Attempted to remove infection and used Restore

[noknojon]

Hello -

Needed to attach both files as I was told they were too long

 

I needed to attempt a System Restore due to problems I was having a couple of weeks ago.

There seems to be something wrong ever since I did that, and there seems to be some kind of infection (the reason for the restore) still active.

 

I ran the usual MBAM , JRT , ESET Online , and a few other tools that only pulled a few items that did not look like infections, just corrupted files.

 

Please tell me what else you wish for, or anything else you want information on  -

 

FRST.txt

Addition.txt

 

Thanks John -

 

Sorry - Added MBAM updated log (as I forgot it)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/08/2015
Scan Time: 7:58 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.05.07
Rootkit Database: v2015.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: John PC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381742
Time Elapsed: 19 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

[AdvancedSetup]

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 

If you're using

Peer 2 Peer

software such as

uTorrent, BitTorrent

or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have

illegal/cracked software, cracks, keygens etc

. on the system, please remove or uninstall them now and read the policy on

Piracy

.

 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

• Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
• If the log is too large then you can use attachments by clicking on the More Reply Options button.
• Please enable your system to show hidden files: How to see hidden files in Windows
• Make sure you're subscribed to this topic:
  
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
    

  [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)
  

 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 

Link 1

Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.
  

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
  

STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
 

[noknojon]

No known Peer 2 Peer programs exist -
If noticed They can be terminated..

 

 

Enabled my system to show hidden files:

 

 

Deleted existing (desktop) version of Rkill and installed this version:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/14/2015 04:13:12 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 08/14/2015 04:14:39 PM
Execution time: 0 hours(s), 1 minute(s), and 27 seconds(s)

 

 

 

Current Updated version of MBAM log :

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/08/2015
Scan Time: 4:20 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.13.06
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: John PC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382374
Time Elapsed: 18 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Running ERUNT now ..........

[AdvancedSetup]

Okay, after the backup with ERUNT please run through the following.

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  
  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  

[noknojon]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 8.1 x64
Ran by John PC on Fri 14/08/2015 at 17:14:17.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Failed to delete: [Folder] C:\Users\John PC\Appdata\Local\pokki

