[charles.actuary]

Here's the log.

I'm afraid that the shopperz folder and its contents are still there.

Charles



All processes killed
========== FILES ==========
Folder move failed. C:\Program Files\shopperz scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Franny
->Temp folder emptied: 98685683 bytes
->Temporary Internet Files folder emptied: 20413326 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 943341869 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,013.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Franny
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 02062015_172703

Files moved on Reboot...
Folder move failed. C:\Program Files\shopperz scheduled to be moved on reboot.
File C:\Users\Franny\AppData\Local\Temp\~DFA0276B8404193885.TMP not found!
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\HE13NTW3\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\10T5DUUH\347034-unable-to-complete-removal-of-malware[1].htm moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\10T5DUUH\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\10T5DUUH\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\IE\10T5DUUH\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat moved successfully.
C:\Users\Franny\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File C:\Windows\temp\7zS305E.tmp\AcerOpenPlatformSetup.exe not found!

Registry entries deleted on Reboot...

[Advertisements]

Please download this registry fix to your desktop http://www.eightforu...ontext_menu.reg
Right click the file and select merge
Accept the several warnings that windows issues
Once done go to explorer and right click C:\Program Files\shopperz
From the menu select "Take Ownership"

A black box will now open and the commands will run as you take ownership of the folder
Please let me know if it has your username as owner (example below)



If it does then right click C:\Program Files\shopperz and select delete

[Essexboy]

Please download this registry fix to your desktop http://www.eightforu...ontext_menu.reg
Right click the file and select merge
Accept the several warnings that windows issues
Once done go to explorer and right click C:\Program Files\shopperz
From the menu select "Take Ownership"

A black box will now open and the commands will run as you take ownership of the folder
Please let me know if it has your username as owner (example below)



If it does then right click C:\Program Files\shopperz and select delete

[charles.actuary]

No improvement I'm afraid.  When I tried to take ownership, the black command prompt screen flashed up for a fraction of a second before being closed down again, so I couldn't see whether my username was showing up as owner.  I tried deleting the folder anyway but again got the bogus folder access refusal message.

[Essexboy]

This is proving a pain in the butt, as we are using windows 8.1 I can't use the big hammer on it

However there is an old tool that I sometimes use, it has now been updated for 8.1

I am just going to test it on my system to be safe. I will post back in a bit if it works

[Essexboy]

Download Moveonboot to your desktop

Install the programme and run on completion

When the programme runs click the Boot Actions Wizard (top left)
Ok the next page and the main dialogue will open
In the boot action box, using the drop down arrows, select Delete and Folder
In the configuration section click the three dots at the right and navigate to "C:\Program Files\shopperz " and OK that
Then place a tick in Restart Windows (immediately)


Ensure all other programmes are closed
Press Finish
The system will now reboot
After the reboot could you confirm that the folder has gone

[charles.actuary]

I'm afraid it's still there.

[Essexboy]

OK to delete move on boot just remove the folder form programme files

We will now try this method

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
S2 csrcc; C:\Program Files\shopperz\csrcc.exe [1449352 2015-01-26] () [File not signed]
C:\Program Files\shopperz
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[charles.actuary]

Still there, sorry.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Franny at 2015-02-07 17:10:58 Run:3
Running from C:\Users\Franny\Desktop
Loaded Profiles: Franny (Available profiles: Franny)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
S2 csrcc; C:\Program Files\shopperz\csrcc.exe [1449352 2015-01-26] () [File not signed]
C:\Program Files\shopperz
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
csrcc => Error deleting Service

"C:\Program Files\shopperz" directory move:

Could not move "C:\Program Files\shopperz\csrcc.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\garrus.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\grunt.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\kasumi32.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\kasumi64.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\krios.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\krios64.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\liara.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\liara64.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\mseff32.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\nfregdrv64.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\nseven.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\prc64.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\prexec.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\spdata.dat" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\tree.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\tsoni.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\tsoni64.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\unins000.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz\wrex64.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\shopperz" directory. => Scheduled to move on reboot.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{4828235A-4EE2-487E-9316-C3DBF0758746} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 1.7 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-07 17:13:09)<=

