Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

General slowness freezing and start button dont work


  • This topic is locked This topic is locked
28 replies to this topic

#1 Samantha84

Samantha84

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:09:29 AM

Posted 24 August 2016 - 11:18 PM

Hello, out of the blue my pc started freezing and stalling, boot time is forever and a day and now the start button no workie. I have to jump thru hoops to even restart the machine and during shut down it hangs there. Turning the machine on start up is so slow to, im talking half hour at times. I hit control alt delete and task manager stops responding. When start up does happen the screen is just a solid brown, no icons nothing but the mouse arrow. I think its time i ask for some help please.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2016 01
Ran by User (administrator) on SWEET_ASS (24-08-2016 23:55:46)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Pro Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\smBootTime.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\Suo12_StartupManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\tasklist.exe
(Microsoft Corporation) C:\Windows\System32\find.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\UninstallManager.exe
(Piriform Ltd) C:\Users\User\AppData\Local\Temp\~nsuA.tmp\Au_.exe
() C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\ns9FF6.tmp
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-08-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3369071691-433938087-3250132551-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2022688 2016-04-26] (IObit)
HKU\S-1-5-21-3369071691-433938087-3250132551-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3369071691-433938087-3250132551-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [134144 2015-10-30] (Microsoft Corporation)
IFEO\ccleaner.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\classicstart.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\driverbooster.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\uninstaler_skipuac.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{b9537a06-4661-4bb9-85cf-e75be5dd5b16}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ec581da1-9850-4e26-b907-dcc1a9b7dc3f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{ec581da1-9850-4e26-b907-dcc1a9b7dc3f}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3369071691-433938087-3250132551-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2016-07-07] (McAfee, Inc.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3369071691-433938087-3250132551-1000 -> hxxp://www.google.com/