 

~~~ FireFox

Emptied folder: C:\Users\John PC\AppData\Roaming\mozilla\firefox\profiles\umms9fjc.default\minidumps [1 files]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 14/08/2015 at 17:18:44.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Questions on Scan Log , Have not run Cleaning section yet --

 

Pokki is some App that always gives an error on Start Up, Other items are unknown ??

 

 

# AdwCleaner v4.208 - Logfile created 14/08/2015 at 17:27:21
# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [server]
# Operating system : Windows 8.1  (x64)
# Username : John PC - JOHNPC
# Running from : C:\Users\John PC\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\John PC\AppData\Local\pokki

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
Key Found : HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Pokki
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v40.0 (x86 en-US)

*************************

AdwCleaner[R0].txt - [3196 bytes] - [29/06/2015 14:54:51]
AdwCleaner[R1].txt - [1678 bytes] - [14/08/2015 17:27:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1737 bytes] ##########

 

 

Is Step 6 the same as I did in Step 2, or did I not upgrade to that version ??

 

I am committed for the next 2 or so hours, and I will continue after that

 

John -

[AdvancedSetup]

Step 6 should not be needed since it was already clean. The file pokkie appears to be from here:  http://www.pokki.com/

Probably not something bad, but if you didn't ask for it or install it then I'd remove it.

 

Please have AdwCleaner do the clean up.

[noknojon]

AdwCleaning report,

 

# AdwCleaner v4.208 - Logfile created 14/08/2015 at 20:48:26
# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [server]
# Operating system : Windows 8.1  (x64)
# Username : John PC - JOHNPC
# Running from : C:\Users\John PC\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\John PC\AppData\Local\pokki

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v40.0 (x86 en-US)

*************************

AdwCleaner[R0].txt - [3196 bytes] - [29/06/2015 14:54:51]
AdwCleaner[R1].txt - [1832 bytes] - [14/08/2015 17:27:21]
AdwCleaner[s0].txt - [1617 bytes] - [14/08/2015 20:48:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1676  bytes] ##########

 

 

 

Running ESET Online now as it can take up to 2 hours

 

 

Then a FRST scan and AdditionTxt will be included -

[noknojon]

Hi -

I am almost downloaded with ESET, but it stuck here and is still stuck after 15 minutes.

 

 

Should I delete my current attempt and retry ?? I have checked LAN settings, and they are correct .......

 

Thank You -

EDIT - I will try another install of ESET and if this will not work then I will try a SOPHOS scan ..

[noknojon]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-08-2015
Ran by John PC (administrator) on JOHNPC (14-08-2015 23:45:44)
Running from C:\Users\John PC\Desktop
Loaded Profiles: John PC (Available Profiles: John PC & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
( ITX Associates) C:\Program Files (x86)\AzTools\blueline.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-07-27] ()
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-07-27] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-08-06]
ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.netspace.net.au/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1877073717-3212129561-1314164763-1001 -> {110CA03A-7B67-45B9-B1EF-8E360541506F} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{5F989494-1F51-40E6-94D7-637631816A06}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{9FF12DC6-2F45-4607-9C62-215288EF40E8}: [DhcpNameServer] 10.1.1.1

FireFox:
========
FF ProfilePath: C:\Users\John PC\AppData\Roaming\Mozilla\Firefox\Profiles\umms9fjc.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-08-05] ()

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-05] (WildTangent)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-04-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-05-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-08] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-04-08] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [402888 2015-04-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [338272 2015-04-08] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-04-08] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-04-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864200 2015-04-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335944 2015-04-08] (McAfee, Inc.)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2013-05-24] (Windows ® Codename Longhorn DDK provider)
S3 cpuz138; \??\C:\Users\JOHNPC~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 23:42 - 2015-08-14 23:42 - 02173952 _____ (Farbar) C:\Users\John PC\Desktop\FRST64.exe
2015-08-14 22:33 - 2015-08-14 22:34 - 02870984 _____ (ESET) C:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe
2015-08-14 21:14 - 2015-08-14 21:14 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-14 21:12 - 2015-08-14 21:14 - 02870984 _____ (ESET) C:\Users\John PC\Desktop\esetsmartinstaller_enu.exe
2015-08-14 20:49 - 2015-08-14 20:49 - 00001580 _____ C:\WINDOWS\PFRO.log
2015-08-14 20:49 - 2015-08-14 20:49 - 00000116 _____ C:\WINDOWS\setupact.log
2015-08-14 20:49 - 2015-08-14 20:49 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-14 17:25 - 2015-08-14 17:25 - 02248704 _____ C:\Users\John PC\Desktop\AdwCleaner.exe
2015-08-14 17:18 - 2015-08-14 17:18 - 00000804 _____ C:\Users\John PC\Desktop\JRT.txt
2015-08-14 17:13 - 2015-08-14 17:13 - 01791580 _____ (Malwarebytes Corporation) C:\Users\John PC\Desktop\JRT.exe
2015-08-14 17:03 - 2015-08-14 17:03 - 00000000 ____D C:\WINDOWS\ERDNT
2015-08-14 17:01 - 2015-08-14 17:02 - 00000000 ____D C:\Program Files (x86)\ERUNT
2015-08-14 17:01 - 2015-08-14 17:01 - 00000944 _____ C:\Users\John PC\Desktop\NTREGOPT.lnk
2015-08-14 17:01 - 2015-08-14 17:01 - 00000944 _____ C:\Users\Administrator\Desktop\NTREGOPT.lnk
2015-08-14 17:01 - 2015-08-14 17:01 - 00000925 _____ C:\Users\John PC\Desktop\ERUNT.lnk
2015-08-14 17:01 - 2015-08-14 17:01 - 00000925 _____ C:\Users\Administrator\Desktop\ERUNT.lnk
2015-08-14 17:01 - 2015-08-14 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-08-14 16:54 - 2015-08-14 16:54 - 00791393 _____ (Lars Hederer ) C:\Users\John PC\Desktop\erunt-setup.exe
2015-08-14 16:40 - 2015-08-14 16:40 - 00001042 _____ C:\MBAM.txt
2015-08-14 16:13 - 2015-08-14 16:14 - 00001990 _____ C:\Users\John PC\Desktop\Rkill.txt
2015-08-14 16:12 - 2015-08-14 16:12 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\John PC\Desktop\rkill.exe
2015-08-13 16:49 - 2015-08-13 16:49 - 00000000 ____D C:\Users\John PC\AppData\Roaming\AMD
2015-08-13 16:46 - 2015-08-14 21:02 - 00167148 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-12 20:41 - 2015-08-12 21:24 - 00000000 ____D C:\Users\John PC\AppData\Roaming\Skype
2015-08-12 20:41 - 2015-08-12 21:24 - 00000000 ____D C:\ProgramData\Skype
2015-08-12 20:41 - 2015-08-12 20:41 - 00000000 ____D C:\Users\John PC\AppData\Local\Skype
2015-08-12 20:40 - 2015-08-12 20:40 - 00000000 ____D C:\Program Files\AMD
2015-08-12 20:39 - 2015-08-12 20:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-08-12 19:49 - 2015-08-14 20:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-12 18:47 - 2015-08-12 18:47 - 00002005 _____ C:\Users\Public\Desktop\abPhoto.lnk
