Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I'll be damned.... [Closed]

Started by Alan1998 , Oct 14 2014 05:56 AM

  • This topic is locked This topic is locked

#16
crooleeck
Posted 20 October 2014 - 03:00 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

OK, please run FRST one more time and do scan, post the log.


  • 0

Advertisements

#17
Alan1998
Posted 21 October 2014 - 04:42 AM

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts

OK, will do when I get too school. I leave shortly..


  • 0

#18
Alan1998
Posted 21 October 2014 - 05:37 AM

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Michael (administrator) on MIKE-SCHOOL on 21-10-2014 08:28:30
Running from C:\Users\Michael\Desktop
Loaded Profile: Michael (Available profiles: Michael)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-09-22] (Acer Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-793078676-4060340128-668272483-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2580224 2014-08-21] (Acer)
HKU\S-1-5-21-793078676-4060340128-668272483-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-793078676-4060340128-668272483-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM - DefaultScope {E855225E-C318-473F-AF01-6027BDDB4B9C} URL = http://www.bing.com/...=IE10TR&pc=ACJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {E855225E-C318-473F-AF01-6027BDDB4B9C} URL = http://www.bing.com/...=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - DefaultScope {E855225E-C318-473F-AF01-6027BDDB4B9C} URL = http://www.bing.com/...=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {E855225E-C318-473F-AF01-6027BDDB4B9C} URL = http://www.bing.com/...=IE10TR&pc=ACJB
SearchScopes: HKCU - DefaultScope {E855225E-C318-473F-AF01-6027BDDB4B9C} URL = 
SearchScopes: HKCU - {E855225E-C318-473F-AF01-6027BDDB4B9C} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pokki.com/PokkiDownloadHelper -> C:\Users\Michael\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-20]
 
