noknojon
-
Posts
6,465 -
Joined
-
Last visited
-
Days Won
10
Content Type
Events
Profiles
Forums
Everything posted by noknojon
-
Very sorry to hear of his departure, to what I hope is a more peaceful land. Wide Glide always dropped in with a wise word at relevant times .......... It seems that a few of us from "the early days" drift away, or forget to drop back and just say Hi in the Hon Members area at times. I am just as bad as per normal, and only call in if I want something .
-
[NEWBIE] Need help assesing these logs.
noknojon replied to Tziazoui's topic in Malwarebytes for Windows Support Forum
Hello Tziazoui, and welcome. Please follow the list of items in the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers From here an Expert can help you much better and guide you further.. Please wait your turn, as they may be busy at times, but they will help you as soon as possible. .. Thank You. -
-
@ sman .. A first time poster would suit these, but ??? I / we may be a bit older, but all I can add is W.T.F. ?? (What's That For)...
-
Hello smith070501, This is generally a False Positive in most cases. Please tell us where you downloaded Malwarebytes Anti-Malware from .. Please read How can I add exceptions? - Webroot Community and follow the picture at the bottom of the page. Then if that will not solve it, you must reply to daledoc1 . Thank You.
-
Most of us just go for a simple "wise saying", or other typical item. There was a list of acceptable MBAM logos and I think they still exist around Malwarebytes News or similar areas. Keep it clean, and keep it simple ... (as from gonzo above) ... See >> https://forums.malwarebytes.org/index.php?/topic/107361-malwarebytes-wallpapers/#entry535252 <<This topi for a few other ideas ..
-
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
Thanks again Ron, and things seem to be running OK at this time. I did not want to seem pushy, but I feel that you did a reasonably good investigation into any problem. Delfix cleaned out most logs and tools so all is cleaned up. MCPR tool from McAfee may have done a better job of clean-up this time, so all runs ~ OK ~ I also think the Windows 8.1 has Apps that I do not use, and will never use, so I went to Classic-Shell, and all is more "like a Win 7". Thank You - John - Lock it up - -
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
Things seem to have changed for the better recently, mainly after removal of McAfee. TFC was updated recently (after about 2 or 3 years of the same version) so I deleted mine and got a new version, and ran that. I have no particular problems left that I have noticed, but it did have something when I first posted ? Sorry if I wasted too much time, but it may to check on Firefox updating details, like I posted back - Can I run Delfix to remove the logs and tools left on the desktop for cleaning up, or just Manually delete all items then re-run TFC ?? Again - Thanks for your time (while things have been busy) Regards John - -
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
I ran the McAfee Removal Tool and it seemed to remove something. Just F.Y.I. - Also to check I followed as you wrote - I went to the 3 bars at the top Right for settings , ? ,in the middle for OpenHelp Menu, >> Troubleshootinging Information , and that is where I posted my links.. If I was incorrect, then I must have an "odd" version of Firefox. Also from using Chris's "screen317's Security Check" program ... (a "vague check" for Windows 8.1) Results of screen317's Security Check version 1.007 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 18.0.0.232 Mozilla Firefox (40.0.2) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Thanks ... -
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
I will include a couple of things in this post: I reset I.E. .. .. .. then was trying to reset Firefox as you listed, but have I missed something, or is this a Windows 8.1 thing. I believe that this was the start of the unknown problems, and created the icon shown above. All I get are these, and part of my last problem, I may have hit the wrong one here <<Left side - Right side >> << Is "Reset" = Refresh ? or am I missing something Or should I click another "unseen" button ?? As far as I know, only I.E. and Firefox are installed (by me) since I find too many "holes" seem to show with Chrome. I will go through the listed Uninstall just to see if it is here, but it has not shown anywhere. I have never installed any McAfee programs, but they were the Acer installed default "give-aways" and I contacted McAfee to get help to remove it fully. The only Antivirus I know of is Windows Defender, "(are you just using the built-in one for Windows 8)" I do not mind the Google Search Bar Add-On, as this often saves me logging out while searching elsewhere. TFC (Temp File Cleaner) should be installed, but has not been used since I posted here Thank You -
-
Microsoft Browser "The Edge" windows 10
noknojon replied to Waggles's topic in Malwarebytes for Windows Support Forum
https://forums.malwarebytes.org/index.php?/topic/170669-support-for-the-edge-browser-in-windows-10/#entry977413 You may find the already discussed item (linked above) has a few ideas for you .. Thanks. -
To all in this topic, the helpdesk is the only one that can help with this issue, they are working the best they can to catch up after they had an issue with the helpdesk. Its back on line so they are catching up. If you do NOT already have a ticket at the Help Desk, you may open one >> HERE. << Remember to keep your License and ID in a safe place, as they can be asked for, when requesting help. Please note that Firefox has already given the most suitable reply, and I have copied it again - Can each person only open one ticket with the HelpDesk, as they are being overworked already. You have not been ignored, (none of you) but do not perform actions prior to getting your personal reply. Thanking You .
-
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
While waiting, I re-ran ESET Scanner and it produced C:\Users\John PC\Documents\rcsetup152.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application. This is not the first time I have seen this, but it depended if I used F/fox (where Google add-on is installed) or I.E. (where it is not installed). Today I was using F/fox browser, so this may be the reason ?? Thank You - -
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
These also showed up at "about the same time under a desktop icon that looks like this when Secunia asked to check for updates << DesktopThen this is under the Icon (or when you click on the icon) >>
-
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
Finally ?? got it working eventually, and even then needed to change MBAM site password. Addition.txt As an Attachment and now to Copy / paste Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-08-2015 Ran by John PC (2015-08-14 23:46:47) Running from C:\Users\John PC\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1877073717-3212129561-1314164763-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-1877073717-3212129561-1314164763-501 - Limited - Disabled) John PC (S-1-5-21-1877073717-3212129561-1314164763-1001 - Administrator - Enabled) => C:\Users\John PC ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - ) abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated) abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated) abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2003 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated) AdFender (HKLM-x32\...\AdFender) (Version: 1.83 - AdFender, Inc.) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{6ACE9B2D-3F28-BD76-DB71-957BE60C028D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated) Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - ) Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden CUE CLUB (HKLM-x32\...\CUE_CLUB) (Version: - ) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.57 - CyberLink Corp.) eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated) Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Masque Casino Game Pak II (HKLM-x32\...\Masque Casino Game Pak II) (Version: - ) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 40.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.0.5697 - Mozilla) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG) Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation) Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Relic Rescue (HKLM-x32\...\BFG-Relic Rescue) (Version: - ) Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform) Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB) The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1877073717-3212129561-1314164763-1001_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File ==================== Restore Points ========================= 28-07-2015 20:46:30 restore 02-08-2015 13:45:26 Installed PowerDVD 05-08-2015 09:36:53 JRT Pre-Junkware Removal 10-08-2015 08:17:14 Windows Update 12-08-2015 21:24:08 Removed Skype™ 7.3 14-08-2015 17:14:18 JRT Pre-Junkware Removal ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2401084C-F787-4300-9F0F-F3B241BC80E2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated) Task: {35513097-1C7A-4283-8E5F-29310BCA3B59} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd) Task: {50E190DC-3224-4D2C-8359-FA200A565CDD} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated) Task: {533C6D4B-9AF9-4FA5-BB9B-72CFFD444E61} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] () Task: {6100A029-E549-468C-BF49-5DD8DA76CA11} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {7039BB3B-6602-414B-B994-62C06F6DC8A3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation) Task: {7FE561E8-878B-41B6-8CDB-0EF79DF024A9} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation) Task: {883C67FF-E22B-4E1A-B5E6-DBA271A7919C} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated) Task: {8F2D23FC-19B8-4766-A054-9421CE6CEEAD} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated) Task: {9CE6F710-8D84-4561-AC2F-99E38E5E1C0F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-07-23] (Acer) Task: {A58DBE3B-2174-4D90-830C-19FA7BDAD036} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft) Task: {C1342446-CA2A-4607-BC51-9759CA00D3DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation) Task: {C1F8BA39-3E15-45BE-AFE6-6B05C3E90846} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation) Task: {DE318555-1E1C-469E-A2FD-943271066981} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation) Task: {E25F7E09-0539-414D-8FE4-54ACFCA77665} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2015-07-27 17:46 - 2015-07-27 17:46 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe 2015-08-02 13:30 - 2015-08-02 13:30 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll 2015-07-23 19:09 - 2015-07-23 19:09 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll 2015-07-23 19:09 - 2015-07-23 19:09 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:036B81D9 AlternateDataStreams: C:\ProgramData\Temp:1AC933DC AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:5C92988B AlternateDataStreams: C:\Users\John PC\OneDrive:ms-properties AlternateDataStreams: C:\Users\John PC\Downloads\Fw_ At last - a picture of him!1.eml:OECustomProperty ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 10.1.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{6CF1A262-4271-4083-A732-1C09CFBDEB96}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{0B0F8BE3-898C-472B-A9D1-A93300F217B2}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{17025D74-26A3-40DD-BEB3-75D3FBF131E9}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{378F3D20-A7F5-4CEA-9242-59ED6D9BE664}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{380D0805-B2F2-4829-A17C-816F285F4B56}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{4F691B65-D60B-4791-B417-D58B5492F098}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{332F01E2-DD60-4AD7-B5B0-350F9D39A7FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{335193F0-CA51-4A8F-8925-E6127E2B5B2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{74417CB1-FB4A-4AB8-8687-F8A531705D6D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{9B882628-2B6D-47D5-B3B7-54C760391DD8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{1E35FE9F-2FDA-4D7C-A77A-78F7A80FEBCD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{A2150EC3-DD37-446B-89A7-D82C93B28BB0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{48EE8AF6-2CB5-40B3-BFC7-A0F4F449F492}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{847F981B-5FBA-4965-B1B4-052F590C0C47}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{0D63C9FD-0446-4634-9E57-A69E91FE664B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{5C133BA8-6BF2-4DBE-80B5-DD0698131885}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{3206BD79-CB3F-41FE-9767-F1760CA43BC7}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{73102424-62CB-47B9-A394-91EABC05B04D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe FirewallRules: [{F40CF73B-0635-428A-998A-3F8C31ACA979}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{16ADAF7A-7689-4484-BA66-552604594AEE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe FirewallRules: [{BE59CFFD-DD7E-44F8-BA88-432A396D8076}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{7332B1BD-3BAA-4853-B57F-E4808AB4FFC6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{449143B7-6118-4F9C-8A69-F538EBEC54C0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{76471544-B0F4-4B63-906C-E41AF8D3827C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{93003E86-EDA1-46CE-9266-A5743F71A2A4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{3E8A0188-7B4A-4E0B-A4ED-4726991C09D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe FirewallRules: [{82D6E267-7267-4A49-A0BB-5BD942791F57}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{6D6F3C5C-8360-4519-96FB-C33A7B8694B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe FirewallRules: [{4205CFF7-8898-494E-867B-44F358F1C680}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{94550F96-A14E-45EC-B45D-6F8B726B7B66}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{5E8E15B9-2D5E-449B-AC79-8E9DD1B705A3}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe FirewallRules: [{8DFA0884-58A9-4181-B5D6-0CE5208D45A0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe FirewallRules: [{F4BAE879-BAF6-4467-A4E3-505A334A4B01}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe FirewallRules: [{43BE7587-F94E-4268-96ED-ECEABF0CCF9A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe FirewallRules: [{6D6B66F2-5254-400E-A504-6621975CC7F0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{CCF19367-157A-4E55-8480-D66E3188BEC2}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe FirewallRules: [{713109CC-1D7B-41D2-9450-E989FD291426}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{58819CE0-09F0-4766-81BA-635C34A46E73}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{B66F0FF3-18CD-406F-8501-EBF1F63539B1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{F7DE10E1-F7BA-4CE7-997F-6D79CA1BBBBF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{25966000-086F-45E9-BD32-2A248C73AC5B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{FB2588F0-C78C-40C5-9C25-60C758DE3E8D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{F44F227E-DFA6-4C78-8192-10A5C4D98774}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{37BA205E-B828-4612-B1BB-62273D75BC25}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{E1A401B3-90DF-40C9-8FE4-D2B7A81DC638}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{048ED1DF-CFCE-49EC-B9E7-4F5C6AC1B705}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{F5DD0E2B-997E-4490-9C30-CE6C2B8A60AF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{B14CD9AA-899E-4642-A92E-989838CC077C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{B1484252-E7F0-4868-BAA8-980F3274D753}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{2D0A3839-7C87-4079-8EBA-8D3D2F31DBE0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{99B971E6-4958-4A76-B5DF-FC777CAD626B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9C17D250-CFA5-4B32-87E2-14400C867F6B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4F9C7D6E-2B77-40F1-BB1C-AB699038CFFC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{73350996-C912-47BE-9A26-20385665C538}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{984F3009-96E3-4B01-8009-9E24E8A21883}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{943CA616-3AA1-4F5A-BF24-16CFDB73B6CB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{2726BFED-6372-4FE7-9E9C-2FF68A5CC7CA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{D35F4DF0-95C6-435C-92D6-D8E2E9BE778C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{4080BA5A-8C34-465D-8E84-523CDC4BAFA1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{F82FF65E-84DE-41D3-864D-69A7DEA58E12}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{80355BF6-A2E0-47EE-A29E-00B43AD25D9E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{D13AB97E-604D-4BD6-B266-52065141256D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{5FCF5706-4292-4260-BD9D-D6611C145734}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{D013D0B7-2FEC-49C7-8AF3-997337939AF9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{3562A196-65C1-4610-A199-3575C725C73E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/14/2015 10:35:01 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (08/14/2015 10:34:53 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (08/14/2015 10:34:47 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (08/14/2015 10:34:47 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (08/14/2015 10:34:14 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (08/14/2015 10:30:23 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (08/14/2015 09:14:46 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (08/14/2015 09:14:43 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (08/14/2015 09:14:36 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (08/14/2015 09:14:02 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. System errors: ============= Error: (08/14/2015 09:18:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (08/14/2015 09:18:43 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\JOHNPC~1\AppData\Local\Temp\ehdrv.sys Error: (08/14/2015 09:18:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (08/14/2015 09:18:42 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\JOHNPC~1\AppData\Local\Temp\ehdrv.sys Error: (08/14/2015 09:18:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (08/14/2015 09:18:42 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\JOHNPC~1\AppData\Local\Temp\ehdrv.sys Error: (08/14/2015 08:49:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (08/14/2015 08:48:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: %%1062 Error: (08/14/2015 08:48:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The McAfee Firewall Core Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (08/14/2015 08:48:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Service Controller service failed to start due to the following error: %%1053 Microsoft Office: ========================= Error: (08/14/2015 10:35:01 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe Error: (08/14/2015 10:34:53 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe Error: (08/14/2015 10:34:47 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe Error: (08/14/2015 10:34:47 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe Error: (08/14/2015 10:34:14 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe Error: (08/14/2015 10:30:23 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe Error: (08/14/2015 09:14:46 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu.exe Error: (08/14/2015 09:14:43 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu.exe Error: (08/14/2015 09:14:36 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu.exe Error: (08/14/2015 09:14:02 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu.exe ==================== Memory info =========================== Processor: AMD A6-5200 APU with Radeon HD Graphics Percentage of memory in use: 18% Total physical RAM: 8125.09 MB Available physical RAM: 6622.7 MB Total Virtual: 9405.09 MB Available Virtual: 7837.61 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:457.11 GB) (Free:406.22 GB) NTFS Drive d: (DATA) (Fixed) (Total:457.11 GB) (Free:456.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6D0E4787) Partition: GPT. ==================== End of log ============================ Thank You - -
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
Hi - I forgot to mention that ESET showed nothing except that error after 1 hour, BUT, now I have problems trying to log in with the "sick" computer. ESET was then reinstalled, and ran OK up to the end. I took a screen snip to show "nothing found" but it is there, not here ! ! ! MBAM site is rejected with an error (500 I think) and just says it is unable to connect ?? After this I will try again, so that may be part of the reason that you do not have the Extra Attach with the log above. It is sitting on the Win 8.1 desktop, but I am not able to transfer it ?? I am currently on my laptop Win 7.1 (in my kitchen) - Wireless works OK and I had accessed my emails first thing today (0n Win 8.1) My ISP reports (via my Toolbox check) that I have only used 2.9Gig of my 100Gig monthly allowance, so that is not the problem. John - EDIT - I now understand a bit better what the problem was (hope it is fixed). -
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-08-2015 Ran by John PC (administrator) on JOHNPC (14-08-2015 23:45:44) Running from C:\Users\John PC\Desktop Loaded Profiles: John PC (Available Profiles: John PC & Administrator) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe ( ITX Associates) C:\Program Files (x86)\AzTools\blueline.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-13] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-07-27] () HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd) HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-07-27] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-08-06] ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.) ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated) ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft) ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.netspace.net.au/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1877073717-3212129561-1314164763-1001 -> {110CA03A-7B67-45B9-B1EF-8E360541506F} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{5F989494-1F51-40E6-94D7-637631816A06}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{9FF12DC6-2F45-4607-9C62-215288EF40E8}: [DhcpNameServer] 10.1.1.1 FireFox: ======== FF ProfilePath: C:\Users\John PC\AppData\Roaming\Mozilla\Firefox\Profiles\umms9fjc.default FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] () FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-08-05] () ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-05] (WildTangent) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation) R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.) R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-04-08] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.) R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2013-05-24] (Windows ® Codename Longhorn DDK provider) S3 cpuz138; \??