"C:\Program Files\shopperz\csrcc.exe" => File could not move.
"C:\Program Files\shopperz\garrus.dll" => File could not move.
"C:\Program Files\shopperz\grunt.exe" => File could not move.
"C:\Program Files\shopperz\kasumi32.dll" => File could not move.
"C:\Program Files\shopperz\kasumi64.dll" => File could not move.
"C:\Program Files\shopperz\krios.dll" => File could not move.
"C:\Program Files\shopperz\krios64.dll" => File could not move.
"C:\Program Files\shopperz\liara.dll" => File could not move.
"C:\Program Files\shopperz\liara64.dll" => File could not move.
"C:\Program Files\shopperz\mseff32.dll" => File could not move.
"C:\Program Files\shopperz\nfregdrv64.exe" => File could not move.
"C:\Program Files\shopperz\nseven.exe" => File could not move.
"C:\Program Files\shopperz\prc64.exe" => File could not move.
"C:\Program Files\shopperz\prexec.exe" => File could not move.
"C:\Program Files\shopperz\spdata.dat" => File could not move.
"C:\Program Files\shopperz\tree.js" => File could not move.
"C:\Program Files\shopperz\tsoni.dll" => File could not move.
"C:\Program Files\shopperz\tsoni64.dll" => File could not move.
"C:\Program Files\shopperz\unins000.exe" => File could not move.
"C:\Program Files\shopperz\wrex64.exe" => File could not move.
"C:\Program Files\shopperz" => Directory could not move.

==== End of Fixlog 17:13:09 ====

[Essexboy]

OK this one is a bit of a pain

Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon
When the tool opens select "File" > "Standards scripts"


Place a tick in :

3. Advanced System Analysis with malware removal mode enabled
5. Update signature database

Then press "Execute selected scripts"


There will be several warnings, OK them all and the system will reboot on completion of the analysis

After the reboot look in the folder AVZ4 on your desktop
Open the LOG folder
Attach KL_syscure.zip to your next post

[charles.actuary]

Well that didn't quite run as expected.  After doing its scan, the program didn't restart the computer as expected.  I have attached a screenshot of the program as it was when it had finished running.

 

I then restarted the machine manually.  I have attached the zip file which didn't have the name suggested in the instructions, but was the nearest equivalent.

 

The shopperz folder is still there.  Do you want me to try running the program again?

 

Charles

Attached Thumbnails

• 

Attached Files

•  virusinfo_syscure.zip   80.05KB   370 downloads

[Essexboy]

Nope, AVZ detected it so I am going to use its boot function to stop the service and delete the blighter

FIX

Open AVZ as before
Click "File" > "Custom scripts"


A dialogue will open
Copy and paste the following script into the marked space then press run


Script for insertion :
 

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteService('csrcc');
 SetServiceStart('csrcc', 4);
 StopService('csrcc');
 BC_DeleteSvc('csrcc');
 DeleteFile('C:\Program Files\shopperz\csrcc.exe','32');
 BC_DeleteFile('C:\Program Files\shopperz\csrcc.exe');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Ensure that you copy from begin to end

[charles.actuary]

Still there.  I have attached the zip file, though I'm not sure that it has changed from last time.

 

 

Attached Files

•  virusinfo_syscure.zip   80.05KB   182 downloads

[Essexboy]

OK it looks like the only to remove this is from outside of windows

Do you have a USB drive of about 4GB in size ?

Download the following three programmes to your desktop :


1. Rufus

For 64bit systems
2. Windows 8.1 64bit RC.. I will PM the download link to you
3. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

Then copy FRST to the same USB





Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


Windows 8 screen shots

When you reboot you will see this.