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl.dll [2016-07-07] ()
FF Plugin HKU\S-1-5-21-3369071691-433938087-3250132551-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\User\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-07-04] (Zoom Video Communications, Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\user.js [2016-08-24]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-07-25]
FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-08-14]
FF Extension: AdBlocker Ultimate - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-05-01]
FF Extension: AdBlock for YouTube™ - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2016-07-25]
FF Extension: Pin It button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-06-02]
FF Extension: Video DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-02]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-25]
FF Extension: Pink Fox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\Extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66} [2016-05-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-07-25] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [oaocmnfllndpbbmjmniielgaanaifehp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [911120 2016-08-18] (AVG Technologies CZ, s.r.o.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
S3 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc.exe [2377368 2016-05-06] (Intel® Corporation)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R3 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [136280 2016-07-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [870688 2016-07-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [630704 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196848 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [343304 2016-06-23] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [265968 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1130272 2016-06-17] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [489088 2016-07-07] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [858864 2016-05-25] (Intel Security, Inc.)
S4 SMService; C:\Program Files\IObit\Classic Start\SMService.exe [1063200 2015-12-29] (IObit)
R3 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908792 2016-07-14] (McAfee, Inc.)
S3 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16792 2016-07-14] (McAfee, Inc.)
R3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [73968 2016-07-14] (McAfee, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [3941648 2016-08-19] (AVG Technologies CZ, s.r.o.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-07-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCMTPM; C:\Windows\system32\DRIVERS\btpmw32.sys [22736 2016-07-28] (Broadcom Corp.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [71968 2016-04-27] (McAfee, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [28248 2016-07-28] (ELAN Microelectronic Corp.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [160064 2016-02-24] (McAfee, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-07-28] (REALiX™)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [69880 2016-04-20] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [321312 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [271144 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [72856 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [379680 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648480 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [408864 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [83752 2016-04-27] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [41600 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [199464 2016-04-27] (McAfee, Inc.)
R3 NETwNs32; C:\Windows\System32\drivers\NETwNs32.sys [7518208 2015-10-30] (Intel Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2016-08-19] (AVG Netherlands B.V.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
S3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-24 23:55 - 2016-08-24 23:57 - 00016005 _____ C:\Users\User\Downloads\FRST.txt
2016-08-24 23:55 - 2016-08-24 23:55 - 00000000 ____D C:\FRST
2016-08-24 23:54 - 2016-08-24 23:55 - 01746432 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2016-08-24 23:42 - 2016-08-24 23:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\User\Downloads\HijackThis.exe
2016-08-24 23:35 - 2016-08-24 23:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SWEET_ASS-Windows-10-Pro-(32-bit).dat
2016-08-24 23:35 - 2016-08-24 23:35 - 00000042 _____ C:\repairs_running.dat
2016-08-24 23:34 - 2016-08-24 23:34 - 00002220 _____ C:\Users\User\Desktop\Tweaking.com - Windows Repair.lnk
2016-08-24 23:32 - 2016-08-24 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-08-24 23:31 - 2016-08-24 23:34 - 00181480 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-08-24 23:11 - 2016-08-24 23:11 - 39952384 _____ C:\Windows\system32\config\SOFTWARE.iobit
2016-08-24 23:11 - 2016-08-24 23:11 - 00286720 _____ C:\Windows\system32\config\DEFAULT.iobit
2016-08-24 23:11 - 2016-08-24 23:11 - 00069632 _____ C:\Windows\system32\config\SAM.iobit
2016-08-24 23:11 - 2016-08-24 23:11 - 00028672 _____ C:\Windows\system32\config\SECURITY.iobit
2016-08-24 22:51 - 2016-08-24 22:51 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-24 22:11 - 2016-08-24 22:11 - 00001662 _____ C:\Users\User\Downloads\Storm Of The Century - Stephen King Mini-Series 1999 Eng Fre Ita Multi-Subs [H264-mp4].lnk
2016-08-24 19:18 - 2016-08-24 23:09 - 00002518 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2016-08-24 19:18 - 2016-08-24 19:18 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-08-24 19:18 - 2016-08-19 16:36 - 00049936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-08-24 19:12 - 2016-08-24 19:12 - 03135696 _____ (AVG Technologies CZ, s.r.o.) C:\Users\User\Downloads\AVG_PCTuneUp_704.exe
2016-08-24 17:39 - 2016-08-24 17:39 - 00001235 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2016-08-24 17:39 - 2016-08-24 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2016-08-24 16:54 - 2016-08-24 16:54 - 00000017 _____ C:\Users\User\AppData\Local\resmon.resmoncfg
2016-08-24 16:05 - 2016-04-14 09:40 - 00001660 _____ C:\Users\User\Desktop\Serial Key.txt
2016-08-24 15:44 - 2016-08-24 16:08 - 00000000 ____D C:\Users\User\Downloads\AVG PC TuneUp 2016 16.32.2.3320 (x86x64) + Serial Keys [SadeemPC]
2016-08-24 15:09 - 2016-08-24 23:35 - 00000036 _____ C:\repair_starting.dat
2016-08-23 21:58 - 2016-08-23 21:58 - 00000000 ____D C:\Program Files\Tweaking.com
2016-08-23 19:23 - 2016-08-24 23:15 - 00000296 _____ C:\Windows\Tasks\Uninstaller_SkipUac_User.job
2016-08-23 19:21 - 2016-08-23 19:21 - 00000310 _____ C:\Windows\Tasks\Driver Booster Scheduler.job
2016-08-23 19:21 - 2016-08-23 19:21 - 00000266 _____ C:\Windows\Tasks\Driver Booster SkipUAC (User).job
2016-08-22 23:55 - 2016-08-22 23:56 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-08-22 18:02 - 2016-08-23 03:50 - 00000000 ____D C:\Users\User\Downloads\Storm Of The Century - Stephen King Mini-Series 1999 Eng Fre Ita Multi-Subs [H264-mp4]
2016-08-21 06:10 - 2016-08-24 16:17 - 00000256 _____ C:\Windows\Tasks\ASC9_SkipUac_User.job