\C:\Users\JOHNPC~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-14 23:42 - 2015-08-14 23:42 - 02173952 _____ (Farbar) C:\Users\John PC\Desktop\FRST64.exe 2015-08-14 22:33 - 2015-08-14 22:34 - 02870984 _____ (ESET) C:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe 2015-08-14 21:14 - 2015-08-14 21:14 - 00000000 ____D C:\Program Files (x86)\ESET 2015-08-14 21:12 - 2015-08-14 21:14 - 02870984 _____ (ESET) C:\Users\John PC\Desktop\esetsmartinstaller_enu.exe 2015-08-14 20:49 - 2015-08-14 20:49 - 00001580 _____ C:\WINDOWS\PFRO.log 2015-08-14 20:49 - 2015-08-14 20:49 - 00000116 _____ C:\WINDOWS\setupact.log 2015-08-14 20:49 - 2015-08-14 20:49 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-08-14 17:25 - 2015-08-14 17:25 - 02248704 _____ C:\Users\John PC\Desktop\AdwCleaner.exe 2015-08-14 17:18 - 2015-08-14 17:18 - 00000804 _____ C:\Users\John PC\Desktop\JRT.txt 2015-08-14 17:13 - 2015-08-14 17:13 - 01791580 _____ (Malwarebytes Corporation) C:\Users\John PC\Desktop\JRT.exe 2015-08-14 17:03 - 2015-08-14 17:03 - 00000000 ____D C:\WINDOWS\ERDNT 2015-08-14 17:01 - 2015-08-14 17:02 - 00000000 ____D C:\Program Files (x86)\ERUNT 2015-08-14 17:01 - 2015-08-14 17:01 - 00000944 _____ C:\Users\John PC\Desktop\NTREGOPT.lnk 2015-08-14 17:01 - 2015-08-14 17:01 - 00000944 _____ C:\Users\Administrator\Desktop\NTREGOPT.lnk 2015-08-14 17:01 - 2015-08-14 17:01 - 00000925 _____ C:\Users\John PC\Desktop\ERUNT.lnk 2015-08-14 17:01 - 2015-08-14 17:01 - 00000925 _____ C:\Users\Administrator\Desktop\ERUNT.lnk 2015-08-14 17:01 - 2015-08-14 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2015-08-14 16:54 - 2015-08-14 16:54 - 00791393 _____ (Lars Hederer ) C:\Users\John PC\Desktop\erunt-setup.exe 2015-08-14 16:40 - 2015-08-14 16:40 - 00001042 _____ C:\MBAM.txt 2015-08-14 16:13 - 2015-08-14 16:14 - 00001990 _____ C:\Users\John PC\Desktop\Rkill.txt 2015-08-14 16:12 - 2015-08-14 16:12 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\John PC\Desktop\rkill.exe 2015-08-13 16:49 - 2015-08-13 16:49 - 00000000 ____D C:\Users\John PC\AppData\Roaming\AMD 2015-08-13 16:46 - 2015-08-14 21:02 - 00167148 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-12 20:41 - 2015-08-12 21:24 - 00000000 ____D C:\Users\John PC\AppData\Roaming\Skype 2015-08-12 20:41 - 2015-08-12 21:24 - 00000000 ____D C:\ProgramData\Skype 2015-08-12 20:41 - 2015-08-12 20:41 - 00000000 ____D C:\Users\John PC\AppData\Local\Skype 2015-08-12 20:40 - 2015-08-12 20:40 - 00000000 ____D C:\Program Files\AMD 2015-08-12 20:39 - 2015-08-12 20:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-08-12 19:49 - 2015-08-14 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-12 18:47 - 2015-08-12 18:47 - 00002005 _____ C:\Users\Public\Desktop\abPhoto.lnk 2015-08-12 18:32 - 2015-07-31 00:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 18:32 - 2015-07-30 23:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 15:22 - 2015-07-19 11:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-08-12 15:22 - 2015-07-19 04:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-08-12 15:22 - 2015-07-19 04:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-08-12 15:22 - 2015-07-19 04:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-08-12 15:22 - 2015-07-19 04:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-08-12 15:22 - 2015-07-19 04:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-08-12 15:22 - 2015-07-19 04:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-08-12 15:22 - 2015-07-19 04:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-08-12 15:22 - 2015-07-19 04:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-08-12 15:22 - 2015-07-19 04:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-08-12 15:22 - 2015-07-19 04:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-08-12 15:22 - 2015-07-19 04:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-08-12 15:22 - 2015-07-10 04:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2015-08-12 15:22 - 2015-06-27 13:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-08-12 15:22 - 2015-06-27 13:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-08-12 15:22 - 2015-06-27 12:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-08-12 15:21 - 2015-07-16 10:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-08-12 15:21 - 2015-07-16 10:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-08-12 15:21 - 2015-07-16 10:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2015-08-12 15:21 - 2015-07-16 10:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-08-12 15:21 - 2015-07-11 03:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2015-08-12 15:20 - 2015-07-17 07:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-08-12 15:20 - 2015-07-17 06:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-08-12 15:20 - 2015-07-17 06:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-08-12 15:20 - 2015-07-17 06:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-08-12 15:20 - 2015-07-17 06:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-08-12 15:20 - 2015-07-17 06:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-08-12 15:20 - 2015-07-17 06:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-08-12 15:20 - 2015-07-17 06:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-08-12 15:20 - 2015-07-17 05:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-08-12 15:20 - 2015-07-17 05:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-08-12 15:20 - 2015-07-17 05:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-08-12 15:20 - 2015-07-17 05:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-08-12 15:20 - 2015-07-17 05:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-08-12 15:20 - 2015-07-17 05:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-08-12 15:20 - 2015-07-17 05:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-08-12 15:20 - 2015-07-17 05:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-08-12 15:20 - 2015-07-17 05:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-08-12 15:20 - 2015-07-17 05:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-08-12 15:20 - 2015-07-17 05:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-08-12 15:20 - 2015-07-17 05:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-08-12 15:20 - 2015-07-17 05:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-08-12 15:20 - 2015-07-17 05:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-08-12 15:20 - 2015-07-17 05:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-08-12 15:20 - 2015-07-17 05:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-08-12 15:20 - 2015-07-17 05:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-08-12 15:20 - 2015-07-17 05:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-08-12 15:20 - 2015-07-17 04:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-08-12 15:20 - 2015-07-17 04:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-08-12 15:20 - 2015-07-17 04:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-08-12 15:20 - 2015-07-17 04:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-08-12 15:20 - 2015-07-17 04:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-08-12 15:20 - 2015-07-14 13:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2015-08-12 15:20 - 2015-07-14 13:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2015-08-12 15:20 - 2015-07-14 05:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2015-08-12 15:20 - 2015-07-14 05:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2015-08-12 15:20 - 2015-07-11 04:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2015-08-12 15:20 - 2015-07-11 03:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-08-12 15:20 - 2015-07-11 03:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2015-08-12 15:20 - 2015-07-11 03:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2015-08-12 15:20 - 2015-07-11 02:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-08-12 15:20 - 2015-07-11 02:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2015-08-12 15:20 - 2015-07-10 03:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe 2015-08-12 15:20 - 2015-07-10 03:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe 2015-08-12 15:20 - 2015-07-10 02:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe 2015-08-12 15:20 - 2015-07-02 08:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll 2015-08-12 15:20 - 2015-07-02 08:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2015-08-12 15:20 - 2015-07-02 07:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll 2015-08-12 15:20 - 2015-07-02 07:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2015-08-12 15:20 - 2015-05-12 10:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-08-12 15:19 - 2015-07-30 00:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-08-12 15:19 - 2015-07-30 00:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-08-12 15:19 - 2015-07-30 00:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-08-12 15:19 - 2015-07-25 04:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-08-12 15:19 - 2015-07-25 04:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-08-12 15:19 - 2015-07-25 04:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-08-12 15:19 - 2015-07-25 03:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-08-12 15:19 - 2015-07-25 03:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-08-12 15:19 - 2015-07-07 19:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-08-12 15:19 - 2015-07-07 19:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-08-12 15:19 - 2015-07-07 19:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-08-10 10:20 - 2015-08-10 10:20 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2015-08-10 10:20 - 2015-08-10 10:20 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2015-08-10 10:20 - 2015-08-10 10:20 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2015-08-10 10:20 - 2015-08-10 10:20 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2015-08-10 10:20 - 2015-08-10 10:20 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2015-08-10 10:20 - 2015-08-10 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center 2015-08-10 10:20 - 2015-08-10 10:20 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center 2015-08-10 09:58 - 2015-08-10 09:58 - 00000000 ____D C:\$WINDOWS.~BT 2015-08-10 09:56 - 2015-08-10 09:56 - 00000000 ___HD C:\$Windows.~WS 2015-08-10 09:15 - 2015-08-10 09:51 - 4083853312 _____ C:\Users\John PC\Desktop\Win10_English_x64.iso 2015-08-10 08:53 - 2015-08-10 08:53 - 01483336 _____ (Microsoft Corporation) C:\Users\John PC\Desktop\mediacreationtool.exe 2015-08-10 08:48 - 2015-08-10 08:48 - 19648448 _____ (Microsoft Corporation) C:\Users\John PC\Desktop\MediaCreationToolx64.exe 2015-08-10 08:17 - 2015-08-10 08:18 - 00000000 ___SD C:\WINDOWS\system32\GWX 2015-08-10 08:17 - 2015-08-10 08:17 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2015-08-08 11:30 - 2015-08-08 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-08-08 11:30 - 2015-08-08 11:30 - 00000000 ____D C:\Program Files\7-Zip 2015-08-08 11:26 - 2015-08-08 11:26 - 01331823 _____ (Igor Pavlov) C:\Users\John PC\Documents\7z1505-x64.exe 2015-08-06 18:26 - 2015-08-06 18:26 - 18898141 _____ C:\Users\John PC\Downloads\Windows8.1-KB3079777-x64.msu 2015-08-06 11:46 - 2015-08-06 11:47 - 00000000 ____D C:\Users\John PC\AppData\Local\AdFender 2015-08-06 11:46 - 2015-08-06 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender 2015-08-06 11:46 - 2015-08-06 11:46 - 00000000 ____D C:\ProgramData\AdFender 2015-08-06 11:46 - 2015-08-06 11:46 - 00000000 ____D C:\Program Files (x86)\AdFender 2015-08-06 11:45 - 2015-08-06 11:45 - 02735032 _____ (AdFender, Inc.) C:\Users\John PC\Desktop\Setup.exe 2015-08-06 08:42 - 2015-08-06 08:42 - 00001674 _____ C:\Users\Public\Desktop\Recuva.lnk 2015-08-06 08:42 - 2015-08-06 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2015-08-06 08:41 - 2015-08-06 08:42 - 00000000 ____D C:\Program Files\Recuva 2015-08-06 08:40 - 2015-08-06 08:40 - 04426120 _____ (Piriform Ltd) C:\Users\John PC\Documents\rcsetup152.exe 2015-08-06 05:18 - 2015-08-06 05:18 - 08009376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 10192816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 08981304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 08866472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 07483600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 01213224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00472864 _____ C:\WINDOWS\system32\amdmiracast.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00153488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00144608 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00131632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00119160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00112400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00111872 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00089560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00089552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00082720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-08-06 05:17 - 2015-08-06 05:17 - 00082720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 47795720 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 39725064 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 30762496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 27544600 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 25310208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 22327312 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 21635072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-08-06 05:16 - 2015-08-06 05:16 - 15727104 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 14312456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 01196072 _____ C:\WINDOWS\system32\amdocl_as64.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 01070624 _____ C:\WINDOWS\system32\amdocl_ld64.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 01005584 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 00936960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00936960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00876032 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00808984 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 00673808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-08-06 05:16 - 2015-08-06 05:16 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 00243736 _____ C:\WINDOWS\system32\clinfo.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 00215048 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00199696 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00198680 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00170496 _____ C:\WINDOWS\system32\atieah64.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 00165392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00154120 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 00152072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00144904 _____ C:\WINDOWS\system32\amdhdl64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00133640 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00112640 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00111640 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00099328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00089624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00083984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00073752 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00071184 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00068120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00066056 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe 2015-08-06 05:16 - 2015-08-06 05:16 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00059392 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00052248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00048144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00039944 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll 2015-08-06 05:16 - 2015-08-06 05:16 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll 2015-08-05 21:43 - 2015-08-05 21:43 - 00039101 _____ C:\Users\John PC\Desktop\Addition.txt 2015-08-05 21:41 - 2015-08-14 23:46 - 00011460 _____ C:\Users\John PC\Desktop\FRST.txt 2015-08-05 19:35 - 2015-08-05 19:35 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2015-08-05 19:35 - 2015-08-05 19:35 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2015-08-05 19:35 - 2015-08-05 19:35 - 00737410 _____ C:\WINDOWS\system32\atiicdxx.