Select the language on this screen and keyboard on the next



Select the Trouble shoot option



Select Advanced option



Select Command prompt



At the command prompt type the following :



The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[charles.actuary]

Here you are.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 (ATTENTION: ====> FRST version is 53 days old and could be outdated)

Ran by SYSTEM on MININT-JBHI54S on 08-02-2015 13:42:34

Running from d:\

Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)

Internet Explorer Version 11

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-05] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)

HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-14] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-02] (AVAST Software)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()

HKLM-x32\...\Run: [ZoneAlarm Installer] => "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r config /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-06] ( (Qualcomm®Atheros®))

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\Default\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform

HKU\Default User\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform

HKU\Franny\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-03-21] (Spotify Ltd)

HKU\Franny\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)

HKU\Franny\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)

HKU\Franny\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)

HKU\Franny\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)

HKU\Franny\...\Run: [Google+ Auto Backup] => C:\Users\Franny\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)

HKU\Franny\...\RunOnce: [Application Restart #1] => C:\Users\Franny\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2014-12-31] (Pokki)

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)

S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-06] (Windows ® Win 7 DDK provider)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-02] (AVAST Software)

S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-02] (Avast Software)

S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

S2 csrcc; C:\Program Files\shopperz\csrcc.exe [1449352 2015-01-26] ()

S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)

S2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-05] (ELAN Microelectronics Corp.)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)

S2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)

S2 McAfee SiteAdvisor Service; C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR\MCSACORE.EXE [155368 2015-01-30] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)

S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)

S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)

S3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-02] ()

S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-02] (AVAST Software)

S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-02] (AVAST Software)

S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-02] ()

S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-02] (AVAST Software)

S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-02] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-02] (AVAST Software)

S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-02] ()

S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)

S1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [35320 2015-01-30] ()

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-06] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)

S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)

S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)

S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)

S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 utizmze5; C:\Windows\SysWOW64\Drivers\utizmze5.sys [7168 2015-02-07] ()

S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-02] (Avast Software)

S1 vdizmze5; C:\Windows\SysWOW64\Drivers\vdizmze5.sys [13312 2015-02-07] ()

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-08 05:31 - 2015-02-08 05:31 - 00000197 _____ () C:\Windows\System32\2015-02-08-13-31-09.046-AvastVBoxSVC.exe-2528.log

2015-02-07 14:16 - 2015-02-07 14:16 - 00000197 _____ () C:\Windows\System32\2015-02-07-22-16-27.098-AvastVBoxSVC.exe-2752.log

2015-02-07 14:13 - 2015-02-07 14:13 - 00013312 _____ () C:\Windows\SysWOW64\Drivers\vdizmze5.sys

2015-02-07 14:13 - 2015-02-07 14:13 - 00007168 _____ () C:\Windows\SysWOW64\Drivers\utizmze5.sys

2015-02-07 10:11 - 2015-02-07 10:11 - 00000197 _____ () C:\Windows\System32\2015-02-07-18-11-04.038-AvastVBoxSVC.exe-2892.log

2015-02-07 09:40 - 2015-02-07 09:40 - 00000000 ____D () C:\Users\Franny\Desktop\avz4

2015-02-07 09:39 - 2015-02-07 09:39 - 00000000 ____D () C:\Users\Franny\Desktop\Geeks

2015-02-07 09:38 - 2015-02-07 09:38 - 09370136 _____ () C:\Users\Franny\Desktop\avz4.zip

2015-02-07 09:15 - 2015-02-07 09:15 - 00000197 _____ () C:\Windows\System32\2015-02-07-17-15-01.057-AvastVBoxSVC.exe-2692.log

2015-02-06 14:32 - 2015-02-06 14:32 - 00000197 _____ () C:\Windows\System32\2015-02-06-22-32-11.085-AvastVBoxSVC.exe-2560.log

2015-02-06 14:20 - 2015-02-06 14:20 - 00000197 _____ () C:\Windows\System32\2015-02-06-22-20-49.091-AvastVBoxSVC.exe-2592.log

2015-02-06 14:15 - 2015-02-06 14:15 - 00007625 _____ () C:\Users\Franny\AppData\Local\Resmon.ResmonCfg

2015-02-06 14:04 - 2015-02-06 14:04 - 00000197 _____ () C:\Windows\System32\2015-02-06-22-04-03.017-AvastVBoxSVC.exe-2724.log

2015-02-06 13:58 - 2015-02-06 13:58 - 00000000 ____D () C:\Users\Franny\AppData\Roaming\EMCO