2016-08-21 06:10 - 2016-08-23 19:13 - 00002188 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-08-21 06:06 - 2016-08-23 21:50 - 00000000 ____D C:\Users\User\Downloads\Advanced SystemCare Pro 9.4.0.1131 Multilingual Incl Key+ Portable [SadeemPC]
2016-08-21 06:00 - 2016-08-21 06:00 - 00002191 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-08-21 06:00 - 2016-08-21 06:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-08-21 05:50 - 2016-08-24 19:39 - 00000000 ____D C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial
2016-08-19 17:26 - 2016-08-24 15:21 - 00000000 ____D C:\Users\User\AppData\LocalLow\BitTorrent
2016-08-15 22:51 - 2016-08-24 23:35 - 00000000 ____D C:\RegBackup
2016-08-15 22:51 - 2016-08-15 22:51 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-1GG8T42-Windows-10-Pro-(32-bit).dat
2016-08-15 22:40 - 2016-08-03 21:01 - 00001712 _____ C:\Users\User\Desktop\Info.txt
2016-08-15 22:40 - 2016-08-03 02:50 - 28944624 _____ (Tweaking.com) C:\Users\User\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-08-15 22:40 - 2016-08-03 02:18 - 00000021 _____ C:\Users\User\Desktop\Key.txt
2016-08-15 22:37 - 2016-08-15 22:38 - 55866074 ____R C:\Users\User\Downloads\Windows Repair Pro (All In One) 3.9.7 & Portable + Serial [4realtorrentz].zip
2016-08-15 22:24 - 2015-11-19 10:35 - 00000460 _____ C:\Users\User\Desktop\Instructions.txt
2016-08-15 22:19 - 2016-08-19 17:33 - 00000000 ____D C:\Users\User\Desktop\pics
2016-08-15 22:16 - 2016-08-15 22:17 - 43811325 ____R C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial.zip
2016-08-15 03:35 - 2016-08-03 02:21 - 00400304 __RSH C:\bootmgr
2016-08-15 03:35 - 2015-10-30 01:45 - 00000001 ___SH C:\BOOTNXT
2016-08-14 12:17 - 2016-08-03 01:52 - 05793632 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-14 12:17 - 2016-08-03 01:52 - 00083808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-08-14 12:17 - 2016-08-03 01:32 - 00413024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-08-14 12:17 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-14 12:17 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-14 12:17 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-08-14 12:17 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-08-14 12:17 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-08-14 12:17 - 2016-08-03 01:29 - 01337680 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-14 12:17 - 2016-08-03 01:29 - 00633192 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-14 12:17 - 2016-08-03 01:28 - 00505136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-14 12:17 - 2016-08-03 01:28 - 00139616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-14 12:17 - 2016-08-03 01:21 - 01712992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-08-14 12:17 - 2016-08-03 01:21 - 00483680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-08-14 12:17 - 2016-08-03 01:21 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-08-14 12:17 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-08-14 12:17 - 2016-08-03 00:48 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2016-08-14 12:17 - 2016-08-03 00:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-08-14 12:17 - 2016-08-03 00:44 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-08-14 12:17 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-08-14 12:17 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-08-14 12:17 - 2016-08-03 00:43 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-08-14 12:17 - 2016-08-03 00:41 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-08-14 12:17 - 2016-08-03 00:40 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-14 12:17 - 2016-08-03 00:39 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-08-14 12:17 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-08-14 12:17 - 2016-08-03 00:35 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-08-14 12:17 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2016-08-14 12:17 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-14 12:17 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-08-14 12:17 - 2016-08-03 00:33 - 01152512 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-08-14 12:17 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-08-14 12:17 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-14 12:17 - 2016-08-03 00:32 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-08-14 12:17 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-08-14 12:17 - 2016-08-03 00:32 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-08-14 12:17 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-14 12:17 - 2016-08-03 00:27 - 02973696 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-08-14 12:17 - 2016-08-03 00:27 - 01903104 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-08-14 12:17 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-14 12:17 - 2016-08-03 00:24 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-08-14 12:17 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-08-14 12:17 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-14 12:17 - 2016-08-03 00:22 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-14 12:17 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-14 12:17 - 2016-08-03 00:22 - 01086976 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-14 12:17 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-08-14 12:16 - 2016-08-03 02:27 - 01303744 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-08-14 12:16 - 2016-08-03 02:27 - 00081088 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-08-14 12:16 - 2016-08-03 02:27 - 00045760 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-08-14 12:16 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-08-14 12:16 - 2016-08-03 01:43 - 00023776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-14 12:16 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-08-14 12:16 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-08-14 12:16 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-08-14 12:16 - 2016-08-03 01:32 - 00260448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-08-14 12:16 - 2016-08-03 01:18 - 00346464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-08-14 12:16 - 2016-08-03 00:58 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-08-14 12:16 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-08-14 12:16 - 2016-08-03 00:44 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-14 12:16 - 2016-08-03 00:43 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2016-08-14 12:16 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-08-14 12:16 - 2016-08-03 00:40 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-08-14 12:16 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-08-14 12:16 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-14 12:16 - 2016-08-03 00:39 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-14 12:16 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-14 12:16 - 2016-08-03 00:37 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-08-14 12:16 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-08-14 12:16 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-08-14 12:16 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-14 12:16 - 2016-08-03 00:33 - 01223168 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-08-14 12:16 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-14 12:16 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-14 12:16 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-14 12:16 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-14 12:16 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-14 12:16 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-08-14 12:16 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-08-14 12:16 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-08-14 12:16 - 2016-08-03 00:20 - 03483648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-08-03 21:00 - 2011-10-24 16:35 - 00000000 ____D C:\Users\User\Desktop\Tweaking.com - Windows Repair Portable