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00322868 _____ C:\WINDOWS\system32\ativvaxy_vi.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00321200 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00255808 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00250884 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00249088 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00234420 _____ C:\WINDOWS\system32\ativvaxy_cik.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00232752 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00169152 _____ C:\WINDOWS\system32\ativce03.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00140240 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin 2015-08-05 19:35 - 2015-08-05 19:35 - 00138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin 2015-08-05 19:35 - 2015-08-05 19:35 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat 2015-08-05 19:35 - 2015-08-05 19:35 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin 2015-08-05 19:35 - 2015-08-05 19:35 - 00043408 _____ C:\WINDOWS\system32\kapp_si.sbin 2015-08-05 19:34 - 2015-08-05 19:34 - 00833798 _____ C:\WINDOWS\system32\amdicdxx.dat 2015-08-05 19:34 - 2015-08-05 19:34 - 00660912 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-08-05 19:34 - 2015-08-05 19:34 - 00660912 _____ C:\WINDOWS\system32\atiapfxx.blb 2015-08-05 19:34 - 2015-08-05 19:34 - 00167456 _____ C:\WINDOWS\system32\amde31a.dat 2015-08-05 09:31 - 2015-08-05 09:31 - 01798176 _____ (Malwarebytes Corporation) C:\Users\John PC\Downloads\JRT.exe 2015-08-03 06:45 - 2015-08-03 06:45 - 00003334 _____ C:\WINDOWS\System32\Tasks\AcerCloud 2015-08-03 06:45 - 2015-08-03 06:45 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk 2015-08-02 13:34 - 2015-08-02 13:34 - 00002001 _____ C:\Users\Public\Desktop\abMedia.lnk 2015-08-02 13:31 - 2015-08-02 13:31 - 00001969 _____ C:\Users\Public\Desktop\abDocs.lnk 2015-08-02 13:28 - 2015-08-02 13:28 - 00000000 ____D C:\Users\John PC\AppData\Local\MediaShow 2015-08-02 12:12 - 2015-08-02 12:12 - 00836960 _____ (CyberLink Corp. ) C:\Users\John PC\Desktop\PowerDVDPatch12.0.3424.exe 2015-08-02 12:11 - 2015-08-02 12:11 - 00000000 ____D C:\Users\John PC\AppData\Roaming\CyberLink 2015-08-02 12:11 - 2015-08-02 12:11 - 00000000 ____D C:\Users\John PC\AppData\Local\CyberLink 2015-07-31 14:22 - 2015-07-31 14:22 - 00000044 _____ C:\WINDOWS\Masque.INI 2015-07-31 14:20 - 2015-07-31 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Masque Casino Game Pak II 2015-07-27 09:01 - 2015-08-01 17:26 - 00037166 _____ C:\Users\John PC\Downloads\MTB.txt 2015-07-27 09:00 - 2015-07-27 09:00 - 00001206 _____ C:\Users\John PC\Desktop\MiniToolBox(2) - Shortcut.lnk 2015-07-27 08:50 - 2015-07-27 08:50 - 00891392 _____ (Farbar) C:\Users\John PC\Downloads\MiniToolBox(2).exe 2015-07-26 21:13 - 2015-07-26 21:13 - 00000000 ____D C:\Users\Public\OEM 2015-07-26 08:39 - 2015-07-26 08:40 - 00017513 _____ C:\Users\John PC\Downloads\MiniToolBox.exe.htm 2015-07-25 09:04 - 2015-07-25 09:04 - 00000000 ____D C:\ProgramData\Office Genuine Advantage 2015-07-22 12:25 - 2015-07-22 12:25 - 00000000 ____D C:\Users\John PC\AppData\Roaming\Hot Lava Games 2015-07-22 12:25 - 2015-07-22 12:25 - 00000000 ____D C:\Users\John PC\AppData\Roaming\Game Forest 2015-07-22 12:24 - 2015-07-22 12:24 - 00001252 _____ C:\Users\Public\Desktop\More Great Games.lnk 2015-07-21 11:25 - 2015-07-21 11:25 - 02248704 _____ C:\Users\John PC\Downloads\adwcleaner_4.208.exe 2015-07-21 08:03 - 2015-08-02 13:30 - 00003352 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent 2015-07-18 16:43 - 2015-07-18 16:44 - 00000000 ___SD C:\WINDOWS\system32\CompatTel 2015-07-16 18:25 - 2015-07-16 18:25 - 00002312 _____ C:\Users\John PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bejeweled Blitz.lnk 2015-07-15 18:27 - 2015-06-28 15:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2015-07-15 18:27 - 2015-06-28 15:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-07-15 18:27 - 2015-06-28 15:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2015-07-15 18:27 - 2015-06-28 15:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2015-07-15 18:27 - 2015-06-28 02:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2015-07-15 18:27 - 2015-06-27 13:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2015-07-15 18:27 - 2015-06-27 13:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2015-07-15 18:27 - 2015-06-27 13:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2015-07-15 18:27 - 2015-06-27 12:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-07-15 18:27 - 2015-06-27 12:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-07-15 18:27 - 2015-06-27 12:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-07-15 18:27 - 2015-06-27 11:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-07-15 18:27 - 2015-06-27 11:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-07-15 18:27 - 2015-06-16 08:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe 2015-07-15 18:27 - 2015-06-16 08:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2015-07-15 18:27 - 2015-06-16 07:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe 2015-07-15 18:27 - 2015-06-16 07:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2015-07-15 18:27 - 2015-06-16 06:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-07-15 18:27 - 2015-06-16 05:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-07-15 18:27 - 2015-05-31 07:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-07-15 18:27 - 2015-05-31 05:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-07-15 18:27 - 2015-05-31 05:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-07-15 18:27 - 2015-03-30 15:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-07-15 18:27 - 2015-01-30 11:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll 2015-07-15 18:27 - 2014-12-09 05:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-07-15 18:27 - 2014-12-09 05:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-07-15 18:27 - 2014-12-09 05:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-07-15 18:27 - 2014-12-09 05:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-07-15 18:27 - 2014-12-09 05:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-07-15 18:27 - 2014-12-09 05:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-07-15 18:27 - 2014-12-09 05:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-07-15 18:27 - 2014-12-09 05:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-07-15 18:27 - 2014-10-29 14:03 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2015-07-15 18:27 - 2014-10-29 14:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-07-15 18:27 - 2014-10-29 14:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-07-15 18:27 - 2014-10-29 13:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-07-15 18:27 - 2014-10-29 13:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-07-15 18:27 - 2014-10-29 13:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-07-15 18:27 - 2014-10-29 13:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-07-15 18:27 - 2014-10-29 13:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-07-15 18:27 - 2014-10-29 13:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-07-15 18:27 - 2014-10-29 13:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-07-15 18:27 - 2014-10-29 13:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-07-15 18:27 - 2014-10-29 13:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-07-15 18:27 - 2014-10-29 12:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-07-15 18:27 - 2014-10-29 12:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-07-15 18:27 - 2014-10-29 12:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-07-15 18:27 - 2014-10-29 12:44 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2015-07-15 18:27 - 2014-10-29 12:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-07-15 18:27 - 2014-10-29 12:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-07-15 18:27 - 2014-10-29 12:22 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll 2015-07-15 18:27 - 2014-10-29 12:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-07-15 18:27 - 2014-10-29 12:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-07-15 18:27 - 2014-10-29 12:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-07-15 18:27 - 2014-10-29 12:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-07-15 18:27 - 2014-10-29 12:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-07-15 18:27 - 2014-10-29 11:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-07-15 18:27 - 2014-10-29 11:42 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll 2015-07-15 18:27 - 2014-10-29 11:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll 2015-07-15 18:26 - 2015-06-16 15:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2015-07-15 18:26 - 2015-06-16 15:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2015-07-15 18:26 - 2015-06-16 08:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-07-15 18:26 - 2015-06-16 08:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2015-07-15 18:26 - 2015-06-16 07:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2015-07-15 18:26 - 2015-06-16 07:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-07-15 18:26 - 2015-06-16 07:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-07-15 18:26 - 2015-06-16 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-07-15 18:26 - 2015-06-16 06:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2015-07-15 18:26 - 2015-06-16 06:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2015-07-15 18:26 - 2015-06-16 06:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-07-15 18:26 - 2015-06-16 06:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-07-15 18:26 - 2015-06-16 06:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-07-15 18:26 - 2015-06-16 06:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-07-15 18:26 - 2015-06-16 06:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-07-15 18:26 - 2015-06-16 06:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-07-15 18:26 - 2015-06-11 13:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2015-07-15 18:26 - 2015-06-11 02:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2015-07-15 18:26 - 2015-05-08 02:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll 2015-07-15 18:25 - 2015-03-11 11:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe 2015-07-15 18:25 - 2015-03-11 11:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe 2015-07-15 17:59 - 2015-07-15 17:59 - 00002838 _____ C:\Users\John PC\Downloads\Shower.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-14 23:45 - 2015-06-17 07:03 - 00000000 ____D C:\FRST 2015-08-14 23:00 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-08-14 22:58 - 2015-06-30 08:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-14 21:55 - 2015-06-29 23:01 - 00000000 ____D C:\Users\John PC\AppData\Local\ClassicShell 2015-08-14 21:22 - 2015-06-29 21:18 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1877073717-3212129561-1314164763-1001 2015-08-14 20:54 - 2013-09-23 15:27 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-14 20:49 - 2015-06-30 08:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-14 20:49 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-14 20:48 - 2015-06-29 14:54 - 00000000 ____D C:\AdwCleaner 2015-08-14 20:48 - 2013-08-22 23:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2015-08-14 19:55 - 2015-06-29 23:34 - 00003926 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A442DD7E-7075-4FC8-91DE-73A97B3EF693} 2015-08-14 16:19 - 2015-07-01 12:22 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-14 12:06 - 2015-06-30 12:32 - 00000000 ____D C:\Users\John PC\AppData\Local\CrashDumps 2015-08-14 08:40 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-08-14 06:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-08-13 17:40 - 2013-12-23 12:58 - 00000000 ____D C:\ProgramData\Temp 2015-08-13 06:58 - 2015-06-30 08:59 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-08-12 21:19 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache 2015-08-12 18:47 - 2013-09-23 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-08-12 18:45 - 2015-06-29 21:15 - 00000000 ____D C:\Users\John PC\AppData\Local\clear.fi 2015-08-12 18:42 - 2013-08-23 00:44 - 00337840 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-12 18:40 - 2013-08-23 01:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-12 18:40 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-08-12 18:40 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-08-12 18:33 - 2013-08-23 01:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-08-12 18:32 - 2015-07-06 13:44 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-08-12 18:29 - 2015-07-06 13:44 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-08-12 18:28 - 2013-08-23 01:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-12 16:19 - 2015-06-27 18:58 - 00000196 _____ C:\Users\John PC\Desktop\Facebook.url 2015-08-10 09:58 - 2013-09-23 16:19 - 00000000 ___DC C:\WINDOWS\Panther 2015-08-08 23:55 - 2015-07-06 15:11 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-08-08 23:55 - 2015-07-06 15:11 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-06 05:17 - 2013-09-23 16:15 - 12063592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-08-06 05:17 - 2013-09-23 16:15 - 01468832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-08-06 05:17 - 2013-09-23 16:15 - 00163792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-08-06 05:16 - 2013-09-23 16:15 - 01256472 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-08-06 05:16 - 2013-09-23 16:15 - 00681488 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-08-06 05:16 - 2013-09-23 16:15 - 00255504 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-08-05 18:18 - 2013-09-23 15:26 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-08-03 08:46 - 2015-07-04 15:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games 2015-08-02 13:45 - 2013-12-23 12:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-02 13:31 - 2013-09-23 15:34 - 00000000 ____D C:\Program Files (x86)\Acer 2015-08-02 13:30 - 2013-09-23 16:14 - 00000000 ___HD C:\OEM 2015-08-02 13:26 - 2013-12-23 12:59 - 00000000 ____D C:\Users\Public\CyberLink 2015-08-02 12:12 - 2013-12-23 12:59 - 00000000 ____D C:\ProgramData\CyberLink 2015-07-31 17:48 - 2013-09-23 15:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-07-31 14:18 - 2015-06-29 21:13 - 00000000 ____D C:\Users\John PC\AppData\Local\VirtualStore 2015-07-30 05:50 - 2015-06-30 23:07 - 00000838 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-07-30 05:50 - 2015-06-30 23:07 - 00000000 ____D C:\Program Files\CCleaner 2015-07-27 21:18 - 2015-06-30 15:07 - 00000000 ____D C:\Windows.old 2015-07-27 21:00 - 2015-06-30 08:59 - 00000000 ____D C:\Users\John PC\AppData\Local\Adobe 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___SD C:\WINDOWS\system32\dsc 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ToastData 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\WinStore 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Com 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sppui 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\setup 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\migwiz 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\Com 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\IME 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\FileManager 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\Camera 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Windows Portable Devices 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\servicing 2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod 2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\WindowsPowerShell 2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2015-07-18 14:24 - 2013-08-23 01:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2015-07-18 14:24 - 2013-08-23 01:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2015-07-17 17:39 - 2015-06-30 12:44 - 00000000 ____D C:\Program Files (x86)\AzTools 2015-07-17 09:55 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS 2015-07-17 09:55 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS ==================== Files in the root of some directories ======= 2013-12-23 12:44 - 2013-12-23 12:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\John PC\AppData\Local\Temp\Quarantine.exe C:\Users\John PC\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-10 08:24 ==================== End of log ============================ Addition Txt was included with original post, will It produce a second log ?? -
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
Hi - I am almost downloaded with ESET, but it stuck here and is still stuck after 15 minutes. Should I delete my current attempt and retry ?? I have checked LAN settings, and they are correct ....... Thank You - EDIT - I will try another install of ESET and if this will not work then I will try a SOPHOS scan ..
-
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
AdwCleaning report, # AdwCleaner v4.208 - Logfile created 14/08/2015 at 20:48:26 # Updated 09/07/2015 by Xplode # Database : 2015-08-12.1 [server] # Operating system : Windows 8.1 (x64) # Username : John PC - JOHNPC # Running from : C:\Users\John PC\Desktop\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\John PC\AppData\Local\pokki ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Key Deleted : HKCU\Software\Pokki Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6} Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v40.0 (x86 en-US) ************************* AdwCleaner[R0].txt - [3196 bytes] - [29/06/2015 14:54:51] AdwCleaner[R1].txt - [1832 bytes] - [14/08/2015 17:27:21] AdwCleaner[s0].txt - [1617 bytes] - [14/08/2015 20:48:26] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1676 bytes] ########## Running ESET Online now as it can take up to 2 hours Then a FRST scan and AdditionTxt will be included - -
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.6 (08.10.2015:1) OS: Windows 8.1 x64 Ran by John PC on Fri 14/08/2015 at 17:14:17.78 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Failed to delete: [Folder] C:\Users\John PC\Appdata\Local\pokki ~~~ FireFox Emptied folder: C:\Users\John PC\AppData\Roaming\mozilla\firefox\profiles\umms9fjc.default\minidumps [1 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 14/08/2015 at 17:18:44.23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Questions on Scan Log , Have not run Cleaning section yet -- Pokki is some App that always gives an error on Start Up, Other items are unknown ?? # AdwCleaner v4.208 - Logfile created 14/08/2015 at 17:27:21 # Updated 09/07/2015 by Xplode # Database : 2015-08-12.1 [server] # Operating system : Windows 8.1 (x64) # Username : John PC - JOHNPC # Running from : C:\Users\John PC\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\Users\John PC\AppData\Local\pokki ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf Key Found : HKCU\Software\Pokki Key Found : [x64] HKCU\Software\Pokki Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v40.0 (x86 en-US) ************************* AdwCleaner[R0].txt - [3196 bytes] - [29/06/2015 14:54:51] AdwCleaner[R1].txt - [1678 bytes] - [14/08/2015 17:27:21] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1737 bytes] ########## Is Step 6 the same as I did in Step 2, or did I not upgrade to that version ?? I am committed for the next 2 or so hours, and I will continue after that John -
-
Attempted to remove infection and used Restore
noknojon replied to noknojon's topic in Resolved Malware Removal Logs
No known Peer 2 Peer programs exist - If noticed They can be terminated.. Enabled my system to show hidden files: Deleted existing (desktop) version of Rkill and installed this version: Rkill 2.7.0 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2015 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/14/2015 04:13:12 PM in x64 mode. Windows Version: Windows 8.1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 08/14/2015 04:14:39 PM Execution time: 0 hours(s), 1 minute(s), and 27 seconds(s) Current Updated version of MBAM log : Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 14/08/2015 Scan Time: 4:20 PM Logfile: MBAM.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.13.06 Rootkit Database: v2015.08.06.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: John PC Scan Type: Threat Scan Result: Completed Objects Scanned: 382374 Time Elapsed: 18 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Running ERUNT now .......... -
License Validation Isssue
noknojon replied to PCFREAK's topic in Malwarebytes for Windows Support Forum
Hi - I could put it this way for you ... When you purchase a Boxed version, it will never be up to date, but it will be a legal Pro Version. Just enter your new Key and the I.D listed on the CD box. You will always need to Update this to the current edition.. The best way is a Manual Update and then the installed Pro Version. Can you tell us in simple words, " who you paid the money to " when you purchased the new box. Thank You - Also the help desk will Email you if you have left your Correct Email when you contact them.. -
Sony tells VAIO owners not to upgrade to Windows 10
noknojon replied to pondus's topic in General Chat
{ From a personal basis only }, so far I have had a few dramas with Toshiba laptops and desktops that have not acted nicely to Win X One is still stuck between Windows 8.1 and Win X, I even created a fresh ISO to install, from a similar Windows 8.1, but it is locked Limbo Land. All updates were done , and the Windows Icon was in the tray waiting to be used .......... When I use the Genuine M/$oft Windows 8 DVD, it would not go back, and with the carefully followed new ISO it would not go forwards ?? Just a few of the problems so far. It is in a workshop and they are scratching their heads on how to get any properties / files back from it - A long job for us on the weekend..... DO Not believe all that M/$oft and their agents saying about it. There are many failures that I have been called to, but "most" I can fix .. They have lost me for a while .... { Only personal observations, but anybody can try if they think they can fix them. } ............ -
phishing scam locks up browser
noknojon replied to ArtemisTwo's topic in Malwarebytes for Windows Support Forum
Chances are that often your Antivirus can help stop (or pick up) these things. I have installed >> AdFender Free Current version: 1.83 and find it works lighter for me than No-Script programs and works on all systems that I have found. This combined with your Antivirus program (do you run Active Antivirus, Free or Paid) works well I find. Regards - -
Take your mind off Win10; See a hacked rifle track you by phone
noknojon replied to ShyWriter's topic in General Chat
Gee Firefox, I am glad we have decent gun laws in Australia these days. You would need to be in the Armed Forces to get these. Unless you belong to a registered "Gun Club" or a registered rural (farmer) person then you would never see one of these. Then only with special permits ! ! That is the cost of a small car over here, and I could never see any reason to buy these guns. (Just my personal opinion as usual)
