http://quickscan.bitdefender.com/

 

When it finishes there is a View Report option at the bottom.  Click on it and copy and paste the report (even if it says nothing found).

 

Copy the next line:

for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

Paste  into an Elevated Command Prompt and hit Enter. 

 

Now restart

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

[RKinner]

Uninstall Bonjour.  

Uninstall Java 7 Update 45  (very out of date and dangerous)

 

Separate Replies for each log as you get them are best.

 

Download aswMBR.exe  to your desktop.

Right click on aswMBR.exe and Run As ADmin

uncheck trace disk IO calls

Change the Quickscan to C:\

 (Allow the Avast engine download if asked) Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7+ => right click and Run As Administrator).

 

 

 

Click on Scan  and follow the prompts.  Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

Copy the next line:

 

DISM /Online /Cleanup-Image /RestoreHealth

 

Open an Elevated Command Prompt  (http://www.eightforu...indows-8-a.html )  

 

Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.  Wait for the prompt to return then type:

 

sfc  /scannow

and hit Enter.  Does this say:  “Windows Resource Protection did not find any integrity violations.” when it finishes?

 

If not then:

 

Copy the next two lines:

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 

Paste them into an Elevated Command Prompt and hit Enter.  Notepad should open.  Copy and Paste the text from notepad.

 

Have you run a free ESET scan yet?  (May take a few hours)

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  

 

# Check Scan Archives

# Push the Start button.

# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

# When the scan completes, push LIST OF THREATS FOUND

# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

# Push the BACK button.

# Push Finish

# Once the scan is completed, you may close the window.

# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

# Copy and paste that log as a reply.

 

 

Let's also try the bitdefender quickscan.

 

http://quickscan.bitdefender.com/

 

When it finishes there is a View Report option at the bottom.  Click on it and copy and paste the report (even if it says nothing found).

 

Copy the next line:

for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

Paste  into an Elevated Command Prompt and hit Enter. 

 

Now restart

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

[geeksugarbaby]

Thank you!! I will effect those 2 uninstalls.

So should I stay away from ever installing Java again, or was it just the old version that was suspect?


Good News...
while awaiting a response I contacted ATT who confirmed that though the email listed my correct account digits it was a fake and not sent by them.
I'm not sure of its purpose except to disrupt lives or maybe boost business for NORTON & McAfee
None of the links in the email were hot links.

Is there somrpkace online where I can post these emails as a warning to others??

Thanks!!

[RKinner]

Sorry for the delay.  For some reason your reply notification email wound up in my Spam folder. 

 

Stay away from Java unless you know you need it.  Most websites have stopped using it because it was so prone to vulnerabilities so it's doubtfull you will need it.

 

There are so many spam emails going around I just delete them.