2016-07-28 03:54 - 2016-07-28 03:54 - 00022736 _____ (Broadcom Corp.) C:\Windows\system32\Drivers\btpmw32.sys
2016-07-28 03:53 - 2016-07-28 03:53 - 01470744 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-07-28 03:53 - 2016-07-28 03:53 - 00028248 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\Drivers\ETDSMBus.sys
2016-07-28 03:49 - 2016-07-28 03:54 - 00002185 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-07-28 03:49 - 2016-07-28 03:49 - 00023840 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO32.SYS
2016-07-28 03:49 - 2016-07-28 03:49 - 00000000 ____D C:\Windows\IObit
2016-07-28 03:49 - 2016-07-28 03:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-07-27 23:44 - 2016-07-27 23:44 - 00001466 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook.lnk
2016-07-27 05:44 - 2016-07-27 05:44 - 00000000 ____D C:\ProgramData\Intel Security
2016-07-27 05:43 - 2016-07-27 05:43 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-07-25 23:59 - 2016-07-25 23:59 - 00001995 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2016-07-25 23:58 - 2016-08-24 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-07-25 23:58 - 2016-08-24 23:23 - 00000000 __RSD C:\Users\User\Documents\McAfee Vaults
2016-07-25 23:58 - 2016-07-25 23:58 - 00000000 ____D C:\Users\User\AppData\Local\McAfee File Lock
2016-07-25 23:58 - 2016-02-24 21:07 - 00160064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2016-07-25 23:55 - 2016-07-25 23:55 - 00000000 ____D C:\Program Files\McAfee.com
2016-07-25 23:52 - 2016-04-26 18:07 - 00265968 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-07-25 23:27 - 2016-08-24 19:39 - 00000000 ____D C:\Users\User\dwhelper
2016-07-25 23:26 - 2016-07-25 23:26 - 08249096 _____ (McAfee, Inc.) C:\Users\User\Documents\Setup_serial_IT2Mhc_ZwlSo-cIzYkC9SA2_key.exe
2016-07-25 22:26 - 2016-07-25 22:26 - 00001180 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-25 22:25 - 2016-07-25 22:25 - 48521840 _____ C:\Users\User\Documents\Firefox Setup 47.0.1.exe
2016-07-25 21:25 - 2016-07-25 21:25 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-07-25 20:17 - 2016-08-24 23:09 - 00000000 ____D C:\Windows\pss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-24 23:17 - 2016-06-23 22:05 - 00000000 ____D C:\ProgramData\ProductData
2016-08-24 23:15 - 2016-04-25 17:46 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-24 23:12 - 2016-05-01 15:39 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
2016-08-24 23:05 - 2016-06-23 21:42 - 00000000 ____D C:\Users\User\AppData\Local\AvgSetupLog
2016-08-24 20:55 - 2016-06-13 21:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-24 19:25 - 2015-10-30 01:47 - 00000000 ____D C:\Windows\INF
2016-08-24 19:25 - 2015-10-30 01:13 - 00000000 ____D C:\Windows\system32\Sysprep
2016-08-24 19:17 - 2016-06-23 21:43 - 00000000 ____D C:\Program Files\AVG
2016-08-24 19:15 - 2016-06-23 21:42 - 00000000 ____D C:\ProgramData\Avg
2016-08-24 17:40 - 2016-06-23 22:03 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
2016-08-24 17:07 - 2016-06-30 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2016-08-24 17:07 - 2016-06-30 00:57 - 00000000 ____D C:\Program Files\DAUM
2016-08-24 17:02 - 2016-06-23 22:05 - 00000000 ____D C:\Users\User\AppData\LocalLow\IObit
2016-08-24 17:02 - 2016-06-23 22:03 - 00000000 ____D C:\Program Files\IObit
2016-08-22 20:54 - 2015-10-30 01:48 - 00000000 ____D C:\Windows\AppReadiness
2016-08-22 20:53 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-21 23:02 - 2016-06-23 07:50 - 00001229 _____ C:\Users\User\Documents\facebook pics - Shortcut.lnk
2016-08-21 06:10 - 2016-06-23 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-08-21 03:36 - 2016-04-25 17:48 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-21 03:31 - 2015-10-30 01:13 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-08-21 03:22 - 2016-06-23 20:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-20 23:59 - 2016-07-14 01:26 - 00000000 ____D C:\Windows\Minidump
2016-08-18 07:11 - 2015-10-30 01:48 - 00000000 ____D C:\Windows\rescache
2016-08-18 02:01 - 2015-10-30 01:13 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-08-16 03:07 - 2016-04-25 17:43 - 00192856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-16 03:07 - 2016-04-25 17:37 - 00000000 ____D C:\Windows\CSC
2016-08-16 02:30 - 2015-10-30 01:39 - 00000000 ____D C:\Windows\CbsTemp
2016-08-16 02:09 - 2016-04-25 17:43 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-08-15 22:29 - 2015-10-30 01:48 - 00001241 _____ C:\Windows\system32\Drivers\etc\hosts_bak_322
2016-08-15 03:31 - 2015-10-30 02:58 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-15 03:31 - 2015-10-30 01:48 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-08-15 03:31 - 2015-10-30 01:48 - 00000000 ____D C:\Windows\system32\appraiser
2016-08-14 12:30 - 2016-04-29 19:42 - 00000000 ____D C:\Windows\system32\MRT
2016-08-14 12:30 - 2015-10-30 01:48 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-08-14 12:22 - 2016-04-29 19:42 - 144884648 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 18:33 - 2015-10-30 01:48 - 00000000 ____D C:\Windows\system32\NDF
2016-08-09 20:31 - 2016-06-23 22:03 - 00000000 ____D C:\ProgramData\IObit
2016-08-09 20:30 - 2016-04-29 16:10 - 00000000 ____D C:\Program Files\McAfee
2016-08-05 22:57 - 2016-06-18 11:42 - 00000000 ____D C:\Users\User\instagram
2016-07-28 04:09 - 2016-06-13 21:19 - 00000000 ____D C:\Program Files\TrueKey
2016-07-27 05:43 - 2016-04-29 16:05 - 00000000 ____D C:\ProgramData\McAfee
2016-07-27 05:43 - 2016-04-29 16:05 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-07-27 05:20 - 2016-06-13 21:42 - 00001354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-07-25 23:56 - 2015-10-30 01:48 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-07-25 23:49 - 2016-05-01 15:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-25 22:26 - 2016-06-10 01:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-25 22:26 - 2016-05-01 15:21 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-25 21:28 - 2016-05-01 15:41 - 00002683 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-07-25 21:28 - 2016-04-25 17:50 - 00002366 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-25 21:28 - 2015-10-30 01:48 - 00000000 ____D C:\Windows\Provisioning
2016-07-25 20:03 - 2016-07-14 12:17 - 00000000 ____D C:\Program Files\Safer Technologies
2016-07-25 19:48 - 2016-07-14 12:23 - 00000000 ____D C:\Users\User\AppData\Local\PlutoTV