2015-08-12 18:32 - 2015-07-31 00:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 18:32 - 2015-07-30 23:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 15:22 - 2015-07-19 11:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 15:22 - 2015-07-19 04:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 15:22 - 2015-07-19 04:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 15:22 - 2015-07-19 04:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 15:22 - 2015-07-19 04:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 15:22 - 2015-07-19 04:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 15:22 - 2015-07-19 04:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 15:22 - 2015-07-19 04:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 15:22 - 2015-07-19 04:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 15:22 - 2015-07-19 04:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 15:22 - 2015-07-19 04:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 15:22 - 2015-07-19 04:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 15:22 - 2015-07-10 04:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-08-12 15:22 - 2015-06-27 13:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-08-12 15:22 - 2015-06-27 13:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-08-12 15:22 - 2015-06-27 12:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-08-12 15:21 - 2015-07-16 10:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 15:21 - 2015-07-16 10:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 15:21 - 2015-07-16 10:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 15:21 - 2015-07-16 10:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 15:21 - 2015-07-11 03:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 15:20 - 2015-07-17 07:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 15:20 - 2015-07-17 06:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 15:20 - 2015-07-17 06:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 15:20 - 2015-07-17 06:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 15:20 - 2015-07-17 06:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 15:20 - 2015-07-17 06:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 15:20 - 2015-07-17 06:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 15:20 - 2015-07-17 06:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 15:20 - 2015-07-17 05:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 15:20 - 2015-07-17 05:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 15:20 - 2015-07-17 05:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 15:20 - 2015-07-17 05:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 15:20 - 2015-07-17 05:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 15:20 - 2015-07-17 05:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 15:20 - 2015-07-17 05:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 15:20 - 2015-07-17 05:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 15:20 - 2015-07-17 05:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 15:20 - 2015-07-17 05:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 15:20 - 2015-07-17 05:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 15:20 - 2015-07-17 05:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 15:20 - 2015-07-17 05:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 15:20 - 2015-07-17 05:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 15:20 - 2015-07-17 05:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 15:20 - 2015-07-17 05:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 15:20 - 2015-07-17 05:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 15:20 - 2015-07-17 05:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 15:20 - 2015-07-17 04:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 15:20 - 2015-07-17 04:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 15:20 - 2015-07-17 04:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 15:20 - 2015-07-17 04:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 15:20 - 2015-07-17 04:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 15:20 - 2015-07-14 13:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 15:20 - 2015-07-14 13:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 15:20 - 2015-07-14 05:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 15:20 - 2015-07-14 05:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 15:20 - 2015-07-11 04:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 15:20 - 2015-07-11 03:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 15:20 - 2015-07-11 03:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 15:20 - 2015-07-11 03:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 15:20 - 2015-07-11 02:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 15:20 - 2015-07-11 02:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 15:20 - 2015-07-10 03:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 15:20 - 2015-07-10 03:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 15:20 - 2015-07-10 02:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 15:20 - 2015-07-02 08:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 15:20 - 2015-07-02 08:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 15:20 - 2015-07-02 07:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 15:20 - 2015-07-02 07:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 15:20 - 2015-05-12 10:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-12 15:19 - 2015-07-30 00:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 15:19 - 2015-07-30 00:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 15:19 - 2015-07-30 00:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 15:19 - 2015-07-25 04:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 15:19 - 2015-07-25 04:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 15:19 - 2015-07-25 04:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 15:19 - 2015-07-25 03:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 15:19 - 2015-07-25 03:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 15:19 - 2015-07-07 19:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 15:19 - 2015-07-07 19:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 15:19 - 2015-07-07 19:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-10 10:20 - 2015-08-10 10:20 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-08-10 10:20 - 2015-08-10 10:20 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-08-10 10:20 - 2015-08-10 10:20 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-08-10 10:20 - 2015-08-10 10:20 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-08-10 10:20 - 2015-08-10 10:20 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-08-10 10:20 - 2015-08-10 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-08-10 10:20 - 2015-08-10 10:20 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2015-08-10 09:58 - 2015-08-10 09:58 - 00000000 ____D C:\$WINDOWS.~BT
2015-08-10 09:56 - 2015-08-10 09:56 - 00000000 ___HD C:\$Windows.~WS
2015-08-10 09:15 - 2015-08-10 09:51 - 4083853312 _____ C:\Users\John PC\Desktop\Win10_English_x64.iso
2015-08-10 08:53 - 2015-08-10 08:53 - 01483336 _____ (Microsoft Corporation) C:\Users\John PC\Desktop\mediacreationtool.exe
2015-08-10 08:48 - 2015-08-10 08:48 - 19648448 _____ (Microsoft Corporation) C:\Users\John PC\Desktop\MediaCreationToolx64.exe
2015-08-10 08:17 - 2015-08-10 08:18 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-08-10 08:17 - 2015-08-10 08:17 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-08-08 11:30 - 2015-08-08 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-08-08 11:30 - 2015-08-08 11:30 - 00000000 ____D C:\Program Files\7-Zip
2015-08-08 11:26 - 2015-08-08 11:26 - 01331823 _____ (Igor Pavlov) C:\Users\John PC\Documents\7z1505-x64.exe
2015-08-06 18:26 - 2015-08-06 18:26 - 18898141 _____ C:\Users\John PC\Downloads\Windows8.1-KB3079777-x64.msu
2015-08-06 11:46 - 2015-08-06 11:47 - 00000000 ____D C:\Users\John PC\AppData\Local\AdFender
2015-08-06 11:46 - 2015-08-06 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
2015-08-06 11:46 - 2015-08-06 11:46 - 00000000 ____D C:\ProgramData\AdFender
2015-08-06 11:46 - 2015-08-06 11:46 - 00000000 ____D C:\Program Files (x86)\AdFender
2015-08-06 11:45 - 2015-08-06 11:45 - 02735032 _____ (AdFender, Inc.) C:\Users\John PC\Desktop\Setup.exe
2015-08-06 08:42 - 2015-08-06 08:42 - 00001674 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-08-06 08:42 - 2015-08-06 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-08-06 08:41 - 2015-08-06 08:42 - 00000000 ____D C:\Program Files\Recuva
2015-08-06 08:40 - 2015-08-06 08:40 - 04426120 _____ (Piriform Ltd) C:\Users\John PC\Documents\rcsetup152.exe