2015-02-06 13:55 - 2015-02-06 13:55 - 39893688 _____ (EMCO Software) C:\Users\Franny\Desktop\MoveOnBootSetup.exe

2015-02-06 10:45 - 2015-02-06 10:45 - 00002118 _____ () C:\Users\Franny\Desktop\Add_Take_Ownership_with_Pause_to_context_menu.reg

2015-02-06 10:44 - 2015-02-06 10:44 - 00000197 _____ () C:\Windows\System32\2015-02-06-18-44-29.069-AvastVBoxSVC.exe-2692.log

2015-02-06 09:30 - 2015-02-06 09:30 - 00000197 _____ () C:\Windows\System32\2015-02-06-17-30-29.092-AvastVBoxSVC.exe-2776.log

2015-02-06 09:27 - 2015-02-06 09:27 - 00000000 ____D () C:\_OTM

2015-02-06 09:23 - 2015-02-06 09:23 - 00522240 _____ (OldTimer Tools) C:\Users\Franny\Desktop\OTM.exe

2015-02-05 13:43 - 2015-02-05 13:45 - 264114073 _____ () C:\Users\Franny\Downloads\Wireless LAN_Atheros_10.0.0.276_W81x64W8x64_A.zip

2015-02-05 12:03 - 2015-02-05 12:03 - 00000197 _____ () C:\Windows\System32\2015-02-05-20-03-45.009-AvastVBoxSVC.exe-2628.log

2015-02-05 00:16 - 2015-02-07 09:10 - 00000000 ____D () C:\Users\Franny\Desktop\FRST-OlderVersion

2015-02-05 00:11 - 2015-02-05 00:11 - 00000000 ____D () C:\Users\Franny\Documents\Temp

2015-02-04 15:10 - 2015-02-04 15:10 - 00000197 _____ () C:\Windows\System32\2015-02-04-23-10-26.044-AvastVBoxSVC.exe-2584.log

2015-02-04 14:47 - 2015-02-04 14:47 - 00000197 _____ () C:\Windows\System32\2015-02-04-22-47-54.041-AvastVBoxSVC.exe-2628.log

2015-02-04 14:33 - 2015-02-04 14:34 - 00000197 _____ () C:\Windows\System32\2015-02-04-22-33-54.062-AvastVBoxSVC.exe-2528.log

2015-02-04 14:18 - 2015-02-04 14:19 - 00000197 _____ () C:\Windows\System32\2015-02-04-22-18-36.065-AvastVBoxSVC.exe-2472.log

2015-02-04 10:37 - 2015-02-04 10:32 - 00401920 _____ (Farbar) C:\Users\Franny\Desktop\MiniToolBox (1).exe

2015-02-03 14:22 - 2015-02-03 14:23 - 00000197 _____ () C:\Windows\System32\2015-02-03-22-22-57.067-AvastVBoxSVC.exe-3440.log

2015-02-03 14:03 - 2015-02-03 14:04 - 00000197 _____ () C:\Windows\System32\2015-02-03-22-03-08.092-AvastVBoxSVC.exe-2900.log

2015-02-03 13:57 - 2015-02-03 13:55 - 02194432 _____ () C:\Users\Franny\Desktop\AdwCleaner.exe

2015-02-03 12:33 - 2015-02-07 09:13 - 00000000 ____D () C:\FRST

2015-02-03 12:32 - 2015-02-07 09:10 - 02132992 _____ (Farbar) C:\Users\Franny\Desktop\FRST64.exe

2015-02-03 12:32 - 2015-02-03 12:32 - 00000197 _____ () C:\Windows\System32\2015-02-03-20-32-05.027-AvastVBoxSVC.exe-3368.log

2015-02-03 12:32 - 2015-02-03 12:29 - 05200384 _____ (AVAST Software) C:\Users\Franny\Desktop\aswmbr.exe

2015-02-03 12:04 - 2015-02-03 12:06 - 00000000 ____D () C:\Users\Franny\Desktop\SD