==================== Files in the root of some directories =======

2016-07-14 01:16 - 2016-07-14 01:16 - 7102976 _____ () C:\Users\User\AppData\Roaming\agent.dat
2016-07-14 01:15 - 2016-07-14 01:15 - 0128512 _____ () C:\Users\User\AppData\Roaming\Installer.dat
2016-07-14 01:16 - 2016-07-14 01:16 - 0018432 _____ () C:\Users\User\AppData\Roaming\Main.dat
2016-08-24 16:54 - 2016-08-24 16:54 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-14 03:18

==================== End of FRST.txt ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-08-2016 01
Ran by User (25-08-2016 00:03:39)
Running from C:\Users\User\Downloads
Windows 10 Pro Version 1511 (X86) (2016-04-25 21:41:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3369071691-433938087-3250132551-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3369071691-433938087-3250132551-503 - Limited - Disabled)
Guest (S-1-5-21-3369071691-433938087-3250132551-501 - Limited - Disabled)
User (S-1-5-21-3369071691-433938087-3250132551-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Advanced SystemCare 9 (HKLM\...\Advanced SystemCare_is1) (Version: 9.3.0 - IObit)
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 16.52.2.34122 - AVG Technologies)
AVG PC TuneUp (Version: 16.52.2 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-3369071691-433938087-3250132551-1000\...\BitTorrent) (Version: 7.9.8.42450 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Driver Booster 3.4 (HKLM\...\Driver Booster_is1) (Version: 3.4 - IObit)
FMW 1 (Version: 1.122.3 - AVG Technologies) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.4.0.125 - IObit)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
McAfee Total Protection (HKLM\...\MSC) (Version: 15.0.166 - McAfee, Inc.)
McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.233 - McAfee, Inc.)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
RICOH Media Driver ver.2.11.01.02 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.11.01.02 - RICOH)
Safer Update Helper (Version: 1.3.129.7 - Safer Technologies, Inc.) Hidden
Start Menu 8 (HKLM\...\IObit_StartMenu8_is1) (Version: 3.1.0.2 - IObit)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.7 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3369071691-433938087-3250132551-1000\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {33492B31-EF55-4088-92E0-DD79422F46A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {36DDBCD6-F5BB-4C11-AB08-ECB32E35680C} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {3D4B0B88-7B72-4634-9684-F8E7EC042233} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {7EC2FE93-C5C9-4AF1-80BD-8F588F64102D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {869C672F-6A6E-4DB4-A93E-8DE2E8FA382C} - System32\Tasks\Uninstaller_SkipUac_User => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-24] (IObit)
Task: {906E8959-93D0-49DF-A7BF-843930B1DF78} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {A03C7FE6-BA09-4160-BF30-9AF217796B97} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-07-07] (McAfee, Inc.)
Task: {A7401EC1-3232-4FF3-B7CF-E2951A7EB51C} - System32\Tasks\Driver Booster SkipUAC (User) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)
Task: {A8B38DA4-AEE1-4466-A82D-6C7E598D23DB} - \{0A790847-080E-0F09-0511-787A0F0D110A} -> No File <==== ATTENTION
Task: {B4DB59E2-6342-40A2-AD3C-243E0E6F53FA} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare\Monitor.exe [2016-05-06] (IObit)
Task: {C1051738-06C9-49D3-B9C9-B7266381588E} - System32\Tasks\Driver Booster Scheduler => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2016-05-18] (IObit)
Task: {CBCDC6FA-737E-406C-8DAF-105A94849B56} - System32\Tasks\ASC9_SkipUac_User => C:\Program Files\IObit\Advanced SystemCare\ASC.exe [2016-05-16] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASC9_SkipUac_User.job => C:\Program Files\IObit\Advanced SystemCare\ASC.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Driver Booster Scheduler.job => C:\Program Files\IObit\Driver Booster\Scheduler.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (User).job => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_User.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1468472820&a=1024132&src=sh&uuid=068b07e8-2df9-4a7f-a15a-7ac4a5c85965"