2015-08-06 05:18 - 2015-08-06 05:18 - 08009376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 10192816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 08981304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 08866472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 07483600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 01213224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00472864 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00153488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00144608 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00131632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00119160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00112400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00111872 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00089560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00089552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00082720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-08-06 05:17 - 2015-08-06 05:17 - 00082720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 47795720 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 39725064 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 30762496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 27544600 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 25310208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 22327312 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 21635072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-08-06 05:16 - 2015-08-06 05:16 - 15727104 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 14312456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 01196072 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 01070624 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 01005584 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00936960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00936960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00876032 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00808984 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00673808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-08-06 05:16 - 2015-08-06 05:16 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00243736 _____ C:\WINDOWS\system32\clinfo.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00215048 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00199696 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00198680 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00170496 _____ C:\WINDOWS\system32\atieah64.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00165392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00154120 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00152072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00144904 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00133640 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00112640 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00111640 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00099328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00089624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00083984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00073752 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00071184 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00068120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00066056 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-08-06 05:16 - 2015-08-06 05:16 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00059392 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00052248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00048144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00039944 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-08-06 05:16 - 2015-08-06 05:16 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-08-05 21:43 - 2015-08-05 21:43 - 00039101 _____ C:\Users\John PC\Desktop\Addition.txt
2015-08-05 21:41 - 2015-08-14 23:46 - 00011460 _____ C:\Users\John PC\Desktop\FRST.txt
2015-08-05 19:35 - 2015-08-05 19:35 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-08-05 19:35 - 2015-08-05 19:35 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-08-05 19:35 - 2015-08-05 19:35 - 00737410 _____ C:\WINDOWS\system32\atiicdxx.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00322868 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00321200 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00255808 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00250884 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00249088 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00234420 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00232752 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00169152 _____ C:\WINDOWS\system32\ativce03.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00140240 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2015-08-05 19:35 - 2015-08-05 19:35 - 00138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2015-08-05 19:35 - 2015-08-05 19:35 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2015-08-05 19:35 - 2015-08-05 19:35 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin
2015-08-05 19:35 - 2015-08-05 19:35 - 00043408 _____ C:\WINDOWS\system32\kapp_si.sbin
2015-08-05 19:34 - 2015-08-05 19:34 - 00833798 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-08-05 19:34 - 2015-08-05 19:34 - 00660912 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-08-05 19:34 - 2015-08-05 19:34 - 00660912 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-08-05 19:34 - 2015-08-05 19:34 - 00167456 _____ C:\WINDOWS\system32\amde31a.dat
2015-08-05 09:31 - 2015-08-05 09:31 - 01798176 _____ (Malwarebytes Corporation) C:\Users\John PC\Downloads\JRT.exe
2015-08-03 06:45 - 2015-08-03 06:45 - 00003334 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2015-08-03 06:45 - 2015-08-03 06:45 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-08-02 13:34 - 2015-08-02 13:34 - 00002001 _____ C:\Users\Public\Desktop\abMedia.lnk
2015-08-02 13:31 - 2015-08-02 13:31 - 00001969 _____ C:\Users\Public\Desktop\abDocs.lnk
2015-08-02 13:28 - 2015-08-02 13:28 - 00000000 ____D C:\Users\John PC\AppData\Local\MediaShow
2015-08-02 12:12 - 2015-08-02 12:12 - 00836960 _____ (CyberLink Corp. ) C:\Users\John PC\Desktop\PowerDVDPatch12.0.3424.exe
2015-08-02 12:11 - 2015-08-02 12:11 - 00000000 ____D C:\Users\John PC\AppData\Roaming\CyberLink
2015-08-02 12:11 - 2015-08-02 12:11 - 00000000 ____D C:\Users\John PC\AppData\Local\CyberLink
2015-07-31 14:22 - 2015-07-31 14:22 - 00000044 _____ C:\WINDOWS\Masque.INI
2015-07-31 14:20 - 2015-07-31 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Masque Casino Game Pak II
2015-07-27 09:01 - 2015-08-01 17:26 - 00037166 _____ C:\Users\John PC\Downloads\MTB.txt
2015-07-27 09:00 - 2015-07-27 09:00 - 00001206 _____ C:\Users\John PC\Desktop\MiniToolBox(2) - Shortcut.lnk
2015-07-27 08:50 - 2015-07-27 08:50 - 00891392 _____ (Farbar) C:\Users\John PC\Downloads\MiniToolBox(2).exe
2015-07-26 21:13 - 2015-07-26 21:13 - 00000000 ____D C:\Users\Public\OEM
2015-07-26 08:39 - 2015-07-26 08:40 - 00017513 _____ C:\Users\John PC\Downloads\MiniToolBox.exe.htm
2015-07-25 09:04 - 2015-07-25 09:04 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2015-07-22 12:25 - 2015-07-22 12:25 - 00000000 ____D C:\Users\John PC\AppData\Roaming\Hot Lava Games
2015-07-22 12:25 - 2015-07-22 12:25 - 00000000 ____D C:\Users\John PC\AppData\Roaming\Game Forest
2015-07-22 12:24 - 2015-07-22 12:24 - 00001252 _____ C:\Users\Public\Desktop\More Great Games.lnk
2015-07-21 11:25 - 2015-07-21 11:25 - 02248704 _____ C:\Users\John PC\Downloads\adwcleaner_4.208.exe
2015-07-21 08:03 - 2015-08-02 13:30 - 00003352 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2015-07-18 16:43 - 2015-07-18 16:44 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-16 18:25 - 2015-07-16 18:25 - 00002312 _____ C:\Users\John PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bejeweled Blitz.lnk