2015-02-03 11:24 - 2015-02-03 11:23 - 00602112 _____ (OldTimer Tools) C:\Users\Franny\Desktop\OTL.exe

2015-02-03 09:50 - 2015-02-03 09:50 - 00000197 _____ () C:\Windows\System32\2015-02-03-17-50-03.091-AvastVBoxSVC.exe-3536.log

2015-02-03 06:30 - 2015-02-03 06:30 - 00000197 _____ () C:\Windows\System32\2015-02-03-14-30-09.018-AvastVBoxSVC.exe-3408.log

2015-02-03 06:21 - 2015-02-03 06:21 - 00000197 _____ () C:\Windows\System32\2015-02-03-14-21-11.084-AvastVBoxSVC.exe-2724.log

2015-02-03 06:11 - 2015-02-03 06:11 - 00000197 _____ () C:\Windows\System32\2015-02-03-14-11-21.080-AvastVBoxSVC.exe-3436.log

2015-02-03 06:02 - 2015-02-03 14:19 - 00000000 ____D () C:\AdwCleaner

2015-02-03 06:01 - 2015-02-03 05:59 - 02194432 _____ () C:\Users\Franny\Downloads\adwcleaner_4.109.exe

2015-02-02 10:24 - 2015-02-02 10:24 - 00000247 _____ () C:\Windows\System32\2015-02-02-18-24-33.033-aswFe.exe-2360.log

2015-02-02 10:17 - 2015-02-02 10:24 - 00000247 _____ () C:\Windows\System32\2015-02-02-18-17-37.013-aswFe.exe-4440.log

2015-02-02 10:17 - 2015-02-02 10:17 - 00000197 _____ () C:\Windows\System32\2015-02-02-18-17-31.057-AvastVBoxSVC.exe-3152.log

2015-02-02 10:05 - 2015-02-02 10:05 - 00000000 ____D () C:\Users\Franny\AppData\Local\iGware

2015-02-02 10:04 - 2015-02-02 10:04 - 00494120 _____ () C:\Windows\Minidump\020215-92484-01.dmp

2015-02-02 09:17 - 2015-02-08 05:34 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-02 09:17 - 2015-02-07 09:54 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-02 09:17 - 2015-02-04 14:49 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-02 09:17 - 2015-02-04 14:49 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-02 09:17 - 2015-02-02 09:17 - 00000000 ____D () C:\Users\Franny\AppData\Roaming\SUPERAntiSpyware.com

2015-02-02 09:16 - 2015-02-08 05:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2015-02-02 09:16 - 2015-02-02 09:16 - 00001824 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2015-02-02 09:16 - 2015-02-02 09:16 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2015-02-02 09:15 - 2015-02-01 07:34 - 21227848 _____ (SUPERAntiSpyware) C:\Users\Franny\Downloads\SUPERAntiSpyware.exe

2015-02-02 08:46 - 2015-02-02 08:47 - 00006130 _____ () C:\Users\Franny\Downloads\download

2015-02-02 08:17 - 2015-02-02 08:17 - 03401864 _____ (Check Point Software Technologies Ltd.) C:\Users\Franny\Downloads\zafwSetupWeb_133_209_000 (1).exe

2015-02-02 08:17 - 2015-02-02 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-02 08:16 - 2015-02-02 10:02 - 00000000 ____D () C:\ProgramData\CheckPoint

2015-02-02 08:15 - 2015-02-02 08:15 - 03401864 _____ (Check Point Software Technologies Ltd.) C:\Users\Franny\Downloads\zafwSetupWeb_133_209_000.exe

2015-02-02 07:36 - 2015-02-07 11:01 - 00000000 ____D () C:\Users\Franny\AppData\Local\CrashDumps

2015-02-02 07:36 - 2015-02-02 07:36 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

2015-02-02 07:35 - 2015-02-02 07:36 - 00002060 _____ () C:\Users\Public\Desktop\Acer Portal.lnk

2015-02-02 07:34 - 2015-02-02 07:34 - 00002001 _____ () C:\Users\Public\Desktop\abDocs.lnk