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-07-12 22:45 - 2016-07-01 00:38 - 01862008 _____ () c:\windows\system32\CoreUIComponents.dll
2016-08-24 17:40 - 2015-12-29 11:30 - 00625440 _____ () C:\Program Files\IObit\LiveUpdate\ProductStatistics.dll
2016-08-21 06:10 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files\IObit\Advanced SystemCare\madExcept_.bpl
2016-08-21 06:10 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files\IObit\Advanced SystemCare\madBasic_.bpl
2016-08-21 06:10 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-08-21 06:00 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2016-08-21 06:00 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-07-12 22:45 - 2016-07-01 00:38 - 01862008 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-24 11:19 - 2016-05-24 11:19 - 00679624 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-08-24 19:14 - 2016-08-24 19:13 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
2016-08-21 06:10 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files\IObit\Advanced SystemCare\webres.dll
2016-08-21 06:10 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files\IObit\Advanced SystemCare\ProductStatistics.dll
2016-08-19 16:28 - 2016-08-19 16:28 - 36682240 _____ () C:\Program Files\AVG\AVG PC TuneUp\libcef.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00011264 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\System.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00009728 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsDialogs.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00006144 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsExec.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00006144 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\ns9FF6.tmp
2015-10-30 01:45 - 2015-10-30 01:45 - 00164224 _____ () c:\windows\system32\WerEtw.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-08-16 01:59 - 2016-08-24 16:18 - 00001083 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1                   idb.iobit.com
127.0.0.1                   asc55.iobit.com
127.0.0.1                   is360.iobit.com
127.0.0.1                   asc.iobit.com
127.0.0.1                   pf.iobit.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3369071691-433938087-3250132551-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\11891471_372950889567643_760231634974708710_o.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8FAB0DEF-F33B-4147-8EE9-06A8C634D5A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BE53B9A3-FA4D-4845-B991-F8F4CA8B8CAD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9FCA00D7-8901-4822-BE1A-732FEC630044}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D22F239F-A8C4-4D3E-B50D-59DAA0626FDD}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{66443556-FBFC-44C7-9195-6836E321D2EB}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{10B769AA-A952-44E4-8B6D-291D0A606920}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AC972CF3-F85A-4B45-92C7-FC940A17BF78}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B6CFC697-30FD-45E4-A7D8-C1706B3829F4}] => (Allow) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CB400EB7-2B4F-4B6C-8A63-2D9F09BC67F2}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{103E45FF-6326-441A-9A65-91EB9EBA60F9}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{9E359C8D-ADC2-4BB3-839B-9781A7948667}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{7641F1D7-F4EB-47ED-9E26-2D3C44D52902}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{2E0E4013-62AD-4259-A44F-4DEFBE61CF29}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{24B9F85B-E9CA-4391-87DF-189840C682AD}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{93E27F42-CF4D-4D00-9CC4-C10C1CA0C86F}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2016 12:06:03 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}

Error: (08/25/2016 12:06:02 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}

Error: (08/25/2016 12:05:54 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}

Error: (08/25/2016 12:05:54 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}

Error: (08/25/2016 12:05:53 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}

Error: (08/25/2016 12:05:53 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}

Error: (08/25/2016 12:05:53 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}

Error: (08/25/2016 12:05:51 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}

Error: (08/25/2016 12:05:50 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}

Error: (08/25/2016 12:05:47 AM) (Source: COM) (EventID: 10031) (User: )
Description: {00000338-0000-0000-C000-000000000046}


System errors:
=============
Error: (08/25/2016 12:05:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Manager service terminated with the following error:
%%5 = Access is denied.

Error: (08/25/2016 12:05:53 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (08/25/2016 12:03:53 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (08/25/2016 12:01:53 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (08/25/2016 12:01:53 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (08/25/2016 12:01:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Manager service terminated with the following error:
%%5 = Access is denied.