2015-07-15 18:27 - 2015-06-28 15:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 18:27 - 2015-06-28 15:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 18:27 - 2015-06-28 15:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 18:27 - 2015-06-28 15:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 18:27 - 2015-06-28 02:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 18:27 - 2015-06-27 13:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 18:27 - 2015-06-27 13:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 18:27 - 2015-06-27 13:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 18:27 - 2015-06-27 12:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 18:27 - 2015-06-27 12:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 18:27 - 2015-06-27 12:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 18:27 - 2015-06-27 11:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 18:27 - 2015-06-27 11:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 18:27 - 2015-06-16 08:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 18:27 - 2015-06-16 08:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 18:27 - 2015-06-16 07:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 18:27 - 2015-06-16 07:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 18:27 - 2015-06-16 06:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 18:27 - 2015-06-16 05:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 18:27 - 2015-05-31 07:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 18:27 - 2015-05-31 05:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 18:27 - 2015-05-31 05:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 18:27 - 2015-03-30 15:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-07-15 18:27 - 2015-01-30 11:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-07-15 18:27 - 2014-12-09 05:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-07-15 18:27 - 2014-12-09 05:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-07-15 18:27 - 2014-12-09 05:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-07-15 18:27 - 2014-12-09 05:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-07-15 18:27 - 2014-12-09 05:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-07-15 18:27 - 2014-12-09 05:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-07-15 18:27 - 2014-12-09 05:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-07-15 18:27 - 2014-12-09 05:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-07-15 18:27 - 2014-10-29 14:03 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-07-15 18:27 - 2014-10-29 14:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-07-15 18:27 - 2014-10-29 14:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-07-15 18:27 - 2014-10-29 13:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-07-15 18:27 - 2014-10-29 13:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-07-15 18:27 - 2014-10-29 13:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-07-15 18:27 - 2014-10-29 13:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-07-15 18:27 - 2014-10-29 13:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-07-15 18:27 - 2014-10-29 13:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-07-15 18:27 - 2014-10-29 13:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-07-15 18:27 - 2014-10-29 13:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-07-15 18:27 - 2014-10-29 13:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-07-15 18:27 - 2014-10-29 12:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-07-15 18:27 - 2014-10-29 12:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-07-15 18:27 - 2014-10-29 12:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-07-15 18:27 - 2014-10-29 12:44 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-07-15 18:27 - 2014-10-29 12:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-07-15 18:27 - 2014-10-29 12:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-07-15 18:27 - 2014-10-29 12:22 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-07-15 18:27 - 2014-10-29 12:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-07-15 18:27 - 2014-10-29 12:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-07-15 18:27 - 2014-10-29 12:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-07-15 18:27 - 2014-10-29 12:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-07-15 18:27 - 2014-10-29 12:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-07-15 18:27 - 2014-10-29 11:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-07-15 18:27 - 2014-10-29 11:42 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-07-15 18:27 - 2014-10-29 11:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-07-15 18:26 - 2015-06-16 15:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 18:26 - 2015-06-16 15:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 18:26 - 2015-06-16 08:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 18:26 - 2015-06-16 08:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 18:26 - 2015-06-16 07:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 18:26 - 2015-06-16 07:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 18:26 - 2015-06-16 07:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 18:26 - 2015-06-16 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 18:26 - 2015-06-16 06:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 18:26 - 2015-06-16 06:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 18:26 - 2015-06-16 06:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 18:26 - 2015-06-16 06:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 18:26 - 2015-06-16 06:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 18:26 - 2015-06-16 06:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 18:26 - 2015-06-16 06:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 18:26 - 2015-06-16 06:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 18:26 - 2015-06-11 13:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 18:26 - 2015-06-11 02:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 18:26 - 2015-05-08 02:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 18:25 - 2015-03-11 11:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-15 18:25 - 2015-03-11 11:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-07-15 17:59 - 2015-07-15 17:59 - 00002838 _____ C:\Users\John PC\Downloads\Shower.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 23:45 - 2015-06-17 07:03 - 00000000 ____D C:\FRST
2015-08-14 23:00 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-14 22:58 - 2015-06-30 08:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-14 21:55 - 2015-06-29 23:01 - 00000000 ____D C:\Users\John PC\AppData\Local\ClassicShell
2015-08-14 21:22 - 2015-06-29 21:18 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1877073717-3212129561-1314164763-1001
2015-08-14 20:54 - 2013-09-23 15:27 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-14 20:49 - 2015-06-30 08:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-14 20:49 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-14 20:48 - 2015-06-29 14:54 - 00000000 ____D C:\AdwCleaner
2015-08-14 20:48 - 2013-08-22 23:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-08-14 19:55 - 2015-06-29 23:34 - 00003926 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A442DD7E-7075-4FC8-91DE-73A97B3EF693}
2015-08-14 16:19 - 2015-07-01 12:22 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 12:06 - 2015-06-30 12:32 - 00000000 ____D C:\Users\John PC\AppData\Local\CrashDumps
2015-08-14 08:40 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-14 06:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-13 17:40 - 2013-12-23 12:58 - 00000000 ____D C:\ProgramData\Temp
2015-08-13 06:58 - 2015-06-30 08:59 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-12 21:19 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-12 18:47 - 2013-09-23 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-12 18:45 - 2015-06-29 21:15 - 00000000 ____D C:\Users\John PC\AppData\Local\clear.fi