2015-02-02 07:34 - 2015-02-02 07:34 - 00000000 ____D () C:\Users\Franny\AppData\Local\AcerCloud

2015-02-02 07:33 - 2015-02-02 07:33 - 00000000 ____D () C:\Users\Franny\AppData\Local\Doc

2015-02-02 06:11 - 2015-02-02 06:11 - 00000247 _____ () C:\Windows\System32\2015-02-02-14-11-22.051-aswFe.exe-2860.log

2015-02-02 06:04 - 2015-02-02 06:11 - 00000247 _____ () C:\Windows\System32\2015-02-02-14-04-13.080-aswFe.exe-3148.log

2015-02-02 06:04 - 2015-02-02 06:04 - 00000197 _____ () C:\Windows\System32\2015-02-02-14-04-10.050-AvastVBoxSVC.exe-2584.log

2015-02-02 04:21 - 2015-02-02 04:21 - 00000000 ____D () C:\Windows\SysWOW64\vbox

2015-02-02 04:21 - 2015-02-02 04:21 - 00000000 ____D () C:\Windows\System32\vbox

2015-02-02 04:21 - 2015-02-02 04:21 - 00000000 ____D () C:\Users\Franny\AppData\Roaming\AVAST Software

2015-02-02 04:20 - 2015-02-08 05:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-02-02 04:20 - 2015-02-02 04:20 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys

2015-02-02 04:20 - 2015-02-02 04:20 - 00436624 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2015-02-02 04:20 - 2015-02-02 04:20 - 00364512 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe

2015-02-02 04:20 - 2015-02-02 04:20 - 00267632 _____ () C:\Windows\System32\Drivers\aswVmm.sys

2015-02-02 04:20 - 2015-02-02 04:20 - 00116728 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys

2015-02-02 04:20 - 2015-02-02 04:20 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2015-02-02 04:20 - 2015-02-02 04:20 - 00087912 _____ (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys

2015-02-02 04:20 - 2015-02-02 04:20 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys

2015-02-02 04:20 - 2015-02-02 04:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-02-02 04:20 - 2015-02-02 04:20 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys

2015-02-02 04:20 - 2015-02-02 04:20 - 00001984 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-02-02 04:19 - 2015-02-02 04:19 - 00000000 ____D () C:\Program Files\AVAST Software

2015-02-02 02:01 - 2015-02-02 04:19 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-02-02 02:01 - 2015-02-02 02:01 - 05006864 _____ (AVAST Software) C:\Users\Franny\Downloads\avast_free_antivirus_setup_online.exe

2015-02-02 00:57 - 2015-02-02 12:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2015-02-02 00:57 - 2015-02-02 00:57 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-02 00:57 - 2015-02-02 00:57 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-02 00:57 - 2015-02-02 00:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-02 00:57 - 2014-11-20 22:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2015-02-02 00:57 - 2014-11-20 22:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2015-02-02 00:57 - 2014-11-20 22:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2015-02-02 00:56 - 2015-02-02 00:56 - 00000711 _____ () C:\Users\Franny\Desktop\mbam-setup-2.0.4.1028.exe - Shortcut.lnk

2015-01-30 07:39 - 2015-01-30 07:40 - 00002037 _____ () C:\Users\Public\Desktop\abPhoto.lnk

2015-01-30 07:37 - 2014-12-31 03:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2015-01-30 07:36 - 2015-01-30 07:37 - 00000000 ____D () C:\Users\Franny\AppData\Local\ClearfiPhoto

2015-01-30 07:21 - 2015-01-30 07:21 - 00035320 _____ () C:\Windows\System32\Drivers\bsdriver.sys

2015-01-30 07:20 - 2015-02-02 01:29 - 00000000 ____D () C:\Program Files\shopperz

2015-01-30 07:20 - 2015-01-06 04:38 - 00014040 _____ () C:\Windows\System32\Drivers\cherimoya.sys

2015-01-24 03:23 - 2015-01-24 03:23 - 00284832 _____ () C:\Windows\Minidump\012415-23593-01.dmp

2015-01-21 15:17 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys

2015-01-21 15:17 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

2015-01-21 15:17 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys

2015-01-21 15:17 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2015-01-21 15:17 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll

2015-01-21 15:17 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll

2015-01-21 15:17 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll

2015-01-21 15:17 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-16 10:20 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll

2015-01-16 10:20 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-16 10:20 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll

2015-01-16 10:20 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-16 10:20 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll

2015-01-16 10:20 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\System32\WerFault.exe

2015-01-16 10:20 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2015-01-16 10:20 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe

2015-01-16 10:19 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll

2015-01-16 10:19 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll

2015-01-16 10:19 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe

2015-01-16 10:19 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-16 10:19 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\System32\wermgr.exe

2015-01-16 10:19 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll

2015-01-16 10:19 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll

2015-01-16 10:19 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll

2015-01-16 10:19 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe

2015-01-16 10:19 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-01-16 10:19 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-01-16 10:19 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-01-16 10:19 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\werdiagcontroller.dll

2015-01-16 10:19 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll

2015-01-16 10:19 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2021-10-21 05:36 - 2014-03-21 12:28 - 00000852 _____ () C:\Windows\System32\Drivers\RTKHDRC.dat

2021-10-03 23:34 - 2014-03-21 12:28 - 00000712 _____ () C:\Windows\System32\Drivers\RTMICEQ0.dat

2015-02-08 05:38 - 2013-10-15 06:30 - 00863592 _____ () C:\Windows\System32\PerfStringBackup.INI

2015-02-08 05:38 - 2013-08-22 05:25 - 00524288 ___SH () C:\Windows\System32\config\BBI

2015-02-08 05:37 - 2014-03-21 12:10 - 01953567 _____ () C:\Windows\WindowsUpdate.log

2015-02-08 05:37 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-08 05:35 - 2014-12-07 02:07 - 00000000 ____D () C:\Users\Franny\AppData\Roaming\Skype

2015-02-08 05:35 - 2014-11-26 15:02 - 00000000 ____D () C:\Users\Franny\AppData\Local\clear.fi

2015-02-08 05:34 - 2014-12-20 10:48 - 00000000 ____D () C:\Users\Franny\Tracing

2015-02-08 05:34 - 2014-11-26 16:03 - 00000000 __RDO () C:\Users\Franny\SkyDrive

2015-02-08 05:30 - 2013-08-22 06:46 - 00028765 _____ () C:\Windows\setupact.log

2015-02-08 05:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru

2015-02-07 14:20 - 2014-11-26 15:05 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-786374595-2290240692-171548042-1001

2015-02-07 09:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-02-07 09:17 - 2014-11-26 15:04 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1D7379BC-7224-49AF-B98F-58EF838D200C}

2015-02-06 14:29 - 2013-10-15 06:21 - 00872272 _____ () C:\Windows\PFRO.log

2015-02-06 10:41 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-02-06 09:31 - 2013-10-15 06:43 - 00000000 ____D () C:\ProgramData\McAfee

2015-02-05 00:09 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\NDF

2015-02-03 14:00 - 2014-12-04 11:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2015-02-03 13:58 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\System32\GroupPolicy

2015-02-03 11:31 - 2014-12-20 10:07 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-02-03 11:31 - 2014-12-20 10:07 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-03 07:28 - 2014-03-21 12:45 - 00001969 _____ () C:\Users\Public\Desktop\PRIVATE WiFi.lnk

2015-02-03 02:39 - 2014-11-28 17:30 - 00000000 ____D () C:\Windows\System32\MRT

2015-02-03 02:32 - 2014-11-28 17:30 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2015-02-02 12:16 - 2014-11-26 16:08 - 00000000 ____D () C:\Users\Franny\AppData\Local\Google

2015-02-02 10:04 - 2014-12-30 14:37 - 00000000 ____D () C:\Windows\Minidump

2015-02-02 10:02 - 2014-12-30 14:37 - 2031824163 _____ () C:\Windows\MEMORY.DMP

2015-02-02 09:19 - 2014-11-26 16:08 - 00000000 ____D () C:\Program Files (x86)\Google

2015-02-02 07:37 - 2013-10-15 06:42 - 00000000 ____D () C:\Program Files (x86)\Acer

2015-02-02 07:36 - 2014-03-21 12:43 - 00000000 ____D () C:\ProgramData\OEM

2015-02-01 11:11 - 2014-11-27 15:06 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2015-02-01 10:40 - 2014-11-26 16:08 - 00000000 ____D () C:\Users\Franny\AppData\Local\Deployment

2015-01-30 13:31 - 2014-11-26 15:00 - 00000000 ____D () C:\users\Franny

2015-01-30 13:04 - 2013-08-22 05:25 - 00000301 _____ () C:\Windows\win.ini

2015-01-30 13:01 - 2014-11-26 15:00 - 00000000 ____D () C:\Users\Franny\AppData\Local\Pokki

2015-01-30 07:58 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM

2015-01-30 07:43 - 2014-12-01 14:43 - 00000173 _____ () C:\Users\Franny\AppData\Roaming\WB.CFG

2015-01-30 07:37 - 2013-10-15 07:14 - 00000000 ___HD () C:\OEM

2015-01-30 07:33 - 2013-10-15 06:43 - 00000000 ____D () C:\Program Files\Common Files\mcafee

2015-01-30 07:33 - 2013-10-15 06:43 - 00000000 ____D () C:\Program Files (x86)\McAfee

 

Some content of TEMP:

====================

C:\Users\Franny\AppData\Local\Temp\EAD1056.exe

C:\Users\Franny\AppData\Local\Temp\EAD149C.exe

C:\Users\Franny\AppData\Local\Temp\EAD14AC.exe

C:\Users\Franny\AppData\Local\Temp\EAD7644.exe

C:\Users\Franny\AppData\Local\Temp\EAD76E.exe

C:\Users\Franny\AppData\Local\Temp\EADDC3F.exe

C:\Users\Franny\AppData\Local\Temp\EADFB91.exe

 

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe

[2014-12-03 11:46] - [2014-08-22 23:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA

 

C:\Windows\SysWOW64\explorer.exe

[2014-12-03 11:46] - [2014-08-22 23:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595

 

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll

[2014-12-03 11:47] - [2014-09-21 20:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6C

 

C:\Windows\SysWOW64\User32.dll

[2014-12-03 11:47] - [2014-09-18 16:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1B

 

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2014-12-05 11:07] - [2014-06-18 18:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB

 

 

==================== Restore Points  =========================

 

Restore point made on: 2015-01-06 07:43:59

Restore point made on: 2015-01-19 15:34:56

Restore point made on: 2015-01-24 02:56:24

Restore point made on: 2015-02-02 04:00:15

Restore point made on: 2015-02-02 04:21:20

Restore point made on: 2015-02-02 10:08:39

Restore point made on: 2015-02-03 13:58:53

Restore point made on: 2015-02-05 12:01:13

Restore point made on: 2015-02-06 09:28:25

Restore point made on: 2015-02-06 13:58:01

Restore point made on: 2015-02-07 09:11:27

 

==================== Memory info =========================== 

 

Percentage of memory in use: 12%

Total physical RAM: 6033.27 MB

Available physical RAM: 5250.33 MB

Total Pagefile: 6033.27 MB

Available Pagefile: 5273.39 MB

Total Virtual: 131072 MB

Available Virtual: 131071.87 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:914.19 GB) (Free:823.28 GB) NTFS

Drive d: (DVD_ROM) (Removable) (Total:3.76 GB) (Free:3.35 GB) NTFS

Drive f: (Recovery) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 07A72123)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (Size: 3.8 GB) (Disk ID: 04464CED)

Partition 1: (Active) - (Size=3.8 GB) - (Type=07 NTFS)

 

 

LastRegBack: 2015-02-07 11:20

 

==================== End Of Log ============================

[Essexboy]

OK let see if it can withstand this

Download the attached fixlist.txt to the USB where FRST is located
 fixlist.txt   972bytes   272 downloads
Run FRST from the recovery console as before
Press Fix
On completion reboot to normal windows