Error: (08/25/2016 12:00:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Manager service terminated with the following error:
%%5 = Access is denied.

Error: (08/24/2016 11:59:53 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (08/24/2016 11:57:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (08/24/2016 11:57:53 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}


CodeIntegrity:
===================================
  Date: 2016-08-24 23:37:47.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-16 03:07:59.578
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-15 03:35:16.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-14 19:58:25.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 20:22:29.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 12:22:33.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 17:44:12.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-23 21:30:22.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-23 18:43:38.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-23 18:42:11.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 87%
Total physical RAM: 2003.16 MB
Available physical RAM: 245.5 MB
Total Virtual: 2707.16 MB
Available Virtual: 769.44 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:149.05 GB) (Free:129.99 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 83CBFA25)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 28 August 2016 - 08:36 AM

Greetings Samantha84 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 28 August 2016 - 09:04 AM

Greetings and thank you again for your patience. We have some work to do.

You have very little memory and at 87% usage that does not give your computer much wiggle room to operate. It is clear your computer is compromised but even then your system performance may be limited.
 

Percentage of memory in use: 87%
Total physical RAM: 2003.16 MB


There are a number of programs you have downloaded from less than reputable sources. We need to rid ourselves of those.

Please consider and do this. Boot into Safe Mode with Networking and try the steps. <<Important

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Advanced SystemCare 9
AVG PC TuneUp
Driver Booster 3.4
IObit Uninstaller
Safer Update Helper
McAfee Security Scan Plus
McAfee WebAdvisor
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
C:\Users\User\AppData\Local\Temp\~nsuA.tmp\Au_.exe
C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3369071691-433938087-3250132551-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\user.js [2016-08-24]
S3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X]
Task: {A8B38DA4-AEE1-4466-A82D-6C7E598D23DB} - \{0A790847-080E-0F09-0511-787A0F0D110A} -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1468472820&a=1024132&src=sh&uuid=068b07e8-2df9-4a7f-a15a-7ac4a5c85965"
2016-08-24 23:39 - 2016-08-24 23:39 - 00011264 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\System.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00009728 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsDialogs.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00006144 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsExec.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00006144 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\ns9FF6.tmp
C:\Users\User\Downloads\AVG PC TuneUp 2016 16.32.2.3320 (x86x64) + Serial Keys
C:\Users\User\Downloads\Advanced SystemCare Pro 9.4.0.1131 Multilingual Incl Key+ Portable [SadeemPC]
C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial
C:\Users\User\Downloads\Windows Repair Pro (All In One) 3.9.7 & Portable + Serial [4realtorrentz].zip
C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial.zip
C:\Users\User\Documents\Setup_serial_IT2Mhc_ZwlSo-cIzYkC9SA2_key.exe
C:\Program Files\Safer Technologies
hosts:
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • After your computer automatically reboots check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Revo uninstall all the programs?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Samantha84

Samantha84
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:09:29 AM

Posted 31 August 2016 - 05:15 PM

theres gonna be a delay for another two days



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 31 August 2016 - 05:37 PM

No problem, thanks for letting me know.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 04 September 2016 - 09:56 PM

Greetings,

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 06 September 2016 - 08:31 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Samantha84

Samantha84
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:09:29 AM

Posted 06 September 2016 - 05:17 PM

sorry i took so long getting back to you. im gonna try doing this im not very computer smart lol but from what i read it seems easy so.lol

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 06 September 2016 - 06:29 PM

Thanks for letting me know you are still with me. If you have any questions or difficulties please don't hesitate to ask for help.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Samantha84

Samantha84
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:09:29 AM

Posted 06 September 2016 - 08:18 PM

CreateRestorePoint:
CloseProcesses:
C:\Users\User\AppData\Local\Temp\~nsuA.tmp\Au_.exe
C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3369071691-433938087-3250132551-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\user.js [2016-08-24]
S3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X]
Task: {A8B38DA4-AEE1-4466-A82D-6C7E598D23DB} - \{0A790847-080E-0F09-0511-787A0F0D110A} -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1468472820&a=1024132&src=sh&uuid=068b07e8-2df9-4a7f-a15a-7ac4a5c85965"
2016-08-24 23:39 - 2016-08-24 23:39 - 00011264 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\System.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00009728 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsDialogs.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00006144 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsExec.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00006144 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\ns9FF6.tmp
C:\Users\User\Downloads\AVG PC TuneUp 2016 16.32.2.3320 (x86x64) + Serial Keys
C:\Users\User\Downloads\Advanced SystemCare Pro 9.4.0.1131 Multilingual Incl Key+ Portable [SadeemPC]
C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial
C:\Users\User\Downloads\Windows Repair Pro (All In One) 3.9.7 & Portable + Serial [4realtorrentz].zip
C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial.zip
C:\Users\User\Documents\Setup_serial_IT2Mhc_ZwlSo-cIzYkC9SA2_key.exe
C:\Program Files\Safer Technologies
hosts:
emptytemp:


i hope i did this rite


Edited by Samantha84, 06 September 2016 - 08:18 PM.