Chrome: 
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-16]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-16]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-16]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-16]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-16]
CHR Extension: (AdBlock) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-17]
CHR Extension: (avast! Online Security) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-16]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-16]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-20] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3097856 2014-09-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-10-14] (RaMMicHaeL)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-20] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-21 08:28 - 2014-10-21 08:29 - 00017922 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-10-20 10:00 - 2014-10-20 10:00 - 00164936 _____ () C:\Users\Michael\Downloads\OTL.Txt
2014-10-18 07:45 - 2014-10-18 07:45 - 00065328 _____ () C:\Users\Michael\Desktop\sfcdetails.txt
2014-10-17 07:53 - 2014-10-17 07:53 - 00000000 ____D () C:\Users\Michael\Desktop\FRST-OlderVersion
2014-10-16 08:39 - 2014-10-16 08:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-10-16 08:39 - 2014-10-16 08:39 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-15 10:36 - 2014-10-15 10:42 - 00000101 _____ () C:\Users\Michael\Documents\PAIN.txt
2014-10-15 09:02 - 2014-10-15 09:02 - 00000000 ____D () C:\Users\Michael\Desktop\Log FIles
2014-10-14 16:58 - 2014-09-13 03:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 16:58 - 2014-09-13 02:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 16:58 - 2014-08-28 22:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-14 16:58 - 2014-08-28 22:32 - 02779136 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 16:58 - 2014-08-28 21:59 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 16:58 - 2014-08-28 20:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-14 16:58 - 2014-08-28 20:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-14 16:57 - 2014-09-27 19:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 16:57 - 2014-09-25 19:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 16:57 - 2014-09-25 19:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 16:57 - 2014-09-25 19:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 16:57 - 2014-09-25 19:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 16:57 - 2014-09-25 19:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 16:57 - 2014-09-18 23:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 16:57 - 2014-09-18 22:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 16:57 - 2014-09-18 22:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 16:57 - 2014-09-18 22:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 16:57 - 2014-09-18 22:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 16:57 - 2014-09-18 22:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 16:57 - 2014-09-18 21:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 16:57 - 2014-09-18 21:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 16:57 - 2014-09-18 21:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 16:57 - 2014-09-18 21:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 16:57 - 2014-09-18 21:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 16:57 - 2014-09-18 21:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 16:57 - 2014-09-18 21:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 16:57 - 2014-09-18 21:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 16:57 - 2014-09-18 21:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 16:57 - 2014-09-18 21:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 16:57 - 2014-09-18 20:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 16:57 - 2014-09-18 20:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 16:56 - 2014-09-25 19:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 16:56 - 2014-09-18 22:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 16:56 - 2014-09-18 22:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 16:56 - 2014-09-18 22:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 16:56 - 2014-09-18 22:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 16:56 - 2014-09-18 20:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 16:56 - 2014-09-18 20:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 16:56 - 2014-09-08 00:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 16:56 - 2014-09-07 22:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 16:56 - 2014-09-07 22:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 16:56 - 2014-09-07 21:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 16:56 - 2014-09-07 21:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 16:56 - 2014-09-07 21:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 16:56 - 2014-09-07 21:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 16:56 - 2014-09-07 21:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 16:56 - 2014-09-07 21:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 16:56 - 2014-09-07 21:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 16:56 - 2014-09-07 20:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 16:56 - 2014-09-07 20:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 16:56 - 2014-09-07 20:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 16:56 - 2014-09-07 20:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 16:56 - 2014-09-03 21:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 16:56 - 2014-09-03 21:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 16:55 - 2014-08-16 01:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 16:55 - 2014-08-16 01:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-14 16:55 - 2014-08-16 01:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-14 16:55 - 2014-08-16 00:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-14 16:55 - 2014-08-16 00:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 16:55 - 2014-08-16 00:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 16:55 - 2014-08-15 21:20 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 16:55 - 2014-08-15 21:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-14 16:55 - 2014-08-15 21:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-14 16:55 - 2014-08-15 21:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-14 16:54 - 2014-08-16 00:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 16:54 - 2014-08-16 00:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-14 16:54 - 2014-08-16 00:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-14 16:54 - 2014-08-15 22:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-14 16:54 - 2014-08-15 22:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-14 16:54 - 2014-08-15 21:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-14 16:54 - 2014-08-15 21:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-14 16:54 - 2014-08-15 21:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-14 16:54 - 2014-08-15 21:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-14 16:54 - 2014-08-15 21:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-14 16:54 - 2014-08-15 21:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-14 16:54 - 2014-08-15 21:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-14 16:54 - 2014-08-15 21:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-14 16:54 - 2014-08-15 21:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-14 16:54 - 2014-08-15 21:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-14 16:54 - 2014-08-15 21:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-14 16:54 - 2014-08-15 21:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-14 16:54 - 2014-08-15 21:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-14 16:54 - 2014-08-15 21:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-14 16:54 - 2014-08-15 21:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 16:54 - 2014-08-15 21:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-14 16:54 - 2014-08-15 21:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-14 16:54 - 2014-08-15 21:11 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 16:54 - 2014-08-15 21:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-14 16:54 - 2014-08-15 21:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 16:54 - 2014-08-15 21:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-14 16:54 - 2014-07-31 20:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 16:37 - 2014-10-21 08:28 - 00000000 ____D () C:\FRST
