Jump to content

DracoDragon123

Honorary Members
 View Profile  See their activity

  • Posts

    22

  • Joined

  • Last visited

 Content Type 

Everything posted by DracoDragon123

  1. DracoDragon123
    that's great mate, I have uninstalled it. I will reinstall it if I need it as some point. You are a total legend. You've helped me in the past and you never disappoint. I will sort you out a drink soon mate. Thanks Steve
  2. DracoDragon123
    no I think internet explorer is working fine should I just uninstall firefox?
  3. DracoDragon123
    when I'm on the internet google appears (my Homepage) but as soon as I try to use it a new tab opens and takes me to virus page saying I have a virus a message appears on the screen telling me to ring a number immediately and a ladies voice tells me the same through my speakers. I can tell you the address it sends me to if it helps mate
  4. DracoDragon123
    Here is the report mate Fixlog.txt
  5. DracoDragon123
    Here are the reports mate Addition.txt AdwCleanerS0.txt FRST.txt
  6. DracoDragon123
    Here are the reports, thanks Addition.txt FRST.txt Malwarebytes Scan.txt
  7. DracoDragon123
    My lovely sister-in-law has let me borrow her laptop while mine is being repaired, but It was full or malware. I used malwarebytes to remove them but no everything seem to be gone. so I have tried my best to get rid of them. But I still can't use internet explorer or fire fox. when I do new tab always appear and pops up fill the screen from time to time. The programs that I tried my best to remove were PC SpeedBoost, Super Optimizer, MyPC Backup ,PC Tune Up etc. please can you help as I still thing the laptop is infected but I have no idea what to do to fix it. Thanks Steve FRST.txt Addition.txt
  8. DracoDragon123
    I believe this step as fixed the problem mate, I am not longer being re-directed while on the internet and all the pop-up have stopped Thank you so much you are a life save and I am no longer in the dog house with my mum, Please enjoy a drink on me mate. I have attached the log you asked for in case you think I still need to do something, but it seem to be all great and working fine now Fixlog.txt
  9. DracoDragon123
    Oops I'm a fool mate, I missed that rule sorry, don't know if its too late or not but here are the reports. Addition.txt FRST.txt mbar-log-2014-12-27 (10-12-02).txt system-log.txt
  10. DracoDragon123
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014 Ran by BARBARA (administrator) on NELLY on 27-12-2014 12:11:37 Running from C:\Users\BARBARA\Desktop Loaded Profile: BARBARA (Available profiles: BARBARA) Platform: Windows 8.1 (X64) OS Language: English (United Kingdom) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Telefónica) C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files (x86)\Alcatel\Alcatel USB Modem\AutoLauncher.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AlcatelAutoLauncher_O2] => C:\Program Files (x86)\Alcatel\Alcatel USB Modem\AutoLauncher.exe [133120 2012-10-12] () HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\...\RunOnce: [Adobe Speed Launcher] => 1419674859 HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\...\MountPoints2: {ef623ee2-579f-11e3-be7c-d850e6a1ee1d} - "F:\autorun.exe" HKU\S-1-5-18\...\RunOnce: [Adobe Speed Launcher] => 1419273899 ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-2600487388-1721204265-1550977155-1001 -> DefaultScope {262A5238-471A-46E9-94D5-0FD040DB05BA} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141226&p={SearchTerms} SearchScopes: HKU\S-1-5-21-2600487388-1721204265-1550977155-1001 -> {262A5238-471A-46E9-94D5-0FD040DB05BA} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141226&p={SearchTerms} BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: FlaashCOOUpon -> {ebdd3b76-0868-42b8-ae01-bdf53d3dae8d} -> C:\ProgramData\FlaashCOOUpon\DDW516Vxt1TPEo.x64.dll () BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: FlaashCOOUpon -> {ebdd3b76-0868-42b8-ae01-bdf53d3dae8d} -> C:\ProgramData\FlaashCOOUpon\DDW516Vxt1TPEo.dll () Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Winsock: Catalog9-x64 15 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\BARBARA\AppData\Roaming\Mozilla\Firefox\Profiles\jwxmof0b.default FF Homepage: hxxp://www.google.co.uk/ FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: McAfee SafeKey - C:\Users\BARBARA\AppData\Roaming\Mozilla\Firefox\Profiles\jwxmof0b.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-12-26] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-12-26] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-12-26] FF HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\...\Firefox\Extensions: [{667A6518-4359-49AF-E441-408A9C460247}] - C:\Program Files (x86)\ver8CheckMeUp\184.xpi FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-26] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS) R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.) R3 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R3 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R3 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2010-06-09] (Windows ® Codename Longhorn DDK provider) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.) R2 CMWFP; C:\WINDOWS\system32\Drivers\CMWFP64.sys [43168 2014-12-14] (CartCrunch Israel Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-26] () S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [123776 2012-03-31] (TCT International Mobile Ltd.) S3 JRDusbwwan; C:\Windows\system32\DRIVERS\AlcatelUsbWwan.sys [228352 2010-08-05] (TCT International Mobile Ltd) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 10:11 - 2014-12-27 11:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-27 10:10 - 2014-12-27 11:31 - 00000000 ____D () C:\Users\BARBARA\Desktop\mbar 2014-12-27 10:09 - 2014-12-27 10:06 - 16448208 _____ (Malwarebytes Corp.) C:\Users\BARBARA\Desktop\mbar-1.08.2.1001.exe 2014-12-27 02:15 - 2014-12-27 02:17 - 00028662 _____ () C:\Users\BARBARA\Desktop\Addition.txt 2014-12-27 02:13 - 2014-12-27 12:11 - 00018422 _____ () C:\Users\BARBARA\Desktop\FRST.txt 2014-12-27 02:13 - 2014-12-27 12:11 - 00000000 ____D () C:\FRST 2014-12-27 02:12 - 2014-12-27 02:08 - 02122752 _____ (Farbar) C:\Users\BARBARA\Desktop\FRST64.exe 2014-12-26 11:00 - 2014-12-26 11:00 - 00001938 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk 2014-12-26 11:00 - 2014-12-26 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-12-26 10:58 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys 2014-12-26 10:57 - 2014-12-26 11:02 - 00000000 ____D () C:\Program Files (x86)\SafeKey 2014-12-26 10:56 - 2014-12-26 10:56 - 00000000 ____D () C:\Program Files (x86)\McAfee.com 2014-12-26 10:54 - 2014-12-27 01:26 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-12-26 10:54 - 2014-12-26 10:58 - 00000000 ____D () C:\Program Files\McAfee 2014-12-26 10:54 - 2014-12-26 10:54 - 00000000 ____D () C:\Program Files\McAfee.com 2014-12-26 10:46 - 2014-12-26 10:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-12-26 10:46 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe 2014-12-26 02:54 - 2014-12-26 02:54 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2014-12-26 02:54 - 2014-12-26 02:54 - 00001049 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2014-12-26 02:54 - 2014-12-26 02:54 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-12-26 02:46 - 2014-12-26 02:46 - 00001448 _____ () C:\Users\BARBARA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-26 02:30 - 2014-12-26 02:30 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\Mozilla 2014-12-26 02:30 - 2014-12-26 02:30 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\Mozilla 2014-12-26 02:30 - 2014-12-26 02:30 - 00000000 ____D () C:\ProgramData\Mozilla 2014-12-26 01:20 - 2014-12-26 01:20 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-12-26 01:20 - 2014-12-26 01:20 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-12-26 01:06 - 2014-12-26 01:06 - 00014442 _____ () C:\WINDOWS\system32\.crusader 2014-12-26 00:57 - 2014-12-26 01:07 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2014-12-26 00:56 - 2014-12-26 01:06 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-25 23:01 - 2014-12-25 23:03 - 00000000 ____D () C:\AdwCleaner 2014-12-25 22:53 - 2014-12-26 01:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-25 14:27 - 2014-12-25 14:27 - 00001045 _____ () C:\gill.txt 2014-12-25 13:46 - 2014-12-27 10:11 - 00135384 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-25 13:46 - 2014-12-27 10:10 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-25 13:46 - 2014-12-25 13:46 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-25 13:46 - 2014-12-25 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-25 13:46 - 2014-12-25 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-25 13:46 - 2014-12-25 13:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-25 13:46 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-12-25 13:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-25 00:01 - 2014-12-25 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-24 23:59 - 2014-12-24 23:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-24 23:59 - 2014-12-24 23:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-12-23 14:03 - 2014-12-23 14:03 - 00000000 ____D () C:\Packages 2014-12-23 13:37 - 2014-12-23 13:37 - 00184800 _____ () C:\WINDOWS\SysWOW64\XMLOperations.xml 2014-12-22 20:05 - 2014-12-22 20:05 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\QuickScan 2014-12-22 19:55 - 2014-12-04 23:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll 2014-12-22 19:55 - 2014-12-04 23:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll 2014-12-22 18:57 - 2014-12-22 18:57 - 00000000 ____D () C:\TVWizard 2014-12-22 18:56 - 2014-12-26 01:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\FellowSky 2014-12-22 18:56 - 2014-12-25 15:38 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\WTools 2014-12-22 18:56 - 2014-12-25 15:38 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\Store 2014-12-22 18:56 - 2014-12-22 18:56 - 00000078 _____ () C:\Users\BARBARA\AppData\Roaming\Selection Tools.installation.log 2014-12-22 18:56 - 2014-12-14 10:53 - 00043168 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\system32\Drivers\CMWFP64.sys 2014-12-22 18:55 - 2014-12-25 15:43 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\Probit Software 2014-12-22 18:55 - 2014-12-25 15:38 - 00000000 ____D () C:\Program Files (x86)\Bench 2014-12-22 18:55 - 2014-12-25 14:29 - 00000000 ____D () C:\ProgramData\FellowSky 2014-12-22 18:54 - 2014-12-22 18:54 - 00000000 ____D () C:\Program Files (x86)\Probit Software 2014-12-22 18:45 - 2014-12-22 18:45 - 00000000 ____D () C:\AsusWSWinService 2014-12-22 18:41 - 2014-11-17 20:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-12-22 18:41 - 2014-11-17 20:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2014-12-22 18:41 - 2014-11-14 06:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2014-12-22 18:41 - 2014-11-14 06:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2014-12-22 18:41 - 2014-11-14 06:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2014-12-22 18:41 - 2014-11-14 06:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-22 18:41 - 2014-11-14 06:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-12-22 18:41 - 2014-11-14 04:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-22 18:37 - 2014-12-22 18:37 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\TVWizard 2014-12-22 18:36 - 2014-12-22 22:36 - 00000000 ___HD () C:\Users\Public\Temp 2014-12-22 18:36 - 2014-12-22 18:36 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\com 2014-12-22 18:35 - 2014-12-22 18:35 - 00004012 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup 2014-12-22 18:34 - 2014-12-25 15:38 - 00000000 ____D () C:\ProgramData\JqJTHY 2014-12-22 18:34 - 2014-12-25 15:38 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-12-22 18:34 - 2014-12-25 12:23 - 00002450 _____ () C:\WINDOWS\patsearch.bin 2014-12-22 18:34 - 2014-12-22 18:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf 2014-12-22 18:34 - 2014-12-22 18:34 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\globalUpdate 2014-12-22 14:30 - 2014-12-25 14:29 - 00000000 ____D () C:\ProgramData\FlaashCOOUpon 2014-12-22 14:30 - 2014-12-22 14:30 - 00000000 ____D () C:\ProgramData\f25cb3e6521ce1d6 2014-12-21 20:31 - 2014-12-21 20:31 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-12-18 17:59 - 2014-12-18 17:59 - 00775968 _____ (Reimage®) C:\Users\BARBARA\Downloads\ReimageRepair.exe 2014-12-15 22:22 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-15 22:22 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-10 23:54 - 2014-12-10 23:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-10 17:07 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-10 17:07 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 17:07 - 2014-10-30 23:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-10 17:07 - 2014-10-30 23:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-10 17:05 - 2014-12-03 23:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-10 17:05 - 2014-12-03 23:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-10 17:05 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-10 17:05 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-10 17:05 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-10 17:05 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-10 17:05 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-10 17:05 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-10 17:05 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-10 17:05 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-10 17:05 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-10 17:05 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-10 17:05 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-10 17:05 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-10 17:05 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-10 17:05 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-10 17:05 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-10 17:05 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-10 17:05 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-10 17:05 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-10 17:05 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-10 17:05 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-10 17:05 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-10 17:05 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-10 17:05 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-10 17:05 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-10 17:05 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-10 17:05 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-10 17:05 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-10 17:05 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-10 17:05 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-10 17:05 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-10 17:05 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-10 17:05 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-10 17:05 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-10 17:05 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-10 17:05 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-10 17:05 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-10 17:05 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-10 17:05 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-10 17:05 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-10 17:05 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-10 17:05 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-10 17:05 - 2014-10-13 02:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-10 17:05 - 2014-10-13 02:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-10 17:05 - 2014-10-13 02:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-10 17:05 - 2014-10-13 02:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 12:00 - 2013-10-07 04:02 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1 2014-12-27 12:00 - 2013-10-07 04:02 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2 2014-12-27 12:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-27 10:38 - 2014-01-22 11:41 - 00000000 ___DO () C:\Users\BARBARA\SkyDrive 2014-12-27 10:37 - 2013-11-06 20:52 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2600487388-1721204265-1550977155-1001 2014-12-27 10:26 - 2014-01-22 11:27 - 01106922 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-27 10:10 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\tracing 2014-12-27 10:09 - 2013-11-06 20:51 - 00000062 _____ () C:\Users\BARBARA\AppData\Roaming\sp_data.sys 2014-12-27 10:08 - 2014-01-22 11:49 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B0CCF52-09A8-473D-9842-C2C3D06D98F2} 2014-12-27 10:08 - 2013-10-07 04:07 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G 2014-12-27 10:08 - 2013-10-07 04:05 - 00003268 _____ () C:\WINDOWS\System32\Tasks\AsusVibeSchedule 2014-12-27 10:08 - 2013-10-07 04:05 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus 2014-12-27 10:08 - 2013-10-07 04:05 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU 2014-12-27 10:08 - 2013-10-07 04:05 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON 2014-12-27 10:08 - 2013-10-07 03:57 - 00003540 _____ () C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher 2014-12-27 01:26 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-27 01:26 - 2013-08-22 14:44 - 00337840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-12-27 01:25 - 2013-11-14 04:34 - 01310178 _____ () C:\WINDOWS\PFRO.log 2014-12-27 01:25 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-26 16:56 - 2013-04-25 23:18 - 00000000 ____D () C:\ProgramData\McAfee 2014-12-26 16:35 - 2014-09-01 08:18 - 00000365 _____ () C:\Users\BARBARA\AppData\Roaming\YEHTWSFT 2014-12-26 16:35 - 2014-09-01 08:18 - 00000365 _____ () C:\Users\BARBARA\AppData\Roaming\UPZTMF 2014-12-26 12:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-26 11:03 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-12-26 10:56 - 2012-07-26 08:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-12-26 02:43 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-26 02:31 - 2013-11-14 12:45 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-26 00:21 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-25 22:52 - 2013-08-22 14:46 - 00290114 _____ () C:\WINDOWS\setupact.log 2014-12-25 17:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-12-25 16:49 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SchCache 2014-12-25 15:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PLA 2014-12-25 14:29 - 2012-07-26 05:26 - 00000226 _____ () C:\WINDOWS\win.ini 2014-12-22 18:43 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-12-22 18:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2014-12-21 20:29 - 2013-11-29 13:42 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-21 20:24 - 2013-11-07 00:11 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\Adobe 2014-12-19 19:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy 2014-12-10 23:54 - 2014-07-10 15:37 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-10 23:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2014-12-10 23:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-10 23:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-10 23:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-10 19:37 - 2013-11-08 21:23 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-10 19:36 - 2013-11-08 21:23 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some content of TEMP: ==================== C:\Users\BARBARA\AppData\Local\Temp\0004731419591252mcinst.exe C:\Users\BARBARA\AppData\Local\Temp\144CC280-B594-EA99-C7D1-886ECFA425DA.dll C:\Users\BARBARA\AppData\Local\Temp\B2B80E25-CB02-949E-BB97-F22E65F1A1B7.exe C:\Users\BARBARA\AppData\Local\Temp\dllnt_dump.dll C:\Users\BARBARA\AppData\Local\Temp\optprosetup.exe C:\Users\BARBARA\AppData\Local\Temp\SavePass20141110.exe C:\Users\BARBARA\AppData\Local\Temp\setup_384.exe C:\Users\BARBARA\AppData\Local\Temp\SpOrder.dll C:\Users\BARBARA\AppData\Local\Temp\sqlite3.exe C:\Users\BARBARA\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-27 10:37 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014 Ran by BARBARA at 2014-12-27 12:13:05 Running from C:\Users\BARBARA\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Alcatel USB Modem (HKLM-x32\...\{2E35E738-75E8-4C31-8E04-2564619DC7D5}) (Version: 1.002.00001 - Alcatel) ASUS FaceKey (HKLM-x32\...\{ACE24C70-743B-43B0-8045-817FF050800B}) (Version: 4.1.0.0 - ) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.3 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.0 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0010 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS Video DSP (HKLM-x32\...\{B80DB514-46E5-43AA-B68C-1EBBF5CF7D34}) (Version: 1.0.000 - ) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.5230.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS) Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Connection Manager (HKLM-x32\...\O2UK) (Version: 8.7.6.800 - Connection Manager) Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EPSON PX730 Series Printer Uninstall (HKLM\...\EPSON PX730 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.) McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.) McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS) Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Driver Package - ASUS (ATP) Mouse (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-12-2014 19:31:07 Windows Update 17-12-2014 22:12:40 Scheduled Checkpoint 22-12-2014 18:42:00 Windows Update 25-12-2014 22:55:24 Revo Uninstaller's restore point - ShowPass Smartbar Engine ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1E9B16FC-AAE9-4ADD-A34A-7BC251D988B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation) Task: {3F3E6EF3-0FD8-43BA-9C1B-90322F6C5EE7} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {4956FC68-8FCD-4C83-9567-9E7BE2C2265E} - \DonutQuotes No Task File <==== ATTENTION Task: {49D0356B-770D-497A-ADC0-ED5D55C48CE6} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.) Task: {542F517F-C525-40BE-8D74-04A461B4037B} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-06-28] (AsusTek) Task: {5917CAD0-43C7-440A-BB29-2E0CA13EEA2E} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.) Task: {627C383B-DFAE-426D-AB64-BA3EAB639E9B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS) Task: {69AE730B-B386-4D2E-8D9B-D73D7BBFBDD7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS) Task: {7B0BCCD1-7829-4032-A142-0A0F7DB4591D} - \upfs7235 No Task File <==== ATTENTION Task: {83CB47EE-821A-411F-9050-3F9146DA8550} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-06-03] (ASUSTeK Computer Inc.) Task: {8F8187BC-7979-484C-9205-F369367B1464} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] () Task: {96668DAF-F5C9-4394-85F3-6DE6F8F084AF} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {A1E54F9A-E563-408D-BDFF-E1CE9405FB52} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe Task: {A8CB71B4-D4D5-4E58-A895-6F0A062BD4E8} - \Selection Tools Update No Task File <==== ATTENTION Task: {F86032F0-0BEE-4DCF-BFC1-E1115F128FAD} - \WindApp Update No Task File <==== ATTENTION Task: {FD7FA900-4A53-4A17-AEA9-2E00610C63C3} - \Chrome No Task File <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2012-12-19 06:10 - 2012-12-19 06:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe 2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-05-15 09:59 - 2012-10-12 09:59 - 00133120 _____ () C:\Program Files (x86)\Alcatel\Alcatel USB Modem\AutoLauncher.exe 2013-06-19 19:49 - 2013-06-19 19:49 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2014-11-25 15:50 - 2014-11-25 15:50 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2013-10-07 03:48 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2013-04-29 13:17 - 2013-04-29 13:17 - 00587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2013-04-27 09:24 - 2013-04-27 09:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\BARBARA\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe" MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s ========================= Accounts: ========================== Administrator (S-1-5-21-2600487388-1721204265-1550977155-500 - Administrator - Disabled) BARBARA (S-1-5-21-2600487388-1721204265-1550977155-1001 - Administrator - Enabled) => C:\Users\BARBARA Guest (S-1-5-21-2600487388-1721204265-1550977155-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2600487388-1721204265-1550977155-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/27/2014 03:04:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NELLY) Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/26/2014 01:05:02 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 18b4 Start Time: 01d0210bd806ea5c Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: cbdbdb2c-8cff-11e4-bebc-d850e6a1ee1d Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (12/26/2014 11:32:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11f8 Start Time: 01d020fef725dc01 Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: ebee0067-8cf2-11e4-bebc-d850e6a1ee1d Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (12/25/2014 01:43:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LIVECOMM.EXE version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3028 Start Time: 01d02046e75ca39f Termination Time: 4294967295 Application Path: C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_17.5.9600.20689_X64__8WEKYB3D8BBWE\LIVECOMM.EXE Report Id: f99184ab-8c3b-11e4-beae-d850e6a1ee1d Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (12/25/2014 01:42:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program STORMWATCHBROWSER.EXE version 1.0.0.21 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3788 Start Time: 01d02043fce3d969 Termination Time: 4294967295 Application Path: C:\USERS\BARBARA\APPDATA\LOCAL\STORMWATCH\STORMWATCHBROWSER.EXE Report Id: cf9905de-8c3b-11e4-beae-d850e6a1ee1d Faulting package full name: Faulting package-relative application ID: Error: (12/25/2014 00:36:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/25/2014 00:29:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SPYWARECLEAR.EXE version 1.3.0.27 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: bf4 Start Time: 01d0203e0fbba279 Termination Time: 4294967295 Application Path: C:\PROGRAM FILES (X86)\SPYWARE CLEAR\SPYWARECLEAR.EXE Report Id: a6a28a76-8c31-11e4-beae-d850e6a1ee1d Faulting package full name: Faulting package-relative application ID: Error: (12/25/2014 00:02:05 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY) Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219' Error: (12/24/2014 11:59:24 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY) Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219' Error: (12/23/2014 03:35:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a38 Start Time: 01d01ec5a1ce55d0 Termination Time: 60000 Application Path: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE Report Id: 1548475b-8ab9-11e4-beae-d850e6a1ee1d Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (12/27/2014 11:29:13 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (12/27/2014 03:04:49 AM) (Source: DCOM) (EventID: 10010) (User: NELLY) Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4 Error: (12/27/2014 03:04:26 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (12/27/2014 02:32:50 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (12/27/2014 01:24:56 AM) (Source: DCOM) (EventID: 10010) (User: NELLY) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/27/2014 01:24:56 AM) (Source: DCOM) (EventID: 10010) (User: NELLY) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/26/2014 11:43:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (12/26/2014 11:09:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Error: (12/26/2014 11:09:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Error: (12/26/2014 11:09:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Microsoft Office Sessions: ========================= Error: (12/27/2014 03:04:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NELLY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (12/26/2014 01:05:02 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703118b401d0210bd806ea5c4294967295C:\WINDOWS\syswow64\wwahost.execbdbdb2c-8cff-11e4-bebc-d850e6a1ee1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (12/26/2014 11:32:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703111f801d020fef725dc014294967295C:\WINDOWS\syswow64\wwahost.exeebee0067-8cf2-11e4-bebc-d850e6a1ee1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (12/25/2014 01:43:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LIVECOMM.EXE17.5.9600.20689302801d02046e75ca39f4294967295C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_17.5.9600.20689_X64__8WEKYB3D8BBWE\LIVECOMM.EXEf99184ab-8c3b-11e4-beae-d850e6a1ee1dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (12/25/2014 01:42:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: STORMWATCHBROWSER.EXE1.0.0.21378801d02043fce3d9694294967295C:\USERS\BARBARA\APPDATA\LOCAL\STORMWATCH\STORMWATCHBROWSER.EXEcf9905de-8c3b-11e4-beae-d850e6a1ee1d Error: (12/25/2014 00:36:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/25/2014 00:29:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SPYWARECLEAR.EXE1.3.0.27bf401d0203e0fbba2794294967295C:\PROGRAM FILES (X86)\SPYWARE CLEAR\SPYWARECLEAR.EXEa6a28a76-8c31-11e4-beae-d850e6a1ee1d Error: (12/25/2014 00:02:05 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY) Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL) Error: (12/24/2014 11:59:24 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY) Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL) Error: (12/23/2014 03:35:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.174161a3801d01ec5a1ce55d060000C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE1548475b-8ab9-11e4-beae-d850e6a1ee1d CodeIntegrity Errors: =================================== Date: 2014-12-26 10:51:32.627 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\abengine64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 10:51:32.252 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\abengine64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:46.209 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:45.853 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:45.384 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:44.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:44.441 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:44.068 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:43.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:43.166 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Celeron® CPU 1007U @ 1.50GHz Percentage of memory in use: 36% Total physical RAM: 3981.74 MB Available physical RAM: 2515.61 MB Total Pagefile: 8333.74 MB Available Pagefile: 6184.81 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:148.49 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:258.15 GB) NTFS Drive f: () (Removable) (Total:14.9 GB) (Free:11.99 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  11. DracoDragon123
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001 www.malwarebytes.org Database version: v2014.12.27.03 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17498 BARBARA :: NELLY [administrator] 27/12/2014 10:12:02 mbar-log-2014-12-27 (10-12-02).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 324250 Time elapsed: 24 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17498 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.497000 GHz Memory total: 4175155200, free: 2586939392 Downloaded database version: v2014.12.27.03 Downloaded database version: v2014.12.23.02 Downloaded database version: v2014.12.06.01 ======================================= Initializing... ------------ Kernel report ------------ 12/27/2014 10:11:49 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\dfsc.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\system32\DRIVERS\AiCharger.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\athw8x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\system32\DRIVERS\RtsBaStor.sys \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\AsusTP.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbfiltr.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\AsHIDSwitch64.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\system32\DRIVERS\mfencbdc.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \??\C:\WINDOWS\system32\Drivers\CMWFP64.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffe000392822d0 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000060\ Lower Device Object: 0xffffe0003a1d7330 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffe000367ea060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000002d\ Lower Device Object: 0xffffe000361313b0 Lower Device Driver Name: \Driver\iaStorA\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe000367ea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000367eab20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000367ea060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe00035452d30, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe000361313b0, DeviceName: \Device\0000002d\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: FE4DC0A GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1068347996 GPT Header CurrentLba = 1 BackupLba 976773167 GPT Header FirstUsableLba 34 LastUsableLba 976773134 GPT Header Guid 11df1ae0-418-400d-8d80-ca924b0077 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1068347996 Backup GPT header CurrentLba = 976773167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 976773134 Backup GPT header Guid 11df1ae0-418-400d-8d80-ca924b0077 Backup GPT header Contains 128 partition entries starting at LBA 976773135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID ee46d80f-652e-45da-aa27-163d89dabf7d FirstLBA 2048 Last LBA 206847 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID c01494d-adf2-4e9f-a4f-43b471a8405b FirstLBA 206848 Last LBA 2050047 Attributes 1 Partition Name Basic data partition Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 53646c7b-dc54-4c16-9bd4-195ad5eff3cb FirstLBA 2050048 Last LBA 2312191 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID bd9ade34-4a2a-44be-a072-74b08ee1e4f5 FirstLBA 2312192 Last LBA 392304639 Attributes 0 Partition Name Basic data partition Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID e7614f13-4717-4c56-b582-c2c4782bf242 FirstLBA 392304640 Last LBA 393021439 Attributes 1 Partition Name Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID fdd28438-2479-4b9d-80ee-6a5faf4823d FirstLBA 393021440 Last LBA 934809599 Attributes 0 Partition Name Basic data partition Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 4440628d-75ec-441a-9232-aa7d96ff2c7e FirstLBA 934809600 Last LBA 976773119 Attributes 1 Partition Name Basic data partition Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffe000392822d0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe0003ad85040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000392822d0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffffe0003a1d7330, DeviceName: \Device\00000060\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 0 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 32 Numsec = 31266784 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 16008609792 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished
  12. DracoDragon123