2015-08-12 18:42 - 2013-08-23 00:44 - 00337840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-12 18:40 - 2013-08-23 01:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 18:40 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-12 18:40 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-12 18:33 - 2013-08-23 01:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-12 18:32 - 2015-07-06 13:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 18:29 - 2015-07-06 13:44 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 18:28 - 2013-08-23 01:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 16:19 - 2015-06-27 18:58 - 00000196 _____ C:\Users\John PC\Desktop\Facebook.url
2015-08-10 09:58 - 2013-09-23 16:19 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-08 23:55 - 2015-07-06 15:11 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 23:55 - 2015-07-06 15:11 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 05:17 - 2013-09-23 16:15 - 12063592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-08-06 05:17 - 2013-09-23 16:15 - 01468832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-08-06 05:17 - 2013-09-23 16:15 - 00163792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-08-06 05:16 - 2013-09-23 16:15 - 01256472 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-08-06 05:16 - 2013-09-23 16:15 - 00681488 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-08-06 05:16 - 2013-09-23 16:15 - 00255504 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-08-05 18:18 - 2013-09-23 15:26 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-08-03 08:46 - 2015-07-04 15:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
2015-08-02 13:45 - 2013-12-23 12:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-02 13:31 - 2013-09-23 15:34 - 00000000 ____D C:\Program Files (x86)\Acer
2015-08-02 13:30 - 2013-09-23 16:14 - 00000000 ___HD C:\OEM
2015-08-02 13:26 - 2013-12-23 12:59 - 00000000 ____D C:\Users\Public\CyberLink
2015-08-02 12:12 - 2013-12-23 12:59 - 00000000 ____D C:\ProgramData\CyberLink
2015-07-31 17:48 - 2013-09-23 15:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-31 14:18 - 2015-06-29 21:13 - 00000000 ____D C:\Users\John PC\AppData\Local\VirtualStore
2015-07-30 05:50 - 2015-06-30 23:07 - 00000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-30 05:50 - 2015-06-30 23:07 - 00000000 ____D C:\Program Files\CCleaner
2015-07-27 21:18 - 2015-06-30 15:07 - 00000000 ____D C:\Windows.old
2015-07-27 21:00 - 2015-06-30 08:59 - 00000000 ____D C:\Users\John PC\AppData\Local\Adobe
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\Com
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\IME
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\Camera
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-07-18 16:44 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-07-18 16:44 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\servicing
2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-07-18 16:43 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-07-18 14:24 - 2013-08-23 01:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-07-18 14:24 - 2013-08-23 01:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-07-17 17:39 - 2015-06-30 12:44 - 00000000 ____D C:\Program Files (x86)\AzTools
2015-07-17 09:55 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-07-17 09:55 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS

==================== Files in the root of some directories =======

2013-12-23 12:44 - 2013-12-23 12:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\John PC\AppData\Local\Temp\Quarantine.exe
C:\Users\John PC\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-10 08:24

==================== End of log ============================

 

 

Addition Txt was included with original post, will It produce a second log ??

[noknojon]

Hi -

I forgot to mention that ESET showed nothing except that error after 1 hour, BUT, now I have problems trying to log in with the "sick" computer.

ESET was then reinstalled, and ran OK up to the end. I took a screen snip to show "nothing found" but it is there, not here ! ! !

MBAM site is rejected with an error (500 I think) and just says it is unable to connect ??

 

After this I will try again, so that may be part of the reason that you do not have the Extra Attach with the log above.

It is sitting on the Win 8.1 desktop, but I am not able to transfer it ??

 

I am currently on my laptop Win 7.1 (in my kitchen) - Wireless works OK and I had accessed my emails first thing today (0n Win 8.1)

 

My ISP reports (via my Toolbox check) that I have only used 2.9Gig of my 100Gig monthly allowance, so that is not the problem.

 

John -

 

EDIT - I now understand a bit better what the problem was (hope it is fixed).

[noknojon]

Finally ?? got it working eventually, and even then needed to change MBAM site password.

 

Addition.txt As an Attachment and now to Copy / paste

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-08-2015
Ran by John PC (2015-08-14 23:46:47)
Running from C:\Users\John PC\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1877073717-3212129561-1314164763-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1877073717-3212129561-1314164763-501 - Limited - Disabled)
John PC (S-1-5-21-1877073717-3212129561-1314164763-1001 - Administrator - Enabled) => C:\Users\John PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
AdFender (HKLM-x32\...\AdFender) (Version: 1.83 - AdFender, Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{6ACE9B2D-3F28-BD76-DB71-957BE60C028D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blueline 1.1.1 (HKLM-x32\...\Blueline_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CUE CLUB (HKLM-x32\...\CUE_CLUB) (Version:  - )
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.57 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Masque Casino Game Pak II (HKLM-x32\...\Masque Casino Game Pak II) (Version:  - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.0.5697 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Relic Rescue (HKLM-x32\...\BFG-Relic Rescue) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1877073717-3212129561-1314164763-1001_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File

==================== Restore Points =========================

28-07-2015 20:46:30 restore
02-08-2015 13:45:26 Installed PowerDVD
05-08-2015 09:36:53 JRT Pre-Junkware Removal
10-08-2015 08:17:14 Windows Update
12-08-2015 21:24:08 Removed Skype™ 7.3
14-08-2015 17:14:18 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2401084C-F787-4300-9F0F-F3B241BC80E2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {35513097-1C7A-4283-8E5F-29310BCA3B59} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {50E190DC-3224-4D2C-8359-FA200A565CDD} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {533C6D4B-9AF9-4FA5-BB9B-72CFFD444E61} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()
Task: {6100A029-E549-468C-BF49-5DD8DA76CA11} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {7039BB3B-6602-414B-B994-62C06F6DC8A3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {7FE561E8-878B-41B6-8CDB-0EF79DF024A9} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {883C67FF-E22B-4E1A-B5E6-DBA271A7919C} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {8F2D23FC-19B8-4766-A054-9421CE6CEEAD} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {9CE6F710-8D84-4561-AC2F-99E38E5E1C0F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-07-23] (Acer)
Task: {A58DBE3B-2174-4D90-830C-19FA7BDAD036} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {C1342446-CA2A-4607-BC51-9759CA00D3DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {C1F8BA39-3E15-45BE-AFE6-6B05C3E90846} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {DE318555-1E1C-469E-A2FD-943271066981} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {E25F7E09-0539-414D-8FE4-54ACFCA77665} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-07-27 17:46 - 2015-07-27 17:46 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-08-02 13:30 - 2015-08-02 13:30 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-07-23 19:09 - 2015-07-23 19:09 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-07-23 19:09 - 2015-07-23 19:09 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:036B81D9
AlternateDataStreams: C:\ProgramData\Temp:1AC933DC