2014-10-14 16:36 - 2014-10-17 07:53 - 02112000 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-10-14 16:36 - 2014-10-14 16:36 - 05185536 _____ (AVAST Software) C:\Users\Michael\Downloads\aswMBR.exe
2014-10-14 16:36 - 2014-10-14 16:36 - 05185536 _____ (AVAST Software) C:\Users\Michael\Desktop\aswMBR.exe
2014-10-14 16:36 - 2014-10-14 16:36 - 02110464 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-10-14 13:01 - 2014-10-14 13:02 - 26901056 _____ (SMART Technologies) C:\Users\Michael\Downloads\smartesi2014septweb.exe
2014-10-14 08:22 - 2014-10-14 08:22 - 00000000 ____D () C:\Users\Michael\abBox
2014-10-12 08:19 - 2014-10-12 08:19 - 00040863 _____ () C:\Users\Michael\Downloads\chat_with_savita.txt
2014-10-11 17:14 - 2014-10-11 17:14 - 00146302 _____ () C:\Users\Michael\Downloads\FRST (2).txt
2014-10-11 17:14 - 2014-10-11 17:14 - 00002300 _____ () C:\Users\Michael\Downloads\aswMBR (1).txt
2014-10-11 14:32 - 2014-10-11 14:32 - 00063866 _____ () C:\Users\Michael\Downloads\FRST (1).txt
2014-10-10 14:09 - 2014-10-10 14:09 - 00000721 _____ () C:\Users\Michael\Desktop\AutoEvony2.swf - Shortcut.lnk
2014-10-07 08:52 - 2014-10-07 08:53 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2014-10-07 08:52 - 2014-10-07 08:52 - 00002544 _____ () C:\Users\Michael\Desktop\Windows 7 USB DVD Download Tool.lnk
2014-10-07 08:52 - 2014-10-07 08:52 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2014-10-07 08:51 - 2014-10-07 08:51 - 02721168 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2014-10-06 08:30 - 2014-10-06 08:36 - 4100497408 _____ () C:\Users\Michael\Downloads\WindowsTechnicalPreview-x64-EN-US.iso
2014-10-02 11:58 - 2014-10-02 12:00 - 00707354 _____ () C:\Windows\unins000.exe
2014-10-02 11:58 - 2014-10-02 12:00 - 00002590 _____ () C:\Windows\unins000.dat
2014-10-02 11:58 - 2014-10-02 12:00 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2014-10-02 11:58 - 2011-04-09 11:44 - 00901344 _____ (Richard ) C:\Users\Michael\Downloads\setup.exe
2014-10-02 11:58 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-10-02 11:58 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\SysWOW64\gpedit.msc
2014-10-02 11:57 - 2014-10-02 11:57 - 00875012 _____ () C:\Users\Michael\Downloads\add_gpedit_msc_by_jwils876-d3kh6vm.zip
2014-09-29 12:48 - 2014-10-07 08:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Audacity
2014-09-29 12:48 - 2014-09-29 12:48 - 00000995 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-09-29 12:48 - 2014-09-29 12:48 - 00000983 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-09-29 12:47 - 2014-09-29 12:48 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-09-29 12:45 - 2014-09-29 12:46 - 22180353 _____ (Audacity Team ) C:\Users\Michael\Downloads\audacity-win-2.0.5.exe
2014-09-25 10:00 - 2014-09-25 10:00 - 00010206 _____ () C:\Users\Michael\Downloads\MCShield-AllScans.txt
2014-09-25 10:00 - 2014-09-25 10:00 - 00001043 _____ () C:\Users\Michael\Downloads\mbam.txt
2014-09-24 13:03 - 2014-09-24 13:03 - 01057574 _____ () C:\Users\Michael\Downloads\AutoEvony2.swf
2014-09-24 12:42 - 2014-09-24 12:42 - 01151176 _____ () C:\Users\Michael\Downloads\ageII-release.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2021-10-21 10:36 - 2014-04-10 03:29 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 04:34 - 2014-04-10 03:29 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-10-21 08:29 - 2014-07-20 14:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-10-21 08:28 - 2014-04-10 03:02 - 02046939 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 08:19 - 2013-10-31 08:23 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 08:18 - 2014-07-21 05:39 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D8A16E03-9657-4946-AF85-8D7412555D5F}
2014-10-21 08:17 - 2014-09-17 08:19 - 00000000 ____D () C:\ProgramData\MCShield
2014-10-21 08:15 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-20 13:06 - 2014-07-21 05:41 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-793078676-4060340128-668272483-1001
2014-10-20 12:49 - 2014-07-26 12:51 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-10-20 12:41 - 2014-09-16 12:36 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-20 12:41 - 2014-09-16 12:36 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 12:41 - 2014-09-16 12:36 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 12:25 - 2014-09-11 12:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ClassicShell
2014-10-20 12:18 - 2014-07-20 14:47 - 00000000 ____D () C:\ProgramData\Skype
2014-10-20 12:17 - 2014-07-21 05:38 - 00000000 __RDO () C:\Users\Michael\SkyDrive
2014-10-17 10:00 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\rescache
2014-10-17 08:01 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-15 12:19 - 2014-07-21 05:37 - 00000000 ____D () C:\Users\Michael\AppData\Local\clear.fi
2014-10-15 11:12 - 2014-07-21 05:33 - 00000000 ____D () C:\Users\Michael
2014-10-15 10:00 - 2013-10-31 08:16 - 00064186 _____ () C:\Windows\PFRO.log
2014-10-15 08:56 - 2013-08-22 10:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-15 08:55 - 2013-08-22 12:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-15 08:55 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-15 08:53 - 2013-08-22 11:44 - 00337840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 08:14 - 2013-08-22 12:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-14 16:35 - 2014-07-31 20:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\uTorrent
2014-10-14 08:45 - 2014-07-20 15:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 08:23 - 2014-07-20 14:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-11 12:48 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-11 09:22 - 2014-09-15 13:09 - 00000000 ____D () C:\ProgramData\Unchecky
2014-10-10 14:10 - 2013-08-22 11:46 - 00022104 _____ () C:\Windows\setupact.log
2014-10-07 09:02 - 2014-09-04 16:02 - 00000000 ____D () C:\Users\Michael\Documents\Bluetooth Folder
2014-10-04 18:06 - 2014-09-10 07:41 - 00000000 ____D () C:\Users\Michael\Documents\Visual Studio 2013
2014-10-02 12:02 - 2013-10-31 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-10-02 12:02 - 2013-10-31 08:35 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-10-02 11:58 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-02 11:03 - 2014-09-04 10:17 - 00000000 ___HD () C:\Users\Michael\Desktop\Notes Social Studies
2014-09-29 19:45 - 2014-09-12 11:51 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 19:45 - 2014-09-12 11:51 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\oct8958.tmp.exe
C:\Users\Michael\AppData\Local\Temp\oct9D0F.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 08:39
 