    Hi I have had help from this site once before and you guys were great so I'm hoping for some of your kind magic again. I'm working on my mums laptop which I think is infected. when I first got involved the was a number of pop-ups appearing on the desktop and the internet world re-direct you to various different sites. I ran Malware bytes scan which found over 2k issues which then quarantined a number of stuff. I managed to uninstall some programs through control panel like Pass show and a couple others that I can't recall. But although it stopped the pop-ups I then was unable to connect to the internet and internet explorer was telling my I had to use proxy server 127.0.0.1;8800. I looking online for advice and ended up turning off internet explorer in windows features then switching back on again. This allowed me to once again use the internet but the desktop pop-ups have returned and internet explorer keep re-direct me to different sites like: am.readytwos.com Bingocafe.com (Keeps popping up) I even installed a McAfee onto the computer in the hope I fixing the problem but both McAfee and Malwarebyes both scan the computer and come back with no issues found. Please can you do whatever you can to help as my mums not happy and missing her daily scrabble games. One last thing I have included the two scan reports you need to get started, but I'm posted them through a different computer as the infected one is totally unable to use the internet right now due to all the re-directing I hope that's not a problem. Thanks Steve Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014 Ran by BARBARA (administrator) on NELLY on 27-12-2014 02:13:27 Running from C:\Users\BARBARA\Desktop Loaded Profile: BARBARA (Available profiles: BARBARA) Platform: Windows 8.1 (X64) OS Language: English (United Kingdom) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Telefónica) C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe () C:\Program Files (x86)\Alcatel\Alcatel USB Modem\AutoLauncher.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AlcatelAutoLauncher_O2] => C:\Program Files (x86)\Alcatel\Alcatel USB Modem\AutoLauncher.exe [133120 2012-10-12] () HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\...\RunOnce: [Adobe Speed Launcher] => 1419643659 HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\...\MountPoints2: {ef623ee2-579f-11e3-be7c-d850e6a1ee1d} - "F:\autorun.exe" HKU\S-1-5-18\...\RunOnce: [Adobe Speed Launcher] => 1419273899 ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ SearchScopes: HKU\S-1-5-21-2600487388-1721204265-1550977155-1001 -> DefaultScope {262A5238-471A-46E9-94D5-0FD040DB05BA} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141226&p={SearchTerms} SearchScopes: HKU\S-1-5-21-2600487388-1721204265-1550977155-1001 -> {262A5238-471A-46E9-94D5-0FD040DB05BA} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D20141226&p={SearchTerms} BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: FlaashCOOUpon -> {ebdd3b76-0868-42b8-ae01-bdf53d3dae8d} -> C:\ProgramData\FlaashCOOUpon\DDW516Vxt1TPEo.x64.dll () BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: FlaashCOOUpon -> {ebdd3b76-0868-42b8-ae01-bdf53d3dae8d} -> C:\ProgramData\FlaashCOOUpon\DDW516Vxt1TPEo.dll () Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Winsock: Catalog9-x64 15 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\BARBARA\AppData\Roaming\Mozilla\Firefox\Profiles\jwxmof0b.default FF Homepage: hxxp://www.google.co.uk/ FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: McAfee SafeKey - C:\Users\BARBARA\AppData\Roaming\Mozilla\Firefox\Profiles\jwxmof0b.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-12-26] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-12-26] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-12-26] FF HKU\S-1-5-21-2600487388-1721204265-1550977155-1001\...\Firefox\Extensions: [{667A6518-4359-49AF-E441-408A9C460247}] - C:\Program Files (x86)\ver8CheckMeUp\184.xpi FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-26] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-12-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS) R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.) R3 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R3 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R3 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2010-06-09] (Windows ® Codename Longhorn DDK provider) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.) R2 CMWFP; C:\WINDOWS\system32\Drivers\CMWFP64.sys [43168 2014-12-14] (CartCrunch Israel Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-12-26] () S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [123776 2012-03-31] (TCT International Mobile Ltd.) S3 JRDusbwwan; C:\Windows\system32\DRIVERS\AlcatelUsbWwan.sys [228352 2010-08-05] (TCT International Mobile Ltd) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 02:13 - 2014-12-27 02:14 - 00018500 _____ () C:\Users\BARBARA\Desktop\FRST.txt 2014-12-27 02:13 - 2014-12-27 02:13 - 00000000 ____D () C:\FRST 2014-12-27 02:12 - 2014-12-27 02:08 - 02122752 _____ (Farbar) C:\Users\BARBARA\Desktop\FRST64.exe 2014-12-26 11:00 - 2014-12-26 11:00 - 00001938 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk 2014-12-26 11:00 - 2014-12-26 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-12-26 10:58 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys 2014-12-26 10:57 - 2014-12-26 11:02 - 00000000 ____D () C:\Program Files (x86)\SafeKey 2014-12-26 10:56 - 2014-12-26 10:56 - 00000000 ____D () C:\Program Files (x86)\McAfee.com 2014-12-26 10:54 - 2014-12-27 01:26 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-12-26 10:54 - 2014-12-26 10:58 - 00000000 ____D () C:\Program Files\McAfee 2014-12-26 10:54 - 2014-12-26 10:54 - 00000000 ____D () C:\Program Files\McAfee.com 2014-12-26 10:46 - 2014-12-26 10:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-12-26 10:46 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe 2014-12-26 02:54 - 2014-12-26 02:54 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2014-12-26 02:54 - 2014-12-26 02:54 - 00001049 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2014-12-26 02:54 - 2014-12-26 02:54 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-12-26 02:46 - 2014-12-26 02:46 - 00001448 _____ () C:\Users\BARBARA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-26 02:30 - 2014-12-26 02:30 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\Mozilla 2014-12-26 02:30 - 2014-12-26 02:30 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\Mozilla 2014-12-26 02:30 - 2014-12-26 02:30 - 00000000 ____D () C:\ProgramData\Mozilla 2014-12-26 01:20 - 2014-12-26 01:20 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-12-26 01:20 - 2014-12-26 01:20 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-12-26 01:06 - 2014-12-26 01:06 - 00014442 _____ () C:\WINDOWS\system32\.crusader 2014-12-26 00:57 - 2014-12-26 01:07 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2014-12-26 00:56 - 2014-12-26 01:06 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-25 23:01 - 2014-12-25 23:03 - 00000000 ____D () C:\AdwCleaner 2014-12-25 22:53 - 2014-12-26 01:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-25 14:27 - 2014-12-25 14:27 - 00001045 _____ () C:\gill.txt 2014-12-25 13:46 - 2014-12-27 01:54 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-25 13:46 - 2014-12-25 13:46 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-25 13:46 - 2014-12-25 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-25 13:46 - 2014-12-25 13:46 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-25 13:46 - 2014-12-25 13:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-25 13:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-25 13:46 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-12-25 13:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-25 00:01 - 2014-12-25 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-24 23:59 - 2014-12-24 23:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-24 23:59 - 2014-12-24 23:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-12-23 14:03 - 2014-12-23 14:03 - 00000000 ____D () C:\Packages 2014-12-23 13:37 - 2014-12-23 13:37 - 00184800 _____ () C:\WINDOWS\SysWOW64\XMLOperations.xml 2014-12-22 20:05 - 2014-12-22 20:05 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\QuickScan 2014-12-22 19:55 - 2014-12-04 23:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll 2014-12-22 19:55 - 2014-12-04 23:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll 2014-12-22 18:57 - 2014-12-22 18:57 - 00000000 ____D () C:\TVWizard 2014-12-22 18:56 - 2014-12-26 01:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\FellowSky 2014-12-22 18:56 - 2014-12-25 15:38 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\WTools 2014-12-22 18:56 - 2014-12-25 15:38 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\Store 2014-12-22 18:56 - 2014-12-22 18:56 - 00000078 _____ () C:\Users\BARBARA\AppData\Roaming\Selection Tools.installation.log 2014-12-22 18:56 - 2014-12-14 10:53 - 00043168 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\system32\Drivers\CMWFP64.sys 2014-12-22 18:55 - 2014-12-25 15:43 - 00000000 ____D () C:\Users\BARBARA\AppData\Roaming\Probit Software 2014-12-22 18:55 - 2014-12-25 15:38 - 00000000 ____D () C:\Program Files (x86)\Bench 2014-12-22 18:55 - 2014-12-25 14:29 - 00000000 ____D () C:\ProgramData\FellowSky 2014-12-22 18:54 - 2014-12-22 18:54 - 00000000 ____D () C:\Program Files (x86)\Probit Software 2014-12-22 18:45 - 2014-12-22 18:45 - 00000000 ____D () C:\AsusWSWinService 2014-12-22 18:41 - 2014-11-17 20:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-12-22 18:41 - 2014-11-17 20:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2014-12-22 18:41 - 2014-11-14 06:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2014-12-22 18:41 - 2014-11-14 06:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2014-12-22 18:41 - 2014-11-14 06:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2014-12-22 18:41 - 2014-11-14 06:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-22 18:41 - 2014-11-14 06:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-12-22 18:41 - 2014-11-14 04:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-22 18:37 - 2014-12-22 18:37 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\TVWizard 2014-12-22 18:36 - 2014-12-22 22:36 - 00000000 ___HD () C:\Users\Public\Temp 2014-12-22 18:36 - 2014-12-22 18:36 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\com 2014-12-22 18:35 - 2014-12-22 18:35 - 00004012 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup 2014-12-22 18:34 - 2014-12-25 15:38 - 00000000 ____D () C:\ProgramData\JqJTHY 2014-12-22 18:34 - 2014-12-25 15:38 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-12-22 18:34 - 2014-12-25 12:23 - 00002450 _____ () C:\WINDOWS\patsearch.bin 2014-12-22 18:34 - 2014-12-22 18:34 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf 2014-12-22 18:34 - 2014-12-22 18:34 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\globalUpdate 2014-12-22 14:30 - 2014-12-25 14:29 - 00000000 ____D () C:\ProgramData\FlaashCOOUpon 2014-12-22 14:30 - 2014-12-22 14:30 - 00000000 ____D () C:\ProgramData\f25cb3e6521ce1d6 2014-12-21 20:31 - 2014-12-21 20:31 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-12-18 17:59 - 2014-12-18 17:59 - 00775968 _____ (Reimage®) C:\Users\BARBARA\Downloads\ReimageRepair.exe 2014-12-15 22:22 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-15 22:22 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-10 23:54 - 2014-12-10 23:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-10 17:07 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-10 17:07 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-10 17:07 - 2014-10-30 23:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-10 17:07 - 2014-10-30 23:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-10 17:05 - 2014-12-03 23:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-10 17:05 - 2014-12-03 23:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-10 17:05 - 2014-12-02 23:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-10 17:05 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-10 17:05 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-10 17:05 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-10 17:05 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-10 17:05 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-10 17:05 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-10 17:05 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-10 17:05 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-10 17:05 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-10 17:05 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-10 17:05 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-10 17:05 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-10 17:05 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-10 17:05 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-10 17:05 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-10 17:05 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-10 17:05 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-10 17:05 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-10 17:05 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-10 17:05 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-10 17:05 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-10 17:05 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-10 17:05 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-10 17:05 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-10 17:05 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-10 17:05 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-10 17:05 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-10 17:05 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-10 17:05 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-10 17:05 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-10 17:05 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-10 17:05 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-10 17:05 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-10 17:05 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-10 17:05 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-10 17:05 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-10 17:05 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-10 17:05 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-10 17:05 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-10 17:05 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-10 17:05 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-10 17:05 - 2014-10-13 02:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-10 17:05 - 2014-10-13 02:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-10 17:05 - 2014-10-13 02:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-10 17:05 - 2014-10-13 02:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 02:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-27 01:51 - 2013-11-06 20:52 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2600487388-1721204265-1550977155-1001 2014-12-27 01:31 - 2013-11-06 20:51 - 00000062 _____ () C:\Users\BARBARA\AppData\Roaming\sp_data.sys 2014-12-27 01:30 - 2013-10-07 04:05 - 00003268 _____ () C:\WINDOWS\System32\Tasks\AsusVibeSchedule 2014-12-27 01:30 - 2013-10-07 04:05 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus 2014-12-27 01:30 - 2013-10-07 04:05 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU 2014-12-27 01:30 - 2013-10-07 04:05 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON 2014-12-27 01:29 - 2013-10-07 04:07 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G 2014-12-27 01:29 - 2013-10-07 03:57 - 00003540 _____ () C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher 2014-12-27 01:27 - 2014-01-22 11:41 - 00000000 ___DO () C:\Users\BARBARA\SkyDrive 2014-12-27 01:26 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-27 01:26 - 2013-08-22 14:44 - 00337840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-12-27 01:25 - 2013-11-14 04:34 - 01310178 _____ () C:\WINDOWS\PFRO.log 2014-12-27 01:25 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-27 01:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\tracing 2014-12-27 01:19 - 2014-01-22 11:27 - 01052241 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-26 22:11 - 2014-01-22 11:49 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B0CCF52-09A8-473D-9842-C2C3D06D98F2} 2014-12-26 16:56 - 2013-04-25 23:18 - 00000000 ____D () C:\ProgramData\McAfee 2014-12-26 16:35 - 2014-09-01 08:18 - 00000365 _____ () C:\Users\BARBARA\AppData\Roaming\YEHTWSFT 2014-12-26 16:35 - 2014-09-01 08:18 - 00000365 _____ () C:\Users\BARBARA\AppData\Roaming\UPZTMF 2014-12-26 12:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-26 12:29 - 2013-10-07 04:02 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1 2014-12-26 12:29 - 2013-10-07 04:02 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2 2014-12-26 11:03 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-12-26 10:56 - 2012-07-26 08:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-12-26 02:43 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-26 02:31 - 2013-11-14 12:45 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-26 00:21 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-25 22:52 - 2013-08-22 14:46 - 00290114 _____ () C:\WINDOWS\setupact.log 2014-12-25 17:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-12-25 16:49 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SchCache 2014-12-25 15:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PLA 2014-12-25 14:29 - 2012-07-26 05:26 - 00000226 _____ () C:\WINDOWS\win.ini 2014-12-22 18:43 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-12-22 18:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2014-12-21 20:29 - 2013-11-29 13:42 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-21 20:24 - 2013-11-07 00:11 - 00000000 ____D () C:\Users\BARBARA\AppData\Local\Adobe 2014-12-19 19:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy 2014-12-10 23:54 - 2014-07-10 15:37 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-10 23:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2014-12-10 23:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-10 23:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-10 23:54 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-10 19:37 - 2013-11-08 21:23 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-10 19:36 - 2013-11-08 21:23 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some content of TEMP: ==================== C:\Users\BARBARA\AppData\Local\Temp\0004731419591252mcinst.exe C:\Users\BARBARA\AppData\Local\Temp\144CC280-B594-EA99-C7D1-886ECFA425DA.dll C:\Users\BARBARA\AppData\Local\Temp\B2B80E25-CB02-949E-BB97-F22E65F1A1B7.exe C:\Users\BARBARA\AppData\Local\Temp\dllnt_dump.dll C:\Users\BARBARA\AppData\Local\Temp\optprosetup.exe C:\Users\BARBARA\AppData\Local\Temp\SavePass20141110.exe C:\Users\BARBARA\AppData\Local\Temp\setup_384.exe C:\Users\BARBARA\AppData\Local\Temp\SpOrder.dll C:\Users\BARBARA\AppData\Local\Temp\sqlite3.exe C:\Users\BARBARA\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-26 09:53 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014 Ran by BARBARA at 2014-12-27 02:15:34 Running from C:\Users\BARBARA\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Alcatel USB Modem (HKLM-x32\...\{2E35E738-75E8-4C31-8E04-2564619DC7D5}) (Version: 1.002.00001 - Alcatel) ASUS FaceKey (HKLM-x32\...\{ACE24C70-743B-43B0-8045-817FF050800B}) (Version: 4.1.0.0 - ) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.3 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.0 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0010 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS Video DSP (HKLM-x32\...\{B80DB514-46E5-43AA-B68C-1EBBF5CF7D34}) (Version: 1.0.000 - ) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.5230.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS) Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Connection Manager (HKLM-x32\...\O2UK) (Version: 8.7.6.800 - Connection Manager) Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EPSON PX730 Series Printer Uninstall (HKLM\...\EPSON PX730 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.) McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.) McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS) Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Driver Package - ASUS (ATP) Mouse (05/09/2013 1.0.0.173) (HKLM\...\1016059FBF327ED9E3BAE758BD08CF10D3C6252D) (Version: 05/09/2013 1.0.0.173 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-12-2014 19:31:07 Windows Update 17-12-2014 22:12:40 Scheduled Checkpoint 22-12-2014 18:42:00 Windows Update 25-12-2014 22:55:24 Revo Uninstaller's restore point - ShowPass Smartbar Engine ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3F3E6EF3-0FD8-43BA-9C1B-90322F6C5EE7} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {4956FC68-8FCD-4C83-9567-9E7BE2C2265E} - \DonutQuotes No Task File <==== ATTENTION Task: {542F517F-C525-40BE-8D74-04A461B4037B} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-06-28] (AsusTek) Task: {627C383B-DFAE-426D-AB64-BA3EAB639E9B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS) Task: {69AE730B-B386-4D2E-8D9B-D73D7BBFBDD7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS) Task: {6DB0204B-14D0-4C7A-815A-1782EF9044C3} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.) Task: {769F021C-DD6A-45FF-ABCA-6EDB127FCABE} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.) Task: {7B0BCCD1-7829-4032-A142-0A0F7DB4591D} - \upfs7235 No Task File <==== ATTENTION Task: {83CB47EE-821A-411F-9050-3F9146DA8550} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-06-03] (ASUSTeK Computer Inc.) Task: {8F8187BC-7979-484C-9205-F369367B1464} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] () Task: {96668DAF-F5C9-4394-85F3-6DE6F8F084AF} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {A1E54F9A-E563-408D-BDFF-E1CE9405FB52} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe Task: {A8CB71B4-D4D5-4E58-A895-6F0A062BD4E8} - \Selection Tools Update No Task File <==== ATTENTION Task: {E6EDD859-3FB4-4D06-A61C-42FD13FD1529} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation) Task: {F86032F0-0BEE-4DCF-BFC1-E1115F128FAD} - \WindApp Update No Task File <==== ATTENTION Task: {FD7FA900-4A53-4A17-AEA9-2E00610C63C3} - \Chrome No Task File <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-05-15 09:59 - 2012-10-12 09:59 - 00133120 _____ () C:\Program Files (x86)\Alcatel\Alcatel USB Modem\AutoLauncher.exe 2012-12-19 06:10 - 2012-12-19 06:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe 2013-06-19 19:49 - 2013-06-19 19:49 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2013-10-07 03:48 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2013-04-29 13:17 - 2013-04-29 13:17 - 00587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-12-22 14:30 - 2014-12-22 14:30 - 00559104 _____ () C:\ProgramData\FlaashCOOUpon\DDW516Vxt1TPEo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\BARBARA\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe" MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s ========================= Accounts: ========================== Administrator (S-1-5-21-2600487388-1721204265-1550977155-500 - Administrator - Disabled) BARBARA (S-1-5-21-2600487388-1721204265-1550977155-1001 - Administrator - Enabled) => C:\Users\BARBARA Guest (S-1-5-21-2600487388-1721204265-1550977155-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2600487388-1721204265-1550977155-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/26/2014 01:05:02 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 18b4 Start Time: 01d0210bd806ea5c Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: cbdbdb2c-8cff-11e4-bebc-d850e6a1ee1d Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (12/26/2014 11:32:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11f8 Start Time: 01d020fef725dc01 Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: ebee0067-8cf2-11e4-bebc-d850e6a1ee1d Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (12/25/2014 01:43:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LIVECOMM.EXE version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3028 Start Time: 01d02046e75ca39f Termination Time: 4294967295 Application Path: C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_17.5.9600.20689_X64__8WEKYB3D8BBWE\LIVECOMM.EXE Report Id: f99184ab-8c3b-11e4-beae-d850e6a1ee1d Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (12/25/2014 01:42:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program STORMWATCHBROWSER.EXE version 1.0.0.21 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3788 Start Time: 01d02043fce3d969 Termination Time: 4294967295 Application Path: C:\USERS\BARBARA\APPDATA\LOCAL\STORMWATCH\STORMWATCHBROWSER.EXE Report Id: cf9905de-8c3b-11e4-beae-d850e6a1ee1d Faulting package full name: Faulting package-relative application ID: Error: (12/25/2014 00:36:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/25/2014 00:29:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SPYWARECLEAR.EXE version 1.3.0.27 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: bf4 Start Time: 01d0203e0fbba279 Termination Time: 4294967295 Application Path: C:\PROGRAM FILES (X86)\SPYWARE CLEAR\SPYWARECLEAR.EXE Report Id: a6a28a76-8c31-11e4-beae-d850e6a1ee1d Faulting package full name: Faulting package-relative application ID: Error: (12/25/2014 00:02:05 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY) Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219' Error: (12/24/2014 11:59:24 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY) Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219' Error: (12/23/2014 03:35:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a38 Start Time: 01d01ec5a1ce55d0 Termination Time: 60000 Application Path: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE Report Id: 1548475b-8ab9-11e4-beae-d850e6a1ee1d Faulting package full name: Faulting package-relative application ID: Error: (12/23/2014 02:32:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3698 Start Time: 01d01ebd00080c3e Termination Time: 60000 Application Path: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE Report Id: 5fbf94c3-8ab0-11e4-beae-d850e6a1ee1d Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (12/27/2014 01:24:56 AM) (Source: DCOM) (EventID: 10010) (User: NELLY) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/27/2014 01:24:56 AM) (Source: DCOM) (EventID: 10010) (User: NELLY) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/26/2014 11:43:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (12/26/2014 11:09:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Error: (12/26/2014 11:09:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Error: (12/26/2014 11:09:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Error: (12/26/2014 10:40:21 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (12/26/2014 09:15:04 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (12/26/2014 09:14:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Error: (12/26/2014 09:14:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Microsoft Office Sessions: ========================= Error: (12/26/2014 01:05:02 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703118b401d0210bd806ea5c4294967295C:\WINDOWS\syswow64\wwahost.execbdbdb2c-8cff-11e4-bebc-d850e6a1ee1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (12/26/2014 11:32:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703111f801d020fef725dc014294967295C:\WINDOWS\syswow64\wwahost.exeebee0067-8cf2-11e4-bebc-d850e6a1ee1dMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (12/25/2014 01:43:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LIVECOMM.EXE17.5.9600.20689302801d02046e75ca39f4294967295C:\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.WINDOWSCOMMUNICATIONSAPPS_17.5.9600.20689_X64__8WEKYB3D8BBWE\LIVECOMM.EXEf99184ab-8c3b-11e4-beae-d850e6a1ee1dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (12/25/2014 01:42:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: STORMWATCHBROWSER.EXE1.0.0.21378801d02043fce3d9694294967295C:\USERS\BARBARA\APPDATA\LOCAL\STORMWATCH\STORMWATCHBROWSER.EXEcf9905de-8c3b-11e4-beae-d850e6a1ee1d Error: (12/25/2014 00:36:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/25/2014 00:29:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SPYWARECLEAR.EXE1.3.0.27bf401d0203e0fbba2794294967295C:\PROGRAM FILES (X86)\SPYWARE CLEAR\SPYWARECLEAR.EXEa6a28a76-8c31-11e4-beae-d850e6a1ee1d Error: (12/25/2014 00:02:05 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY) Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL) Error: (12/24/2014 11:59:24 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY) Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL) Error: (12/23/2014 03:35:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.174161a3801d01ec5a1ce55d060000C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE1548475b-8ab9-11e4-beae-d850e6a1ee1d Error: (12/23/2014 02:32:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.17416369801d01ebd00080c3e60000C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE5fbf94c3-8ab0-11e4-beae-d850e6a1ee1d CodeIntegrity Errors: =================================== Date: 2014-12-26 10:51:32.627 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\abengine64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 10:51:32.252 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\abengine64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:46.209 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:45.853 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:45.384 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:44.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:44.441 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:44.068 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:43.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-26 09:51:43.166 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Celeron® CPU 1007U @ 1.50GHz Percentage of memory in use: 39% Total physical RAM: 3981.74 MB Available physical RAM: 2391.39 MB Total Pagefile: 8333.74 MB Available Pagefile: 6525.29 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:149.01 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:258.15 GB) NTFS Drive f: () (Removable) (Total:14.9 GB) (Free:12 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  13. DracoDragon123
    Sorry for my slow reply I just worked a double shift, anyway first off that me say a huge thank you to TwinHeadedEagle for all of his help and to the staff member above for looking into the issue. We hadn't managed to quite sort the issue but I'm confidant that is was just a matter of time. To cut a long story short me and my wife have gotten our wires crossed and while I was at work she allowed her mother (My mother-law) to take her laptop back. She has now gone away for a few weeks on her holidays so as a result I no longer have the laptop that we were working on. I am very grateful for all your help mate. If I get the laptop back once she is back then I will keep trying and maybe come back to this forum if that's allowed but for now I can't do anything as its now on its way to Greece lol. Thanks
  14. DracoDragon123
    Nope still no luck mate, I followed the instructions in the topic but I still have the same problem as before.
  15. DracoDragon123
    Morning, I followed the instructions in that post and used the tool, I then restarted the laptop. However sadly this didn't change anything I still continued to have the same error message appear when trying to install Malwarebytes mate.
  16. DracoDragon123
    I ran the MBAM-Clean and the downloaded malwarebyte from your link. But I'm afraid there was no change I still got the same error message and I was still unable to install it.
  17. DracoDragon123
    Attached is the report you were after. I tired to install Malwarebytes after the tool had restarted the laptop but I got the same error message as before. The installation goes all the way through to the progress bar but just before the it reaches the end the error messages appears. After its finished I'm left with a shortcut for malwarebytes but it can't be opened. Fixlog.txt
  18. DracoDragon123
    Here's the reports mate. Addition.txt FRST.txt
  19. DracoDragon123
    Thank you for your help, I ran the scan and I have attached the report. AdwCleanerS0.txt
  20. DracoDragon123
    Thanks for the help I have now started a new post in the right section now. Cheers
  21. DracoDragon123
    Hi I have used Malwarebytes on many other PC but I have been tasked with the job of fixing my mother in laws laptop and I am having trouble. The laptop itself had a number of software that I wasn't happy with that I removed through add/remove programs on the control panel (touch, Backup my PC) I'm using Firefox on it as windows internet explorer doesn't open. It won't let me install a new version on IE either. windows won't install updates and Firefox doesn't update either. I tried installing Malwarebytes but every time I tried it starts installing then a number of error messages appear the first being... Runtime Error (at 69:252): External exception E06D7363 If I press ok and try to continue the install this error message appears Internal error: Expression error 'Runtime Error (at 45:89): External exception E06D7363 the install then finishes but the program won't open and if I try I get The exception unknown software exception (0x40000015) orrurred in the application at location 0x72fad6fd I have looked around the site for help and I have tired using mbam-clean to get rid of the failed install attempts which it does but it still doesn't let me install malwarebytes. Please can you help me out as I have hit a brick wall and cannot think of how to get things working again. Cheers --------------------------------------------------------- I have attached FRST.txt and Addition.txt logs in this post as for some reason I couldn't paste them in here I think I must have missed something, Also I tried doing the mbam-check.exe on the infected computer to get the other information but it won't work, a black box appeared on the screen for a few minutes then the same error as above appeared on the screen. I would be grateful for any help you can offer, thank you. FRST.txt Addition.txt
  22. DracoDragon123
    Hi I have used Malwarebytes on many other PC but I have been tasked with the job of fixing my mother in-laws laptop and I am having trouble. The laptop itself had a number of software that I wasn't happy with that I removed through add/remove programs on the control (Touch, Backup my PC) I'm using Firefox on it as windows internet explorer doesn't open. It won't let me install a new version on IE either. Windows won't install updates and Firefox doesn't update either. I tried installing Malwarebytes but every time I tried it starts installing then a number of error messages appear the first being... Runtime Error (at 69:252): External exception E06D7363 If I press ok and try to continue the install this error message appears Internal error: Expression error 'Runtime Error (at 45:89): External exception E06D7363 the install then finishes but the program won't open and if I try I get The exception unknown software exception (0x40000015) Orrurred in the application at location 0x72fad6fd I have looked around the site for help and I have tired using mbam-clean to get rid of the failed install attempts which it does but it still doesn't let me install malwarebytes Please can you help me out as I have hit a brick wall and cannot think of how to get things working again, Cheers
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.