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:5C92988B
AlternateDataStreams: C:\Users\John PC\OneDrive:ms-properties
AlternateDataStreams: C:\Users\John PC\Downloads\Fw_ At last - a picture of him!1.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1877073717-3212129561-1314164763-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6CF1A262-4271-4083-A732-1C09CFBDEB96}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0B0F8BE3-898C-472B-A9D1-A93300F217B2}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{17025D74-26A3-40DD-BEB3-75D3FBF131E9}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{378F3D20-A7F5-4CEA-9242-59ED6D9BE664}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{380D0805-B2F2-4829-A17C-816F285F4B56}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{4F691B65-D60B-4791-B417-D58B5492F098}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{332F01E2-DD60-4AD7-B5B0-350F9D39A7FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{335193F0-CA51-4A8F-8925-E6127E2B5B2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{74417CB1-FB4A-4AB8-8687-F8A531705D6D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{9B882628-2B6D-47D5-B3B7-54C760391DD8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{1E35FE9F-2FDA-4D7C-A77A-78F7A80FEBCD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A2150EC3-DD37-446B-89A7-D82C93B28BB0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{48EE8AF6-2CB5-40B3-BFC7-A0F4F449F492}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{847F981B-5FBA-4965-B1B4-052F590C0C47}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{0D63C9FD-0446-4634-9E57-A69E91FE664B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{5C133BA8-6BF2-4DBE-80B5-DD0698131885}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{3206BD79-CB3F-41FE-9767-F1760CA43BC7}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{73102424-62CB-47B9-A394-91EABC05B04D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F40CF73B-0635-428A-998A-3F8C31ACA979}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{16ADAF7A-7689-4484-BA66-552604594AEE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{BE59CFFD-DD7E-44F8-BA88-432A396D8076}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7332B1BD-3BAA-4853-B57F-E4808AB4FFC6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{449143B7-6118-4F9C-8A69-F538EBEC54C0}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{76471544-B0F4-4B63-906C-E41AF8D3827C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{93003E86-EDA1-46CE-9266-A5743F71A2A4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{3E8A0188-7B4A-4E0B-A4ED-4726991C09D6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{82D6E267-7267-4A49-A0BB-5BD942791F57}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{6D6F3C5C-8360-4519-96FB-C33A7B8694B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{4205CFF7-8898-494E-867B-44F358F1C680}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{94550F96-A14E-45EC-B45D-6F8B726B7B66}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5E8E15B9-2D5E-449B-AC79-8E9DD1B705A3}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{8DFA0884-58A9-4181-B5D6-0CE5208D45A0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{F4BAE879-BAF6-4467-A4E3-505A334A4B01}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{43BE7587-F94E-4268-96ED-ECEABF0CCF9A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{6D6B66F2-5254-400E-A504-6621975CC7F0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{CCF19367-157A-4E55-8480-D66E3188BEC2}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{713109CC-1D7B-41D2-9450-E989FD291426}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{58819CE0-09F0-4766-81BA-635C34A46E73}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B66F0FF3-18CD-406F-8501-EBF1F63539B1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F7DE10E1-F7BA-4CE7-997F-6D79CA1BBBBF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{25966000-086F-45E9-BD32-2A248C73AC5B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FB2588F0-C78C-40C5-9C25-60C758DE3E8D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F44F227E-DFA6-4C78-8192-10A5C4D98774}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{37BA205E-B828-4612-B1BB-62273D75BC25}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E1A401B3-90DF-40C9-8FE4-D2B7A81DC638}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{048ED1DF-CFCE-49EC-B9E7-4F5C6AC1B705}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F5DD0E2B-997E-4490-9C30-CE6C2B8A60AF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B14CD9AA-899E-4642-A92E-989838CC077C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B1484252-E7F0-4868-BAA8-980F3274D753}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2D0A3839-7C87-4079-8EBA-8D3D2F31DBE0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{99B971E6-4958-4A76-B5DF-FC777CAD626B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C17D250-CFA5-4B32-87E2-14400C867F6B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F9C7D6E-2B77-40F1-BB1C-AB699038CFFC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{73350996-C912-47BE-9A26-20385665C538}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{984F3009-96E3-4B01-8009-9E24E8A21883}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{943CA616-3AA1-4F5A-BF24-16CFDB73B6CB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2726BFED-6372-4FE7-9E9C-2FF68A5CC7CA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D35F4DF0-95C6-435C-92D6-D8E2E9BE778C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4080BA5A-8C34-465D-8E84-523CDC4BAFA1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F82FF65E-84DE-41D3-864D-69A7DEA58E12}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{80355BF6-A2E0-47EE-A29E-00B43AD25D9E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D13AB97E-604D-4BD6-B266-52065141256D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5FCF5706-4292-4260-BD9D-D6611C145734}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D013D0B7-2FEC-49C7-8AF3-997337939AF9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3562A196-65C1-4610-A199-3575C725C73E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2015 10:35:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/14/2015 10:34:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/14/2015 10:34:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/14/2015 10:34:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/14/2015 10:34:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/14/2015 10:30:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/14/2015 09:14:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/14/2015 09:14:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/14/2015 09:14:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/14/2015 09:14:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

System errors:
=============
Error: (08/14/2015 09:18:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (08/14/2015 09:18:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\JOHNPC~1\AppData\Local\Temp\ehdrv.sys

Error: (08/14/2015 09:18:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (08/14/2015 09:18:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\JOHNPC~1\AppData\Local\Temp\ehdrv.sys

Error: (08/14/2015 09:18:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (08/14/2015 09:18:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\JOHNPC~1\AppData\Local\Temp\ehdrv.sys

Error: (08/14/2015 08:49:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (08/14/2015 08:48:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (08/14/2015 08:48:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Firewall Core Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/14/2015 08:48:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Service Controller service failed to start due to the following error:
%%1053

Microsoft Office:
=========================
Error: (08/14/2015 10:35:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe

Error: (08/14/2015 10:34:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe

Error: (08/14/2015 10:34:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe

Error: (08/14/2015 10:34:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe

Error: (08/14/2015 10:34:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe

Error: (08/14/2015 10:30:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu(1).exe

Error: (08/14/2015 09:14:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu.exe

Error: (08/14/2015 09:14:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu.exe

Error: (08/14/2015 09:14:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu.exe

Error: (08/14/2015 09:14:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\John PC\Desktop\esetsmartinstaller_enu.exe

==================== Memory info ===========================

Processor: AMD A6-5200 APU with Radeon HD Graphics
Percentage of memory in use: 18%
Total physical RAM: 8125.09 MB
Available physical RAM: 6622.7 MB
Total Virtual: 9405.09 MB
Available Virtual: 7837.61 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:457.11 GB) (Free:406.22 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.11 GB) (Free:456.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6D0E4787)

Partition: GPT.

==================== End of log ============================

 

 

Thank You -

[noknojon]

These also showed up at "about the same time under a desktop icon that looks like this when Secunia asked to check for updates

<< Desktop

Then this is under the Icon (or when you click on the icon)  >>

 

[noknojon]

While waiting, I re-ran ESET Scanner and it produced C:\Users\John PC\Documents\rcsetup152.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application.

 

This is not the first time I have seen this, but it depended if I used F/fox (where Google add-on is installed) or I.E. (where it is not installed).

Today I was using F/fox browser, so this may be the reason ??

 

Thank You -

[AdvancedSetup]

The sadness is that too many sites add on these annoying toolbars trying to make a buck.

The logs show that your McAfee firewall is crashing. Might want to reinstall that or uninstall it for now and use built-in until we know your issue is resolved.

Not sure what antivirus you're using (are you just using the built-in one for Windows 8 ?)

You also have a few scope settings in IE that may be from something you've added but they're not located in a known good search. I'm going to recommend resetting your browsers and running a good temp cleaner.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Start by disabling Sync

How To Delete Your Google Chrome Browser Sync Data

Chrome - Reset browser settings

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Please run those and also run a full 5 step disk check. I know Windows 8 is supposed to be smarter and not require as much disk check but I'm still not 100% convinced it's as smart as it's supposed to be. Using an elevated admin command prompt just run CHKDSK C: /R

Then reboot and let it run.

Let me know what issues specifically you're having after doing the above. There are a couple of minor things in the logs but wouldn't think they'd cause any issues of much concern.

[noknojon]

I will include a couple of things in this post:

 

I reset I.E. .. .. .. then was trying to reset Firefox as you listed, but have I missed something, or is this a Windows 8.1 thing.

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

I believe that this was the start of the unknown problems, and created the icon shown above.

 

All I get are these, and part of my last problem, I may have hit the wrong one here

 

<<Left side - Right side >> << Is "Reset" = Refresh ? or am I missing something

                                                                                                                                                                                Or should I click another "unseen" button ??

 

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean. < I want Chrome out, so I will follow that

As far as I know, only I.E. and Firefox are installed (by me) since I find too many "holes" seem to show with Chrome.

I will go through the listed Uninstall just to see if it is here, but it has not shown anywhere.

 

I have never installed any McAfee programs, but they were the Acer installed default "give-aways" and I contacted McAfee to get help to remove it fully.

The only Antivirus I know of is Windows Defender, "(are you just using the built-in one for Windows 8)"

 

I do not mind the Google Search Bar Add-On, as this often saves me logging out while searching elsewhere.

 

TFC (Temp File Cleaner) should be installed, but has not been used since I posted here

 

Thank You -

 

[AdvancedSetup]

That does not look familiar for Firefox. Let me install it on my Windows 8.1 VM tonight and double check.

McAfee makes a tool to fully remove all items but it's normally for antivirus but probably works to remove all.

http://service.mcafee.com/FAQDocument.aspx?id=TS101331

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Run that tool for the McAfee removal then if not using any McAfee.

TFC gets updated from time to time so if you don't have the latest I'd download a new copy of it. Then right click and choose "Run as administrator" then reboot when done.

Then let me know what issue you're having that makes you think something is wrong.

I'll try to double check on the Firefox reset later tonight.

[noknojon]

I ran the McAfee Removal Tool and it seemed to remove something.

 

Just F.Y.I. - Also to check I followed as you wrote -

I went to the 3 bars at the top Right for settings , ? ,in the middle for OpenHelp Menu, >> Troubleshootinging Information , and that is where I posted my links..

If I was incorrect, then I must have an "odd" version of Firefox.

 

Also from using Chris's "screen317's Security Check" program ... (a "vague check" for Windows 8.1)

 

Results of screen317's Security Check version 1.007
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 18.0.0.232
Mozilla Firefox (40.0.2)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

 

Thanks ...

[AdvancedSetup]

Sorry John - not enough time to check on the Firefox issue yet, but are you still having an issue even without resetting Firefox?

Can you be more specific as to what the issue is you see or a screen shot maybe?

Thanks

[noknojon]

Things seem to have changed for the better recently, mainly after removal of McAfee.

 

TFC was updated recently (after about 2 or 3 years of the same version) so I deleted mine and got a new version, and ran that.

 

I have no particular problems left that I have noticed, but it did have something when I first posted ?

Sorry if I wasted too much time, but it may to check on Firefox updating details, like I posted back -

 

Can I run Delfix to remove the logs and tools left on the desktop for cleaning up, or just Manually delete all items then re-run TFC ??

 

Again - Thanks for your time (while things have been busy)

Regards John -

[AdvancedSetup]

Yes, you can use to remove. Here is a canned speech for such. No problem on helping just glad you got it working well again. As for Firefox I don't have it installed on Windows 8.1 to test so still need to do that.

At this time there are no more signs of an infection on your system.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

Download Delfix from here and save it to your desktop. (you may already have this)

• Ensure Remove disinfection tools is checked.
• Click the Run button.
• Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.

How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

[noknojon]

Thanks again Ron, and things seem to be running OK at this time. I did not want to seem pushy, but I feel that you did a reasonably good investigation into any problem.

 

Delfix cleaned out most logs and tools so all is cleaned up.

MCPR tool from McAfee may have done a better job of clean-up this time, so all runs ~ OK ~

 

I also think the Windows 8.1 has Apps that I do not use, and will never use, so I went to Classic-Shell, and all is more "like a Win 7".

 

Thank You - John -

 

Lock it up -

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!