#11 Samantha84

Samantha84
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:09:29 AM

Posted 06 September 2016 - 08:43 PM

it still uploaded slow when i started it up,and i still unable to use my start up button.i dont know why it wont work but it hasnt worked since it started .



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 06 September 2016 - 09:40 PM

I'm not sure we got the fix to work properly. Let's try it this way.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------
  • Please download [attachment=184577:fixlist.txt] and save it in the Downloads folder
  • Launch FRST and press the Fix button
  • The tool will create a log in the Downloads folder called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog report
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Samantha84

Samantha84
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:09:29 AM

Posted 07 September 2016 - 01:20 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by User (07-09-2016 13:35:47) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\User\AppData\Local\Temp\~nsuA.tmp\Au_.exe
C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3369071691-433938087-3250132551-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\user.js [2016-08-24]
S3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X]
Task: {A8B38DA4-AEE1-4466-A82D-6C7E598D23DB} - \{0A790847-080E-0F09-0511-787A0F0D110A} -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1468472820&a=1024132&src=sh&uuid=068b07e8-2df9-4a7f-a15a-7ac4a5c85965"
2016-08-24 23:39 - 2016-08-24 23:39 - 00011264 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\System.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00009728 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsDialogs.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00006144 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsExec.dll
2016-08-24 23:39 - 2016-08-24 23:39 - 00006144 _____ () C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\ns9FF6.tmp
C:\Users\User\Downloads\AVG PC TuneUp 2016 16.32.2.3320 (x86x64) + Serial Keys
C:\Users\User\Downloads\Advanced SystemCare Pro 9.4.0.1131 Multilingual Incl Key+ Portable [SadeemPC]
C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial
C:\Users\User\Downloads\Windows Repair Pro (All In One) 3.9.7 & Portable + Serial [4realtorrentz].zip
C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial.zip
C:\Users\User\Documents\Setup_serial_IT2Mhc_ZwlSo-cIzYkC9SA2_key.exe
C:\Program Files\Safer Technologies
hosts:
emptytemp:
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"C:\Users\User\AppData\Local\Temp\~nsuA.tmp\Au_.exe" => not found.
"C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp" => not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3369071691-433938087-3250132551-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\22y91g97.default\user.js => moved successfully
cpuz138 => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8B38DA4-AEE1-4466-A82D-6C7E598D23DB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8B38DA4-AEE1-4466-A82D-6C7E598D23DB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A790847-080E-0F09-0511-787A0F0D110A}" => key removed successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully..
"C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\System.dll" => not found.
"C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsDialogs.dll" => not found.
"C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\nsExec.dll" => not found.
"C:\Users\User\AppData\Local\Temp\nsn8DA5.tmp\ns9FF6.tmp" => not found.
"C:\Users\User\Downloads\AVG PC TuneUp 2016 16.32.2.3320 (x86x64) + Serial Keys" => not found.
"C:\Users\User\Downloads\Advanced SystemCare Pro 9.4.0.1131 Multilingual Incl Key+ Portable [SadeemPC]" => not found.
"C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial" => not found.
"C:\Users\User\Downloads\Windows Repair Pro (All In One) 3.9.7 & Portable + Serial [4realtorrentz].zip" => not found.
"C:\Users\User\Downloads\IObit Advanced System Care Pro v9.3.0.1121 Setup + Serial.zip" => not found.
C:\Users\User\Documents\Setup_serial_IT2Mhc_ZwlSo-cIzYkC9SA2_key.exe => moved successfully
C:\Program Files\Safer Technologies => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6359024 B
Java, Flash, Steam htmlcache => 5848 B
Windows/system/drivers => 266336 B
Edge => 522194 B
Chrome => 0 B
Firefox => 46889585 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 5035 B
LocalService => 40448 B
NetworkService => -650 B
User => 21074148 B

RecycleBin => 79732366 B
EmptyTemp: => 147.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:38:35 ====


Edited by Samantha84, 07 September 2016 - 01:21 PM.


#14 Samantha84

Samantha84
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:09:29 AM

Posted 07 September 2016 - 01:22 PM

hope i did it rite this time lol



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,988 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 07 September 2016 - 03:30 PM

Yes you did. :thumbsup2:

I am assuming your symptoms are still present.

Can you describe what happens when your computer freezes? Is it while you are doing certain things, does it then start working again on its own, etc.?

Were you able to uninstall the programs listed in Post #3?

Please boot into Safe Mode with Networking and tell me if there is a difference.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users