==================== End Of Log ============================

  • 0

#19
crooleeck
Posted 21 October 2014 - 01:16 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Step 1:
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
Step 2:
Check file online:

  • Please go to Virus Total
  • Click on the button Choose File
  • Copy/paste this file and path into the white box beside File Name in the window that pops up:
    C:\Windows\unins000.exe
  • Press Scan it- this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the results in your next response.

Attached Files


  • 0

#20
Alan1998
Posted 21 October 2014 - 01:54 PM

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
Ran by Michael at 2014-10-21 16:53:54 Run:2
Running from C:\Users\Michael\Desktop
Loaded Profile: Michael (Available profiles: Michael)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]
*****************
 
McAWFwk => Service deleted successfully.
 
==== End of Fixlog ====
 
 
 
 
Edit: May I ask who your teacher is? I've noticed Compcav is following and Crowbar is watching as I write this lol
Thanks for the help! (You and your teacher!)

Edited by Alan1998, 21 October 2014 - 01:56 PM.

  • 0

#21
crooleeck
Posted 22 October 2014 - 04:46 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Your welcome. In this case Essexboy is my teacher.
 
Step 1:
I see you have installed MBAM, please run it, agreed for update and do scan:

  • Run Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest updates automatically:
    xMBAM2_zps52e3211b.png.pagespeed.ic.QBQf
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    xMBAM3_zps83324155.png.pagespeed.ic.QrFW
  • Go back to the Dashboard tab, and click the Scan Now button:
    xMBAM4_zpse3cd4a79.png.pagespeed.ic.sQWM
  • The scan may take some time to finish,so please be patient.
    xMBAM5_zps36d7537b.png.pagespeed.ic.JWYe
  • When the scan is complete, it will show you the results. (This one is clean):
    xMBAM65_zpsb0aa143c.png.pagespeed.ic.lCj
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    xMBAM7_zps782405f0.png.pagespeed.ic.uQEx
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    xMBAM9_zps1f87702b.png.pagespeed.ic.ywPZ
  • Choose the latest Scan Log, and click on the View button:
    xMBAM10_zps5a48f689.png.pagespeed.ic.Uun
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    xMBAM8_zpsad402941.png.pagespeed.ic.J4sI
  • Copy & Paste the entire contents of the report log in your next reply.
     
  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

    Step 2:
    Please run a free online scan with the ESET Online Scanner:

    IMPORTANT: You MUST use Internet Explorer for this step!
    • Visit the ESET Online Scanner Web Page
    • Select the blue Run ESET Online Scanner button:
      xESET1_zps23a5e840.png.pagespeed.ic.Y0AU
    • Tick the box next to YES, I accept the Terms of Use and click Start
      ESET_EULA2_zps9451f1c3.png
    • When asked, allow the ActiveX control to install.
    • Select Enable detection of potentially unwanted applications and select Advanced Settings:
      ESET2_zpsc701c045.png
    • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
      xESET4_zps0afafd0d.png.pagespeed.ic.rNsA
    • Click Start. (This scan can take several hours, so please be patient):
      ESET3_zpsccd1657d.png
    • Once the scan is completed, select List of found threats:
      ESET5_zpsd27be299.png
    • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
      xESET6_zpsc17d154e.png.pagespeed.ic.Ob9h
    • Click the Back button.
    • Click the Finish button:
      ESET9_zps51587217.png
    • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
    • Copy and paste that log as a reply to this topic.

  • 0

#22
Alan1998
Posted 22 October 2014 - 05:46 AM

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts

Aye, Mr. Dragon (THe Gate Keeper). 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014-10-22
Scan Time: 8:12:50 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.22.03
Rootkit Database: v2014.10.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Michael
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335934
Time Elapsed: 27 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET will have to wait as I don't have the power too keep my laptop alive for "several Hours".

  • 0

#23
Alan1998
Posted 23 October 2014 - 06:27 AM

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts

OK, I had ESET run, but got some Buy my product Pop up and no way out. So I had to exit. Any ideas where a log would be?


  • 0

#24
crooleeck
Posted 23 October 2014 - 01:12 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Strange ;)

 

Try this location:

C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt


  • 0

#25
Alan1998
Posted 24 October 2014 - 06:48 AM

Alan1998

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 295 posts

I will check it out. Thanks, if not there... I presume just rescan? ESET had found 2 items, just adware leftovers from whatn I could see.


  • 0

Advertisements

#26
crooleeck
Posted 24 October 2014 - 12:15 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

New scan should be clean. In first scan infected files ware (probably) move to quarantine.


  • 0

#27
Essexboy
Posted 29 October 2014 - 11:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP